2020.05.13 – Install Juniper vMX into ESXi 6.7.0

Software for this installation:

  • MacBook PRO with 16GB hardware of RAM 
  • VMware Fusion 11.5.1
  • VMware vSphere Hypervisor (a.k.a. ESXi 6.7.0 ISO) Installed and configure with 4 CPUs and 8 GB RAM.

Reference tutorial: https://www.juniper.net/documentation/en_US/vmx/topics/topic-map/vmx-installing-on-vmware.html

Tony helped me a lot. He is the one that also publish a lot of useful article in his blog GRASPINGTECH

Maximum Minimum Hardware Requirements for VMware

A. Number of cores

  • Note: Performance mode is the default mode and the minimum value is based on one port.
    • For lite mode: Minimum of 4
      • 1 for VCP
      • 3 for VFP
    • Note: If you want to use lite mode when you are running with more than 3 vCPUs for the VFP, you must explicitly configure lite mode.

B. Memory

  • Note: Performance mode is the default mode.
    • For lite mode: Minimum of 3 GB
      • 1 GB for VCP
      • 2 GB for VFP

C. Storage

  • Local or NAS
  • Each vMX instance requires 44 GB of disk storage
  • Minimum storage requirements:
    • 40 GB for VCP
    • 4 GB for VFP

vMX Package Contents

  • Software image file for VCP: ova/vcp_20.1R1.11.ova
  • Software image file for VFP: ova/vfpc_20.1R1.11.ova

Configuration

Step 1. Download the vMX software package for VMware: vmx-bundle-esxi-20.1R1.11.tar

  • From the vMX page 
  • Uncompress the package in a location accessible in MacBook Pro

Step 2. Launch the VMware ESXi server, esxi00.silvique.ro, and log in to the server with your credentials.

Step 3. If using Dropbox make sure the files needed are totally active

  • Right – click on the ova folder inside vm-esxi/ova
  • Click Smart Sync > Local

Step 4. Setting Up the Network

In VMware ESXi, to set up the different networks for management (br-ext), internal connection of the VMs (br-int), and WAN ports for data:

  • Enter VMware ESXi using Firefox

4.1. Virtual Switch Configuration

  • Click Networking > Virtual Switch > Add Standard virtual switch
  • 1. Configure vSwitch Name: vmnic1
    • MTU 1500
    • Uplink 1: vmnic1
    • Security Accept to all:
      • Promiscuous mode: Accept
      • Mac address changes: Accept
      • Forged transmits: Accept
  • 2. Configure vSwitch Name: vmnic2
    • MTU 1500
    • Uplink 1: vmnic2
    • Security Accept to all:
      • Promiscuous mode: Accept
      • Mac address changes: Accept
      • Forged transmits: Accept
  • 3. Configure vSwitch Name: Internal.vMX
    • MTU 1500
    • Uplink 1: delete
    • Security Accept to all:
      • Promiscuous mode: Accept
      • Mac address changes: Accept
      • Forged transmits: Accept

4.2. Port groups Configuration

  • Click Networking > Port groups > Add Standard port group
  • 1. Configure Name: br-ext.vMX
    • VLAN ID: 0
    • Virtual Switch: vmnic1
    • Security Accept to all:
      • Promiscuous mode: Accept
      • Mac address changes: Accept
      • Forged transmits: Accept
  • 2. Configure Name: br-int.vMX
    • VLAN ID: 0
    • Virtual Switch: Internal.vMX
    • Security Accept to all:
      • Promiscuous mode: Accept
      • Mac address changes: Accept
      • Forged transmits: Accept
  • 3. Configure Name: p2p1-ge.vMX
    • VLAN ID: 0
    • Virtual Switch: vmnic2
    • Security Accept to all:
      • Promiscuous mode: Accept
      • Mac address changes: Accept
      • Forged transmits: Accept
  • 4. Configure Name: p2p2-ge.vMX
    • VLAN ID: 0
    • Virtual Switch: vmnic2
    • Security Accept to all:
      • Promiscuous mode: Accept
      • Mac address changes: Accept
      • Forged transmits: Accept

4.3. Note: I made a discovery opening vMX in SSH using ssh root@172.25.11.3 command

murgescusilvia@Murgescus-MacBook-Pro ~ % ssh root@172.25.11.3
Password:
Last login: Fri May 15 00:30:49 2020
--- JUNOS 20.1R1.11 Kernel 64-bit  JNPR-11.0-20200219.fb120e7_buil
root@vMX:~ # cli
root@vMX> show interfaces terse | match ge- 
ge-0/0/0                up    up
ge-0/0/0.16386          up    up  
ge-0/0/1                up    up
ge-0/0/1.16386          up    up  
ge-0/0/2                up    down
ge-0/0/2.16386          up    down
ge-0/0/3                up    down
ge-0/0/3.16386          up    down
ge-0/0/4                up    down
ge-0/0/4.16386          up    down
ge-0/0/5                up    down
ge-0/0/5.16386          up    down
ge-0/0/6                up    down
ge-0/0/6.16386          up    down
ge-0/0/7                up    down
ge-0/0/7.16386          up    down
ge-0/0/8                up    down
ge-0/0/8.16386          up    down
ge-0/0/9                up    down
ge-0/0/9.16386          up    down

Only ge-0/0/0 and ge-0/0/1 are up up. All other networks are up down. You have to create other Port group networks to put more in up up. For example, the total number o network creation in VM is p2p3-ge.vMX to maximum p2p8-ge.vMX

root@vMX> show interfaces terse | match ge-    
ge-0/0/0                up    up
ge-0/0/0.16386          up    up  
ge-0/0/1                up    up
ge-0/0/1.16386          up    up  
ge-0/0/2                up    up
ge-0/0/2.16386          up    up  
ge-0/0/3                up    up
ge-0/0/3.16386          up    up  
ge-0/0/4                up    up
ge-0/0/4.16386          up    up  
ge-0/0/5                up    up
ge-0/0/5.16386          up    up  
ge-0/0/6                up    up
ge-0/0/6.16386          up    up  
ge-0/0/7                up    up
ge-0/0/7.16386          up    up  
ge-0/0/8                up    down
ge-0/0/8.16386          up    down
ge-0/0/9                up    down
ge-0/0/9.16386          up    down

! At the moment I do not know how to make all ge interfaces, including ge-0/0/8 and ge-0/0/9, up up. I will search a solution when I will needed.

