Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Deploy and Configure Security Director Insights with Open Virtualization Appliance (OVA) Files

 

Security Director Insights requires VMware ESXi server version 6.5 or later to support a virtual machine (VM) with the following configuration:

  • 8 CPUs

  • 24-GB RAM

  • 1.2-TB disk space

If you are not familiar with using VMware ESXi servers, see VMware Documentation and select the appropriate VMware vSphere version.

To deploy and configure the Security Director Insights with OVA files, perform the following tasks:

  1. Download the Security Director Insights VM OVA image from the Juniper Networks software download page.Note

    Do not change the name of the Security Director Insights VM image file that you download from the Juniper Networks support site. If you change the name of the image file, the creation of the Security Director Insights VM may fail.

  2. Launch the vSphere Client that is connected to the ESXi server, where the Security Director Insights VM is to be deployed.
  3. Select File > Deploy OVF Template.

    The Deploy OVF Template page appears, as shown in Figure 1.

    Figure 1: Select an OVF Template Page
    Select an OVF
Template Page
  4. In the Select an OVF template page, select the URL option if you want to download the OVA image from the internet or select Local file to browse the local drive and upload the OVA image.
  5. Click Next.

    The Select a name and folder page appears.

  6. Specify the OVA name, installation location for the VM, and click Next.

    The Select a compute resource page appears.

  7. Select the destination compute resource for the VM, and click Next.

    The Review details page appears.

  8. Verify the OVA details and click Next.

    The License agreements page appears, as shown in Figure 2.

    Figure 2: License Agreement Page
    License Agreement
Page
  9. Accept the EULA and click Next.

    The Select storage page appears.

  10. Select the destination file storage for the VM configuration files and the disk format. (Thin Provision is for smaller disks and Thick Provision is for larger disks.)

    Click Next. The Select networks page appears.

  11. Select the network interfaces that will be used by the VM.

    IP allocation can be configured for DHCP or Static addressing. We recommend using Static IP Allocation Policy.

    Click Next. The Customize template page appears. For DHCP instructions, see Step 13.

  12. For IP allocation as Static, configure the following parameters for the virtual machine:
    • IP address—Enter the Security Director Insights VM IP address.

    • Netmask—Enter the netmask.

    • Gateway—Enter the gateway address.

    • DNS Address 1—Enter the primary DNS address.

    • DNS Address 2—Enter the secondary DNS address.

    Figure 3: Customize Template Page
    Customize Template
Page
  13. For IP allocation as DHCP, enter the search domain, hostname, device name, and device description for the virtual machine.

    This option is recommended only for the Proof of Concept type of short-term deployments. Do not use this option.

    Click Next. The Ready to complete page appears, as shown in Figure 4.

    Figure 4: Ready to Complete Page
    Ready to Complete
Page
  14. Verify all the details and click Finish to begin the OVA installation.
  15. After the OVA is installed successfully, power on the VM and wait for the boot-up to complete.
  16. Once the VM powers on, in the CLI terminal, log in as administrator with the default username as “admin” and password as “abc123”.

    After you log in, you will be prompted to change the default admin password. Enter a new password to change the default password, as shown in Figure 5.

    Figure 5: Default Admin Password Reset
    Default Admin
Password Reset

    The Security Director Insights deployment is now complete.

  17. You must now add the Security Director Insights node to Junos Space by performing the following steps.
    • Log in to Security Director GUI and navigate to Administration > Insights Management > Insights Nodes.

    • Enter the Security Director Insights IP address and the admin password (from Step 16).

    • Click Save to complete integrating the Security Director Insights VM into Security Director.

    To know more about how to add Security Director Insights nodes, see Add Insights Nodes.

Note

You can use the Security Director Insights VM as a log collector and as an integrated Policy Enforcer.

Reserve Resources on VMware vCenter

To reserve CPU and memory on vSphere:

  1. Power off the VM, as shown in Figure 6.
    Figure 6: VM Power Off Button
    VM Power Off Button
  2. Once the VM is completely powered down, click the edit button as show in Figure 7.
    Figure 7: VM Edit Button
    VM Edit Button

    The Edit Settings page appears, as shown in Figure 8. Edit the values in the Virtual Hardware page.

    Figure 8: Edit Settings Page
    Edit Settings Page
  3. In the CPU section, modify the number of CPU cores and select the values for Reservation and Limit from the respective lists.
  4. In the Memory section, select the required memory reservation and limit values from the lists. For relevant values, refer the Performance Matrix table in Add Security Director Insights as a Log Collector.
  5. Click OK.

Verify If the VM is Getting Enough Resources

To verify if enough resources are getting allocated to the VM at run time, select Monitor>Performance>Advanced in the vSphere and check the CPU clock speeds as shown in Figure 9.

Figure 9: Monitor CPU Clock Speeds
Monitor CPU Clock
Speeds

You can view both CPU usage and reserved memory by selecting the required view from the View list. If the CPU usage does not reach the allocated peak and you observe any performance issues, it may indicate that the ESXi host on which this VM is running might be over subscribed. Reserving a dedicated CPU or memory for the VM might help.

Note

You can calculate the clock speed reservation by using the formula (number of cores * clock speed of ESXi host * 1000 MHz). To calculate the limit, the formula is (Reservation + 500MHz). You must fully reserve the memory for each configuration. For example, for a 8 core and 16 GB memory configuration running on a 2.2GHz ESXi host, clock speed reservation is (8 cores * 2.2 * 1000 Mhz) = 17600 MHz (17.6 GHz). The limit is (17600MHz+500MHz) = 18.1GHz limit. Memory is 16GB reserved and 16.5GB limit.