Deploy Juniper Security Director Using KVM

Step 1: Download the Automation Software And the Software Bundle

Download the Juniper Security Director automation software (.bin) from the Software Downloads page to your local machine.
Download the Juniper Security Director Software Bundle (.tgz file) to your local machine from Software Downloads page and then transfer the file to your staging server.
A staging server is an intermediate server where the software bundle is downloaded and is accessible from the VM.

Step 2: Deploy the VM Using the Automation Software

Run the chmod +x Juniper-Security-Director-25.2.2-kvm.bin command.
On the terminal, run

./Juniper-Security-Director-25.2.2-kvm.bin command.

This checks if all the related packages are existing.
Enter the base folder for extracting the KVM files.

For example, /root/Downloads/

The VM directory is created, for example, /root/Downloads/Juniper-Security-Director-1. The QCoW2 disk 0 file is successfully extracted in the VM directory.

Enter the KVM configuration parameters when prompted.

Table 1: Configuration Parameter Descriptions
Parameter	Description
Hostname	Enter the hostname of the Juniper Security Director VM.
CLI admin user password	Enter the CLI Admin User password. It must be of minimum length 8, maximum length 32. The password must have at least 3 of the following: A digit (0-9) A upper case alphabet (A-Z) A lower case alphabet (a-z) A special character (~`!@#$%^&*()_-+={}[]:;"'<,>.?/\|)
Management IP address	Enter the management IP address in CIDR format.
Default gateway	Default gateway IP address of the network.
DNS server addresses	Enter the DNS server address.
Search domains (Optional)	Enter search domains.
UI virtual IP address	Enter the UI virtual IP address.
UI FQDN (Optional)	Enter the fully qualified domain name that resolves to UI IP address.
Device connection virtual IP address	Enter the device connection virtual IP address.
Device connection FQDN (Optional)	Enter the fully qualified device name that resolves to device connection virtual IP address.
Log collector virtual IP address	Enter the log collector virtual IP address.
Log collector FQDN (Optional)	Enter the fully qualified domain name that resolves to log collector virtual IP address.
Software bundle SCP Path	Enter the software bundle path. It must be in the following format: user@server:port/relative-path or user@server:port//absolute-path. If the port is not specified, default value of 22 is used .
SCP password	Enter the SCP password.
NTP server	Enter the NTP server details.

The configuration is saved to kvm-env.ini file (do not rename this file) and the ISO image is created at, for example, /root/Downloads/Juniper-Security-Director-1/Security-Director-OnPrem-kvm.iso.

Enter the configuration ID for the VM configuration option as per your requirement. See Juniper Security Director System Requirements for KVM for the recommended VM configuration option details.
Enter a unique VM name.
Enter the disk provisioning type as Thin or Thick.

The disk1 and disk 2 QCOW2 files are created based on the CONFIGDISK and LOGDISK values.
Enter the bridge interface name.

The VM config file is created, for example, /root/Downloads/Juniper-Security-Director-1/sd-onprem-vm.xml.

The launch file is created, for example, /root/Downloads/Juniper-Security-Director-1/launch-vm.sh
To create and start the VM, run the following command:

/root/Downloads/Juniper-Security-Director-1/launch-vm.sh

Congratulations! Now the Juniper Security Director VM has been created and started.

Upgrade the VM

If you want to upgrade the VM from VM configuration option 1 to VM configuration option 2 as mentioned in Juniper Security Director System Requirements for KVM, perform the following:

Shutdown the Juniper Security Director VM. Run virsh shutdown <vm-name> CLI command.
Upgrade the memory to 208G. Run the following CLI commands:
- virsh setmaxmem <vm-name> 208G --config
- virsh setmem <vm-name> 208G --config
Upgrade the CPU to 40. Run the following CLI commands:
- virsh setvcpus <vm name> 40 --config --maximum
- virsh setvcpus <vm name> 40 –-config
Resize disk images. Run the following CLI commands:
- qemu-img resize <path-to-disk-1.qcow2> 525G
- qemu-img resize <path-to-disk-2.qcow2> 3.5T
Start the Juniper Security Director VM. Run virsh start <vm-name> command.

Reset CLI Password Using Virtual Machine Manager

To reset the password for the cliadmin:

In the Virtual Machine Manager, right-click on the VM and select Shut Down to power off the VM.
Once the VM is powered off, right-click on the VM again and select Run. Double-click on the VM to open the console.

During the boot process, wait for a password Reset Key to be displayed in the CLI. This process might take a few minutes.

Copy the password Reset Key and keep it securely.

You don't need to power on the VM if you have already saved the password Reset Key from a previous boot process.
Open the kvm-env.ini file which was created earlier and edit the following fields:
- PasswordResetKey—Set the value of this property to the passkey or token that you copied during the VM reboot.
- CLI_PASSWORD—Set the value of this property to your new desired password. Enter the password that meets the following requirements:
  - The password should be at least 8 characters long and not more than 32 characters.
  - The password must include at least three of the following:
    - Numbers (0-9)
    - Uppercase letters (A-Z)
    - Lowercase letters (a-z)
    - Special characters (~!@#$%^&*()_-+={}[];:"'<,>.?/|)
Save the changes.
Create an ISO image.

Run mkisofs -o <name.iso> -J -R kvm-env.ini command.

Update ISO Configuration Through Virtual Machine Manager

If you do any changes to the ISO image, then the existing ISO image should be removed and the new image must be added.

In the Virtual Machine Manager, select the VM and Shut Down the VM.
Select Edit > Virtual Machine Details to edit the hardware settings. The VM console is displayed.
Click the show virtual hardware details icon in the VM console.
Right-click SCSI CDROM 1 and select Remove Hardware. Click Delete to confirm and remove the hardware.
Select Add Hardware. Check Select or create custom storage and click Manage.

Select the new ISO image. Set Device type as CDROM device and Bus type as SCSI. Click Finish.
Click the Power on the virtual machine icon to start the Juniper Security Director VM.

The password will be reset to the new password only if the value of PasswordResetKey property matches the password Reset Key.

Update ISO Configuration Through virsh CLI

Using virsh CLI shut down the VM.

Run virsh shutdown <vm-name> command.
Remove the existing ISO image.

Run virsh change-media sdd --eject --config command.
Insert the newly created image.

Run virsh change-media sdd --insert --config command.
Power on the VM. Run virsh start <vm-name> command.

virsh Commands

Table lists the virsh commands for your reference.

Table 2: virsh Commands
To	Run
virsh commands for the automation software
Create the VM	virsh define <path-to-vm-xml>/vm-name.xml
Start the VM	virsh start <vm-name>
modify VM configurations	virsh edit <vm-name>
virsh commands to change INI file values (including CLI password change)
shutdown the VM	virsh shutdown <vm-name>
Remove the existing ISO image	virsh change-media <vm-name> sdd --eject --config
Insert the newly created image	virsh change-media <vm-name> sdd --insert <path-to-new-iso-image> --config
To start the VM	virsh start <vm-name>
virsh commands to upgrade the VM
Change memory value	virsh setmaxmem <vm-name> 208G --config virsh setmem <vm-name> 208G --config
Change CPU value	virsh setvcpus <vm-name> 40 --config --maximum virsh setvcpus <vm-name> 40 –-config

What's Next

Log In to the Juniper Security Director Web UI

ON THIS PAGE