Step 5. Deploying the VCP VM

To deploy the VCP VM using .ova files:

  • Enter VMware ESXi using Firefox
  • Click Virtual Machine > Create/ Register VM
  • Select create type: click Deploy a virtual Machine for an OVF to OVA file and Next
  • Select OVF and VMDK files:
    • Name: vMX-vVCP_20.1R1.1
    • File: vcp_20.1R1.11.ova
    • Click Next
  • Select storage: ESXi00.datastore1 and Next
  • Untag Power on automatically end Next
  • Click Finish

Step 6. Deploying the FPC VM

To deploy the FPC VM using .ova files:

  • Enter VMware ESXi using Firefox
  • Click Virtual Machine > Create/ Register VM
  • Select create type: click Deploy a virtual Machine for an OVF to OVA file and Next
  • Select OVF and VMDK files:
    • Name: vMX-vFPC_20.1R1.1
    • File: vfpc_20.1R1.11.ova
    • Click Next
  • Select storage: ESXi00.datastore1 and Next
  • Untag Power on automatically end Next
  • Click Finish

After you have deployed the vVCP and vFPC VMs, you can modify the amount of memory, the number of vCPUs, and the number of WAN (here vmnic2) ports.

Step 7. Settings for the vVCP VM

  • CPU: 1
  • Memory: 1024 MB
  • Network Adapter 1: br-ext.vMX
    • Adapter Type: E1000
  • Network Adapter 2: br-int.vMX
    • Adapter Type: E1000

Step 8. Settings for the vFPC VM

  • CPU: 3
  • Memory: 2048 MB
  • Network Adapter 1: p2p1-ge.vMX
    • Adapter Type: VMXNET 3
  • Network Adapter 2: p2p2-ge.vMX
    • Adapter Type: VMXNET 3
  • Network Adapter 3: br-ext.vMX
    • Adapter Type: E1000
  • Network Adapter 4: br-int.vMX
    • Adapter Type: E1000

Not mandatory but you can add more networks:

  • Network Adapter 5: p2p3-ge.vMX
    • Adapter Type: VMXNET 3
  • Network Adapter 6: p2p4-ge.vMX
    • Adapter Type: VMXNET 3
  • Network Adapter 7: p2p5-ge.vMX
    • Adapter Type: VMXNET 3
  • Network Adapter 8: p2p6-ge.vMX
    • Adapter Type: VMXNET 3
  • Network Adapter 9: p2p7-ge.vMX
    • Adapter Type: VMXNET 3
  • Network Adapter 10: p2p8-ge.vMX
    • Adapter Type: VMXNET 3

Step 9. Launching vMX on VMware

Now you are ready to launching vMX on VMware. The firs basic configuration is the following:

[edit]
root@silvia# show 
## Last changed: 2020-01-17 04:53:09 UTC
version 20.1R1.11;
system {
    host-name vMX;
    root-authentication {
        encrypted-password "your_passord"; ## SECRET-DATA
    }
    login {
        class c1only {
            logical-system C1;
            permissions all;
        }
        class c2only {
            logical-system C2;
            permissions all;
        }
        class c3only {
            logical-system C3;
            permissions all;
        }
        class c4only {
            logical-system C4;
            permissions all;
        }
        class r1only {
            logical-system R1;
            permissions all;
        }
        class r2only {
            logical-system R2;
            permissions all;
        }
        class r3only {
            logical-system R3;
            permissions all;
        }
        class r4only {
            logical-system R4;
            permissions all;
        }
        class r5only {
            logical-system R5;
            permissions all;
        }
        class r6only {
            logical-system R6;
            permissions all;
        }
        class r7only {
            logical-system R7;
            permissions all;
        }
        user class01 {
            uid 2001;
            class c1only;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }                           
        }
        user class02 {
            uid 2002;
            class c2only;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }
        user class03 {
            uid 2003;
            class c3only;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }
        user class04 {
            uid 2004;
            class c4only;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }
        user junos01 {
            uid 2023;
            class r1only;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }
        user junos02 {
            uid 2024;
            class r2only;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }
        user junos03 {
            uid 2223;
            class r3only;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }
        user junos04 {
            uid 2224;
            class r4only;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }
        user junos05 {
            uid 2225;
            class r5only;               
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }
        user junos06 {
            uid 2226;
            class r6only;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }
        user junos07 {
            uid 2227;
            class r7only;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }


        user vMX {
            full-name "Silvia Murgescu";
            uid 2000;
            class super-user;
            authentication {
                encrypted-password "your_passord"; ## SECRET-DATA
            }
        }
    }
    services {
        ssh {
            root-login allow;
            protocol-version v2;
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
    processes {
        dhcp-service {
            traceoptions {
                file dhcp_logfile size 10m;
                level all;
                flag all;
            }
        }
    }
}
logical-systems {
    C1;
    C2;
    C3;
    C4;                                 
    R1;
    R2;
    R3;
    R4;
    R5;
    R6;
    R7;
    Source;
    Receiver;
}
chassis {
    fpc 0 {
        pic 0 {
            tunnel-services {
                bandwidth 10g;
            }
            interface-type ge;
            number-of-ports 8;
        }
        lite-mode;
    }
    network-services enhanced-ip;
}
interfaces {
    ge-0/0/0 {
        vlan-tagging;
    }
    ge-0/0/1 {
        vlan-tagging;
    }
    ge-0/0/2 {
        vlan-tagging;
    }
    ge-0/0/3 {
        vlan-tagging;
    }
    ge-0/0/4 {
        vlan-tagging;
    }
    ge-0/0/5 {
        vlan-tagging;
    }
    ge-0/0/6 {
        vlan-tagging;
    }
    ge-0/0/7 {
        vlan-tagging;
    }
    fxp0 {
        unit 0 {
            description For_SSH_Connection;
            family inet {
                address 172.25.11.3/24;
            }
        }
    }                                   
}

Note: The 172.25.11.1 IP or 172.25.11.2 IP not working to open/run vMX in MacBook Pro Terminal application. I have tried and works if configure IP 172.25.11.3/24.

