Installation on VMware ESXi 7.x

This manual describes the steps to configure and prepare VMware ESXi Version 7 or newer in order to install the IACBOX.

  • A 64-bit host-system is required.

  • It is highly recommended to use a dedicated physical network interface card for the Surf-LAN.

  • The system must be online at any time in order to synchronize necessary IACBOX registration data with the licensing server.

  • This manual describes the installation of the IACBOX on ESXi, not the ESXi installation itself.

  • To prevent threading problems it is recommended to only assign resources from the same pool, e.g. on a multi-CPU host system, only use cores from one CPU to avoid rapid context switching.

  • Due to the nature of a closed system utilities like VMware tools, which would grant full access to the system, can not be installed. The consequential warning message of ESXi can be dismissed.

  • Please note the minimum hardware requirements

  • Starting from 250 users a processor with at least 2,50 Ghz or better is highly suggested, a slow host hypervisor can cause problems if command queues can not be processed in time.

  • Virtualized environments generally need more resources due to the nature of virtualization.

  • Functions like the DNS Web Filter, the Application Control or the Connection Tracking are very CPU-intensive and should therefore be used with caution.

  • In order to use the DNS Web Filter, at least 4GB of internal memory must be available.

Preparation

The VM host has to be prepared before the virtual machine can be created. It is highly suggested to dedicated network cards for the Office-LAN and Surf-LAN. Furthermore, each interface should be assigned to it's own vSwitch and Port Group, which has to be created beforehand. The structure should be as shown in the image below:

image

As displayed in the picture, the Port Groups have to be assigned to the according vSwitches. Other than this, no further adjustments are required.

Why two interfaces?

  • Since the Surf-LAN receives guest-device traffic and the Office-LAN forwards it to the front-gateway, traffic basically does get doubled. By using only one NIC or vSwitch, this has led to considerable problems on some locations in the past. For this reason it is highly suggested to not only use two dedicated network cards, but also to create two dedicated vSwitches as shown in the image above.
  • The queue of the virtual network interfaces has the tendency to overflow in very load-heavy envoironments. By using two separate interfaces, this risk is halved.
  • No additional VLAN settings are required.

Creating the virtual machine

To create a new virtual machine, navigate into the according menu in the left navigation and click on Create / Register VM. On the next window, select Create a new virtual machine and proceed with Next.

image

On the next page, enter a name for the virtual machine, set the compatibility to ESXi 7.0 virtual machine, the guest OS family to Linux and the guest OS version to SUSE openSUSE (64-bit).

image

Now select the datastore on which you want to assign the virtual machine.

image

On the Customize settings page, proceed by setting the virtual machine parameters according to the hardware requirements. Further information about this can be found at the start of this documentation. Here you also can set the default Network Adapter 1 to the port group you've previously created for the Office-LAN / Uplink.

image

In the same window, click on Add network adapter and set it to the Surf-LAN port group which has been created in the Preparation section of this documentation.

image

After this has been done, set the CD/DVD Drive 1 selection to Datastore ISO file. This will open a new window in which you can upload the ISO-image you want to use for the installation to the data store. In the same datastore window, you can then select the uplaoded ISO-image to proceed.

image

Now click on Next, review your settings and then continue with Finish. Open the newly generated virtual machine and proceed by clicking on Power on. The installation should now get initiated automatically. You can proceed the following screen by starting with the graphics mode, which means to type in g and then proceed with ENTER.

image

  • If your virtual machine is not booting or the installation does not start, then power it off and navigate into the VM settings to the point VM Options. review the settings in the sub-menu of Boot-Options. If your hypervisor did set this setting to EFI, then you have to disable the Secure Boot for it.
  • By using EFI, the selection shown in the last screenshot will not appear. Instead, you will directly see the installation screen as shown below.

If everything worked out, the installation starts.

image

Now you can proceed with the installation. The detailed installation process is described in the manual IACBOX Installation.

Changing Settings

The following changes in the virtual machine will apply after a restart of the system:

  • CPU cores
  • Memory size
  • CD/DVD settings

What will not automatically apply after a system restart are any changes to the network cards. If you modify these or remove & add new ones, you will need to perform a FT-Setup run, so that the system can assign the interfaces accordingly. In order to do so, open the console of the system and write resetsysop. Confirm with ENTER and then leave the password empty and re-confirm with ENTER. The following text output will appear:

image

The output of Login incorrect is expected and can be ignored.

This will reset the sysop-password, but it also now allows you to log into the console with the default sysop credentials, which is the next step. Log in with sysop as user and sysop as password to open the FT-Setup configuration. Proceed the first window with Yes - Continue to get to the main menu.

image

Now navigate into the menu Sys-Config and then into the sub-menu Office LAN. Without performing any changes, navigate back (with the tabulator key, the arrow keys and ENTER) into the previous menu. The text next to the Office LAN row now changed from < edit > to < done > as shown in the picture below. Do the same with the Surf LAN.

image

Navigate back to the main menu and into the next sub-menu Net-Auto. Here you can re-assign the virtual network cards to the system interfaces. If you changed any NIC-related settings in the virtual machine, then it is likely that the interface has to be re-assigned on this configuration page. After re-assigning the virtual network cards in this menu make sure to select Save changes and to confirm it with ENTER. This will automatically bring you back into the main menu.

image

To finish, select Activate and confirm the next selection with Yes - Do it. This will re-write the configuration, including the new network cards. As you’ve probably noticed, you can also change network-related settings in here, which is useful to prepare the system without having to access the WebAdmin.

image

After the configuration has been re-written, navigate into Server-Admin and select System-Restart to finish.

VLAN Setup

With big Surf-LAN environments, often many VLANs are used to provide different Login Pages to different areas. To pass-through VLANs via VMware, open the ESXi Host Client and navigate into the network settings. Here edit the Port Group wich was created for the Surf-LAN and perform the following changes:

  • Set the VLAN ID to 4095 - this will act like a trunk port for all VLANs
  • Set the port group to Promiscuous Mode