Cloud OSS - Cloudworks Service Manager | How to create a Cloud Gateway (CGW) Template in Hyper-V |
|---|
Table of Contents
| Table of Contents | ||||||||
|---|---|---|---|---|---|---|---|---|
|
...
1) Log in to SCVMM server and open the SCVMM console. Next, click on Library tab.
Fig 1. SCVMM console Library
...
2) Right click on Library Servers and create a Library Server. Create a Library Share and name it ISO or choose an alternative name that you prefer.
(You may skip this step if you already have a Library Server and Library Share configured in SCVMM)
Fig 2. Creating a Library Server and Library Share
...
3) Select the ISO Library Share and click on Import physical resource.
Fig 3. Viewing the contents of selected Library Share
...
4) Click on "Add resource..." in the appearing window.
Fig 4. Adding a resource to the Library
...
5) Navigate to pfSense 2.2 .ISO image that you have previously uploaded to SCVMM Server and click on Open
Fig 5. Adding .ISO image to the Library
...
6) Click on Browse to select the destination for the imported .ISO image
Fig 6. Browsing for imported resource destination
...
7) Select the Destination Folder (Library Share) and click on OK.
Fig 7. Selecting imported resource destination
8) Click on Import.
Fig 8. Importing resource
...
9) Wait until the import process is finished and close the Jobs window that appears.
Fig 9. Running the import process
...
10) The ISO image should now appear in the folder selected in step 7.
Fig 10. Viewing the ISO image Library Share
...
11) You will now need to create a Virtual Machine (VM) using the uploaded image. On SCVMM console click on VMs and Services.
Fig 11. VMs and Services
...
12) Click on Create Virtual Machine.
Fig 12. Creating a new VM
...
13) In the appearing window choose "Create the new virtual machine with a blank virtual hard disk" and click on Next.
Fig 13. Creating a new virtual hard disk (VHD) for VM
...
14) Type in the Virtual machine name, choose Generation 1 and click on Next.
Fig 14. VM name and generation
...
15) Select "Cloud Capability Profiles"
Fig 15. Cloud Capability Profiles
16) Select Hyper-V.
Fig 16. Cloud Capability profiles (Hyper-V selection)
...
17) Set the minimum recommended resources for running a Cloud Gateway VM (1 processor / 512 MB Memory / 5 GB hard disk).
Fig 17. Setting CPU resources
Fig 18. Setting Memory resources
Fig 19. Setting Hard Disk resources
...
18) In Virtual DVD Drive choose "Existing ISO image" and browse for the uploaded .ISO image on the Library Share, as shown in steps 8 and 9.
Fig 20. Mounting the .ISO image
...
To add a network adapter, select New and then click on Network adapter.
Fig 21. Adding a network adapter
...
Two (2) network adapters should be available now.
Fig 22. Viewing network adapters
...
Repeat the previous step so that you end up with the required Three (3) network adapters.
Fig 23. Viewing the network adapters
...
20) For each network adapter, choose "Connected to a VM network" and select a VM network.
Fig 24. Connecting network adapters to a VM network
...
21) Click on Next at the bottom right.
Fig 25. Proceeding through the VM creation wizard
...
22) In the Select Destination tab, click on Next.
Fig 26. Select Destination tab
...
23) Select the Hyper-V Host on which the VM will be created in and click on Next.
Fig 27. Choosing Hyper-V node for VM
...
24) In the Configure Settings tab, click on Next.
Fig 28. Choosing storage location
...
25) In the Add Properties tab, choose Other Linux (64 bit) on the OS drop-down list and click on Next.
Fig 29. Choosing an Operating System
...
26) Finally, click on Create in the Summary tab.
Fig 30. Settings confirmation and VM creation
...
27) Wait until the VM creation is completed and close the Jobs window.
Fig 31. VM creation in progress
...
28) As soon as the VM is created, it will be listed in SCVMM console as belonging to a Hyper-V Cluster and/or a Hyper-V node.
Fig 32. New VM listed
...
Right click on the Hyper-V node you've chosen as a host for the Cloud Firewall VM and choose Connect via RDP.
