Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...


Cloud OSS - Cloudworks Service Manager

 How to create a Cloud Gateway (CGW) Template in Hyper-V 

 

Table of Contents

Table of Contents
true
maxLevel2
minLevel2outline
indent10px
stylenone


1. Introduction

Info

See also:

Table of Contents
maxLevel2
minLevel2
indent10px
stylenone

...

 


This section provides information that will assist you in creating a Cloud Gateway (CGW) template based on pfSense 2.2. This template will be used by Cloud OSS during IaaS services provisioning. 
Instructions provided herein are for implementation on Hyper-V 2012 R2.

...

In this guide we first create a Cloud Gateway Virtual Machine and we then create a Template based on this Virtual Machine. 

 

 

2. Downloading the pfSense 2.2 image

Info

See also:

Table of Contents
maxLevel2
minLevel2
indent10px
stylenone

 

You can download pfSense 2.2 installation image by using this link.

...

 

Note
iconfalse

The downloaded image will be in .GZIP format and you will first need to decompress it in order to end up with a, compatible with SCVMM,  image in .ISO format.

Later on,the uncompressed .ISO image will have to be uploaded to the SCVMM server where the SCVMM console is hosted. 


3. Creating a Cloud Gateway Virtual Machine

Info

See also:

Table of Contents
maxLevel2
minLevel2
indent10px
stylenone

 

1) Log in to SCVMM server and open the SCVMM console.  Next, click on Library tab. 

Image RemovedImage Added

Fig 1. SCVMM console Library

 

 

2) Right click on Library Servers and create a Library Server. Create Library Share and name it ISO or choose an alternative name that you prefer.
    (You may skip this step if you already have a Library Server and Library Share configured in SCVMM)

Image RemovedImage Added

Fig 2. Creating a Library Server and Library Share



3) Select the ISO Library Share and click on Import physical resource.

Image RemovedImage Added

Fig 3. Viewing the contents of selected Library Share



4) Click on "Add resource..." in the appearing window.

Image RemovedImage Added

Fig 4. Adding a resource to the Library

 

 

5) Navigate to pfSense 2.2 .ISO image that you have previously uploaded to SCVMM Server and click on Open

Image RemovedImage Added

Fig 5. Adding .ISO image to the Library

 

 

6) Click on Browse to select the destination for the imported .ISO image

Image RemovedImage Added

Fig 6. Browsing for imported resource destination

 

 

7) Select the Destination Folder (Library Share) and click on OK.

Image RemovedImage Added

Fig 7. Selecting imported resource destination

 

 

8) Click on Import.

Image RemovedImage Added

Fig 8. Importing resource



9) Wait until the import process is finished and close the Jobs window that appears.

Image RemovedImage Added

Fig 9. Running the import process

 

 

10) The ISO image should now appear in the folder selected in step 7.

Image RemovedImage Added

Fig 10. Viewing the ISO image Library Share

 

 

11) You will now need to create a Virtual Machine (VM) using the uploaded image. On SCVMM console click on VMs and Services.

Image RemovedImage Added

Fig 11. VMs and Services



12) Click on Create Virtual Machine.

Image RemovedImage Added

Fig 12. Creating a new VM


 

13) In the appearing window choose "Create the new virtual machine with a blank virtual hard disk" and click on Next.

Image RemovedImage Added

Fig 13. Creating a new virtual hard disk (VHD) for VM

 

 

14) Type in the Virtual machine name, choose Generation 1 and click on Next.

Image RemovedImage Added

Fig 14. VM name and generation 

 

 

15) Select "Cloud Capability Profiles"

Image RemovedImage Added

Fig 15. Cloud Capability Profiles

 

 

16) Select Hyper-V.

Image RemovedImage Added

Fig 16. Cloud Capability profiles (Hyper-V selection)

 

 

17) Set the minimum recommended resources for running a Cloud Gateway VM (1 processor / 512 MB Memory / 5 GB hard disk).

Image RemovedImage Added

Fig 17. Setting CPU resources


Image RemovedImage Added

Fig 18. Setting Memory resources


Image RemovedImage Added

Fig 19. Setting Hard Disk resources

 

 

18) In Virtual DVD Drive choose "Existing ISO image" and browse for the uploaded .ISO image on the Library Share, as shown in steps 8 and 9.

