2020.05.3 – Install Junos Space on VMware Fusion in VMware ESXi

Device and Applications:

  • MacBook PRO 15-inch, 16 GB Memory, 2.9 GHz Processor
  • macOS Catalina 10.15.4
  • VMware Fusion 11.5.3
  • VMware ESXi 6.7

Details from reading and learning installation here:

Download Junos Space files

I this moment the last versions:

  • The ova image: space-19.4R1.3.ova
  • The security director: Security-Director-19.4R1.53.img

Overview

You can deploy the Junos Space Virtual Appliance *.ova file on a VMware ESXi server version 5.5, 6.0, or 6.5. Basic I have ESXi 6.7 but into installation step maybe I can modify to 6.0.

After the Junos Space Virtual Appliance is deployed, you can use the VMware vSphere client or Virtual Machine Manager (VMM) to connect to the VMware ESXi server and configure the Junos Space Virtual Appliance.

The minimum hardware requirements for deploying a Junos Space Virtual Appliance are as follows: 

Installing a Junos Space Virtual Appliance on a VMware ESXi Server

Login ESXi, mine name is esxi00. Go to Virtual Machine > Create/Register VM and click Deploy a virtual machine from an OVF or OVA file. Then Next

Enter a name as jSpace-1-20.1R1.2. I needed an other version to install and I use the name jSpace-2-19.4R1.3. Find in MacBook and chose space-19.4R1.3.ova file. Click Next

Chose the datastore where jSpace will be installed

  • Note: I have install a new ESXi VM into VMware Fusion with
    • Datastore name: datastre1
    • Capacity: 532 GB
    • Free: 504 GB (as I install CentOS firs)
    • Type: VMFS6

Please untag the Power on Automatically and you will si way … Click Next

Verify that all is correctly and click Finish

Failed to Power On. I mine case some modification have to be done before powering on.

Down in Recent Tasks you will see and wot to finish to complete. After finished go further.

Go to Virtual Machine > jSpace-1-20.1R1.2. This si default

Virtual Machine > jSpace-2-19.4T1.3

Click Edit

CPU 2, Memory 8 GB meaning 8192 MB, Default Hard Disk is minimal accepted of 500 GB.

To be able to finish type 500 GB

Power on is working now. Go here to get help: https://rtodto.net/how-to-install-junos-space-and-security-director/

You will be asked to enter user and password which are admin and abc123 respectively also for UNIX password.

Once you entered these, you will be asked to change the password. Choose your new password according to the local instructions. Otherwise you may fail to set a proper password.

[sudo] password for admin: the_configured_password

Press enter and continue

Choose the type of node to be installed [S/F] S
Configuring Eth0:

1) Configure UPv4
2) Configure Both IPv4 and IPv6

R) Redraw Menu 

Click 1 and continue

Choice [1-2,R]: 1
Please enter new IPv4 address for interface eth0
172.25.11.109
Please enter new IPv4 subnet mask for interface eth0
255.255.255.0

Enter the default IPv4 gateway as a dotted-decimal IP address:
172.25.11.254

Please type the IPv4 nameservicer address in dotted decimal notation:
8.8.8.8

Configure a separate interface for device management? [y/N] n

Will this Junos Space system be added to an existing cluster? [y/N] n

Web GUI configuration

Configuring IP address for web GUI:

1) Configure IPv4

R) Redraw Menu

Chose [1,R]: 1

Please enter IPv4 Address for web GUI:
172.25.11.100

Do you want to enable NAT service? [y/N] n

Add NTP Server? [y/N] y

Please type the new NTP server: 82.197.221.30

Please enter display name for this node: space2

Enter password for cluster maintenance mode: mine_password
Re-enter password: mine_password

-----

A> Apply settings

-----

Chose [ACQR]: A

Here is an image but all to do list is up

Now you can connect to the box via SSH at its ip 172.25.11.109

...
7) (Debug) run shell
...

