Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Deploy Secure app connector V2 on VMWare VSphere Hypervisor (ESXi) using OVA for TCP Applications

icons.png  Watch the visual story about Deploying V2 OVA on VMWare VSphere Hypervisor (ESXi) 

Note: Make sure to allow the following domains and HTTP(S) ports when you are using a firewall. For more details, see Secure App Connector V2 Prerequisites and Firewall settings For Private Applications

Prerequisites

  • Skyhigh Security recommends Secure App Connector have at least 4CPU8GB RAM, and 50GB HDD.

Steps to Deploy  

  1. Download the latest OVF package. For information about how to download, see Download Secure App Connector V2.
  2. In the Select creation type window, select Deploy a virtual machine from an OVF or OVA file.

clipboard_ed4e46406af78918f893aa7ea7b442322.png

  1. Name a virtual machine and upload the OVA file.

clipboard_e0e6b41efeedb4bb68e97ed81c20f3fba.png

  1. Select the storage type and data store.

clipboard_e40f736c6d3342fa68a81e289c4fed293.png

  1. Read and accept the terms of the license agreement, then click Next.

clipboard_e372a73e29fe579a0b1c3fd3e98033262.png

  1. Select Thin as the Disk provisioning in the Deployment options.  

clipboard_eaf8816b754c59950bb190c6f045d3069.png

  1. Review all the details and Click Finish.

clipboard_e2b74789a948e257be6730832458b1859.png

  1. The OVA file will be deployed in ~5-10 minutes (depending on the network speed). Deployment progress can be monitored in the Recent tasks panel.

clipboard_e8fae448351652508d909d194884247ab.png

  1. Power ON the VM once the OVA deployment is completed. You can access the VM via Remote Console. 

Change the Password after the OVA Deployment

To change the default user name and the password (Login: admin / Password: Welcome@123) OVA deployment is completed. 

To change the root user password:
  1. Login to the host VM.
  2. Type sudo passwd command.
  3. Enter a new password in the New password field.
  4. Re-enter the new password in the Retype new password field. 
  5. When the new password is set, the passwd: all authentication tokens updated successfully message appears.
To change the user admin password: 
  1. Login to the host VM.
  2. Type passwd command.
  3. Enter the existing user password In the current user admin field.
  4. Enter a new password in the New password field.
  5. Re-enter the new password in the Retype new password field. 
  6. When the new password is set, the passwd: all authentication tokens updated successfully message appears.

OVA Deployment Validation 

  1. If DHCP service is available in our environment, then IPV4 address allocation will be done automatically. In case IPV4 address is not assigned then just execute => sudo systemctl restart network. Find out the IPV4 address and login to VM.
  2. If you are manually allocated with an IP address, login to VM via Remote Console. (Login: admin / Password: Welcome@123).

clipboard_e6bb735d20c07b2b521cf05594f85e316.png

  1. Run the sudo /home/admin/configure_network command to configure static IP on VM 

MicrosoftTeams-image (85).png

  1. Verify if the microk8s service is in a running state.

MicrosoftTeams-image (39).png

  1. Verify if public sites are reachable.
  • Use curl -v -k -L --connect-timeout 5 https://www.myshn.net 2>&1 | grep "Connected to www.myshn.net" the command when not using the proxy. 
  • Use curl -v -k --connect-timeout 5 [--proxy <PROXY>] https://www.myshn.net 2>&1 | grep "200 Connection established" the command when using the proxy.
Deploy the connector using the script

NOTE: The script is already present in the OVA in the home directory.

  1. Download connector configuration content from SSE and copy it to the VM. Copy the config file to /home/admin.
  2. Execute the installer => sudo bash deploy_connector --init_file <CONFIG_FILE> [--proxy=<PROXY> ] [--no_proxy= <NO_PROXY>].
    • <PROXY>: Address of the proxy server (optional)
       NOTE: Ensure you follow this format: <URI Schema>://<Proxy-hostname>:<Proxy-port>. If this format isn't followed, installation will fail for a proxy. Only one proxy is supported for a connector.
      Eg: http://proxy.corp.com:80 or  https://proxy.corp.com:443
    • <NO_PROXY> :  List of domains that can be added to bypass the proxy (optional). This parameter can be ignored if you don't have any domains that need to bypass the proxy, even when a proxy is used.

NOTE: Set the <PROXY> and <NO_PROXY> parameters only when your connector uses a proxy server to reach the Internet.

Note: 1st 3 DNS entries will be used, & the rest will be ignored.   

  1. Confirm if connector deployment is successful. 

To verify the connector deployment, For more details, see Secure App Connector V2 CLI for TCP Applications.