Deploy Secure app connector V2 on VMWare VSphere Hypervisor (ESXi) using OVA for TCP Applications
- Watch the visual story about Deploying V2 OVA on VMWare VSphere Hypervisor (ESXi)
Note: Make sure to allow the following domains and HTTP(S) ports when you are using a firewall. For more details, see Secure App Connector V2 Prerequisites and Firewall settings For Private Applications
Prerequisites
- Skyhigh Security recommends Secure App Connector have at least 4CPU, 8GB RAM, and 50GB HDD.
Steps to Deploy
- Download the latest OVF package. For information about how to download, see Download Secure App Connector V2.
- In the Select creation type window, select Deploy a virtual machine from an OVF or OVA file.
- Name a virtual machine and upload the OVA file.
- Select the storage type and data store.
- Read and accept the terms of the license agreement, then click Next.
- Select Thin as the Disk provisioning in the Deployment options.
- Review all the details and Click Finish.
- The OVA file will be deployed in ~5-10 minutes (depending on the network speed). Deployment progress can be monitored in the Recent tasks panel.
- Power ON the VM once the OVA deployment is completed. You can access the VM via Remote Console.
Change the Password after the OVA Deployment
To change the default user name and the password (Login: admin / Password: Welcome@123) OVA deployment is completed.
To change the root user password:
- Login to the host VM.
- Type
sudo passwd
command. - Enter a new password in the New password field.
- Re-enter the new password in the Retype new password field.
- When the new password is set, the passwd: all authentication tokens updated successfully message appears.
To change the user admin password:
- Login to the host VM.
- Type
passwd
command. - Enter the existing user password In the current user admin field.
- Enter a new password in the New password field.
- Re-enter the new password in the Retype new password field.
- When the new password is set, the passwd: all authentication tokens updated successfully message appears.
OVA Deployment Validation
- If DHCP service is available in our environment, then IPV4 address allocation will be done automatically. In case IPV4 address is not assigned then just execute => sudo systemctl restart network. Find out the IPV4 address and login to VM.
- If you are manually allocated with an IP address, login to VM via Remote Console. (Login: admin / Password: Welcome@123).
- Run the
sudo /home/admin/configure_network
command to configure static IP on VM
- Verify if the microk8s service is in a running state.
- Verify if public sites are reachable.
- Use
curl -v -k -L --connect-timeout 5 https://www.myshn.net 2>&1 | grep "Connected to www.myshn.net"
the command when not using the proxy. - Use
curl -v -k --connect-timeout 5 [--proxy <PROXY>] https://www.myshn.net 2>&1 | grep "200 Connection established"
the command when using the proxy.
Deploy the connector using the script
NOTE: The script is already present in the OVA in the home directory.
- Download connector configuration content from SSE and copy it to the VM. Copy the config file to
/home/admin.
- Execute the installer =>
sudo bash deploy_connector
--init_file <CONFIG_FILE> [--proxy=<PROXY> ] [--no_proxy= <NO_PROXY>].<PROXY>
: Address of the proxy server (optional)
NOTE: Ensure you follow this format: <URI Schema>://<Proxy-hostname>:<Proxy-port>. If this format isn't followed, installation will fail for a proxy. Only one proxy is supported for a connector.
Eg: http://proxy.corp.com:80 or https://proxy.corp.com:443<NO_PROXY>
: List of domains that can be added to bypass the proxy (optional). This parameter can be ignored if you don't have any domains that need to bypass the proxy, even when a proxy is used.
NOTE: Set the <PROXY> and <NO_PROXY> parameters only when your connector uses a proxy server to reach the Internet.
Note: 1st 3 DNS entries will be used, & the rest will be ignored.
- Confirm if connector deployment is successful.
To verify the connector deployment, For more details, see Secure App Connector V2 CLI for TCP Applications.