Image RemovedImage Added

Fig 20. Mounting the .ISO image



19) For a Cloud Gateway, three (3) Network Interfaces are required (WANLAN and MGMT). In the Network Adapters tab, you should proceed as follows:

      To add a network adapter, select New and then click on Network adapter.

Image RemovedImage Added

Fig 21. Adding a network adapter


Two (2) network adapters should be available now.

 Image RemovedImage Added

Fig 22. Viewing network adapters


Repeat the previous step so that you end up with the required Three (3) network adapters.

Image RemovedImage Added

Fig 23. Viewing the network adapters



20) For each network adapter, choose "Connected to a VM network" and select a VM network.

Image RemovedImage Added

Fig 24. Connecting network adapters to a VM network



21) Click on Next at the bottom right.

   Image RemovedImage Added

Fig 25. Proceeding through the VM creation wizard

 

 

22) In the Select Destination tab, click on Next.

Image RemovedImage Added

Fig 26. Select Destination tab



23) Select the Hyper-V Host on which the VM will be created in and click on Next.

Image RemovedImage Added

Fig 27. Choosing Hyper-V node for VM

 

 

24) In the Configure Settings tab, click on Next.

Image RemovedImage Added

Fig 28. Choosing storage location

 

 

25) In the Add Properties tab, choose Other Linux (64 bit) on the OS drop-down list and click on Next.

Image RemovedImage Added

Fig 29. Choosing an Operating System

 

 

26) Finally, click on Create in the Summary tab.

Image RemovedImage Added

Fig 30. Settings confirmation and VM creation

 

 

27) Wait until the VM creation is completed and close the Jobs window.

Image RemovedImage Added

Fig 31. VM creation in progress 

 

 

28) As soon as the VM is created, it will be listed in SCVMM console as belonging to a Hyper-V Cluster and/or a Hyper-V node.

Image RemovedImage Added

Fig 32. New VM listed



29) In order to allow access to the Cloud Firewall, we need to set a VLAN identifier for Network Adapter 3 created in step 19. In order to do so, we will use Hyper-V Manager

       Right click on the Hyper-V node you've chosen as a host for the Cloud Firewall VM and choose Connect via RDP.

 Image RemovedImage Added                                         

Fig 33. Connecting to Hyper-V host



30) Start Hyper-V Manager.

Image RemovedImage Added                                           

Fig 34. Starting Hyper-V Manager 

 

 

31) Right click on the Cloud Firewall VM and click on Settings...

Image RemovedImage Added

Fig 35. Cloud Gateway VM settings



32) Click on Network Adapter 3 to view its properties.

Image RemovedImage Added

Fig 36. Network Adapter 3 properties



33) Check "Enable virtual LAN identification" and type in the VLAN identifier that will allow you to access the VM via the OPT1 (MGMT) interface (this is the pfSense interface we will configure later on after installing pfSense). In our example, we set VLAN 22 and click on OK.

Image RemovedImage Added

Fig 37. Setting Network Adapter 3 VLAN identifier

 

 

34) Close Hyper-V Manager and disconnect from Hyper-V node. Return to the SCVMM console.

 

35) Select the Cloud Firewall VM and click on "Power On".

Image RemovedImage Added                                                               

Fig 38. Powering on VM

 

 

36) Right click on VM, go to "Connect or view" and click "Connect via console".

Image RemovedImage Added

Fig 39. Connecting to the VM via console


4. Installing pfSense

Info

See also: 

Creating a Cloud Gateway Virtual Machine

Configuring pfSense as a Cloud Gateway

6 Creating the Template

...

Table of Contents
maxLevel2
minLevel2
indent10px
stylenone

          

Image RemovedImage Added

Fig 40. VM console view during .ISO image boot 



37) Wait until the following screen shows up during boot process and type "i" to install pfSense on the VM hard disk.

Image RemovedImage Added

Fig 41. Choosing to install on the local VM hard disκ

 

38) Select "Accept these Settings" and press enter.

Image RemovedImage Added

Fig 42. Accepting the default console settings

 

39) Select "Quick/Easy Install" and press enter.