Chose [1-7,AQR]: 7

[sudo] password for admin:
[root@space-000c29cb6706 ~]# ip -4 addr 
1: lo: <LOOPBACK,UP,LOWER_UP> meu 655536 disc no queue state UNKNOWN
  inet 127.0.0.1/8 scope host lo 
2: eth0: <BROUDCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 
  inet 172.25.11.109/24 brd 172.25.11.255 scope global eth0 <---Primary IP 
  inet 172.25.11.100/24 brd 172.25.11.255 scope global secondary eth0:0 <---Secondary GUI IP Address

Now it is time to login to the web UI.

  • Get inside CentOS using the password
  • Open Firefox application
  • Use https://172.25.11.100 to open Junos Space
    • Username: super
    • Password: juniper123
  • Change Temporary Password

Now going to install Security-Director-19.4R1.53.img file.

Security Director

Testing ping in MacBook Pro Terminal

murgescusilvia@Murgescus-MacBook-Pro ~ % ping centos
PING centos.silvique.ro (10.1.1.50): 56 data bytes
64 bytes from 10.1.1.50: icmp_seq=0 ttl=64 time=0.832 ms
64 bytes from 10.1.1.50: icmp_seq=1 ttl=64 time=1.320 ms
64 bytes from 10.1.1.50: icmp_seq=2 ttl=64 time=0.684 ms
c64 bytes from 10.1.1.50: icmp_seq=3 ttl=64 time=0.705 ms
64 bytes from 10.1.1.50: icmp_seq=4 ttl=64 time=0.461 ms
^C
--- centos.silvique.ro ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.461/0.800/1.320/0.286 ms
murgescusilvia@Murgescus-MacBook-Pro ~ %
  • -> Copy the file Security-Director-19.4R1.53.img from MacBook Pro to CentOS using Terminal from MacBook PRO

Not possible to use user name Silvia to update Security-Director-19.4R1.53.img file to CentOS:

murgescusilvia@Murgescus-MacBook-Pro ~ % scp -r /Users/murgescusilvia/Downloads/Security-Director-19.4R1.53.img Silvia@10.1.1.50:~/
Silvia@10.1.1.50's password: 
Permission denied, please try again.
Silvia@10.1.1.50's password: 
Permission denied, please try again.
Silvia@10.1.1.50's password: 
Silvia@10.1.1.50: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
lost connection
murgescusilvia@Murgescus-MacBook-Pro ~ % 

Observation: Maybe it was a mistake using Silvia when I should use silvia.

But is possible to do the same and replace Silvia with root:

murgescusilvia@Murgescus-MacBook-Pro ~ % scp /Users/murgescusilvia/Downloads/Security-Director-19.4R1.53.img root@10.1.1.50:/
root@10.1.1.50's password: 
Security-Director-19.4R1.53.img                                   37%  523MB  24.5MB/s   00:35 ETA
  • -> Enter in CentOS
  • -> Open Terminal application and use cd .. command many times which goes to the top folder
  • -> From user silvia go to root with command su root
[silvia@CentOS /]$ su root
Password:

[root@CenrOS /]#

-> Copy the Security-Director-19.4R1.53.img file to /home/silvia/Download directory

[root@CenrOS /]# sudo cp Security-Director-19.4R1.53.img /home/silvia/Downloads/Security-Director-19.4R1.53.img

-> Remove file from root

[root@CenrOS /]# sudo rm Security-Director-19.4R1.53.img
[root@CenrOS /]# ls

Ready to use jSpace to deploy the security director.

  • Inside CentOS open Firefox than jSpace using the web IP like https://172.25.11.100
  • Web user is super and the configured password
  • Go to Adminitration -> Applications -> + button meaning Add Application
  • Select Upload via HTTP and upload the Security-Director-19.4R1.53.img
  • Please click on Job ID to new details > OK
  • Once it appears, click install then OK
  • Application Management Job Information: Please logout and log in again after the installation of new application completed successfully. Click on Job ID to new details. > OK
  • It will take a while for the application to be installed. I exit and I will not enter again. Now I take a break to be sure it will be installed after mine break.
  • When it is finished you will see other new applications
    • Application Visibility – new
      • Version 19.4,
      • Release R1,
      • Build 53,
      • Server Group Platform
    • Log Director – new
      • Version 19.4,
      • Release R1,
      • Build 53,
      • Server Group Platform
    • Network Management Platform – exited already
      • Version 19.4,
      • Release R1,
      • Build 3,
      • Server Group Platform
    • NSM Migration
      • Version 19.4,
      • Release R1,
      • Build 53,
      • Server Group Platform
    • Security Director – new
      • Version 19.4,
      • Release R1,
      • Build 53,
      • Server Group Platform
    • Security Director Login and Reporting – new
      • Version 19.4,
      • Release R1,
      • Build 53,
      • Server Group Platform
  • In Administation > Licenses
    • License Type Tryal
    • Sku Mode Trial-license
    • Total License Days 60
    • Remaining Days 60

