Contents x
      Provision and Launch Virtual iNodes and Virtual Edge iNodes with VMware
      • 20 Nov 2023
      • 8 Minutes to read
      • Print
      • Dark
        Light
      Contents

      Provision and Launch Virtual iNodes and Virtual Edge iNodes with VMware

      • Updated on 20 Nov 2023
      • 8 Minutes to read
      • Print
      • Dark
        Light
      Article summary

      This article explains how to provision and launch Virtual iNodes and Virtual Edge iNodes with VMware. 

      Provisioning and Launching Virtual iNodes with VMware

      In this section, learn how to provision and launch a Virtual iNode with VMware.

      Provision a Virtual iNode

      To provision a Virtual iNode in VMware, follow these steps:

      1. To add a Virtual iNode, in the Secure Edge Portal left menu, select the plus icon (+) to display Add iNode.
      2. Enter the iNode name.
      3. Optionally, specify any custom attribute as Label. (For more on labels, see Using Labels.)
      4. Select the Virtual profile.
      5. Download iNode security credentials that you’ll need when you launch the Virtual iNode. Select vmware and then select Add iNode. You can download the file only once. The file contains secure credentials used when you launch the Virtual iNode.
      6. Save the downloaded file in a safe place. Don’t share it.
        image8 2
      The iNode security credentials file is downloadable only once and contains secure credentials to be used by the Virtual iNode. Save it in a safe place and don’t share it with anyone. After creation of the Virtual iNode, you should destroy the credential file.

      Launch a Virtual iNode

      To launch a Virtual iNode in VMware, follow these steps:

      1. Using VMware vSphere tool (or other tool like the OVF Tool), import the iNode image file (OVA) into VMware vSphere. The OVA file is available on the Download Software page, accessed from the Secure Edge Portal left menu.
      2. BEFORE STARTING the Virtual Machine, mount the downloaded iNode security credentials file on the CD/DVD drive of the VM. This is the Virtual iNode’s security credentials file you downloaded in Provisioning a Virtual iNode (VMware)
      3. Start the VM.
      4. To double check whether the Virtual iNode was provisioned successfully, login to the Secure Edge Portal to see if the status of this iNode is shown as ALIVE
      If you have a firewall between the iNode and internet, make sure that inbound connections on TCP port 443 are not blocked by that firewall.

      image8

      Provisioning and Launching Virtual Edge iNodes with VMware (VMware Instances)

      A Virtual Edge iNode is an Secure Edge network element that is a VMware instance located at the edge of your private network. In this section, learn how to provision and launch Virtual Edge iNodes.

      Provision Virtual Edge iNodes

      Set up Virtual Edge iNodes using Secure Edge Portal to add them as a network element, assign them to local networks, and add attributes.

      Before you start, make sure you have an SSH public key to use for access authentication of the Edge iNode console. For more on SSH key management, see Managing SSH Key Authentication for an iNode

      Add a Virtual Edge iNode

      To add a new Virtual Edge iNode, follow these steps:

      1. To add an iNode, in the Secure Edge Portal left menu, select the plus icon (+) > Add iNode.
      2. Enter the iNode name.
      3. Optionally, specify any custom attribute as Label. (For more on labels, see Using Labels.)
      4. Select the Virtual Edge profile.
      5. For SSH Key, select the name of the SSH public key for use when logging into the console of this iNode. (If you don’t have an SSH public key to use, see Managing SSH Key Authentication for an iNode.)
        image6 1
      6. You can change the Data Saving Mode in Advanced Settings. (For more on data saving mode, see Using Data Saving Mode.)
      7. You need security credentials when you launch the Virtual Edge iNode. To do this, select vmware to download the iNode security credentials file. Save the downloaded file.
      8. Select Add iNode.
      The iNode security credentials file is downloadable only once and contains secure credentials to be used by the Virtual Edge iNode. Save it in a safe place and don’t share it with anyone. After creating the Virtual Edge iNode, you should destroy the credential file.

      Add the Local Network to be Protected by this Virtual Edge iNode

      1. Select the name of the newly added iNode to display the iNode details page.
        image4 r1
      2. To specify the local network that will be protected by this iNode, select the plus icon (+) to display the Add Network page. Enter the network name in the Name field, and optionally, specify any custom attribute as a Label. (For more on labels, see Using Labels.)image4 r2
      3. The Networking Addressing for this network is set to Static. The hosts in this network must be manually configured with static IP addresses.
      4. Specify the network's CIDR in the Network CIDR field.
      5. Specify a range of IP addresses (at least one) that will be reserved for iNode internal use. These IP addresses must be part of the same IP subnet as the local network'€™s CIDR.
      6. You have the option of specifying the IP address of the default gateway in your local network in Default Gateway. If you don’t specify a default gateway, the Start IP Address in the Internal IP Reserved Address Range is assumed to be the default gateway.
      7. You may have the option of configuring Virtual LANs (VLANs). (For more on VLANs, see Using VLANs on Edge iNodes.)
      8. Any traffic from the local network with a destination outside the local network (for example, traffic going to the internet or LAN) is sent to the default destination. You can set the Default Destinationto one of the following:
        • None (default), which results in dropping the traffic
        • Specify IP Address, which sends the traffic to the IP address of a gateway in the local network that you specify
        • WAN Network, which sends the traffic through the iNode uplink
      9. Select Save.

      Set Up Addressing for Services

      If you aren’t planning to run services on this network, skip this section.

