Installing the ATP Appliance Virtual Core OVA
Juniper’s Advanced Threat Prevention extensible deployment options include a Virtual Core (vCore) detection engine product as an Open Virtual Appliance, or OVA, that runs as a virtual machine. Specifically, an OVA-packaged image is available for VMware Hypervisor for vSphere 6.5, 6.0, 5.5, and 5.0.
The OVF package consists of several files contained in a single directory with an OVF descriptor file that describes the ATP Appliance virtual machine template and package (metadata for the OVF package and a ATP Appliance software image). The directory is distributed as an OVA package (a tar archive file with the OVF directory inside).
Juniper generates an .ovf and a .vmdk file for every ATP Appliance build. Download both the OVF and the VMDK into the same directory. Then, from the vSphere client, click on File -> Deploy OVF Template. Choose the .ovf file and then complete the deployment of the ovf wizard. The configuration wizard prompts for collector/core properties such as IP address, hostname, device key. Log in to the CLI and configure each setting.
vCore Provisioning Requirements and Sizing Options
VM vCenter Version Support |
Recommended vCore ESXi Hardware |
vCore CPUs |
vCore Memory |
---|---|---|---|
VM vCenter Server Versions: 6.5, 6.0, 5.5, and 5.0 vSphere Client Versions: 6.5, 6.0, 5.5, and 5.0 ESXi version: 6.0, 5.5.1, and 5.5 |
Processor speed 2.3-3.3 GHz As many physical CORES as virtual CPUs Hyperthreading: either enable or disable |
CPU Reservation: Default CPU Limit: Unlimited Hyperthreaded Core Sharing Mode: None (if Hyperthreading is enabled on the ESXi) |
Memory Reservation: Default Memory Limit: Unlimited |
Model |
Number of vCPUs |
Memory |
Disk Storage |
---|---|---|---|
v500M |
8 |
32 GB |
Disk 1: 512 G Disk 2: 1 TB |
v1G |
24 |
96 GB |
Disk 1: 512 G Disk 2: 2 TB |
Install the ATP Appliance OVA to a VM
Starting in release 5.0.5, Windows 10 sandbox is supported (in addition to Windows 7) for behavior analysis. Windows 10 sandbox requires “nested hypervisor support” or “guest VM hypervisor support” enabled from vSphere. See instructions for “Enable Nested Virtualization for Windows 10 Sandboxing” at the end of this page.
When an OVA is cloned to a create another virtual Secondary Core, the value for column "id" in the Central Manager table is the same by default. Admins must reset the UUID to make it unique. A new Virtual Core CLI command “set id” is available to reset the UUID on a cloned Virtual Core from the CLI’s core mode. Refer to the Juniper ATP Appliance CLI Command Reference to review the Core mode "set id" and "show id" commands. Special characters used in CLI parameters must be enclosed in double quotation marks.
Enable Nested Virtualization for Windows 10 Sandboxing
Before You Begin
The VM should be upgraded to ESXi 6 and later (VMWare version 11).
Shut down the ATP Virtual Appliance VM.
To enable nested virtualization, the “hardware-assisted virtualization” capabilities need to be exposed to the VM, in this case ATP Virtual Appliance.
- Once the VM is powered off, use the vSphere web client to navigate to the Compatibility option and select Upgrade VM Compatibility.
- Once the VM compatibility upgrade finishes, use the vSphere web client to navigate to the Processor Settings screen. Select the check box next to Expose hardware-assisted virtualization to the guest operating system.
- Click OK.