Chapter 3: VMware Virtual Machine Creation

This section covers installation of the Clavister Firewall with VMware ESXi (version 5.5 or later) using the vSphere client. It assumed that the required software distribution files have been downloaded. File downloading is described in Chapter 2, Installation.

The steps for virtual machine creation as as follows:

  1. Open the vSphere client and select File > Deploy OVF Template...

  1. A vSphere wizard will start that allows the OVA file provided in the product distribution package to be selected. Press Next at each step as the default settings will be used. The final wizard step will show the summarized settings. Press Finish to close the wizard and create the virtual machine.
  1. In vSphere, press the inventory button to see all the available virtual machines. The new virtual machine will be listed.

  1. Right click on the new virtual machine and select Edit Settings.

[Important] Important: Adjust the RAM memory to suit the requirements

The default VMware virtual machine provides 1024 Mbytes of RAM memory. This is the absolute minimum value needed for cOS Stream to run. Many scenarios may need a higher amount of memory so the RAM size should be adjusted according to the requirements. It is recommended to have 2 cores allocated but cOS Stream can run on a single core.

  1. The settings will show the current memory allocated to the virtual machine and the two virtual Ethernet interfaces that are included in the virtual machine image supplied and that cOS Stream will use. These virtual interfaces should each be assigned to a real Ethernet network adapter. For the Clavister Firewall, they will have the default logical names if1 and if2.

  1. Now, power on this new virtual machine and cOS Stream will start up. Without an installed license, cOS Stream will only allow management access.

  1. Switch to the Console tab to see the system console. If this was an actual Clavister hardware product, the console would be directly connected to a port on the hardware box. It allows the administrator to issue any CLI command and can be used to configure cOS Stream.

Selecting the Interface Driver Type

If only a single virtual CPU core is available to the virtual machine then the interface NIC type should be set to E1000E because interrupt mode will be used by cOS Stream. Selecting E1000 on all NICs will minimize data plane usage and make it possible to share a single CPU core with other tasks.

When running with multiple CPU cores, poll mode will be used instead by cOS Stream. This will provide higher performance and any supported interface type can be used.

Use a Single Socket with Multiple Cores

As described in Chapter 5, Resource Allocation Guidelines, cOS Stream should be allocated a single socket with at least two cores (although cOS Stream can run on a single core). With VMware, this may be configured in one of two ways:

VM Separation is Needed With HA Clusters

When deploying a high availability cluster with two firewalls, the master and slave in the cluster should be running on different VMware compute nodes so that one can still be active should a compute node fail.

When using VMware DRS, this can be achieved by specifying the appropriate DRS separation rules.