To copy and paste a config from a text file. Use the CTRL-D or ^D option to exit the terminal mode and return to the firewall prompt. 

[edit]
root@vMX# load replace terminal
-> Copy and Paste here

CTRL-D

[edit] 
root@SRX# commit

NOTE: If interfaces connectivity and communication is needed, into Port Groups include VLAN ID 6095.

Below is an example: two logical-systems with 2 difference interfaces, ge-0/0/1.12 and ge-0/0/5.12 and the ping command for testing works

2020.05.12 – Problem and solution for Virtual Network in VMware Fusion and ESXi

Info details of the problem

VM with allowed network NAT

[root@esxi00:~] ping yahoo.com
getaddrinfo() for "yahoo.com" failed (-3: Temporary failure in name resolution)

VM with Share with my MAC

WAN -> em0 -> DHCP: 192.168.100.128
LAN -> em1 -> 10.1.1.251
murgescusilvia@Murgescus-MacBook-Pro ~ % ssh root@192.168.100.128
ssh: connect to host 192.168.100.128 port 22: Host is down
murgescusilvia@Murgescus-MacBook-Pro ~ % ssh root@192.168.100.128
ssh: connect to host 192.168.100.128 port 22: Operation timed out
[2.4.5-RELEASE][root@pfSense.silvique.ro]/root: ping yahoo.com
PING yahoo.com (98.138.219.232): 56 data bytes
ping: sendto: No route to host
...

Sometime work sometime does not work ….

Step 1. Reading VMware documentation to trying to solve the problem:

From here https://kb.vmware.com/s/article/2009642?lang=en_US I’ve dome this and restart the MacBook PRO :

sudo rm -f "Library/Preferences/VMware Fusion/networking"
sudo rm -f "Library/Preferences/VMware Fusion/locations"
sudo "/Applications/VMware Fusion.app/Contents/Library/vmnet-cli" -c

The problem is still there. Not solve it!

Step 2 . Ideas receive from a fried and apply it => Solved the problem! OK!!

Change network from 10.1..1.251 to 10.1.1.2 and very and test Internet connection

2.0. Make sure pfSense is powered pff

2.1. Inside ESXi terminal

 [root@esxi00:~] esxcfg-route 
VMkernel default gateway is 10.1.1.2


[root@esxi00:~] esxcli network ip dns server list
   DNSServers: 10.1.1.2


[root@esxi00:~] ping google.com
PING google.com (216.58.212.142): 56 data bytes
64 bytes from 216.58.212.142: icmp_seq=0 ttl=128 time=52.287 ms
64 bytes from 216.58.212.142: icmp_seq=1 ttl=128 time=53.458 ms
64 bytes from 216.58.212.142: icmp_seq=2 ttl=128 time=53.811 ms


--- google.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 52.287/53.185/53.811 ms


[root@esxi00:~] 

2.2. For internal CentOS VM inside ESXi_00 I change external ip to 10.1.1.50/25 and 10.1.1.2 and it works OK.

2.3. For pfSense in Vmware Fusion I do not modify anything, but ping works ok.

All are connected to Network > Custom > Allow using NAT

2020.05.3 – Install Junos Space on VMware Fusion in VMware ESXi

Device and Applications:

  • MacBook PRO 15-inch, 16 GB Memory, 2.9 GHz Processor
  • macOS Catalina 10.15.4
  • VMware Fusion 11.5.3
  • VMware ESXi 6.7

Details from reading and learning installation here:

Download Junos Space files

I this moment the last versions:

  • The ova image: space-19.4R1.3.ova
  • The security director: Security-Director-19.4R1.53.img

Overview

You can deploy the Junos Space Virtual Appliance *.ova file on a VMware ESXi server version 5.5, 6.0, or 6.5. Basic I have ESXi 6.7 but into installation step maybe I can modify to 6.0.

After the Junos Space Virtual Appliance is deployed, you can use the VMware vSphere client or Virtual Machine Manager (VMM) to connect to the VMware ESXi server and configure the Junos Space Virtual Appliance.

The minimum hardware requirements for deploying a Junos Space Virtual Appliance are as follows: 

Installing a Junos Space Virtual Appliance on a VMware ESXi Server

Login ESXi, mine name is esxi00. Go to Virtual Machine > Create/Register VM and click Deploy a virtual machine from an OVF or OVA file. Then Next

Enter a name as jSpace-1-20.1R1.2. I needed an other version to install and I use the name jSpace-2-19.4R1.3. Find in MacBook and chose space-19.4R1.3.ova file. Click Next

Chose the datastore where jSpace will be installed

  • Note: I have install a new ESXi VM into VMware Fusion with
    • Datastore name: datastre1
    • Capacity: 532 GB
    • Free: 504 GB (as I install CentOS firs)
    • Type: VMFS6

Please untag the Power on Automatically and you will si way … Click Next

Verify that all is correctly and click Finish

Failed to Power On. I mine case some modification have to be done before powering on.

Down in Recent Tasks you will see and wot to finish to complete. After finished go further.

Go to Virtual Machine > jSpace-1-20.1R1.2. This si default

Virtual Machine > jSpace-2-19.4T1.3

Click Edit

CPU 2, Memory 8 GB meaning 8192 MB, Default Hard Disk is minimal accepted of 500 GB.

To be able to finish type 500 GB

Power on is working now. Go here to get help: https://rtodto.net/how-to-install-junos-space-and-security-director/

You will be asked to enter user and password which are admin and abc123 respectively also for UNIX password.

Once you entered these, you will be asked to change the password. Choose your new password according to the local instructions. Otherwise you may fail to set a proper password.