Image RemovedImage Added

Fig 43. Choosing installation type

...

Select OK and press Enter.

Image RemovedImage Added

Fig 44. Installation approval


Wait until the set up process of pfSense is completed.

Image RemovedImage Added

Fig 45. Waiting for the installation to complete

...

Select "Standard Kernel" and press enter.

Image RemovedImage Added

Fig 46. Selecting kernel type

 

 Select "Return to Select Task" and press enter.

Image RemovedImage Added

Fig 47. Returning from the installation

...

Select Exit and press Enter.

Image RemovedImage Added

Fig 48. Exiting the installation

 

Wait for pfSense to reboot.

Image RemovedImage Added

Fig 49. pfSense rebooting upon installation process completion 



40) Close the VM console session and click on Power Off.

Image RemovedImage Added

Fig 50. Stopping the CGW VM

 

 

41) Right click on the CGW VM and click on Properties.

Image RemovedImage Added

Fig 51. Viewing VM properties



42) In Hardware Configuration tab under Bus Configuration field, select "No Media" for Virtual DVD Drive. This way pfSense .ISO image is removed since it is not required anymore. Click OK to save the new configuration. 

Image RemovedImage Added

Fig 52. Removing the ISO image from the virtual DVD drive


5. Configuring pfSense as a Cloud Gateway

Info

See also: 

Creating a Cloud Gateway Virtual Machine

Installing pfSense

6 Creating the Template

Table of Contents
maxLevel2
minLevel2
indent10px
stylenone

 


43) Power On VM and connect to its console as described in step 35. Wait for the following screen to appear:

Image RemovedImage Added

Fig 53. Powering on VM for the 1st time since OS installation

 

 

44) VLAN configuration is not required at this point, therefore type "n" and press enter.

Image RemovedImage Added

Fig 54. Choosing not to set up VLAN

 

 

45) Assign names to the three (3) network interfaces as follows:

...

Type hn0 and press enter.

Image RemovedImage Added

Fig 55. Naming the WAN interface

 

Type hn1 and press enter.

Image RemovedImage Added

Fig 56. Naming the LAN interface

 

Type hn2 and press enter.

Image RemovedImage Added

Fig 57. Naming the MGMT interface

...

There are no more network interfaces, so, press enter to continue

Image RemovedImage Added

Fig 58. Finished naming the network interfaces

...

Type "y" and press enter to accept interface assignments

Image RemovedImage Added

Fig 59. Saving network interface name assignments

 

 

46) Wait until the screen below appears:

Image RemovedImage Added

Fig 60. pfSense basic options console menu



47) You will now need to configure IP addresses for all interfaces. On the LAN interface we should set an appropriate IP address so that you can use your workstation for accessing the Cloud Gateway via this interface for initial configuration purposes.
      At this point, you may set 'dummy' IP addresses for the WAN and OPT1 (MGMT) interfaces that are required for configuring routing and firewall rules. The actual IP addresses are automatically set based on CloudWorks Service Manager configuration.

...

Type "2" and press enter.

Image RemovedImage Added

Fig 61. pfSense basic options console menu

...

Type "1" to select the WAN interface and press enter.

Image RemovedImage Added

Fig 62. Choosing to configure WAN interface

...

Type "n" and press enter when asked to configure the interface via DHCP. Type in the WAN interface IP address and press enter.

Image RemovedImage Added

Fig 63. Configuring an IP Address for the WAN interface

...

Type in the subnet mask for WAN interface and press enter.

Image RemovedImage Added

Fig 64. Configuring an subnet mask for the WAN interface

...

Press enter without setting a gateway IP address for the WAN interface.

Image RemovedImage Added

Fig 65. Skipping gateway configuration for the WAN interface

...

Type "n" and press enter in order to skip DHCP for IPv6 addresses.

 Image RemovedImage Added

Fig 66. Skipping DHCP IPv6 configuration for the WAN interface

...

Press enter to skip IPv6 address configuration.

Image RemovedImage Added

Fig 67. Skipping IPv6 address configuration for the WAN interface

...

Type "n" and press enter.

