Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Deploy and Configure Security Director Insights with Open Virtualization Appliance (OVA) Files

 

Security Director Insights requires VMware ESXi server version 6.5 or later to support a virtual machine (VM) with the following configuration:

  • 8 CPUs

  • 24-GB RAM

  • 1.2-TB disk space

If you are not familiar with using VMware ESXi servers, see VMware Documentation and select the appropriate VMware vSphere version.

To deploy and configure the Security Director Insights with OVA files, perform the following tasks:

  1. Download the Security Director Insights VM OVA image from the Juniper Networks software download page.Note

    Do not change the name of the Security Director Insights VM image file that you download from the Juniper Networks support site. If you change the name of the image file, the creation of the Security Director Insights VM may fail.

  2. Launch the vSphere Client that is connected to the ESXi server, where the Security Director Insights VM is to be deployed.
  3. Select File > Deploy OVF Template.

    The Deploy OVF Template page appears, as shown in Figure 1.

    Figure 1: Select an OVF Template Page
    Deploy OVF Template wizard in VMware vSphere. First step: Select OVF template via URL or local file. URL option selected.
  4. In the Select an OVF template page, select the URL option if you want to download the OVA image from the internet or select Local file to browse the local drive and upload the OVA image.
  5. Click Next.

    The Select a name and folder page appears.

  6. Specify the OVA name, installation location for the VM, and click Next.

    The Select a compute resource page appears.

  7. Select the destination compute resource for the VM, and click Next.

    The Review details page appears.

  8. Verify the OVA details and click Next.

    The License agreements page appears, as shown in Figure 2.

    Figure 2: License Agreement Page
    Step 5 of deploying OVF template: Accept Juniper Networks EULA by selecting the checkbox. Navigation buttons: Cancel, Back, Next.
  9. Accept the EULA and click Next.

    The Select storage page appears.

  10. Select the destination file storage for the VM configuration files and the disk format. (Thin Provision is for smaller disks and Thick Provision is for larger disks.)

    Click Next. The Select networks page appears.

  11. Select the network interfaces that will be used by the VM.

    IP allocation can be configured for DHCP or Static addressing. We recommend using Static IP Allocation Policy.

    Click Next. The Customize template page appears. For DHCP instructions, see Step 13.

  12. For IP allocation as Static, configure the following parameters for the virtual machine:

    • IP address—Enter the Security Director Insights VM IP address.

    • Netmask—Enter the netmask.

    • Gateway—Enter the gateway address.

    • DNS Address 1—Enter the primary DNS address.

    • DNS Address 2—Enter the secondary DNS address.

    Figure 3: Customize Template Page
    Step 8: Customize template for Juniper Security Analytics with static IP selected. Configure IP, netmask, gateway, and DNS.
  13. For IP allocation as DHCP, enter the search domain, hostname, device name, and device description for the virtual machine.

    This option is recommended only for the Proof of Concept type of short-term deployments. Do not use this option.

    Click Next. The Ready to complete page appears, as shown in Figure 4.

    Figure 4: Ready to Complete Page
    Deploy OVF Template wizard at final step, ready to complete deployment. Summary: provisioning type is Deploy OVF From Remote URL, download size is 4.3 GB, size on disk is 9.8 GB, folder is Abhishek Goudar, resource is it-cluster1a.englab.juniper.net, all disks datastore is ranch99-vm with thin provision, IP protocol is IPV4 with static manual allocation. Options to cancel, go back, or finish.
  14. Verify all the details and click Finish to begin the OVA installation.
  15. After the OVA is installed successfully, power on the VM and wait for the boot-up to complete.
  16. Once the VM powers on, in the CLI terminal, log in as administrator with the default username as “admin” and password as “abc123”.

    After you log in, you will be prompted to change the default admin password. Enter a new password to change the default password, as shown in Figure 5.

    Figure 5: Default Admin Password Reset
    Connecting to remote host 10.2.11.46 via SSH: authenticity check, confirm connection, host added, password prompt, change default password.

    The Security Director Insights deployment is now complete.

  17. You must now add the Security Director Insights node to Junos Space by performing the following steps.

    • Log in to Security Director GUI and navigate to Administration > Insights Management > Insights Nodes.

    • Enter the Security Director Insights IP address and the admin password (from Step 16).

    • Click Save to complete integrating the Security Director Insights VM into Security Director.

    To know more about how to add Security Director Insights nodes, see Add Insights Nodes.

