This section covers installation of the Clavister Firewall with VMware ESXi (version 5.5 or later) using the vSphere client. It assumed that the required software distribution files have been downloaded. File downloading is described in Chapter 2, Installation.
The steps for virtual machine creation as as follows:
Open the vSphere client and select File > Deploy OVF Template...
|Important: Adjust the RAM memory to suit the requirements|
The default VMware virtual machine provides 1024 Mbytes of RAM memory. This is the absolute minimum value needed for cOS Stream to run. Many scenarios may need a higher amount of memory so the RAM size should be adjusted according to the requirements. It is recommended to have 2 cores allocated but cOS Stream can run on a single core.
The settings will show the current memory allocated to the virtual machine and the two virtual Ethernet interfaces that are included in the virtual machine image supplied and that cOS Stream will use. These virtual interfaces should each be assigned to a real Ethernet network adapter. For the Clavister Firewall, they will have the default logical names if1 and if2.
Selecting the Interface Driver TypeIf only a single virtual CPU core is available to the virtual machine then the interface NIC type should be set to E1000E because interrupt mode will be used by cOS Stream. Selecting E1000 on all NICs will minimize data plane usage and make it possible to share a single CPU core with other tasks.
When running with multiple CPU cores, poll mode will be used instead by cOS Stream. This will provide higher performance and any supported interface type can be used.
Use a Single Socket with Multiple CoresAs described in Chapter 5, Resource Allocation Guidelines, cOS Stream should be allocated a single socket with at least two cores (although cOS Stream can run on a single core). With VMware, this may be configured in one of two ways:
In newer management interfaces
In newer management interfaces, configuration is done using the settings Total CPU Cores and Cores per Socket. The number of sockets is therefore the first setting divided by the second. Since only a single socket should be used with cOS Stream, these two settings should always be the same number.
In older management interfaces
In older management interfaces, configuration is simpler since the setting Number of virtual sockets specifies the number of sockets and this should be set to a value of one. The setting Cores per Socket is then used to specify the number of cores to be assigned to that socket.
VM Separation is Needed With HA ClustersWhen deploying a high availability cluster with two firewalls, the master and slave in the cluster should be running on different VMware compute nodes so that one can still be active should a compute node fail.
When using VMware DRS, this can be achieved by specifying the appropriate DRS separation rules.