Image RemovedImage Added

Fig 68. Choosing not to revert webConfigurator to HTTP

 

Press enter to continue.

Image RemovedImage Added

Fig 69. Finishing WAN interface configuration 



48) Continue with assigning an IP address and gateway for the LAN interface as done in the previous step for the WAN interface.

...

Type "2" and press enter.

Image RemovedImage Added

 

Type "2" and press enter.

 Image RemovedImage Added

 

Enter the IP address and press enter.

Image RemovedImage Added

 

Enter the subnet mask and press enter.

Image RemovedImage Added

 

Enter the gateway IP address and press enter.

Image RemovedImage Added

 

Press enter.

Image RemovedImage Added

 

Type "n" and press enter.

Image RemovedImage Added

 

Type "n" and press enter.

Image RemovedImage Added

 

Press enter to continue.

Image RemovedImage Added

 

 

49) Continue with assigning an IP address and gateway for the OPT1 interface as done in the previous step for the LAN interface.

...

Type "2" and press enter,

Image RemovedImage Added

 

Type "3" and press enter.

Image RemovedImage Added

 

Enter the OPT1 interface IP address and press enter.

Image RemovedImage Added

 

Enter the subnet mask and press enter.

 Image RemovedImage Added

 

Enter the gateway address and press enter.

Image RemovedImage Added

 

Press enter.

 Image RemovedImage Added

 

Type "n" and press enter.

 Image RemovedImage Added

 

Type "n" and press enter.

Image RemovedImage Added

 

Press enter to continue.

Image RemovedImage Added

 

 

50) The pfSense web interface can now be accessed with a web browser via the LAN interface's IP address (in our example 192.168.2.210) and by using the following credentials:

Username: admin

Password: pfsense

Image RemovedImage Added Image RemovedImage Added

Fig 70. pfSense web login interface

...

Since this is the first time you login, the setup wizard is presented to you:

Image RemovedImage Added

Fig 71. pfSense setup wizard

 

Click on pfSense logo to close the wizard and go to pfSense setup interface.

Image RemovedImage Added

Fig 72. Exiting the setup wizard



51) Rename the OPT1 interface to MGMT by clicking on Interfaces -> OPT1 and changing the description field to MGMT. Save and Apply.

 

 Image RemovedImage Added                   Image RemovedImage Added

Fig 73. Navigating to the OPT1 interface settings                                                                           Fig 74. Renaming the OPT1 interface


 Image RemovedImage Added                   Image RemovedImage Added

Fig 75. Saving OPT1 interface changes                                                                           Fig 76. Applying changes to OPT1 interface settings



52) Configure a gateway for the WAN interface by clicking on System -> Routing.

Image RemovedImage Added  

Fig 77. Navigating to routing settings

...

Click on the plus icon at the bottom right to add a gateway.

Image RemovedImage Added

Fig 78.  Adding a gateway for the WAN interface

...

Fill in the appropriate fields as shown below and click on save.

Image RemovedImage Added

Fig 79. Configuring a gateway for the WAN interface

 

Click on Apply changes.

Image RemovedImage Added

Fig 80. Applying gateway configuration changes



53) Add the required static Routes by selecting the Routes tab and clicking on the plus icon at the bottom right.

Image RemovedImage Added

Fig 81. Selecting to add a route

 

Fill in the appropriate fields as shown below, click save and apply.

Image RemovedImage Added

Fig 82. Configuring an additional static route.

...

Click on the plus icon at the bottom right and fill in the required fields are shown below. Click Save and apply.

Image RemovedImage Added

Fig 83. Configuring an additional static route.



54) Configure NAT (Network Address Translation) by clicking on Firewall -> NAT and then click on Outbound.

Image RemovedImage Added

Fig 84. Configuring NAT outbound options

...

Select "Manual Outbound NAT rule generation" and click on Save.

 Image RemovedImage Added

Fig 85. Selecting manual outbound rule generation



55) You will now need to add the required firewall rules on the WAN interface. Click on Firewall -> Rules and select the WAN tab.

Image RemovedImage Added

Fig 86. WAN interface firewall rules

...

Click on the "plus" sign at the bottom right to add a firewall rule.

Image RemovedImage Added

Fig 87. Adding a firewall rule for the WAN interface

...

