Deploy and Configure Security Director Insights with Open Virtualization Appliance (OVA) Files
Security Director Insights requires VMware ESXi server version 6.5 or later to support a virtual machine (VM) with the following configuration:
1.2-TB disk space
If you are not familiar with using VMware ESXi servers, see VMware Documentation and select the appropriate VMware vSphere version.
To deploy and configure the Security Director Insights with OVA files, perform the following tasks:
- Download the Security Director Insights VM OVA image from
the Juniper Networks software download page.
Do not change the name of the Security Director Insights VM image file that you download from the Juniper Networks support site. If you change the name of the image file, the creation of the Security Director Insights VM may fail.
- Launch the vSphere Client that is connected to the ESXi server, where the Security Director Insights VM is to be deployed.
- Select File > Deploy OVF Template.
The Deploy OVF Template page appears, as shown in Figure 1.
- In the Select an OVF template page, select the URL option if you want to download the OVA image from the internet or select Local file to browse the local drive and upload the OVA image.
- Click Next.
The Select a name and folder page appears.
- Specify the OVA name, installation location for the VM,
and click Next.
The Select a compute resource page appears.
- Select the destination compute resource for the VM, and
The Review details page appears.
- Verify the OVA details and click Next.
The License agreements page appears, as shown in Figure 2.
- Accept the EULA and click Next.
The Select storage page appears.
- Select the destination file storage for the VM configuration
files and the disk format. (Thin Provision is for smaller disks and
Thick Provision is for larger disks.)
Click Next. The Select networks page appears.
- Select the network interfaces that will be used by the
IP allocation can be configured for DHCP or Static addressing. We recommend using Static IP Allocation Policy.
Click Next. The Customize template page appears. For DHCP instructions, see Step 13.
- For IP allocation as Static, configure the following parameters
for the virtual machine:
IP address—Enter the Security Director Insights VM IP address.
Netmask—Enter the netmask.
Gateway—Enter the gateway address.
DNS Address 1—Enter the primary DNS address.
DNS Address 2—Enter the secondary DNS address.
- For IP allocation as DHCP, enter the search domain, hostname,
device name, and device description for the virtual machine.
This option is recommended only for the Proof of Concept type of short-term deployments. Do not use this option.
Click Next. The Ready to complete page appears, as shown in Figure 4.
- Verify all the details and click Finish to begin the OVA installation.
- After the OVA is installed successfully, power on the VM and wait for the boot-up to complete.
- Once the VM powers on, in the CLI terminal, log in as
administrator with the default username as “admin” and
password as “abc123”.
After you log in, you will be prompted to change the default admin password. Enter a new password to change the default password, as shown in Figure 5.
The Security Director Insights deployment is now complete.
- You must now add the Security Director Insights node to
Junos Space by performing the following steps.
Log in to Security Director GUI and navigate to Administration > Insights Management > Insights Nodes.
Enter the Security Director Insights IP address and the admin password (from Step 16).
Click Save to complete integrating the Security Director Insights VM into Security Director.
To know more about how to add Security Director Insights nodes, see Add Insights Nodes.
You can use the Security Director Insights VM as a log collector and as an integrated Policy Enforcer.
Reserve Resources on VMware vCenter
To reserve CPU and memory on vSphere:
- Power off the VM, as shown in Figure 6.
- Once the VM is completely powered down, click the edit
button as show in Figure 7.
The Edit Settings page appears, as shown in Figure 8. Edit the values in the Virtual Hardware page.
- In the CPU section, modify the number of CPU cores and select the values for Reservation and Limit from the respective lists.
- In the Memory section, select the required memory reservation and limit values from the lists. For relevant values, refer the Performance Matrix table in Add Security Director Insights as a Log Collector.
- Click OK.
Verify If the VM is Getting Enough Resources
To verify if enough resources are getting allocated to the VM at run time, select Monitor>Performance>Advanced in the vSphere and check the CPU clock speeds as shown in Figure 9.
You can view both CPU usage and reserved memory by selecting the required view from the View list. If the CPU usage does not reach the allocated peak and you observe any performance issues, it may indicate that the ESXi host on which this VM is running might be over subscribed. Reserving a dedicated CPU or memory for the VM might help.
You can calculate the clock speed reservation by using the formula (number of cores * clock speed of ESXi host * 1000 MHz). To calculate the limit, the formula is (Reservation + 500MHz). You must fully reserve the memory for each configuration. For example, for a 8 core and 16 GB memory configuration running on a 2.2GHz ESXi host, clock speed reservation is (8 cores * 2.2 * 1000 Mhz) = 17600 MHz (17.6 GHz). The limit is (17600MHz+500MHz) = 18.1GHz limit. Memory is 16GB reserved and 16.5GB limit.
Expand the VM Disk Size
Before You Begin
Ensure that there are no snapshots. You must delete the snapshot before expanding the disk size.
We recommend to create a backup by cloning the VM before expanding the disk size.
To expand the disk to the maximum available size for an OVA file:
- Log in to vSphere and power down the VM.
- Click the Edit VM settings icon, as shown in Figure 10.
- Set the hard disk size, as shown in Figure 11.
- Power on the VM.
- Log in to the Admin CLI and switch to server mode.
- Run set disk-partition-to-full command.
The new disk size is the size of /dev/sda2.