Dynamic Internet Guard - VMWare Edition

From NetSpark Wiki
Jump to: navigation, search

Contents

Dynamic Internet Guard - VMware Edition

The virtual machine edition of NetSpark's Dynamic Internet Guard (DIG-VM) enables the installation of the AP-Series filtering appliance as a software package directly onto a host/server on your local network. The installation package is downloaded directly from NetSpark's servers for installation and configuration by you locally to achieve the same advanced filtering technology NetSpark is known for on your choice of hardware for maximal efficiency on your network.

Previous knowledge of virtual machines is recommended to ensure a smooth installation is achieved.

The installation process is detailed for you below and has been verified for VMware workstation 7.1. Please refer to the links below for additional requirements and specifications, prior to beginning the installation process.

Compatible VMware Products
Minimum Host/Server Hardware Specifications

Note: For activation of the DIG-VM using a VMware product from an alternate manufacturer, use only the DIG-VM.vmdk file found in the installation package and create your own virtual machine.

Installation

The installation process is divided into 2 stages:


Installing the DIG as a Virtual Appliance

Instructions provided below are for installation using VMware Workstation. For those users intending to install the virtual appliance in an alternate VMware product, please refer to Compatible VMware Products to confirm it is a compatible product and follow the instructions provided in the section: Creating your own virtual machine.

Installation using VMware Workstation

  • Download and install VMware workstation (Available to trial or purchase from the VMware website - follow installation instructions provided by VMware).
  • Download the latest DIG-VM installation package from: http://update.netspark.com/vm/DIG-VM.7z (note this version needs to be extracted prior to upload to the Virtual Machine) or http://update.netspark.com/vm/DIG-VM.tar.gz (note: this version can be uploaded compressed, and extracted from within the Virtual Machine)
  • Extract the archive using an application such as 7zip (tar -zxvf DIG-VM.tar.gz in linux ) and locate the files "DIG-VM.vmx", "DIG-VM.vmdk", as well as any other file you find there.
  • Create a new directory on your server and save all files to that directory. Make sure permissions are sufficient.
  • Run the VMware Workstation.
  • Choose "Open a virtual machine or team", browse to the DIG-VM.vmx file, and click "Open".   VMWS- home.png
  • Click "Edit virtual machine settings" and on the new screen select the "Hardware" tab.            VMWS-edit.png
  • View the hardware settings and confirm they do not exceed your host/server available capacity.
  • NOTE: Reducing the hardware settings may cause machine failures
    or other performance issues.


Configuring the Network Hardware Settings

NIC to router.png
  1. Notice the two default network adapters that have been predefined for this virtual machine:
    • The first, labeled "VM Local Network - LAN"; and
    • The second, "To router - WAN".

    These adapters need to be assigned to physical adapters in order for you to complete installation of your DIG Web Filtering virtual appliance in either the Bridge or NAT/Route installation modes.

    IMPORTANT:
    Configuration in Bridge Mode, will require both network adapters be defined and that each of the two defined virtual network adapters will be assigned to physically distinct network cards.

    • The adapter labeled "VM Local Network - LAN" should be assigned first to ensure it is correctly recognized by the system, and is to be assigned to the physical network interface card (NIC) intended to be connected to the switch on the local network, and
    • The adapter labeled "To router - WAN" will be connected to the physical NIC intended to be connected to the router.

    Example: Local Network is assigned to VMnet0, and WAN – To Router is assigned to VMnet1

    Configuration in NAT/Route Mode requires definition of at least one network adapter, though both can be defined. In the case of assigning only one of the virtual network adapters, be sure to assign the one that is initially labeled as 'Local Network' or 'VM Network'.

    In order to pair a virtual adapter to the physical one –

    • Double click on the Network Adapter listed in the Devices list to access the Virtual Machine Settings window.
    • Ensure that the desired adapter is selected in the list at left. It will initially display with the ‘Named’ radio button active in the Network Connection options listed at the right.
    • Instead activate the ‘Custom: Specific virtual network’ radio button, and select the network adapter from the drop down menu.
    • Once you have assigned your network adapters, click ‘OK’ to save the changes and return to the main window.


    IMPORTANT:
    To complete a successful installation of your virtualized web filtering appliance, it is important that you verify in your Virtual Network Editor/localhost VMware configurations which physical network adapter you have defined for the role of LAN adapter and (if defined) which physical adapter you have defined as the WAN adapter. Remember that the LAN port adapter should be ordered before that of the WAN.