Fill in the appropriate fields as shown below and click on Save.

Image RemovedImage Added

Fig 88. Configuring the additional firewall rule on the WAN interface

...

Click on the "plus" sign at the bottom right to add a firewall rule.

Image RemovedImage Added

Fig 89. Adding a firewall rule for the WAN interface

...

Fill in the appropriate fields as shown below and click on Save.

Image RemovedImage Added                      Image RemovedImage Added

Fig 90. Configuring the additional firewall rule on the WAN interface                                                                                 Fig 91. Applying changes



56) You will now need to add the required firewall rules on the LAN interface. Click on Firewall -> Rules and select the LAN tab.

Image RemovedImage Added

Fig 92. LAN interfaces firewall rules

...

Remove the last two rules by selecting them and clicking on the "x" sign at the bottom right. Approve removal when asked. Click on the "plus" sign icon to add a rule.

Image RemovedImage Added

Fig 93. Removing existing LAN interface firewall rules

...

Fill in the appropriate fields as shown below and click on Save and Apply changes.

Image RemovedImage Added                            Image RemovedImage Added

Fig 94. Configuring the additional firewall rule on the WAN interface                                                                                 Fig 95. Applying changes



57) You will now need to add the required firewall rules on the MGMT interface. Click on Firewall -> Rules and select the MGMT tab. Click on "plus" sign at the bottom right to add a rule.
       Fill in the appropriate fields as shown below:

Image RemovedImage Added

Fig 95. Configuring a new rule for the MGMT interface

...

In the Description field, type in "Pass ANY - ANY -ALL" and click on Save.
Image RemovedImage Added
Fig 96. Description of new LAN interface firewall rule

...

Add a rule to the MGMT interface with the settings as shown below. Click on Save and Apply.
Image RemovedImage Added
Fig 97. Configuring an additional rule for the MGMT interface


Add a rule to the MGMT interface with the settings as shown below. Click on Save and Apply.
Image RemovedImage Added
Fig 98. Configuring an additional rule for the MGMT interface



58) You will now need to create a 'users' group for Cloud Gateway by configuring user groups. Click on System - > User manager and select the Groups tab.
Image RemovedImage Added
Fig 99. pfSense user groups tab


Click on the "plus" sign at the bottom right to add a group. Fill in the appropriate fields as below and click on Save.
Image RemovedImage Added
Fig 100. Adding a 'users' group


In order to edit the newly created groups, click on the "e" sign next to them.
Image RemovedImage Added
Fig 101. Editing the 'users' group

...

Click the "plus" icon in the "Assigned Privileges" section.
Image RemovedImage Added
Fig 102. Adding privileges to the 'users' group

...