...
30) Start Hyper-V Manager.
...
31) Right click on the Cloud Firewall VM and click on Settings...
Fig 35. Cloud Gateway VM settings
...
32) Click on Network Adapter 3 to view its properties.
Fig 36. Network Adapter 3 properties
...
33) Check "Enable virtual LAN identification" and type in the VLAN identifier that will allow you to access the VM via the OPT1 (MGMT) interface (this is the pfSense interface we will configure later on after installing pfSense). In our example, we set VLAN 22 and click on OK.
Fig 37. Setting Network Adapter 3 VLAN identifier
...
35) Select the Cloud Firewall VM and click on "Power On".
...
36) Right click on VM, go to "Connect or view" and click "Connect via console".
Fig 39. Connecting to the VM via console
...
| Info | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
See also:
|
Fig 40. VM console view during .ISO image boot
...
37) Wait until the following screen shows up during boot process and type "i" to install pfSense on the VM hard disk.
Fig 41. Choosing to install on the local VM hard disκ
...
38) Select "Accept these Settings" and press enter.
Fig 42. Accepting the default console settings
...
39) Select "Quick/Easy Install" and press enter.
Fig 43. Choosing installation type
...
Select OK and press Enter.
Fig 44. Installation approval
...
Wait until the set up process of pfSense is completed.
Fig 45. Waiting for the installation to complete
...
Select "Standard Kernel" and press enter.
Fig 46. Selecting kernel type
...
Select "Return to Select Task" and press enter.
Fig 47. Returning from the installation
...
Select Exit and press Enter.
Fig 48. Exiting the installation
...
Wait for pfSense to reboot.
Fig 49. pfSense rebooting upon installation process completion
...
40) Close the VM console session and click on Power Off.
Fig 50. Stopping the CGW VM
...
41) Right click on the CGW VM and click on Properties.
Fig 51. Viewing VM properties
...
42) In Hardware Configuration tab under Bus Configuration field, select "No Media" for Virtual DVD Drive. This way pfSense .ISO image is removed since it is not required anymore. Click OK to save the new configuration.
Fig 52. Removing the ISO image from the virtual DVD drive
...
43) Power On VM and connect to its console as described in step 35. Wait for the following screen to appear:
Fig 53. Powering on VM for the 1st time since OS installation
...
44) VLAN configuration is not required at this point, therefore type "n" and press enter.
Fig 54. Choosing not to set up VLAN
...
Type hn0 and press enter.
Fig 55. Naming the WAN interface
...
Type hn1 and press enter.
Fig 56. Naming the LAN interface
...
Type hn2 and press enter.
Fig 57. Naming the MGMT interface
...
There are no more network interfaces, so, press enter to continue
Fig 58. Finished naming the network interfaces
...
Type "y" and press enter to accept interface assignments
Fig 59. Saving network interface name assignments
...
46) Wait until the screen below appears:
Fig 60. pfSense basic options console menu
...
Type "2" and press enter.
Fig 61. pfSense basic options console menu
...
Type "1" to select the WAN interface and press enter.
Fig 62. Choosing to configure WAN interface
...
Type "n" and press enter when asked to configure the interface via DHCP. Type in the WAN interface IP address and press enter.
Fig 63. Configuring an IP Address for the WAN interface
...
Type in the subnet mask for WAN interface and press enter.
Fig 64. Configuring an subnet mask for the WAN interface
...
Press enter without setting a gateway IP address for the WAN interface.
Fig 65. Skipping gateway configuration for the WAN interface
...
Type "n" and press enter in order to skip DHCP for IPv6 addresses.
Fig 66. Skipping DHCP IPv6 configuration for the WAN interface
...
Press enter to skip IPv6 address configuration.
Fig 67. Skipping IPv6 address configuration for the WAN interface
...
Type "n" and press enter.
Fig 68. Choosing not to revert webConfigurator to HTTP
Press enter to continue.
Fig 69. Finishing WAN interface configuration
...
Type "2" and press enter.
Type "2" and press enter.
Enter the IP address and press enter.
Enter the subnet mask and press enter.