      By default, the Virtual Edge iNode assigns IP addresses to services on the network dynamically from the Internal Reserved IP Address Range you specified. If you’re using the default, make sure you’ve reserved enough IP addresses. You need at least one more than the number of services you plan to run.

      If you plan to configure the services manually with static IP addresses, follow these steps:

      1. Select the Services expansion panel and set Service Addressing to Static.
        service addressing
      2. Select Save.

      Create Static Routes for a Virtual Edge iNode

      Create static routes if you want:

      • Services running on the Virtual Edge iNode to reach specific routed network segments behind the iNode
      • Hosts in the local network to reach specific networks in your LAN or the internet
      1. Select the Static Routes expansion panel and select Add to add a new static route. You can add up to 64 static routes per network. Note that if you set Default Destination to a value other than None, it uses up a static route.customstaticroute
      2. Specify the CIDR of the destination network in the Destination Network CIDR field.
      3. Select where to send the traffic going to the destination network in the Via field. Select one of the following:
        • Specify IP Address, which sends the traffic to the IP address of a gateway in the local network that you specify
        • WAN Network, which sends the traffic through the iNode uplinkcustomstaticroute2sub
      4. Select Save.

      Launch Virtual Edge iNodes (VMware)

      For using a Virtual Edge iNode with VMware ESXi, you have to create a portgroup for the local network to connect to. The instructions that follow are for creating a portgroup with VMware ESXi (6.x). For information on ESXi 5.X, refer to the documentation supplied with your ESXi Hypervisor.

      1. Create a VMware vSwitch portgroup, as follows:
        1. Name: TAN
        2. VLAN ID: 100 . The VLAN ID doesn’t have to be 100, you can choose a different number. This is a port VLAN only, used internally by the vSwitch to group together ports/network adapters that are connected to the same vSwitch portgroup.
      2. Set the Security configuration on the vSwitch portgroup as follows:
        1. Promiscuous Mode: Accept. The default is Reject. Setting this to Accept allows the Virtual Edge iNode to read all traffic on the portgroup to which it is connected.
        2. MAC Address Changes: Accept
        3. Forged Transmits: Accept. The default is reject. Set this to Accept to allow the iNode to send packets with a MAC address that is different from the network adapter that connects to the portgroup.
          img2
      3. Using VMware vSphere tool (or other tool like the OVF Tool), import the iNode image file (OVA) into VMware vSphere. The OVA file is available on the Download Software page, accessed from the Secure Edge Portal left menu.
      4. Create a VM instance with two network adapters. Connect one adapter to the portgroup that connects to the public internet. Connect the second adapter to the portgroup that connects to the device network.
        img4

      BEFORE STARTING the Virtual Machine (VM), mount the downloaded iNode security credentials file on the CD/DVD drive of the VM and configure the network adaptors appropriately.

      To launch Virtual Edge iNodes, you need to use VMware ESXi to:

      • Create a VM
      • Mount the iNode security credentials on the CD/DVD drive of the new VM. This is the Virtual Edge iNode’s security credentials file you downloaded in Add a Virtual Edge iNode.
      • Login to the Virtual Edge iNode

      Create a VM

      To create a VM, follow these steps:

      1. Login to the ESXi host using your organization credentials.
      2. On the home page, select Create/Register VM.
        launchVirtEdgeinode1
      3. On the pop-up, select Deploy a virtual machine from an OVF or OVA file, then select Next.
        launchVirtEdgeinode2
      4. Enter a name for the virtual machine, and add/drag the OVF and VMDK or OVA file (unzipped if the file is zipped) downloaded from Secure Edge Portal. Select Next.
        launchVirtEdgeinode3
      5. Select where you want to store configuration and disk files, then select Next.
        launchVirtEdgeinode4
      6. Select deployment options and the network mapping. The default Network mapping is VM Network. Select Thin for Disk Provision. Then select Next.
        launchVirtEdgeinode5
      7. Adding a hostname is optional.
        launchVirtEdgeinode6
      8. Verify the settings are complete and select Finish. Don’t refresh the browser until the instance is deployed. You can see the progress in Recent Tasks at the bottom of the page.VMware RecentTasksProgress
      9. Once the VM is ready, the status shows as Completed Successfully.
        launchVirtEdgeinode8


      Mount the iNode security credentials on the CD/DVD drive of the new VM

      Follow these steps to mount the iNode security credentials on the CD/DVD drive of the new VM:

      1. On to the right side in Navigator, select Virtual Machines and choose the recently created VM from the list of VMs.
        launchVirtEdgeinode9
      2. On the VM menu bar, select Edit to display Edit settings.
        launchVirtEdgeinode10
      3. In Edit settings, scroll to CD/DVD Drive 1 and select Datastore ISO FILE.launchVirtEdgeinode12
      4. Select Browse to find the downloaded iNode security credentials. Choose Select, then select the checkbox next to Datastore ISO file dropdown. Then Save.
        Your title goes here
        If the CD/DVD Drive option isn't available, add it using the Add Other Device menu frim the top of the Edit settings window.
        launchVirtEdgeinode13launchVirtEdgeinode14

      Reboot the Virtual Edge iNode

      1. To login to the Virtual Edge iNode, follow the steps in Accessing an Edge iNode Console Using the Command-Line Interface.
      2. Once you’ve logged in, use the reboot command to restart the system. It takes two minutes to reboot.

      The iNode reboots twice, then the Virtual Edge iNode shows as ALIVE in the Secure Edge Portal.

      launchVirtEdgeinode17


      Was this article helpful?
      What's Next