[sudo] password for admin: the_configured_password

Press enter and continue

Choose the type of node to be installed [S/F] S
Configuring Eth0:

1) Configure UPv4
2) Configure Both IPv4 and IPv6

R) Redraw Menu 

Click 1 and continue

Choice [1-2,R]: 1
Please enter new IPv4 address for interface eth0
172.25.11.109
Please enter new IPv4 subnet mask for interface eth0
255.255.255.0

Enter the default IPv4 gateway as a dotted-decimal IP address:
172.25.11.254

Please type the IPv4 nameservicer address in dotted decimal notation:
8.8.8.8

Configure a separate interface for device management? [y/N] n

Will this Junos Space system be added to an existing cluster? [y/N] n

Web GUI configuration

Configuring IP address for web GUI:

1) Configure IPv4

R) Redraw Menu

Chose [1,R]: 1

Please enter IPv4 Address for web GUI:
172.25.11.100

Do you want to enable NAT service? [y/N] n

Add NTP Server? [y/N] y

Please type the new NTP server: 82.197.221.30

Note: In NTP server you can use also the default IPv4, here meaning 172.25.11.254.

Please enter display name for this node: space2

Enter password for cluster maintenance mode: mine_password
Re-enter password: mine_password

-----

A> Apply settings

-----

Chose [ACQR]: A

Here is an image but all to do list is up

Now you can connect to the box via SSH at its ip 172.25.11.109

...
7) (Debug) run shell
...

Chose [1-7,AQR]: 7

[sudo] password for admin:
[root@space-000c29cb6706 ~]# ip -4 addr 
1: lo: <LOOPBACK,UP,LOWER_UP> meu 655536 disc no queue state UNKNOWN
  inet 127.0.0.1/8 scope host lo 
2: eth0: <BROUDCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 
  inet 172.25.11.109/24 brd 172.25.11.255 scope global eth0 <---Primary IP 
  inet 172.25.11.100/24 brd 172.25.11.255 scope global secondary eth0:0 <---Secondary GUI IP Address

Now it is time to login to the web UI.

  • Get inside CentOS using the password
  • Open Firefox application
  • Use https://172.25.11.100 to open Junos Space
    • Username: super
    • Password: juniper123
  • Change Temporary Password

Now going to install Security-Director-19.4R1.53.img file.

Security Director

Testing ping in MacBook Pro Terminal

murgescusilvia@Murgescus-MacBook-Pro ~ % ping centos
PING centos.silvique.ro (10.1.1.50): 56 data bytes
64 bytes from 10.1.1.50: icmp_seq=0 ttl=64 time=0.832 ms
64 bytes from 10.1.1.50: icmp_seq=1 ttl=64 time=1.320 ms
64 bytes from 10.1.1.50: icmp_seq=2 ttl=64 time=0.684 ms
c64 bytes from 10.1.1.50: icmp_seq=3 ttl=64 time=0.705 ms
64 bytes from 10.1.1.50: icmp_seq=4 ttl=64 time=0.461 ms
^C
--- centos.silvique.ro ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.461/0.800/1.320/0.286 ms
murgescusilvia@Murgescus-MacBook-Pro ~ %
  • -> Copy the file Security-Director-19.4R1.53.img from MacBook Pro to CentOS using Terminal from MacBook PRO

Not possible to use user name Silvia to update Security-Director-19.4R1.53.img file to CentOS:

murgescusilvia@Murgescus-MacBook-Pro ~ % scp -r /Users/murgescusilvia/Downloads/Security-Director-19.4R1.53.img Silvia@10.1.1.50:~/
Silvia@10.1.1.50's password: 
Permission denied, please try again.
Silvia@10.1.1.50's password: 
Permission denied, please try again.
Silvia@10.1.1.50's password: 
Silvia@10.1.1.50: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
lost connection
murgescusilvia@Murgescus-MacBook-Pro ~ % 

Observation: Maybe it was a mistake using Silvia when I should use silvia.

But is possible to do the same and replace Silvia with root:

murgescusilvia@Murgescus-MacBook-Pro ~ % scp /Users/murgescusilvia/Downloads/Security-Director-19.4R1.53.img root@10.1.1.50:/
root@10.1.1.50's password: 
Security-Director-19.4R1.53.img                                   37%  523MB  24.5MB/s   00:35 ETA
  • -> Enter in CentOS
  • -> Open Terminal application and use cd .. command many times which goes to the top folder
  • -> From user silvia go to root with command su root
[silvia@CentOS /]$ su root
Password:

[root@CenrOS /]#

-> Copy the Security-Director-19.4R1.53.img file to /home/silvia/Download directory

[root@CenrOS /]# sudo cp Security-Director-19.4R1.53.img /home/silvia/Downloads/Security-Director-19.4R1.53.img

-> Remove file from root

[root@CenrOS /]# sudo rm Security-Director-19.4R1.53.img
[root@CenrOS /]# ls

Ready to use jSpace to deploy the security director.

  • Inside CentOS open Firefox than jSpace using the web IP like https://172.25.11.100
  • Web user is super and the configured password
  • Go to Adminitration -> Applications -> + button meaning Add Application
  • Select Upload via HTTP and upload the Security-Director-19.4R1.53.img
  • Please click on Job ID to new details > OK
  • Once it appears, click install then OK
  • Application Management Job Information: Please logout and log in again after the installation of new application completed successfully. Click on Job ID to new details. > OK
  • It will take a while for the application to be installed. I exit and I will not enter again. Now I take a break to be sure it will be installed after mine break.
  • When it is finished you will see other new applications
    • Application Visibility – new
      • Version 19.4,
      • Release R1,
      • Build 53,
      • Server Group Platform
    • Log Director – new
      • Version 19.4,
      • Release R1,
      • Build 53,
      • Server Group Platform
    • Network Management Platform – exited already
      • Version 19.4,
      • Release R1,
      • Build 3,
      • Server Group Platform
    • NSM Migration
      • Version 19.4,
      • Release R1,
      • Build 53,
      • Server Group Platform
    • Security Director – new
      • Version 19.4,
      • Release R1,
      • Build 53,
      • Server Group Platform
    • Security Director Login and Reporting – new
      • Version 19.4,
      • Release R1,
      • Build 53,
      • Server Group Platform
  • In Administation > Licenses
    • License Type Tryal
    • Sku Mode Trial-license
    • Total License Days 60
    • Remaining Days 60

And here we are! We have installed both space platform and security director. Last but not least I need to recap usernames we have configured so far to avoid any confusion. 

