Chapter 3: Installation with vSphere

Home Prev	cOS Core Getting Started Guide for VMware	Next

This section describes the step by step installation of a cOS Core virtual machine using the vSphere client. It includes details of customer registration and license installation. Version 5.1 of vSphere is used throughout. The steps are organized into the following stages:

A. Register and Download cOS Core

B. Create a cOS Core Virtual Machine

C. Configure cOS Core for Management Access

D. Register a License and Bind it to cOS Core

The setup steps assume that the administrator is logging in for the first time to the Clavister website and that they have been given a cOS Core license number by their Clavister reseller.

The steps in this section relate to vSphere but the principles of license registration will be similar if using other VMware client products. A more general overview of license installation is given in Section 4.5, Installing a License.

	Note: Another section covers cOS Core configuration in detail
	A more detailed description of initial cOS Core configuration after creation of a virtual machine can be found in Chapter 4, Configuring cOS Core. This current vSphere related section covers only the basic steps that are required for cOS Core Internet and management access.

A. Register and Download cOS Core

Go to the URL https://my.clavister.com in a web browser.

The MyClavister login page is presented. If you are already registered, log in and skip to step 8. If you are a new customer accessing MyClavister for the first time, click the Create Account link.

The registration page is now presented. The required information should be filled in. In the example below, a user called John Smith is registering.

When the registration is accepted, an email is sent to the email address given so that the registration can be confirmed.

Below is an example of the heading in the email that would be received.

The confirmation link in the email leads back to the Clavister website to show that confirmation has been successful and logging in is now possible.

After logging in, the customer name is displayed with menu options for changing settings and logging out. Note also that multi-factor authentication can be enabled for increased security in Settings.

To download cOS Core for VMware, select Downloads and then cOS Core.

Press the Download button next to the desired product and version number to get a list in a popup window of all the different distributions available for that version. The button for the latest version is always at the top.

Locate and select the appropriate VM image then download the ZIP file containing the cOS Core distribution to the local disk. Note that sometimes the Base distribution may not be available for a minor bug-fix revision (for example, version 15.00.05) so the latest Base distribution (for example, version 15.00.00) must be installed first and then the single upgrade distribution applied to get to the desired version.

B. Create a cOS Core Virtual Machine

Unzip the downloaded file. From cOS Core version 11.00 onwards, only a folder of files for ESXi 4.1 and later are provided. However, earlier versions running under VMware Server and ESXi 3.5 can be upgraded to cOS Core version 11.00 or later.

Inside the ESXi folder is a set of files for installing cOS Core. In this case, only the .OVF file will be used. This will allow the direct creation of a virtual machine running cOS Core.

Open the vSphere client and select File > Deploy OVF Template...

A vSphere wizard will start that allows the unzipped OVF file to be selected. Press Next at each step as the default settings will be used. The final wizard step will show the summarized settings. Press Finish to close the wizard and create the virtual machine.

In vSphere, press the inventory button to see all the available virtual machines. The new cOS Core virtual machine will be listed.

Right click on the new virtual machine and select Edit Settings

The settings will show the current memory allocated to the virtual machine and the three virtual Ethernet interfaces that cOS Core will use. These virtual interfaces should each be assigned to a real Ethernet network adapter. In cOS Core they will be have the default logical names If1, If2 and If3. The first interface, If1, is always the default interface for management connection.

Now, power on this new virtual machine and cOS Core will start up. Without an installed license, cOS Core will be in demo mode and will have functionality for 2 hours. After that time, it will enter lockdown mode and only management access will be possible.

Switch to the Console tab to see the cOS Core console. If this was an actual Clavister hardware product, the console would be directly connected to a port on the hardware box. It allows the administrator to issue any CLI command and can be used to configure cOS Core.