User - VPN - IPsec xauth Dialin
User - VPN - L2TP Dialin
User - VPN - PPTP Dialin
WebCfg - Dashboard (all)
WebCfg - Dashboard widgets (direct access).
WebCfg - Diagnostics: System Activity
WebCfg - Diagnostics: ARP Table page
WebCfg - Diagnostics: Authentication page 
WebCfg - Diagnostics: Backup/restore page
WebCfg - Diagnostics: Configuration History page
WebCfg - Diagnostics: CPU Utilization page
WebCfg - Crash reporter|
WebCfg - Diagnostics: Factory defaults page
WebCfg - Diagnostics: Logs: DHCP page
WebCfg - Diagnostics: Logs: Firewall page
WebCfg - Diagnostics: Logs: VPN page
WebCfg - Diagnostics: Logs: Settings page
WebCfg - Diagnostics: Logs: System page
WebCfg - Diagnostics: Packet Capture page
WebCfg - Diagnostics: Patterns page
WebCfg - Diagnostics: Ping page
WebCfg - Diagnostics: Reboot System page
WebCfg - Diagnostics: Reset state page
WebCfg - Diagnostics: Restart HTTPD : System page
WebCfg - Diagnostics: Routing tables page
WebCfg - Diagnostics: Show States page
WebCfg - Diagnostics: States Summary page
WebCfg - Diagnostics: PF Table IP addresses
WebCfg - Diagnostics: Traceroute page
WebCfg - Firewall: Alias: Edit page
WebCfg - Firewall: Alias: Import page
WebCfg - Firewall: Aliases page
WebCfg - Firewall: NAT: 1:1 page
WebCfg - Firewall: NAT: 1:1: Edit page
WebCfg - Firewall: NAT: Outbound page
WebCfg - Firewall: NAT: Outbound: Edit page
WebCfg - Firewall: NAT: Port Forward page
WebCfg - Firewall: NAT: Port Forward: Edit page \
WebCfg - Firewall: Rules page
WebCfg - Firewall: Rules: Edit page
WebCfg - Firewall: Schedules page
WebCfg - Firewall: Schedules: Edit page
WebCfg - Firewall: Traffic Shaper page
WebCfg - Firewall: Traffic Shaper: Layer7 page
WebCfg - Firewall: Traffic Shaper: Limiter page
WebCfg - Firewall: Traffic Shaper: Queues page
WebCfg - Firewall: Traffic Shaper: Wizard page
WebCfg - Firewall: Virtual IP Address: Edit page
WebCfg - Firewall: Virtual IP Addresses page
WebCfg - AJAX: Get Service Providers
WebCfg - AJAX: Get Stats
WebCfg - Diag IPsec XML page
WebCfg - OpenVPN: Client page
WebCfg - OpenVPN: Client Specific Override page
WebCfg - OpenVPN: Server page
WebCfg - Required for javascript page
WebCfg - Services: Captive portal page
WebCfg - Services: Captive portal: Allowed Hostnames page
WebCfg - Services: Captive portal: Allowed IPs page
WebCfg - Services: Captive portal: Edit Allowed Hostnames page
WebCfg - Services: Captive portal: Edit Allowed IPs page
WebCfg - Services: Captive portal: Edit MAC Addresses page
WebCfg - Services: Captive portal: File Manager page
WebCfg - Services: Captive portal: Mac Addresses page
WebCfg - Services: Captive portal Voucher Rolls page
WebCfg - Services: Captive portal Vouchers page
WebCfg - Services: SNMP page
WebCfg - Status: Captive portal page
WebCfg - Status: Captive portal test Vouchers page
WebCfg - Status: Captive portal Voucher Rolls page 
WebCfg - Status: Captive portal Vouchers page 
WebCfg - Status: CARP page 
WebCfg - Status: CPU load page 
WebCfg - Status: DHCP leases page 
WebCfg - Status: Filter Reload Status page 
WebCfg - Status: Gateway Groups page 
WebCfg - Status: Gateways page 
WebCfg - Status: IPsec page 
WebCfg - Status: IPsec: SAD page 
WebCfg - Status: IPsec: SPD page 
WebCfg - Status: OpenVPN page 
WebCfg - Status: RRD Graphs settings page 
WebCfg - Status: RRD Graphs page 
WebCfg - Status: Services page 
WebCfg - Status: System logs: IPsec VPN page 
WebCfg - Status: System logs: OpenVPN page 
WebCfg - Status: System logs: Portal Auth page 
WebCfg - Status: System logs: IPsec VPN page 
WebCfg - Status: Traffic Graph page 
WebCfg - Status: Traffic shaper: Queues page 
WebCfg - Status: UPnP Status page 
WebCfg - System: Advanced: Firewall and NAT page 
WebCfg - System: Login / Logout page / Dashboard 
WebCfg - System: Static Routes page 
WebCfg - System: Static Routes: Edit route page 
WebCfg - VPN: IPsec page 
WebCfg - VPN: IPsec: Edit Pre-Shared Keys 
WebCfg - VPN: IPsec: Edit Phase 1 page 
WebCfg - VPN: IPsec: Edit Phase 2 page
WebCfg - VPN: IPsec: Pre-Shared Keys List 
WebCfg - VPN: IPsec: Mobile page 
WebCfg - VPN: VPN L2TP page
WebCfg - VPN: VPN L2TP : Users page 
WebCfg - VPN: VPN L2TP : Users : Edit page 
WebCfg - VPN: VPN PPTP page 
WebCfg - VPN: VPN PPTP: User: Edit page 
WebCfg - VPN: VPN PPTP: Users page 
WebCfg - XMLRPC Interface Stats page 
WebCfg - XMLRPC Library page 
WebCfg - Services: DNS Forwarder page 
WebCfg - Services: DNS Forwarder: Edit Domain Override page 
WebCfg - Services: DNS Forwarder: Edit host page 
WebCfg - Services: Igmpproxy page 
WebCfg - System: Advanced: Admin Access Page 
WebCfg - System: Advanced: Miscellaneous page 
WebCfg - System: Advanced: Network page 
WebCfg - System: Advanced: Notifications page 
WebCfg - System: Advanced: Tunables page 
WebCfg - System: Authentication Servers 
WebCfg - System: CA Manager 
WebCfg - System: Certificate Manager
WebCfg - System: CRL Manager 
WebCfg - System: Gateway Groups page
WebCfg - System: Gateways page 
WebCfg - System: Gateways: Edit Gateway page 
WebCfg - System: Gateways: Edit Gateway Groups page 
User - System - Shell account access 
WebCfg - Services: DHCP Relay page
WebCfg - Services: DHCP server page 
WebCfg - Services: DHCP Server : Edit static mapping page 
WebCfg - Services: Dynamic DNS client page 
WebCfg - Services: Dynamic DNS clients page 
WebCfg - Status: Interfaces page 
WebCfg - Help pages 
WebCfg - OpenVPN: Client Export Utility
WebCfg - System: User Manager page 
WebCfg - System: User Manager: Add Privileges page 
WebCfg - System: User Password Manager page 
WebCfg - System: User Manager: settings page 
WebCfg - System: User Manager: Settings: Test LDAP page