And here we are! We have installed both space platform and security director. Last but not least I need to recap usernames we have configured so far to avoid any confusion. 

1) admin user: We set this for the Linux shell and default password during the installation is abc123
2) maintenance user: we also set password for this but it is used for special operations. No default password for this. It must be set.
3) super user: this user is used for WEB UI and initial default password is juniper123

2020.04.25 – Juniper vSRX-NG installation into EVE-PRO

I used this guid for my installation:: https://www.eve-ng.net/index.php/documentation/howtos/howto-add-juniper-vsrx-ng-15-x-and-later/

Versions this guide is based on:

  • Name: vsrxng-20.1R1.11
  • Download original filename: junos-vsrx3-x86-64-20.1R1.11.qcow2
  • Version: 20.1R1.11
  • VCPUS: 2
  • VRAM: 4096

Step 1. Create correct image folder

root@eve-ng:/opt/unetlab/addons/qemu# mkdir vsrxng-20.1R1.11

Step 2. Upload the downloaded image to the EVE /opt/unetlab/addons/qemu/vsrxng-17.3R1.10/  folder using for example FileZilla or WinSCP.

Step 3. From the EVE cli, go to newly created image folder.

root@eve-ng:/opt/unetlab/addons/qemu# cd vsrxng-20.1R1.11

root@eve-ng:/opt/unetlab/addons/qemu/vsrxng-20.1R1.11# ls
junos-vsrx3-x86-64-20.1R1.11.qcow2

Step 4. Rename original filename to virtioa.qcow2

root@eve-ng:/opt/unetlab/addons/qemu/vsrxng-20.1R1.11# mv junos-vsrx3-x86-64-20.1R1.11.qcow2 virtioa.qcow2

Step 5. Fix permissions:

root@eve-ng:/opt/unetlab/addons/qemu/vsrxng-20.1R1.11# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions


Apr 25 06:51:19 Apr 25 06:51:19 Online Check state: Valid

Step 6. Create a testing lab and open:

Maybe I should increase used RAM for EVE-PRO to open all 4. Now I can open only 3 vSRX’s.

Step 6. By default the number of interfaces are 4: fxp0 and ge-0/0/0 – ge-0/0/2.

To increase the number of interfaces change the default Ethernets configuration of 4 to 10. The picture below shows maximum to ge-0/0/6 but it is maximum to ge-0/0/8.

Note: To open vSRX with Terminal in MacBool Pro make sure you configured/changed QEMU Nic to vmxnet3

Information about vSRX and vSRX-NG:

Junos release 18.4R1 has introduced a new model of virtual SRX (referred to as “vSRX 3.0”), which will be available in addition to the existing virtual SRX model (referred to as “vSRX”), which has been available since Junos 15.1X49-D15 release.

The vSRX 3.0 has a new architecture, which has benefits for operating in virtual environments. Some enhancements are a faster boot time, smaller install image size and better agility due to no nested routing-engine VM being used anymore.

However, the original vSRX model will still be available as long as not all features which are available on vSRX have been ported to vSRX 3.0 yet.

With respect to the security features, the both virtual SRX models are in feature parity. However, some platform related features may not be in parity yet.

The below table specifies differences and similarities in features between vSRX and vSRX 3.0, so that you can decide when to best use which type of virtual SRX, based on your needs and environment.