    For users who wish to use their choice of virtual machine or proceed with independently defined network adapters, please refer to B, below. Otherwise skip ahead to C.

    For further information about installation modes see "Select an Installation Mode", or view the Network Modes Comparison for the core distinctions between the available modes.

  2. You may also choose to proceed with independently defined network adapters (up to a maximum of two). Keep in mind that when installing in Bridge Mode, two network adapters are required, whereas NAT/Route Mode only requires one adapter. In all cases, the first network adapter to be defined must be the LAN (Local Network) adapter, and the second to be defined may be the WAN (To Router) adapter (or may be used as a secondary LAN based on your later definition post-installation). To define your own network adapters -
    • First, remove the two default network adapters from the device summary, by selecting the device and clicking on ‘Remove’.
    • Next, click on ‘Add’ to manually define your new LAN (Local Network) adapter (As mentioned earlier, the LAN adapter must be defined first in the order of definition to correctly be recognized).
    • Select ‘Network Adapter’ and click ‘Next>’.
    • Add NIC 1.PNG
    • Select the 'Bridged: Connected directly to the physical network' network connection option, and check the box to 'Replicate physical network connection state' (refer to image at right). Click on 'Finish' to close the Wizard. You will now see your Network Adapter listed in the device inventory.
    • Add NIC 2.PNG
    • Repeat this step to add a second network adapter if you plan in complete your installation in Bridge Mode or foresee requiring two LAN adapters.

    Verify adapters in VMware Workstation
    Verify adapters in vSphere Client

    REMINDER:When configuring bridge mode, be sure to set your localhost configurations so that the two defined network adapters will be connected to physically distinct network cards, where the adapter labeled "VM Local Network - LAN" will be defined for connection to the physical network interface card (NIC) intended to be connected to the switch on the local network, and the adapter labeled "To router - WAN" will be connected to the physical NIC intended to be connected to the router.

  3. Click 'Okay' to save any changes to the settings and close the window.

    REMINDER: To complete a successful installation of your virtualized web filtering appliance, it is important that you verify in your Virtual Network Editor (VMware Workstation)/localhost VMware configurations (vSphere Client) which physical network adapter you have defined as the LAN adapter and (if defined) which physical adapter you have defined as the WAN adapter. (Examples shown for both VMware's Workstation and vSphere Client). Remember that the LAN port adapter should be ordered before that of the WAN.

  4. Click on "Power on this virtual machine" to boot the virtual machine with your saved configurations and proceed with the configuration of your Dynamic Internet Guard Web Filter.


    TROUBLESHOOTING TIP: If issues are encountered accessing the Configuration Wizard while attempting to complete an installation in Bridge Mode (e.g. with two adapters defined), try connecting the cable to the second adapter defined in case the adapter order was switched during the definition stage and the ports were mis-defined.






Configuring the DIG-VM

The newly installed virtual machine will launch in its initial state. It is highly recommended to save a snapshot of the system state now, and to set an auto snapshot tool to periodically take a snapshot for the purposes of easy data recovery in the event of a system failure. There is also a backup mechanism built into the Dynamic Internet Guard filtering system itself which can be executed at a later time via the Management Console.

First, you will need to configure the filtering appliance to operate on your network, remembering the definitions you assumed when first defining the virtual machine to ensure compatibility. Initial network configurations and product activation will be completed using the NetSpark Configuration Wizard.

Once the Wizard is successfully completed, a default filtering profile will be active for all users on your network whose traffic is being passed through the filter.

For further details on configuring your filtering appliance or establishing individual user profiles, please refer to the DIG-AP040 main page.


Notes:

  • To restore the Factory Default settings of your filtering appliance you will need to re-download and install the entire virtual machine package, or return to an earlier snapshot of your VM Instance.


Completing the Configuration Stage

  • Access the Wizard to activate your product and set the basic network definitions that will allow the filtering appliance to operate on your network.
Important: During your completion of the Wizard you will be asked to enter your DIG-VM serial number. This is something you will receive from your account manager, either directly from NetSpark or through your NetSpark Distributor/Reseller. If you do not have a point of contact for receiving a serial number, please contact sales@netspark.com.
  • Once the Wizard is completed, click 'Finish' to access the Management Console to access advanced features for configuration and further define your filtering profile(s).
Personal tools