Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Contents
About the Cisco Content Security Virtual Appliance, page 1 Set Up the Virtual Appliance, page 3 Managing Your Cisco Content Security Virtual Appliance, page 7 Where to Find More Information, page 9
Virtual Appliance
C100V C300V C600V S000V S100V S300V
Memory 6 GB 8 GB 8 GB 4 GB 6 GB 8 GB
Processor Cores 2 4 8 1 2 4
Virtual Email Security appliance: AsyncOS 8.0 for Email Security Virtual Web Security appliance: AsyncOS 7.7.5 for Web Security
You can manage the configuration of the virtual Cisco Web Security appliance using a Cisco Security Management appliance running Cisco AsyncOS 8.0 or later for Security Management.
System Requirements
Hardware and Virtualization Hypervisor
Cisco UCS servers (blade or rack-mounted) are the only supported hardware platform for the virtual appliance. VMware ESXi version 4.x and 5.0 are the only supported virtualization hypervisors. Any other hardware platform or VMware hypervisor will be supported on a Best Effort basis: we will try to help you, but it may not be possible to reproduce all problems, and we cannot guarantee a solution. No other virtualization hypervisor is supported. Cisco recommends that the server hosting your virtual appliances meets the following minimum requirements: two 64-bit x86 processors of at least 1.5 GHz each, 8 GB of physical RAM, and a 10k RPM SAS hard drive disk.
More Information In addition to allowing you to run the appliance, this license file includes all the feature keys for your virtual appliance. The Virtual Appliance License File, page 7. You will need the MD5 hash to check the data integrity of the appliance image. Download the Cisco Content Security Virtual Appliance Image, page 4.
2.
Download the virtual appliance image and MD5 hash from Cisco.
3. 4. 5.
(Optional) Clone the image if you want to run multiple virtual appliances on your network.
Deploy the virtual appliance on your ESX host or Deploy the Virtual Appliance, page 4. cluster. Configure synchronization on the virtual machine Important! Prevent Random Failures, page 5 to avoid random failures on your Cisco Content Security virtual appliance. If DHCP is disabled, integrate the appliance into your network. If DHCP Is Disabled, Set Up the Appliance on the Network, page 5
6. 7.
(Optional) FTP into the virtual appliance to upload Or you can copy and paste the license file into the the license file. appliances CLI when running the loadlicense command. See Install the Virtual Appliance License File, page 6 for more information. Install the license file. Log into the web UI (http://<IP address>:8080) and:
8. 9.
Run the System Setup Wizard Upload a configuration file that has been specially modified for virtual appliances Manually configure features and functionality.
To run the System Setup Wizard, see instructions in the user guide for your Cisco Security appliance for more information. To migrate settings from a physical appliance, see the Release Notes for the Configuration Migration Tool for Cisco Content Security Virtual Appliances. To manually configure features and functionality, see the online help or User Guide for your AsyncOS release.
For Email security: http://software.cisco.com/download/release.html?mdfid=284900944&flowid=41782&softwareid= 282975113&release=8.0.0&relind=AVAILABLE&rellifecycle=GD&reltype=latest For Web security: http://software.cisco.com/download/release.html?mdfid=284806698&flowid=41610&softwareid= 282975114&release=7.7.5&relind=AVAILABLE&rellifecycle=GD&reltype=latest
Step 2 Step 3
Click Download for the virtual appliance model image you want to download. Save the image to your local machine.
Cisco recommends that you clone the virtual security appliance before you run it the first time. Cloning a virtual security appliance after the license for the virtual appliance has been installed forcefully expires the license. You will have to install the license again. You must shut down the virtual appliance before cloning it. If you want to clone a virtual appliance that is already in use, see Clone a Virtual Appliance Already in Use, page 6 for more information.
For instructions on cloning a virtual machine, see VMWares technical documentation at http://www.vmware.com/support/ws55/doc/ws_clone.html.
Set up the ESX host or cluster on which you will deploy the virtual appliance. See System Requirements, page 2 for more information. Install the VMware vSphere Client on your local machine. Download the image as described in Download the Cisco Content Security Virtual Appliance Image, page 4.
Unzip the .zip file for the virtual appliance in its own directory; e.g., C:\vESA\C100V or :\vWSA\S300V. Open the VMware vSphere Client on your local machine. Select the ESX host or cluster to which you want to deploy the virtual appliance. Choose File > Deploy OVF template.
Enter the path to the OVF file in the directory you created. Click Next. Complete the wizard.
For more information on timekeeping basics, virtual time stamp counters, and exact synchronization, see VMWares Timekeeping in Virtual Machines PDF at http://www.vmware.com/files/pdf/techpaper/Timekeeping-In-VirtualMachines.pdf.