1) admin user: We set this for the Linux shell and default password during the installation is abc123
2) maintenance user: we also set password for this but it is used for special operations. No default password for this. It must be set.
3) super user: this user is used for WEB UI and initial default password is juniper123

2020.04.28 – Building a VMware vSphere Virtual Lab with VMware Fusion – Part 5: Create a FreeNAS iSCSI and Configure Multipathing – working now

Working now …

Starting info and advice:

  • I will try to do Part 5 using these idea: I’d recommend using FreeNAS instead of Ubuntu. I’ve just done a test and managed to set up a FreeNAS VM with 2 GB of RAM and managed to create a volume and connect it to ESXi using iSCSI. 

Mine lab parts:

GraspingTech’s helping guid:

Overview

My idea is to add Disk and configure iSCSI in FreeNAS and connect mine ESXi hosts to it.

In the Part 4 I’ve created a three node cluster but I couldn’t enable DRS or HA because it requires centralised storage. In this part, I’ll create a storage server with FreeNAS and configure it so that mine ESXi hosts can access it via iSCSI (with multipathing).

After completing the steps in the previous page, I will be at a point where I have:

  • Three ESXi 6.7 VMs running on VMware Fusion
  • The first ESXi VM contains a pfSense firewall VM with built in DNS Resolver
  • One vCenter Server Appliance in VMware Fusion
  • I am able to access the hosts and vCenter from the Mac using domain names
  • A cluster with the three ESXi 6.7 hosts use to it

For this project I need to download the FreeNAS image, named FreeNAS-11.3-U2.1.iso, and install it. I publish here all I do to install: 2020.04.27 – Install FreeNAS 11.3 on VMware Fusion with iSCSI Disks

Now I go to the next step ….

Step 1. Configure Network and open the existing FreeNAS 11.3 U2.1

Open VMware Fusion and find the Virtual Machine FreeNAS and select it.

Clicking on Virtual Machine > Hard Disk (SCSI)

-> Processor and Memory

Verify Processor and Memory

Modify to 2 processor cores and 2048 MB meaning 2 GB

-> Hard Disk

Verify total GB for both/all Hard Disk. If needed add a New Hard Disk to create a total of 80 GB. I have 2 Hard Disk with 20 GB

… and 10 GB

If needed add a new Hard Disk with 50 GB to have a total of 80 GB

-> Network Adapter

Need to have a total of 3 Network Adapter. If needed, create new Network Adapter’s

Tag vSphere for all existing Network Adapter

-> FreeNAS Settings looks like this

Step 2. Power-on FreeNAs 11.3 U2.1 and configure all three Networks

Power-on FreeNAS

Login into FireFox

In left side click on Network > Interfaces then in up-right side ADD

Create vlans named vlan101 and vlan102 with details below. The same is for each

All Networks created are here

Now is possible to ping the VM from the MacBook using the hostname freenas

murgescusilvia@Murgescus-MacBook-Pro ~ % ping freenas
PING freenas.silvique.ro (10.1.1.201): 56 data bytes
64 bytes from 10.1.1.201: icmp_seq=0 ttl=64 time=0.285 ms
64 bytes from 10.1.1.201: icmp_seq=1 ttl=64 time=0.594 ms
64 bytes from 10.1.1.201: icmp_seq=2 ttl=64 time=0.447 ms
64 bytes from 10.1.1.201: icmp_seq=3 ttl=64 time=0.532 ms
64 bytes from 10.1.1.201: icmp_seq=4 ttl=64 time=0.352 ms
64 bytes from 10.1.1.201: icmp_seq=5 ttl=64 time=0.560 ms
^C
--- freenas.silvique.ro ping statistics ---
6 packets transmitted, 6 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.285/0.462/0.594/0.112 ms

Step 3. Verify iSCSI Port groups inside vCenter

The next thing needed to do is add two new VMkernel adapters to our standard virtual switches so that the hosts can communicate with the storage server created using multiple paths.

Power-on the needed of three ESXi’s, one FreeNAS, one vCenter and one pfSense (inside esxi01). To be able to use as much RAM as possible for vCenter I do NOT power-on all in the same time but in the order mentioned before.

Login to vCenter via Firefox

  • Click Host and Clusters
  • Click on the first ESXi host, esxi01
  • Click Configure
  • Click Virtual switches

Virtual switches that appears there include ISCSI-1 and ISCSI-2 including during Part 5: Create a Ubuntu iSCSI Target and Configure Multipathing – major problem and not finished

Go on FreeNAS web bowser then >- Shell and ping all ISCSI‘s:

  • 10.10.1.11, 10.10.1.12
root@freenas[~]# ping 10.10.1.11
PING 10.10.1.11 (10.10.1.11): 56 data bytes
64 bytes from 10.10.1.11: icmp_seq=0 ttl=64 time=2.170 ms
64 bytes from 10.10.1.11: icmp_seq=1 ttl=64 time=1.299 ms
64 bytes from 10.10.1.11: icmp_seq=2 ttl=64 time=0.885 ms
^C
--- 10.10.1.11 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.885/1.451/2.170/0.536 ms

root@freenas[~]# ping 10.10.2.11
PING 10.10.2.11 (10.10.2.11): 56 data bytes
64 bytes from 10.10.2.11: icmp_seq=0 ttl=64 time=1.173 ms
64 bytes from 10.10.2.11: icmp_seq=1 ttl=64 time=0.848 ms
^C
--- 10.10.2.11 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.848/1.010/1.173/0.162 ms
  • 10.10.2.11, 10.10.2.12
root@freenas[~]# ping 10.10.1.12
PING 10.10.1.12 (10.10.1.12): 56 data bytes
64 bytes from 10.10.1.12: icmp_seq=0 ttl=64 time=1.100 ms
64 bytes from 10.10.1.12: icmp_seq=1 ttl=64 time=0.665 ms
64 bytes from 10.10.1.12: icmp_seq=2 ttl=64 time=0.557 ms
64 bytes from 10.10.1.12: icmp_seq=3 ttl=64 time=0.643 ms
64 bytes from 10.10.1.12: icmp_seq=4 ttl=64 time=0.877 ms
^C
--- 10.10.1.12 ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.557/0.768/1.100/0.196 ms