C. Configure cOS Core for Management Access

cOS Core can now be configured using the CLI to allow management access via the If1 interface over a network and to optionally enable Internet access. This is more fully covered in Section 4.4, Manual CLI Setup but a shorter summary of the steps is the following:

For management access, assign an IP address to the default management interface If1 if this has not already been done through DHCP. First, the DHCP client that is initially enabled on all interfaces must be disabled:
```
Device:/> set Interface Ethernet If1 DHCPEnabled=No
```
Next, assign an IP address to the interface. For example:
```
Device:/> set Address IP4Address InterfaceAddresses/If1_ip
			Address=192.168.1.1
```
This is followed by setting a network for the interface. For example:
```
Device:/> set Address IP4Address InterfaceAddresses/If1_net
			Address=192.168.1.0/24
```
For Internet access, an all-nets default route needs to be added to the main routing table which includes the gateway address of a router for public Internet access. Unless there is a narrower route that matches for traffic, this route will be used. To add the route, the CLI context needs to be changed to be the main routing table:
```
Device:/> cc RoutingTable main
```
The command prompt will change to show that the current context is the main routing table:
```
Device:/main> 
```
Now, routes can be added to the main table. Assuming that the If1 interface is connected to a router with the IPv4 address 203.0.113.1 then a default route is added with the following CLI:
```
Device:/main> add Route Interface=If1 Network=all-nets
			Gateway=203.0.113.1
```
Next, restore the CLI context to the default:
```
Device:/> cc
```
For management access using a web browser, the RemoteMgmtHTTP object needs to be changed to allow the source IP to connect. A specific source IPv4 address or network could be specified but here it is set to all-nets so any IP will be acceptable. A particular interface could also be specified but the value any could be used instead:
```
Device:/> set RemoteManagement RemoteMgmtHTTP HTTP_If1
			Network=all-nets
			Interface=any
```
For maximum security, the allowed network and interface should be as specific as possible. Note that normally, an IP rule set entry would be created to allow any data traffic to to flow to or from cOS Core but management access does not require this.
If the admin password has not been changed earlier to a strong password and strong passwords are enabled (by default, they are) then activating configuration changes will not be allowed by cOS Core. One solution is to change the admin password to a strong one, for example:
```
Device:/> cc LocalUserDatabase AdminUsers
Device:/AdminUsers> set User admin Password=Mynew*pass99
```
Alternatively, turn off strong passwords with the following command:
```
Device:/> set Settings MiscSettings EnforceStrongPasswords=No
```
The cOS Core configuration changes can now be activated:
```
Device:/> activate
```
Following activation, the changes must be committed permanently within 30 seconds using the commit command otherwise the system will revert back to the original configuration and all changes will be lost. This acts as a check by cOS Core that the administrator has not been locked out by any change:
```
Device:/> commit
```

Finally, open a web browser and navigate to the IP address of the If1 interface. The cOS Core login dialog should appear and the default administrator credentials of username admin with password admin can be used to log in. By default, only the HTTPS protocol can be used so the connection will be encrypted. With HTTPS, cOS Core will send a self-signed certificate and the browser will prompt for that certificate to be accepted.

It is possible to enable unencrypted HTTP for the management connection but this is not recommended.

When connecting through the Web Interface for the first time, the cOS Core Setup Wizard will automatically try to start as a browser popup window which may have to be explicitly allowed by the user. Using the wizard is described further in Section 4.2, Web Interface and Wizard Setup.

D. Register a License and Bind it to cOS Core

A cOS Core license for VMware must be associated with a MAC address on the virtual machine. To get a MAC address, open the cOS Core Web Interface and go to Status > Run-time Information > Interfaces and make a note of the MAC address for the If1 interface.

Alternatively, the following CLI command can be used to obtain the MAC address:
```
Device:/> ifstat If1
```

Now, log into the MyClavister website and select the Register License menu option.

Select the NetWall option.

The registration fields will be displayed. After selecting the product type as Virtual Model, enter the License Number and the MAC Address. The license number will be supplied by the product reseller and the MAC address which was noted in an earlier step.

After the license is registered and associated with the MAC address, select the Licenses menu, then the License List option and select the newly registered license from the displayed list.

Clicking on an entry in the list will open a display of the license details with a Download License button displayed at the top. An example button is shown below.

After clicking the button and downloading the license, go back to the cOS Core Web Interface and go to Status > Maintenance > License. Select Upload to upload the license file from the management computer to cOS Core.

The 2 hour evaluation time limit will now be removed and cOS Core will only be restricted by the capabilities defined by the license.