Enter the gateway IP address and press enter.
Press enter.
Type "n" and press enter.
Type "n" and press enter.
Press enter to continue.
49) Continue with assigning an IP address and gateway for the OPT1 interface as done in the previous step for the LAN interface.
...
Type "2" and press enter,
Type "3" and press enter.
Enter the OPT1 interface IP address and press enter.
Enter the subnet mask and press enter.
Enter the gateway address and press enter.
Press enter.
Type "n" and press enter.
Type "n" and press enter.
Press enter to continue.
50) The pfSense web interface can now be accessed with a web browser via the LAN interface's IP address (in our example 192.168.2.210) and by using the following credentials:
Username: admin
Password: pfsense
Fig 70. pfSense web login interface
...
Since this is the first time you login, the setup wizard is presented to you:
Fig 71. pfSense setup wizard
...
Click on pfSense logo to close the wizard and go to pfSense setup interface.
Fig 72. Exiting the setup wizard
...
51) Rename the OPT1 interface to MGMT by clicking on Interfaces -> OPT1 and changing the description field to MGMT. Save and Apply.
Fig 73. Navigating to the OPT1 interface settings Fig 74. Renaming the OPT1 interface
Fig 75. Saving OPT1 interface changes Fig 76. Applying changes to OPT1 interface settings
...
52) Configure a gateway for the WAN interface by clicking on System -> Routing.
Fig 77. Navigating to routing settings
...
Click on the plus icon at the bottom right to add a gateway.
Fig 78. Adding a gateway for the WAN interface
...
Fill in the appropriate fields as shown below and click on save.
Fig 79. Configuring a gateway for the WAN interface
Click on Apply changes.
Fig 80. Applying gateway configuration changes
...
53) Add the required static Routes by selecting the Routes tab and clicking on the plus icon at the bottom right.
Fig 81. Selecting to add a route
...
Fill in the appropriate fields as shown below, click save and apply.
Fig 82. Configuring an additional static route.
...
Click on the plus icon at the bottom right and fill in the required fields are shown below. Click Save and apply.
Fig 83. Configuring an additional static route.
...
54) Configure NAT (Network Address Translation) by clicking on Firewall -> NAT and then click on Outbound.
Fig 84. Configuring NAT outbound options
...
Select "Manual Outbound NAT rule generation" and click on Save.
Fig 85. Selecting manual outbound rule generation
...
55) You will now need to add the required firewall rules on the WAN interface. Click on Firewall -> Rules and select the WAN tab.
Fig 86. WAN interface firewall rules
...
Click on the "plus" sign at the bottom right to add a firewall rule.
Fig 87. Adding a firewall rule for the WAN interface
...
Fill in the appropriate fields as shown below and click on Save.
Fig 88. Configuring the additional firewall rule on the WAN interface
...
Click on the "plus" sign at the bottom right to add a firewall rule.
Fig 89. Adding a firewall rule for the WAN interface
...
Fill in the appropriate fields as shown below and click on Save.
Fig 90. Configuring the additional firewall rule on the WAN interface Fig 91. Applying changes
...
56) You will now need to add the required firewall rules on the LAN interface. Click on Firewall -> Rules and select the LAN tab.
Fig 92. LAN interfaces firewall rules
...
Remove the last two rules by selecting them and clicking on the "x" sign at the bottom right. Approve removal when asked. Click on the "plus" sign icon to add a rule.
Fig 93. Removing existing LAN interface firewall rules
...
Fill in the appropriate fields as shown below and click on Save and Apply changes.
Fig 94. Configuring the additional firewall rule on the WAN interface Fig 95. Applying changes
...
57) You will now need to add the required firewall rules on the MGMT interface. Click on Firewall -> Rules and select the MGMT tab. Click on "plus" sign at the bottom right to add a rule.
Fill in the appropriate fields as shown below:
...
...
...
...
...
...
...
59) You will now need to add users to user groups. Go to System -> User manager and click on the "plus" sign at the bottom right to add a new user.
Fig 103. Adding a new user
...
Fill in the appropriate fields as shown in the image below. Select the users group in the text box on the left and click on the "right arrow" sign to move it to the right.