59) You will now need to add users to user groups. Go to System -> User manager and click on the "plus" sign at the bottom right to add a new user.

Image RemovedImage Added

Fig 103. Adding a new user

 

 

Fill in the appropriate fields as shown in the image below. Select the users group in the text box on the left and click on the "right arrow" sign to move it to the right.

Save the form when ready.

Image RemovedImage Added

Fig 104. Configuring 'fwadmin' user



60) Go to System -> Advanced and Enable Secure Shell. Then click on Disable HTTP_REFERER enforcement check. Click on Save.

Image RemovedImage Added  Image RemovedImage Added

Fig 105a. Enabling secure shell access                                                      Fig 105b. Disabling HTTP_REFERER enforcement check                                                  


 

61)  You now need to edit pfSense file /usr/local/www/fbegin.inc so that the following lines are added after line 262:

...

username: root
password: pfsense
Image RemovedImage Added

Fig 106. Accessing pfSense with WinSCP

 

 

On the right side of the monitor you can browse pfSense filesystem. Open /usr/local/www/ folder.

Image RemovedImage Added

Fig 107. /usr/local/www pfSense folder

 


Right click on file fbegin.inc and click on Edit.

Image RemovedImage Added

Fig 108. Editing file fbegin.inc

 

 

Move to line 262.

Image RemovedImage Added  

Fig 109. fbegin.inc, line 262

 

 

Copy the additional lines of code below line 262. Save the file and close the editor.

Image RemovedImage Added

Fig 110. Pasting the code inside fbegin.inc



62) Now you need to create a new ChangePassword file (case sensitive) inside /etc/phpshellsessions folder. This file is required by CloudWorks Service Manager for managing Cloud Gateway user passwords.

...

Go to folder /etc/phpshellsessions by using WinSCP.

 Image RemovedImage Added

Fig 111. Accessing /etc/phpshellsessions folder

...

Right click in windows and select New -> file.

Image RemovedImage Added

Fig 112. Creating a new file

 

Type in ChangePassword for file name (case sensitive) and click on OK.

Image RemovedImage Added

Fig 113. Setting file name

 

Copy the lines of code in file editor window and save file.



63) You will now need to disable the LAN and WAN interfaces prior to creating a VM Template based on the CGW VM. Gain console access to Cloud Gateway (CGW) via the SCVMM management console.

Image RemovedImage Added

Fig 114. Connecting to CGW console

...

In order to disable the WAN and LAN interfaces, type 2 and press enter.

Image RemovedImage Added

 

Configure the WAN interface by typing 1 and press enter.

