Virtual Appliance Technical Overview for SEs AsyncOS 775 for Web January 7 2013 Agenda New Features in this Release Getting Set Up amp Operating Your Virtual WSAs QampA What is Penglai AsyncOS 775 for Web ID: 183756
Download Presentation The PPT/PDF document "Web Security" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Web Security Virtual Appliance Technical Overview for SEs
AsyncOS 7.7.5 for Web
January 7
, 2013Slide2
AgendaNew Features in this ReleaseGetting Set Up & Operating
Your Virtual WSA(s)Q&ASlide3
What is Penglai (AsyncOS 7.7.5 for Web)?Virtual form factor of Web Security Appliance (WSA)Functionally equivalent to a hardware WSA running Pikes Peak (
AsyncOS 7.7.0). Major features in AsyncOS 7.7 are:
Multi-NTLM Forest SupportSOCKS proxy supportPlus benefits of running a VM:
One license (digital certificate), unlimited VMs
Self-service provisioning – you can provision & activate new VMs, fully loaded with your licensed feature keys, whenever you want
This beta program will be focused on testing the VM features only Slide4
Hypervisor & Hardware RequirementsHypervisor: VMware
ESXi 4.x or 5.0Hardware: Cisco UCS (officially supported), other vendors (best-effort support)
There are 3 standard VM images (corresponding to HW models in capacity). Allocate HW resources based on the VM image you download & the matrix below:
VM
Image
Cores
Disk (GB)
Mem
(
GB)
S000V
1
250
4
S100V
2
250
6
S300V
4
1024
8Slide5
Four Easy Steps for Setting Up a Virtual WSAMake sure the XML license that was emailed to you is ready
Download the VM
Unzip the VM & deploy it with vSphere
Run System Setup Wizard Slide6
Start by Downloading the VM FileDownload the VM file from the Cisco Software Download Center, under the Cisco Web Security Appliance.
Download the file for the model you want: S000V: coeus-X-Y-X-070-S000V.zip
S100V: coeus-X-
Y
-
X
-070-S100V.zip
S300V: coeus-X-
Y-X-070-S300V.zip
Zipped OVF (Open Virtualization Format)
Sample contents for S100V zip file:
coeus
-X-Y-X-
070-S100V.zip
coeus
-X-Y-X-
070-S100V.ovf coeus-X-Y-X-070-S100V-disk1.vmdk coeus-X-Y-X-070-S100V.mf
Slide7
Next: Deploy the VMUncompress the zip file to a designated file path
(e.g. C:\WSAV\S000V_pristine)If you want to run multiple VMs, use vSphere’s native cloning capabilities or duplicate the zip directory. Cloning must be done before the appliance’s first run. You can also download a pristine image later if you want more VMs.
Follow the process below for each VM:
With a connected
vSphere
client, click to select the host or cluster you want to have the image deployed
Choose File-->Deploy OVF Template.
Enter the path of the OVF file, click Next
Follow the wizard to finish the deployment
Slide8
Next: Load Your License FileXML file – looks like picture here
Can be applied to multiple VMs (reusable)Apply during System Setup Wizard for each VMHas customer ID, feature keys
(Web Reputation, Web Usage Controls, Antivirus signatures) & expiration date embedded
If you purchase new feature keys, a new license is issued
When license expires, all functionality stops – including proxy
You will receive multiple alerts as expiry is approaching
Slide9
Next: Install the License FileFrom the console, note the IP address of the appliance
From SSH or telnet, login to the virtual appliance with admin/ironport
Enter loadlicense, then
Input the license file by pasting its contents and pressing
Ctrl-D
, OR
Load the license file that has been uploaded to the virtual appliance
via
FTP (covered in next slide)
Slide10
Loading the License via FTP or SCPUse FTP to transfer license file to
appliance:ftp to appliance with admin/ironport
cd into directory configuration
put
license.xml
exit
OR use SCP to copy license file to
appliance:scp
license.xml
admin@<IP>:
configuration
Slide11
Finishing Setup After Loading License FileRead and agree to the EULA
Enter showlicense to view the license detailsLog on to the web UI (http://<IP>:8080)
and run the System Setup WizardYou are now ready to import your
configuration
Slide12
Importing your ConfigurationIf you are configuring your Virtual WSA from scratch
, ignore this stepIf you provided your
config file for migration, you should have received a Config File for your Virtual WSA from the beta team
We will have an automated
config
migration tool available when we release
Copy the
config file to your new WSAV (Virtual WSA):scp
my_config_file.xml
admin@new_WSAV:configuration
Load the
config
file on your new WSAV:
loadconfig
my_config_file.xml
Slide13
New and modified CLI commandsSlide14
New CLI commands: loadlicenseloadlicense
Reads a license file from a file or cut and pasteVerifies the validity of the licenseCreates and installs the new feature keys
Removes old feature keysSlide15
New CLI commands: showlicense
ShowlicenseShow data about current license, including expiry date
vm10c02esa0120.eng>
showlicense
Virtual License
===============
vln VLNWSA171717
begin_date Sun Jan 15 00:00:00 2012 GMT
end_date Sat Jan 15 16:06:49 2028 GMT
company Ironport Test Company
seats 17
serial 12B
email cstillso@ironport.com
issue fe8f1761f1a94463bc9ddbcf03569805
license_version 1.0Slide16
Modified CLI commands: versionVersion
For virtual appliances, this command will show CPU and memory of appliance, along with limitsSlide17
Modified CLI commands: ipcheck
ipcheckPlatform Serial No.
RAM reported in MBSlide18
Modified CLI Commands: featurekey
Featurekey
All feature keys currently active on appliance & remaining time on licenseSlide19
More Information for
SEs
WSAV Questions? Contact
wsa-pm@cisco.com
ESAV Questions? Contact
esa-pm@cisco.com
Slide20
QuestionsSlide21