Installation on VMware ESXi 7.x

This manual describes the steps to configure and prepare VMware ESXi Version 7 or newer in order to install the IACBOX.

  • A 64-bit host-system is required.

  • It is highly recommended to use a dedicated physical network interface card for the Surf-LAN.

  • The system must be online at any time in order to synchronize necessary IACBOX registration data with the licensing server.

  • This manual describes the installation of the IACBOX on ESXi, not the ESXi installation itself.

  • To prevent threading problems it is recommended to only assign resources from the same pool, e.g. on a multi-CPU host system, only use cores from one CPU to avoid rapid context switching.

  • Due to the nature of a closed system utilities like VMware tools, which would grant full access to the system, can not be installed. The consequential warning message of ESXi can be dismissed.

  • Please note the minimum hardware requirements

  • Starting from 250 users a processor with at least 2,50 Ghz or better is highly suggested, a slow host hypervisor can cause problems if command queues can not be processed in time.

  • Virtualized environments generally need more resources due to the nature of virtualization.

  • Functions like the DNS Web Filter, the Application Control or the Connection Tracking are very CPU-intensive and should therefore be used with caution.

  • In order to use the DNS Web Filter, at least 4GB of internal memory must be available.

Preparation

The VM host has to be prepared before the virtual machine can be created. It is highly suggested to dedicated network cards for the Office-LAN and Surf-LAN. Furthermore, each interface should be assigned to it's own vSwitch and Port Group, which has to be created beforehand. The structure should be as shown in the image below:

image

As displayed in the picture, the Port Groups have to be assigned to the according vSwitches. Other than this, no further adjustments are required.

Why two interfaces?

  • Since the Surf-LAN receives guest-device traffic and the Office-LAN forwards it to the front-gateway, traffic basically does get doubled. By using only one NIC or vSwitch, this has led to considerable problems on some locations in the past. For this reason it is highly suggested to not only use two dedicated network cards, but also to create two dedicated vSwitches as shown in the image above.
  • The queue of the virtual network interfaces has the tendency to overflow in very load-heavy envoironments. By using two separate interfaces, this risk is halved.
  • No additional VLAN settings are required.

Creating the virtual machine

To create a new virtual machine, navigate into the according menu in the left navigation and click on Create / Register VM. On the next window, select Create a new virtual machine and proceed with Next.

image

On the next page, enter a name for the virtual machine, set the compatibility to ESXi 7.0 virtual machine, the guest OS family to Linux and the guest OS version to SUSE openSUSE (64-bit).

image

Now select the datastore on which the virtual machine should be assigned.

image

On the Customize settings page, proceed by setting the virtual machine parameters according to the hardware requirements. Further information about this can be found at the start of this documentation. The default Network Adapter 1 can also be set to the port group created previously for the Office-LAN / Uplink.

image

In the same window, click on Add network adapter and set it to the Surf-LAN port group which has been created in the Preparation section of this documentation.

image

After this has been done, set the CD/DVD Drive 1 selection to Datastore ISO file. The ISO-image used for the installation can be uploaded to the data store from this menu. Now select the ISO-image to mount it on CD/DVD Drive 1.

image

Now click on Next, review the settings and then continue with Finish. Open the newly generated virtual machine and proceed by clicking on Power on. The installation should now get initiated automatically. Proceed on the following screen by starting with the graphics mode, which means to type in g and then proceed with ENTER.

image

  • In case of a failure to boot or the installation not starting, proceed to power off the machine and review the VM Settings.
  • Check if the Hypervisor defaulted to EFI and that Secure boot is disabled in this case.
  • By using EFI, the selection shown in the last screenshot will not appear. Instead, the installation screen shown below will be displayed immediately.

If everything worked out, the installation starts.

image

Now proceed with the installation. The detailed installation process is described in the manual IACBOX Installation.

Changing Settings

The following changes in the virtual machine will apply after a restart of the system:

  • CPU cores
  • Memory size
  • CD/DVD settings

Changes to Network Cards will not apply automatically. Thus if Network Cards are modified / added / removed, the FT-Setup must be run again so that the NIC changes can be applied to the IACBOX.
In order to do so, open the console of the system and write resetsysop. Confirm with ENTER and then leave the password empty and re-confirm with ENTER. The following text output will appear:

image

The output of Login incorrect is expected and can be ignored.

This will reset the sysop-password, but it also now allows to log into the console with the default sysop credentials, which is the next step. Log in with sysop as user and sysop as password to open the FT-Setup configuration. Proceed the first window with Yes - Continue to get to the main menu.

image

Now navigate into the menu Sys-Config and then into the sub-menu Office LAN. Without performing any changes, navigate back (with the tabulator key, the arrow keys and ENTER) into the previous menu. The text next to the Office LAN row now changed from < edit > to < done > as shown in the picture below. Do the same with the Surf LAN.

image

Navigate back to the main menu and into the next sub-menu Net-Auto. Here the virtual network cards can be re-assigned to the system interfaces. If any NIC-related settings were changed in the virtual machine, then it is likely that the interface has to be re-assigned on this configuration page. After re-assigning the virtual network cards in this menu make sure to select Save changes and to confirm it with ENTER.

image

To finish, select Activate and confirm the next selection with Yes - Do it. This will re-write the configuration, including the new network cards. Network-related settings can also be changed in here, which is useful when preparing the system without having to access the WebAdmin.

image

After the configuration has been re-written, navigate into Server-Admin and select System-Restart to finish.

VLAN Setup

With big Surf-LAN environments, often many VLANs are used to provide different Login Pages to different areas. To pass-through VLANs via VMware, open the ESXi Host Client and navigate into the network settings. Here edit the Port Group wich was created for the Surf-LAN and perform the following changes:

  • Set the VLAN ID to 4095 - this will act like a trunk port for all VLANs
  • Set the port group to Promiscuous Mode