Image RemovedImage Added

 

Type "n" at IPv4 DHCP configuration and press enter.

Image RemovedImage Added

 

Press Enter at WAN IPv4 address for no IP address.

Image RemovedImage Added

 

Type "n" at IPv6 DHCP configuration and press enter.

Image RemovedImage Added

 

Press Enter at WAN IPv6 address for no IP address.

Image RemovedImage Added

 

Type "n" at HTTP for webConfigurator and press enter.

Image RemovedImage Added

 

Press enter to continue.

Image RemovedImage Added

 

The WAN interface is now disabled. To continue with disabling the LAN interface, type 2 and press enter.

Image RemovedImage Added

Type 2 to configure the LAN interface and press enter. Disable the LAN interface following the same steps provided in this paragraph for the WAN interface.

Image RemovedImage Added



64) After disabling the LAN and WAN interfaces, type "6" in basic menu and press enter, then press "y" in order to shut down the Cloud Gateway. Wait for the VM to shut down.

Image RemovedImage Added

Fig 115. Shutting down pfsense

 


6. Creating the Template

Info

See also: 

Creating a Cloud Gateway Virtual Machine

4 Installing pfSense

Configuring pfSense as a Cloud Gateway

Table of Contents
maxLevel2
minLevel2
indent10px
stylenone

 


65) In SCVMM console right click on the pfSense/Cloud Gateway VM and choose Create -> Clone.

Image RemovedImage Added

Fig 116. Creating a clone of pfSense VM

 

 

In the Identity tab, Specify machine name for this VM clone and click on "Next".

Image RemovedImage Added

Fig 117. Specifying VM clone name

 

 

In the Configure Hardware tab click on Availability below Advanced and check the "Make this Virtual Machine High Available" option. Click on Next.

Image RemovedImage Added

Fig 118. Turning on high availability

 

 

In the Select Destination tab, select "Place the virtual machine on a Host" and choose your host cluster or standalone server. Click Next.

Image RemovedImage Added

Fig 119. Placing the VM on a host

 

 

Set all other options to default and click "Create" at the end of this wizard. Wait for the cloning process to complete.

Image RemovedImage Added

Fig 120. Running the cloning process

 

After the cloning process is completed you will have a clone of the Base VM you have configured. You will use this for creating the VM Template. The original VM (i.e. the VM clone) is destroyed after a VM Template is created. 
Later on, you might need to modify your VM template. In that case you will use the base VM available that has thankfully remained intact. 

 

 

66) Select Library in SCVMM console on the bottom left.

Image RemovedImage Added

Fig 121. SCVMM Library

 

 

On the upper left of the SCVMM console, right click on Templates and choose "Create VM Template".

Image RemovedImage Added

Fig 122. Creating a VM Template

 

 

In the Select Source tab select "From an existing virtual machine ...." and click on browse to locate the clone you've created in the previous step 64).

Image RemovedImage Added

Fig 123. Selecting the VM from which to create the template

 

 

Click on Next and then click on Yes.

Image RemovedImage Added

Fig 124. Approving that the original VM will be destroyed

 

 

In the Identity tab, specify VM Template name and click on Next.Image Removed


Fig 125. Specifying VM Template name

Image Added 

 

In the Configure Hardware tab, click on Next.

Image RemovedImage Added

Fig 126. Template hardware configuration

 

 

In the Configure Operating System tab, click on Next.

Image RemovedImage Added

Fig 127. VM Template OS settings

 

 

In the Select Library Server tab, select the appropriate library server and click on Next.

Image RemovedImage Added

Fig 128. Selecting a library to place the VM template

 

 

In the Select Path tab, click on Browse to select the path on the Library Server to save the template and click on Next.

Image RemovedImage Added

Fig 129. Selecting the path to place the VM template

 

 

In the Summary tab, click on Create and wait for the operation to be completed.

Image RemovedImage Added

Fig 130. Finalizing VM Template wizard 

 

 

67) Congratulations! Your Cloud Gateway (CGW) template has been created.  You may proceed with creating the Guest OS Templates for your Cloud Servers. 

 

...

Info

See also:

Table of Contents
maxLevel2
minLevel2

...

indent10px
stylenone