root@freenas[~]# ping 10.10.2.12
PING 10.10.2.12 (10.10.2.12): 56 data bytes
64 bytes from 10.10.2.12: icmp_seq=0 ttl=64 time=0.954 ms
64 bytes from 10.10.2.12: icmp_seq=1 ttl=64 time=0.720 ms
64 bytes from 10.10.2.12: icmp_seq=2 ttl=64 time=0.713 ms
^C
--- 10.10.2.12 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.713/0.796/0.954/0.112 ms
  • 10.10.1.13, 10.10.2.13
root@freenas[~]# ping 10.10.1.13
PING 10.10.1.13 (10.10.1.13): 56 data bytes
64 bytes from 10.10.1.13: icmp_seq=0 ttl=64 time=1.090 ms
64 bytes from 10.10.1.13: icmp_seq=1 ttl=64 time=0.981 ms
64 bytes from 10.10.1.13: icmp_seq=2 ttl=64 time=0.642 ms
^C
--- 10.10.1.13 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.642/0.904/1.090/0.191 ms


root@freenas[~]# ping 10.10.2.13
PING 10.10.2.13 (10.10.2.13): 56 data bytes
64 bytes from 10.10.2.13: icmp_seq=0 ttl=64 time=0.497 ms
64 bytes from 10.10.2.13: icmp_seq=1 ttl=64 time=0.533 ms
^C
--- 10.10.2.13 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.497/0.515/0.533/0.018 ms

Step 4. Configure iSCSI Target into FreeNAS

Now that the network is configured and all three ESXi hosts can communicate with the storage server, I need to configure the iSCSI target into FreeNAC.

The idea is to test VMware vSphere 6.7 and the vCenter appliance going to VMotion and Storage VMotion.

A full description of iSCSI installation for FreeNAC is into 2020.04.27 – Install FreeNAS 11.3 on VMware Fusion with iSCSI Disks.

Go to Sharing and select Block (iSCSI) to configure more options. We are into Target Global Configuration. Then click SAVE

Click on Portals. Click ADD for 2 different timess.

  • Name: ISCSI-1
  • IP adress: 10.10.1.201 default port 3260
  • Click Save
  • Name: ISCSI-2
  • IP adress: 10.10.2.201default port 3260
  • Click Save

Click on Initiators. Click ADD. Tag Allow ALL Initiators then SAVE.

Click on Targets. Click ADD for 2 different times.

  • Target Name: iscsi-1
  • Portal Group ID: 1 (ISCSI-1)
  • No other default configuration and click SAVE.
  • Target Name: iscsi-2
  • Portal Group ID: 2 (ISCSI-2)
  • No other default configuration and click SAVE.

Click Extents. Click ADD for 2 different times. Below are only modification and new setup.

  • Extent name: ISCSI-1
  • Extend Type: Device
  • Device: pool2/vmware-disk-01 (20.0G)
  • SSD – Enable
  • Click SAVE
  • Extent name: ISCSI-2
  • Extend Type: Device
  • Device: pool2/vmware-disk-01 (20.0G)
  • SSD – Enable
  • Click SAVE

We can see this:

Click on Associated Targets. Click ADD for 2 different times

  • Target: iscsi-1
  • LUN ID: 1
  • Extensors: ISCSI-1
  • Target: iscsi-2
  • LUN ID: 2
  • Extensors: ISCSI-2

Step 5. Verify iSCSI Target into vSphere

vSphere is already configured using the installation in Part 5: Create a Ubuntu iSCSI Target and Configure Multipathing.

Clicking on the Devices tab I do not see the thin provisioned disk I created when configuring the iSCSI target.

Open ssh for esxi01, esxi02 and esxi03. Use the following command on all

[root@esxi01:~] esxcli storage core adapter rescan --all
[root@esxi01:~] esxcli storage core adapter list
HBA Name  Driver     Link State  UID                                     Capabilities         Description
--------  ---------  ----------  --------------------------------------  -------------------  ------------------------------------------------------------------------
vmhba0    pvscsi     link-n/a    pscsi.vmhba0                                                 (0000:03:00.0) VMware Inc. PVSCSI SCSI Controller
vmhba1    vmkata     link-n/a    ide.vmhba1                                                   (0000:00:07.1) Intel Corporation PIIX4 for 430TX/440BX/MX IDE Controller
vmhba64   vmkata     link-n/a    ide.vmhba64                                                  (0000:00:07.1) Intel Corporation PIIX4 for 430TX/440BX/MX IDE Controller
vmhba65   iscsi_vmk  online      iqn.1998-01.com.vmware:esxi01-10a4398c  Second Level Lun ID  iSCSI Software Adapter

Clicking again on the Devices tab and now see the thin provisioned disk I created when configuring the iSCSI target.

When you click on the Paths tab you should see two paths. It is said that and one of them is with Active I/O bit I have both with Active I/O.

This is all…

2020.04.27 – Install FreeNAS 11.3 on VMware Fusion with iSCSI Disks

Download from here: https://www.freenas.org/download/

Informations that helps me to learn and install here: https://www.sysprobs.com/nas-vmware-workstation-iscsi-target

VMware is one of the best and user-friendly virtualization software in the market. Their Fusion can be installed on most of the client Operating Systems to virtualize the physical hardware and install multiple Operating Systems top of it.

Not only the server or client Operating Systems but even we can also install network storage Operating Systems on VMware as a virtual machine. Here I’m going to show how to install FreeNAS on VMware Fusion and configure iSCS disks. This method gives the ideal test lab setup to have NAS as a virtual machine on single computer hardware.

What is NAS (Network Access Storage)?

In the physical environment, NAS is a hardware device with hard drives and it is accessible via the network port. The controller will have its own Operating System to manage the disks and allow the access. Every NAS devices have plenty of features and tools to make it scalable, secure and accessible.