Step 1 Step 2 Step 3 Step 4 Step 5
Select a virtual appliance from the list of machines in the vSphere Client. Right-click the appliance and select Edit Settings. Click the Options tab and select Advanced > General. Click Configuration Parameters. Edit or add the following parameters:
monitor_control.disable_tsc_offsetting=TRUE monitor_control.disable_rdtscopt_bt=TRUE timeTracker.forceMonotonicTTAT=TRUE
Step 6
If you cloned the virtual security appliance image, perform the following steps for each image. From the vSphere client console, run interfaceconfig. Write down the IP address of the virtual appliances Management port.
Step 1 Step 2
Note
The Management port obtains its IP address from your DHCP server. If the appliance cannot reach a DHCP server, it will use 192.168.42.42 by default.
Step 3 Step 4
Configure the default gateway using the setgateway command. Commit the changes.
If you cloned the virtual security appliance image, perform the following steps for each image. Using SSH or telnet in a terminal application, log into the appliances CLI as the admin/ironport user.
Step 1
You cannot paste the contents of the license file into the CLI using the vSphere client console.
Run the loadlicense command. Install the license file using one of the following options:
Select option 1 and paste the contents of the license file into the terminal. Select option 2 and load the license file in the configuration directory, if you have already uploaded the license file to the appliances configuration directory using FTP.
Step 4 Step 5
Read and agree to the license agreement. (Optional) Run showlicense to review the license details.
What to Do Next
For more information on the Management interfaces IP address, see The Management Interfaces IP Address and DHCP, page 3. See remaining setup steps in Set Up the Virtual Appliance, page 3.
Both physical hosts must have access to the same defined network to which the appliance's interfaces are mapped. Both physical hosts must have access to the datastore that the virtual appliance uses. Make sure that your Email Security virtual appliance has no mail in its queue.
You can migrate your virtual appliance while it is online. Refer the VMWares technical documentation for instructions on migrating virtual machines using vMotion.
For instructions on cloning a virtual machine, see VMWares technical documentation at http://www.vmware.com/support/ws55/doc/ws_clone.html. For information on how to manage your appliances network settings and security features, see the user guide for your release of Cisco AsyncOS for Web or Cisco AsyncOS for Email.
Step 1
If you are cloning an Email Security virtual appliance, suspend the appliance using the suspend command in the CLI and enter a delay period long enough for the appliance to deliver all messages in the queue. Shut down the Email or Web virtual security appliance using the shutdown command in the CLI. Clone the virtual appliance. Start the cloned appliance using the VMware vSphere Client and perform the following:
Install the license file for the virtual appliance. Modify its network settings. For Email Security virtual appliances:
Delete all messages in the quarantines. Delete the message tracking and reporting data.
in the CLI.
For Authentication Realms, rejoin the domain. For Authentication Settings, modify the redirect hostname. If the original virtual appliance was managed by an Security Management appliance, add the
Start the original virtual appliance using the VMware vSphere Client and resume operation. Make sure that it is running properly. Resume operation on the cloned appliance.
Note
You cannot open a Technical Support tunnel before installing the virtual appliance license. Information about Technical Support tunnels is in the User Guide for Cisco AsyncOS for Web or Cisco AsyncOS for Email.
Information This command allows you to install a license for your virtual appliance. You cannot run System Setup Wizard on the virtual appliance without installing a license using this command first. The Pairing option is not included on virtual appliances. This command will return all the information about the virtual appliance except for the UDI, RAID, and BMC information. Running this command leaves the virtual appliance license and the feature keys on the appliance. Running this command removes the virtual appliance license and all the feature keys on the appliance. This command is available only for the Web Security appliance. The following diagnostic > raid submenu options will not return information:
1. 2. 3. Run disk verify Monitor tasks in progress Display disk verify verdict
etherconfig version
resetconfig
reload
diagnostic
Cisco Notification Service, page 9 Documentation, page 9 Knowledge Base, page 10 Cisco Support Community, page 10 Customer Support, page 10 Registering for a Cisco Account, page 10 Cisco Welcomes Your Comments, page 11
Documentation
The documentation set for Cisco Content Security virtual appliances includes the following documents and books (not all types are available for all appliances and releases
Cisco AsyncOS for Web User Guide Cisco AsyncOS CLI Reference Guide Cisco AsyncOS for Email User Guide Release Notes for the above products and for the Configuration Migration Tool.
This and other documentation is available at the following locations: Documentation For Cisco Content Security Products Email Security appliances Web Security appliances Content Security Management appliances
Documentation For Cisco Content Security Products CLI reference guide for Content Security appliances Cisco IronPort Encryption
Knowledge Base
To access the Knowledge Base for information about Cisco Content Security products, visit: http://www.cisco.com/web/ironport/knowledgebase.html
Note
You need a Cisco.com User ID to access the site. If you do not have a Cisco.com User ID, see Registering for a Cisco Account, page 10.
For email security and associated management: https://supportforums.cisco.com/community/netpro/security/email For web security and associated management: https://supportforums.cisco.com/community/netpro/security/web
Customer Support
Use the following methods to obtain support: International: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html Support Site: http://www.cisco.com/en/US/products/ps11169/serv_group_home.html
10
11
12