Initial Deployment¶
Import the Virtual Machine Appliance¶
The Virtual Machine includes all the specification in the manifest, so there is no manual configuration of CPU, Memory or Hard Disk Drive required to deploy it. You can simply import the appliance and power it on. For more information about the specification, see the Specification section of the Virtual Appliance data sheet.
Verify download (optional)¶
Warning
It is optional but recommended, that you verify the Virtual Machine OVA file download with the contents of the provided MD5 checksum file download. This is to avoid importing a corrupted OVA file due to an interrupted download.
You can use any md5 checksum program to generate an MD5 checksum of the OVA file to perform this task. Here is an example command using the Microsoft fciv.exe binary (File Checksum Integrity Verifier version 2.05) which is not included with Microsoft Windows, but available as a separate download from Microsoft.
Note that the two highlighted checksums match. If they do not match, this means your download is corrupted. Please download the OVA file again and re-perform this check.
Import process - VMware¶
To import the Virtual Appliance into vSphere, we use the ‘Deploy OVF Template’ option in the vSphere ‘ACTIONS’ menu. In this example we are using the Web based vSphere Client of ESXi v6.5.0:
Select the OVA file as the OVF template to deploy:
Select the host you want to deploy to, followed by the storage and networks. Give the appliance a name in accordance with your organisation’s naming conventions.
Hint
We recommend that you deploy the disk as thick provisioned to ensure that your Swivel Secure appliance has dedicated disk resource.
Import process - Hyper-V¶
Extract the provided zip file.
Run Hyper-V Manager, select a host that you’d like to import the VM to.
Then select Action -> Import Virtual Machine.
Ensure that you have the ‘Copy the virtual machine and create a new ID’ Radio Button selected when prompted. Then point to the folder you extracted previously which contains the ‘Snapshots’, ‘Virtual Hard Disks’ and ‘Virtual Machines’ directories contained within. Once you’ve selected the directory, click ‘Import’ to start the import process.
Hint
We recommend that you deploy the disk as thick provisioned to ensure that your Swivel Secure appliance has dedicated disk resource.
Login to the Appliance Console¶
Power on the appliance and wait for the console to appear.
To login to the console and display the Console Management Interface (CMI), enter the default appliance credentials:
Username | Default Password |
---|---|
admin | securebox |
Hint
It is recommended that you change the default password as soon as possible after deployment.
Configure Networking¶
Login to the CMI as per the previous section. This will display the main menu. From here, select option 2 (Network).
From the Network menu, we will configure the following:
- Hostname
- IP Address
- Subnet Mask
- Default Gateway
- DNS
Configure Hostname¶
From the Network menu, select option 1 (Change Hostname) and enter a new hostname for the appliance. Restart Sendmail when prompted for the change to take effect.
Hint
Ensure that your local DNS server holds a record for the hostname you specify here and the IP address you’re going to assign to the appliance.
Configure IP Address¶
From the Network menu, select option 2 (Change Interface IP Addresses), then option 1 (eth0), then option 1 (Change IP Address). Enter a new IP address at the prompt. Go back to the Networking menu and restart the network interface when prompted.
Configure Netmask¶
From the Network menu, select option 2 (Change Interface IP Addresses), then option 1 (eth0), then option 2 (Change Netmask). Enter a new subnet mask at the prompt. Go back to the Networking menu and restart the network interface when prompted.
Configure Default Gateway¶
From the Network menu, select option 2 (Change Interface IP Addresses), then option 3 (Change Default Gateway). Enter a new Default Gateway at the prompt. Restart the network interface when prompted.
Configure DNS¶
From the Network menu, select option 5 (DNS), then option 1 (Add DNS Server). Enter a new DNS server at the prompt. Restart the network interface when prompted. You may need to remove any irrelevant pre-configured DNS servers that ship with the default appliance build.
Hint
Typically you would configure the customer’s internal DNS servers here. However, if the Swivel Virtual Appliance is deployed into the DMZ (the most typical scenario) then you could enter an external DNS server if the customer does not intend to open DNS server access from the DMZ to their internal segments. This will at least allow you to be able to perform updates over the Internet, as documented in the next section.
Update the Appliance¶
Overview¶
Now that networking is configured, you should perform an initial update procedure to the appliance. This is recommended so that you can obtain the latest software features and security enhancements that have been produced since the appliance build was created.
Warning
If you’re reading this section and have an active deployment, updates will have a service impact. Also consider taking a virtual appliance snapshot prior to performing the update steps.
Connectivity¶
Source | Destination | Port | Protocol | Description |
---|---|---|---|---|
AuthControl Sentry | yum.swivelsecure.net | 80 | TCP | Download updates |
Update process¶
From the Main menu, to get to the Update Menu, select option 6 (Administration), then option 6 (Update Appliance):
Using the Update Menu, we will perform the following steps:
Warning
It is essential to follow the steps below to logout of the CMI exactly as directed, so that the new CMI is loaded. Otherwise you may miss out on essential feature or security updates!
- Flush cache
- Update System
- Logout of CMI
- Login to CMI (this will load the latest version of the CMI software)
- Flush cache (again)
- Update System (again)
- Reboot
Here is an example of the above steps:
Hint
Updates can contain feature enhancements, security updates and new OS kernels. This is a good opportunity to take a snapshot of the virtual machine to save your progress so far.