These NAS devices support iSCSI, that can be used to set up VMware vCenter. But for the testing purpose in VMware, we can’t have the expensive physical NAS devices to configure a cluster with high availability in VMware Fusion. So, there is some free open source NAS software available to install on computers or servers to build a NAS system with existing hard disks and partitions. These free storage virtualization software make your computer hard disk as network access storage.

I found that these two famous free NAS software can be installed in the computer and make NAS.

Installing FreeNAS on VMware Fusion is simple and straight forward. But setting up and configuring the iSCSI disks involves several steps. Also, remember that the steps involved in configuring iSCSI disks in FreeNAS as shown below remain the same on any platform.

Install FreeNAS Server on VMware Fusion

1) Download the latest stable version from the official site here. At the moment you can find FreeNAS 11.3-U2.1 as on writing this guide.

NOTE: The current version requires a minimum 8GB of RAM. Since I have enough resources on my MacBook PRO, I could configure a VM with 8GB RAM. If you do not have enough RAM, then you can try with lower capacity. It may impact the performance of VM.

2) Create a virtual machine in VMware Fusion

3) Select Install from disk or image and click Continue

4) If needed click Use an other disk or disk image, find the FreeNAT file and select it. Then press Continue

5) Let Legacy BIOS and click Continue

6) Click Continue Settings

7) Search for Users > murgescusilvia > Virtual Machines. If you want, create a New Folder chose a name like FreeNAS, make sure to chose a name into Save As like FreeNAS, and click Save

8) Continue with FreeNAS Settings

9) Into Processors & Memory

  • Processors: 4
  • Memory: 8GB meaning 8192 MB
  • Keep Advanced options unselected as default

10) Connect CD/DVD Drive is already installed

11) Keep Hard Disk configuration default of 20GB. Remember, this hard disk will be used to install the Operating System only. We can’t use this disk to create storage, disks and LUNs for sharing a purpose. We need to attach another hard disk again to this VM. We will discuss that later.

12) Boot the system with the first option (default)

13) Let it for Autoboot and wait…

14) Select the Install/Upgrade option and press OK

15) On the next screen, select the virtual hard disk to install. You need to choose the hard drive and press spacebar key to make the selection.

16) Press Yes

17) Insert your Password and make sure you will remember it for future use

18) Select the Boot mode as ‘Boot via BIOS’ option to make the things simple

19) Click OK

20) Chose Reboot and click OK

21) Immediately remove the loaded ISO file

At this point, we have successfully installed the latest FreeNAS on VMware Fusion which is running on MacBook PRO.

Let’s see some more settings to make it work.

Network Settings in FreeNAS VM – Vmware Fusion

Once the VM booted, you can see the below screen which gives several options.

By default, the VM network is in NAT mode in VMware Fusion. I’m not going to explain more about VMware Fusion networking.

In the NAT mode, your virtual machines and host will communicate well even though the host and VM IP look different.

If you want you can change the network mode to ‘Bridge Mode’ so the FreeNAS virtual machine will get the same IP scheme of your host computer physical network.

In both cases, we need to configure static IP for FreeNAS storage. That is the ideal way to keep the IP unchanged for your storage device.

22) First I change the network connectivity

23) Before configure the IP for FreeNAS I power-on the application that offer connectivity to internet, pfSense. I don’t know if I need internet for fart configuration of FreeNAS but I make sure it is connected to internet.

24) Configure FreeNAT with a static IP. Press 1 and enter

25) I have used File Name: em1 not em0 as in the follow Photo. I forget to make a photo withered version. All other are the same as shown

Once the IP changes, it will display the web URL on the screen.

26) Open a browser and access the URL. I use Firefox. Login with the root user name and password you set during the installation.

You must land on the FreeNAS management page without any issues.

Add Disk and Configure iSCSI in FreeNAS 11.3 on VMware Fusion

27) Now we are ready to configure the storage system and iSCSI disks. But we do not have any more drives than the OS disk. Hence we need to add another disk. You can add a few disks if you want.

  • -> It is thinking that luckily VMware allows adding the virtual disks to a virtual machine while it is working. SCSI disks can be added. We will see that it is not true for VMware Fusion.
  • -> In VMware Fusion shout down before adding a new Hard Disk
  • -> Power-off FreeNAS
  • -> Add a new Hard Disk. I added another 10GB disk for testing purpose.

28) Power-on FreeNAT and make sure VMware and FreeNAS detected the new disk successfully. It should be listed under the Storage > Disks.

29) Clock Storage > pool. Select ADD

30) Clock CREATE POOL

31) Add the new disk Name pool1 to the pool, select da1 and click ->

  • -> da1 is moved right. Click Created
  • -> Click CREATE POOL
  • -> it is successfully created

32) Now start the iSCSI service in FreeNAS. By default, it is off.  Go to ‘Services’, select and switch on the iSCSI service.

33) Go to ‘Sharing’ and select ‘Block (iSCSI)’ to configure more options. Then SAVE

34) Click on ‘Portals’ and add a new one. If it is the first time you are configuring, most probably you need to add a new portal. Click ADD

35) You can comment for your reference. Click on the drop-down and select the IP address of the FreeNAS VM.

36) Now click on ‘Initiators’ tab and add a new one.

37) If you do not want more restriction, as me, then keep both ‘All’. Otherwise, add the client network where you will be accessing the iSCSI storage. I left ‘All’ and applied the settings.

38) Time to add targets. Click on ‘Targets’ and ADD a new one.

39) Give a name related to the type so that you can understand later. Here select the portal you created in the earlier step.

40) We need to create Extents to add the storage. Click on ‘Extends’ and ADD new.

41) Give an appropriate name, and select the type as ‘File’.

  • -> Maybe it can be given any name you chose without .vmdy end but …
  • -> I give the next name from here. It is correct?
  • -> Browse the mount point where you intended to store the iSCSI disk and give a name at the end of the mount point. This method will allow hosting several LUNs in the same disk. Give the size of the extend. When host access this iSCSI target, it will read the disk size what you mention here. It should be less than the mount point size.