Save the form when ready.
Fig 104. Configuring 'fwadmin' user
...
60) Go to System -> Advanced and Enable Secure Shell. Then click on Disable HTTP_REFERER enforcement check. Click on Save.
Fig 105a. Enabling secure shell access Fig 105b. Disabling HTTP_REFERER enforcement check
...
Fig 106. Accessing pfSense with WinSCP
On the right side of the monitor you can browse pfSense filesystem. Open /usr/local/www/ folder.
Fig 107. /usr/local/www pfSense folder
Right click on file fbegin.inc and click on Edit.
Fig 108. Editing file fbegin.inc
Move to line 262.
Fig 109. fbegin.inc, line 262
Copy the additional lines of code below line 262. Save the file and close the editor.
Fig 110. Pasting the code inside fbegin.inc
...
Go to folder /etc/phpshellsessions by using WinSCP.
Fig 111. Accessing /etc/phpshellsessions folder
...
Right click in windows and select New -> file.
Fig 112. Creating a new file
...
Type in ChangePassword for file name (case sensitive) and click on OK.
Fig 113. Setting file name
...
63) You will now need to disable the LAN and WAN interfaces prior to creating a VM Template based on the CGW VM. Gain console access to Cloud Gateway (CGW) via the SCVMM management console.
Fig 114. Connecting to CGW console
...
In order to disable the WAN and LAN interfaces, type 2 and press enter.
Configure the WAN interface by typing 1 and press enter.
Type "n" at IPv4 DHCP configuration and press enter.
Press Enter at WAN IPv4 address for no IP address.
Type "n" at IPv6 DHCP configuration and press enter.
Press Enter at WAN IPv6 address for no IP address.
Type "n" at HTTP for webConfigurator and press enter.
Press enter to continue.
The WAN interface is now disabled. To continue with disabling the LAN interface, type 2 and press enter.
Type 2 to configure the LAN interface and press enter. Disable the LAN interface following the same steps provided in this paragraph for the WAN interface.
64) After disabling the LAN and WAN interfaces, type "6" in basic menu and press enter, then press "y" in order to shut down the Cloud Gateway. Wait for the VM to shut down.
Fig 115. Shutting down pfsense
...
65) In SCVMM console right click on the pfSense/Cloud Gateway VM and choose Create -> Clone.
Fig 116. Creating a clone of pfSense VM
...
In the Identity tab, Specify machine name for this VM clone and click on "Next".
Fig 117. Specifying VM clone name
...
In the Configure Hardware tab click on Availability below Advanced and check the "Make this Virtual Machine High Available" option. Click on Next.
Fig 118. Turning on high availability
...
In the Select Destination tab, select "Place the virtual machine on a Host" and choose your host cluster or standalone server. Click Next.
Fig 119. Placing the VM on a host
...
Set all other options to default and click "Create" at the end of this wizard. Wait for the cloning process to complete.
Fig 120. Running the cloning process
...
66) Select Library in SCVMM console on the bottom left.
Fig 121. SCVMM Library
...
On the upper left of the SCVMM console, right click on Templates and choose "Create VM Template".
Fig 122. Creating a VM Template
...
In the Select Source tab select "From an existing virtual machine ...." and click on browse to locate the clone you've created in the previous step 64).
Fig 123. Selecting the VM from which to create the template
...
Click on Next and then click on Yes.
Fig 124. Approving that the original VM will be destroyed
...
In the Identity tab, specify VM Template name and click on Next.
Fig 125. Specifying VM Template name
In the Configure Hardware tab, click on Next.
Fig 126. Template hardware configuration
...
In the Configure Operating System tab, click on Next.
Fig 127. VM Template OS settings
...
In the Select Library Server tab, select the appropriate library server and click on Next.
Fig 128. Selecting a library to place the VM template
...
In the Select Path tab, click on Browse to select the path on the Library Server to save the template and click on Next.
Fig 129. Selecting the path to place the VM template
...
In the Summary tab, click on Create and wait for the operation to be completed.
Fig 130. Finalizing VM Template wizard
...