Note

You can use the Security Director Insights VM as a log collector and as an integrated Policy Enforcer.

Reserve Resources on VMware vCenter

To reserve CPU and memory on vSphere:

  1. Power off the VM, as shown in Figure 6.
    Figure 6: VM Power Off Button
    Virtual machine management toolbar for sdi perf 22.1 with icons for start, stop, console, suspend, and snapshot actions. Tabs for Summary, Monitor, Configure, Permissions, Datastores, Networks, and Snapshots are below.
  2. Once the VM is completely powered down, click the edit button as show in Figure 7.
    Figure 7: VM Edit Button
    User interface section with title sdi perf 22.1, control icons, tabs for Summary, Monitor, Configure, Permissions, Datastores, Networks, Snapshots, and an ACTIONS dropdown. Arrow points to a linking icon.

    The Edit Settings page appears, as shown in Figure 8. Edit the values in the Virtual Hardware page.

    Figure 8: Edit Settings Page
    Edit Settings window for virtual machine under Virtual Hardware tab showing CPU with 24 CPUs, 1 Core per Socket, 24 Sockets, CPU Hot Plug enabled, Reservation 35000 MHz, Limit 35500 MHz, Shares Normal 24000, CPU MMU Virtualization Automatic; Memory with 80 GB, Reservation 81920 MB, Limit 82432 MB, Shares Normal 819200, Memory Hot Plug not enabled. Options for adding devices and other settings available.
  3. In the CPU section, modify the number of CPU cores and select the values for Reservation and Limit from the respective lists.
  4. In the Memory section, select the required memory reservation and limit values from the lists. For relevant values, refer the Performance Matrix table in Add Security Director Insights as a Log Collector.
  5. Click OK.

Verify If the VM is Getting Enough Resources

To verify if enough resources are getting allocated to the VM at run time, select Monitor>Performance>Advanced in the vSphere and check the CPU clock speeds. as shown in Figure 9.

Figure 9: Monitor CPU Clock Speeds
Advanced Performance tab showing CPU usage in MHz for sdi perf 22.1 with a spike at 32474 MHz at 4:21:40 PM on 04/13/2022.

You can view both CPU usage and reserved memory by selecting the required view from the View list. If the CPU usage does not reach the allocated peak and you observe any performance issues, it may indicate that the ESXi host on which this VM is running might be over subscribed. Reserving a dedicated CPU or memory for the VM might help.

Note

You can calculate the clock speed reservation by using the formula (number of cores * clock speed of ESXi host * 1000 MHz). To calculate the limit, the formula is (Reservation + 500MHz). You must fully reserve the memory for each configuration. For example, for a 8 core and 16 GB memory configuration running on a 2.2GHz ESXi host, clock speed reservation is (8 cores * 2.2 * 1000 Mhz) = 17600 MHz (17.6 GHz). The limit is (17600MHz+500MHz) = 18.1GHz limit. Memory is 16GB reserved and 16.5GB limit.

Expand the VM Disk Size

Before You Begin

  • Ensure that there are no snapshots. You must delete the snapshot before expanding the disk size.

  • We recommend to create a backup by cloning the VM before expanding the disk size.

Procedure

To expand the disk to the maximum available size for an OVA file:

  1. Log in to vSphere and power down the VM.
  2. Click the Edit VM settings icon, as shown in Figure 10.
    Figure 10: Edit VM Settings Icon
    Virtual machine management interface showing VM named sdi-diskpatch powered off running Ubuntu 64-bit with 1.75 TB storage usage.
  3. Set the hard disk size, as shown in Figure 11.
    Figure 11: Edit Settings Page
    Edit Settings window for virtual machine sdi-diskpatch showing CPU 8, Memory 16 GB, Hard disk 2.2 TB, SCSI controller LSI Logic Parallel, Network adapters Engineering connected, CD/DVD drive Datastore ISO File connected, Video card custom settings, with options to add devices.
  4. Power on the VM.
  5. Log in to the Admin CLI and switch to server mode.
  6. Run set disk-partition-to-full command.Screenshot of a terminal session on a Linux system showing disk partition resizing. Partition 2 on virtual disk /dev/sda2 resized to 2.4 TB using set disk-partition-to-full and resize2fs commands. Filesystem usage shows 1.6 GB used and 2.3 TB available. User is on server Core6 in a shell session.

    The new disk size is the size of /dev/sda2.

Related Documentation