42) As the final step, add an ‘Associated Targets’. 

43) Make sure to select the correct names from the drop-down and add LUN ID. It can be any number between 0 to 256 but should be unique. Click SAVE

This is it!

With those steps, we have successfully created an iSCSI disk in FreeNAS which is running on VMware workstation.

Connect and Test the iSCSI Target in FreeNAS from VMware vCenter

This is done into Building a VMware vSphere Virtual Lab with VMware Fusion part 5

2020.04.26 – Juniper Junos Space Network Management installation into EVE-PRO

The information for installation is from here : https://www.eve-ng.net/index.php/documentation/howtos/juniper-j-space/

>>>>>>>> Chapter 1:

  • EVE Image Name: jspace-19.3R1.3
  • Downloaded Original Filename: space-19.3R1.3.qcow2
  • Version: 19.3R1.3
  • vCPUs: 2
  • vRAM: 8192
  • HDD Format: virtioa
  • Console: vnc/https
  • Interfaces: x2 virtio

Chapter 1 topic:

Step 1. Download KVM qcow2 image from Juniper.

Step 2. Using our image table, create correct image folder, this example is for image jspace- in the table above.

mkdir /opt/unetlab/addons/qemu/jspace-19.3R1.3/

Step 3. Upload the downloaded image to the EVE /opt/unetlab/addons/qemu/jspace-19.3R1.3 folder using for example FileZilla or WinSCP.

Step 4. From the EVE cli, go to newly created image folder.

cd /opt/unetlab/addons/qemu/jspace-19.3R1.3/

Step 5. Rename original filename to virtioa.qcow2

mv space-19.3R1.3.qcow2 virtioa.qcow2 

Step 6.  Fix permissions:

/opt/unetlab/wrappers/unl_wrapper -a fixpermissions


Step 7. Open a lab, add Junos Space and power-on

Step 8. Default logins:

CLI: admin/abc123
https: super/juniper123

>>>>>>>> Chapter 2:

  • EVE Image Name: jspace-20.1R1.2
  • Downloaded Original Filename: space-20.1R1.2.qcow2
  • Version: 20.1R1.2
  • vCPUs: 2
  • vRAM: 8192
  • HDD Format: virtioa
  • Console: vnc/https
  • Interfaces: x2 virtio

Chapter 2 topic:

Note: I have installed and it does’n work for me. Maybe it work for you … just try it!

Step 1. Download KVM qcow2 image from Juniper.

Step 2. Using our image table, create correct image folder, this example is for image jspace- in the table above.

mkdir /opt/unetlab/addons/qemu/jspace-20.1R1.2/

Step 3. Upload the downloaded image to the EVE /opt/unetlab/addons/qemu/jspace-20.1R1.2 folder using for example FileZilla or WinSCP.

Step 4. From the EVE cli, go to newly created image folder.

cd /opt/unetlab/addons/qemu/jspace-20.1R1.2/

Step 5. Rename original filename to virtioa.qcow2

mv space-20.1R1.2.qcow2 virtioa.qcow2 

Step 6.  Fix permissions:

/opt/unetlab/wrappers/unl_wrapper -a fixpermissions


Step 7. Open a lab, add Junos Space and power-on

Step 8. Default logins:

CLI: admin/abc123
https: super/juniper123

Getting Start Guid: https://www.juniper.net/documentation/en_US/junos-space20.1/platform/topics/concept/junos-space-getting-started-fabric-architecture-overview.html

2020.04.24 – Juniper vMX (limited) installation into EVE-PRO

I used this guid for my installation: https://www.eve-ng.net/index.php/documentation/howtos/howto-add-juniper-vmx-16-x-17-x/

This guide is based on version:

  • EVE images name, vCPUs and vRAM
    • vmxvcp-limited-20.1R1.18-domestic-VCP, 1 vCPU, 2 Gb vRAM
    • vmxvfp-limited-20.1R1.18-domestic-VFP, 3 vCPUs, 4 Gb vRAM
  • Downloaded Filename
    • vmx-bundle-20.1R1.11-limited.tar
  • Version
    • Junos: 20.1R1.11
Read more

2020.04.24 – Install Firewall pfSense Virtual on VMWare Fusion

A big part of solution I take from here: Pfsense: How to install Firewall Pfsense Virtual on VMWare

Other part from my blog 2020.04.1 – Building a VMware vSphere Virtual Lab with VMware Fusion – Part 2: Deploy and Configure a pfSense VM

Overview

This article is about creating a virtual machine firewall pfSense on VMWare Fusion virtualisation environment.

PfSense is Firewall open source, free for everyone. PfSense acts a firewall device and has full routing functionality as a high-end device

Read more

2020.04.23 – Juniper vRR installation into EVE-PRO

Inspiration in EVE guid: https://www.eve-ng.net/index.php/documentation/howtos/howto-add-juniper-vrr/ where it is made with version 17.4R1.16.

  • Note: I have installed three times.
    • Firs time with vRR 19.2R1.8 (vrr-bundle-kvm-19.2R1.8.tar) – workilg OK!
    • second time with vRR 20.1R1.11 (vrr-bundle-kvm-20.1R1.11.tar) – not work!
    • third time with vRR 19.4R1.10 (vrr-bundle-kvm-19.4R1.10.tar) – working OK!

The blog is about third installation exactly as the first installation.

Read more

2020.04.18 – Install EVE-NG: THE Network Emulator!

What I found and I use as help to download and install EVE-NG is from here: https://thenetworkberg.com/eve-ng-first-time-configuration/

Note: I had problems and I’be installed 2 times in 2 different version: -NG and -PRO. I will update here as Note into each Step to remember if I need to installed again.

Need to have something similar:

  • MacBook Pro (15-inch, 2016):
    • macOS Catalina version 10.15.3
    • Processor 2,9 GHs Quad-Core Intel
    • Memory 16 GB 2133 MHsLPDDR3 (of RAM)
  • VMWare Fusion 11.5.3 installed

EVE-NG Community Cookbook: https://www.eve-ng.net/index.php/documentation/community-cookbook/

Read more