Deploy Secure App Connector V2 on VMWare VSphere Hypervisor (ESXi) using OVA for UDP Applications
NOTE: Make sure to allow the following domains and HTTP(S) ports when you are using a firewall, For more details, see Secure App Connector V2 Prerequisites and Firewall settings For Private Applications
Prerequisites
- Skyhigh Security recommends Secure App Connector have at least 8CPU, 12GB RAM, and 70GB HDD.
- The OVA is compatible with ESXi version 6.7 and above.
Steps to Deploy
- Download the latest OVF package.
- US East (N. Virginia): https://skyhigh-security.s3.amazonaws.com/private-access-v2/ESXI/UDP/skyhigh-secure-app-connector-2024.04-ESXI-UDP.ova
- Asia Pacific (Mumbai): https://skyhigh-security-1.s3.ap-south-1.amazonaws.com/private-access-v2/ESXI/UDP/skyhigh-secure-app-connector-2024.04-ESXI-UDP.ova
- Europe (Frankfurt) : https://skyhigh-security-2.s3.eu-central-1.amazonaws.com/private-access-v2/ESXI/UDP/skyhigh-secure-app-connector-2024.04-ESXI-UDP.ova
- In the Select creation type window, select Deploy a virtual machine from an OVF or OVA file.
- Name a virtual machine and upload the OVA file.
- Select the storage type and data store.
- Read and accept the terms of the license agreement, then click Next.
- Select Thin as the Disk provisioning in the Deployment options.
- Review all the details and Click Finish.
- The OVA file will be deployed in ~5-10 minutes (depending on the network speed). Deployment progress can be monitored in the Recent tasks panel.
- Power ON the VM once the OVA deployment is completed. You can access the VM via Remote Console.
Change the Password after the OVA Deployment
To change the default user name and the password (Login: admin / Password: Welcome@123) OVA deployment is completed.
To change the root user password:
- Login to the host VM.
- Type
sudo passwd
command. - Enter a new password in the New password field.
- Re-enter the new password in the Retype new password field.
- When the new password is set, the passwd: all authentication tokens updated successfully message appears.
To change the user admin password:
- Login to the host VM.
- Type
passwd
command. - Enter the existing user password In the current user admin field.
- Enter a new password in the New password field.
- Re-enter the new password in the Retype new password field.
- When the new password is set, the passwd: all authentication tokens updated successfully message appears.
OVA Deployment Validation
- If DHCP service is available in our environment, then IPV4 address allocation will be done automatically. In case IPV4 address is not assigned then just execute => sudo systemctl restart network. Find out the IPV4 address and login to VM.
- If you are manually allocated with an IP address, login to VM via Remote Console. (Login: admin / Password: Welcome@123).
- Run the
sudo /home/admin/configure_network.sh.
command to configure static IP on VM
- Verify if public sites are reachable.
- Use
curl -v -k -L --connect-timeout 5 https://www.myshn.net 2>&1 | grep "Connected to www.myshn.net"
the command when not using the proxy. - Use
curl -v -k --connect-timeout 5 [--proxy <PROXY>] https://www.myshn.net 2>&1 | grep "200 Connection established"
the command when using the proxy.
Deploy the connector using the script
NOTE: The script is already present in the OVA in the home directory.
- Download connector configuration content from SSE and copy it to the VM. Copy the config file to
/home/admin.
- Execute the installer =>
sudo bash deploy_connector
--init_file <CONFIG_FILE> [--proxy=<PROXY> ] [--udp_socks_proxy= <UDP_SOCKS_PROXY>] [--no_proxy= <NO_PROXY>].<PROXY>
: Address of the proxy server (optional)<NO_PROXY>
: List of domains that can be added to bypass the proxy (optional). This parameter can be ignored if you don't have any domains that need to bypass the proxy, even when a proxy is used.<UDP_SOCKS_PROXY>
is used to access the internet via SOCKS proxy for UDP traffic.
Note: Make sure you have the UDP Socks Proxy in this format i.e. <ip>:<port> or <hostname>:<port>. For example: 172.22.20.41:1080
NOTE: Set the <PROXY>, <NO_PROXY> and < UDP_SOCKS_PROXY> parameters only when your connector uses a proxy server to reach the Internet.
- Confirm if connector deployment is successful.
You can validate your connector deployment, see Secure App Connector V2 CLI for UDP Applications