Platform feature differences overview between vSRX and vSRX 3.0

 vSRXvSRX 3.0
Resources supported  
2 vCPU / 4 GB RAMyesyes
5 vCPU / 8 GB RAMyesyes
9 vCPU / 16 GB RAMyesyes (*2)
17 vCPU / 32 GB RAMyesyes (*2)
Flexible flow session capacity scaling by adding additional vRAMyesyes (*3)
Multi-core scaling support (Software RSS)noyes (*4)
Add one additional vCPU to give the nested RE two vCPU’syesN/A
VMXNET3yesyes
Virtio (virtio-net, vhost-net)yesyes
SR-IOV over Intel 82599 seriesyesyes
SR-IOV over Intel X710/XL710 seriesyesyes
SR-IOV over Mellanox ConnectX-3 and ConnectX-4yesno
   
Hypervisors supported  
VMware ESXi 5.5, 6.0, 6.5yesyes
VMware ESXi 6.7noyes (*4)
KVM on Ubuntu 16.04, Centos 7.1, Redhat 7.2yesyes
Hyper-Vyesyes (*2)
Nutanixnoyes (*2)
Contrail Networking 3.xyesyes
Contrail Networking 5.xnoyes (*4)
AWSyesyes (*6)
Azureyesyes (*7)
Google Cloud Platform (GCP)noyes (*4)
   
Other features  
Cloud-inityesyes
Powermode IPSecyesno
vMotion / live migrationnoyes
AWS ELB and ENA using C5 instancesnoyes (*1)
Chassis Clusteryesyes
GTP TEID based session distribution using Software RSSnoyes (*4)
On-Device Antivirus Scan Engine (Avira)noyes (*5)
   
Requirements  
Requires Hardware Acceleration / VMX CPU flag enabled in the hypervisoryesno
Disk space16 GB18 GB

Notes:

  1. Supported in Junos 18.4R1 and higher
  2. Supported in Junos 19.1R1 and higher
  3. Supported in Junos 19.2R1 and higher
  4. Supported in Junos 19.3R1 and higher
  5. Supported in Junos 19.4R1 and higher
  6. vSRX model available on AWS is vSRX 3.0 from Junos 18.3 onwards (before vSRX 3.0 was generally available, it was already available on AWS).
  7. vSRX model available on Azure is vSRX 3.0 from Junos 19.1 onwards

2020.04.24 – Install Firewall pfSense Virtual on VMWare Fusion

A big part of solution I take from here: Pfsense: How to install Firewall Pfsense Virtual on VMWare

Other part from my blog 2020.04.1 – Building a VMware vSphere Virtual Lab with VMware Fusion – Part 2: Deploy and Configure a pfSense VM

Overview

This article is about creating a virtual machine firewall pfSense on VMWare Fusion virtualisation environment.

PfSense is Firewall open source, free for everyone. PfSense acts a firewall device and has full routing functionality as a high-end device

Read more

2020.04.10 – Building a VMware vSphere Virtual Lab with VMware Fusion – Part 5: Create a Ubuntu iSCSI Target and Configure Multipathing – major problem and not finished

I will try to do Part 5 using These idea: I’d recommend using FreeNAS instead of Ubuntu. I’ve just done a test and managed to set up a FreeNAS VM with 2 GB of RAM and managed to create a volume and connect it to ESXi using iSCSI. 

Before stating I need to get an answer about “What is Ubuntu iSCSI?”

Read more

2020.04.7 – Building a VMware vSphere Virtual Lab with VMware Fusion – Part 3: Deploying vCenter Server Appliance

Note: I have tried to install to ESXi 6.7 minim 4 times but I had an error and I can not install. In this moment I do not know what are the difference benefits between vCerver inside Fusion > ESXi or vCenter inside Fusion but out of ESXi.

This will help me to run the VMware vCenter Server appliance on VMware Fusion so that I can test features like VSAN, VMotion and Storage VMotion on a Mac without server hardware.

Read more

2020.03.26 – Building a VMware vSphere Virtual Lab with VMware Fusion – Part 0: Starting a Technical Project

I will public a few pages step-by-step how I work to build a VMware vSphere Virtual Lab with VMware Fusion.

Overview

I read a blog and I plan to apply all info and steps. I will publish all I do!

Read more