VIRTUAL APPLIANCE INSTALLATION GUIDE - Servnet Virtual... · VIRTUAL APPLIANCE INSTALLATION GUIDE ... Choose File -> Deploy OVF Template and browse to the Accellion OVF image,

VIRTUAL APPLIANCE INSTALLATION GUIDE

Accellion, Inc.

1900 Embarcadero Road

Suite 207

Palo Alto, CA 94303

Tel +1 650 739-0095

Fax +1 650 739-0561

www.accellion.com

[email protected]

PROPRIETARY AND CONFIDENTIAL

SUBJECT TO CHANGE WITHOUT NOTICE.

© 2007 Accellion, Inc. All Rights Reserved.

Version 8.0 Accellion VMware Installation Guide 2

INTRODUCTION .................................................................................. 4

NETWORK AND FIREWALL SETUP .................................................. 5

VMWARE IMAGE INSTALLATION ..................................................... 7

Server 2.0 ........................................................................................................... 7

ESX 3.5 ............................................................................................................... 7

ESX 4.x ............................................................................................................... 8

WINDOWS HYPER-V .......................................................................... 8

Hyper-V 2008 R2: .............................................................................................. 8

CITRIX XENSERVER ........................................................................... 8

Xenserver 5.6 .................................................................................................... 8

INITIAL CONFIGURATION .................................................................. 8

Command Menu Interface (CMI) ...................................................................... 9

Configuration .................................................................................................... 9

ADMINISTRATIVE WEB INTERFACE .............................................. 10

Activate Storage ............................................................................................. 13

Optional Configuration Items ........................................................................ 13

APPENDIX A - APPLIANCE INFORMATION WORKSHEET ........... 16

Worksheet Description ................................................................................... 17

APPENDIX B – COMMAND MENU INTERFACE.............................. 19

CMI ................................................................................................................... 19

Configuration .................................................................................................. 19


Information ...................................................................................................... 22

Services ........................................................................................................... 22

System Option ................................................................................................ 22

Testing ............................................................................................................. 22

APPENDIX C – RESOURCES ........................................................... 23


INTRODUCTION

The Acce l l ion Secure Fi le Transfer Appl iance is used for rece iv ing and del iver ing la rge f i les. I t does th is by a l lowing users to upload and download f i les v ia ht tps. Our VMware solut ion reduces the amount of servers requi red to run the Acce l l ion solu t ion, and gives easy admin ist rat ion wi th your other VMware servers.

This gu ide wi l l he lp you act ivate and setup the VMware appl iance.

Insta l lat ion steps inc lude:

1. Network and Fi rewal l Setup – Obtain ing IP addresses and opening needed f i rewal l ports

2. VMware image insta l la t ion – insta l l ing the Accel l ion image on your VMware server

3. In i t ia l Conf igurat ion - Using CMI to se tup IP address, subnet mask, and Gateway

4. Admin ist rat ive Web interface – Upload ing the l icense to act iva te your Accel l ion app l iance and f i l l ing out the f i rst - t ime setup page


NETWORK AND FIREWALL SETUP

Before installing the appliance on your VMware server, please setup the following:

• An IP address on the DMZ for Nic 1 (eth0)

• Public IP address for Nic 1 (eth0) if DMZ is an address-translated segment

• All IP addresses properly registered with DNS to allow for reverse-dns and

application access

Firewall requirements

You will need to configure your firewall to allow access to and from the appliance on the

ports detailed below:

Inbound connections to the Appliance

Service Port Source Reason

HTTP 80 any Redirects to port 443.

HTTPS 443 any Access web interface

SSH 22 203.166.139.205 Allows Accellion to access the system for maintenance and support.

SNMP TCP 199

UDP 161 Monitoring Servers

Allow your monitoring servers to monitor via SNMP Polling(OPTIONAL)

Outbound connections from Appliance

Service Port Target Reason

HTTPS 443 Update.accellion.net Allows Appliance to obtain updates from Accellion.

HTTP 80 fsbwserver.f-secure.com Allows Appliance to obtain Anti-virus definition updates

(if purchased)

DNS 53 DNS server Allow box to do name lookups when necessary.

LDAP 389

Directory Server

Allow Appliance to perform LDAP queries (if configured).

See Note

SMTP 25 Mail-relay server (any) System delivers links using email. Can be configured to send email thru a mail-relay server or directly (any)

NTP 123 NTP Server The appliance can synchronize it’s time with any NTP server

SYSLOG UDP 514 Syslog Server Allow the appliance to send logging messages to a centralized syslog server.


Note: Port 389 for LDAP, Port 636 for LDAPS, Port 3268 for Active Directory Global Catalog

To assist in the configuration of your appliance, please refer to Appendix A: Appliance

Information Worksheet, a worksheet with all the information needed to configure your

appliance to get it up and running.

Network Set-up


VMWARE IMAGE INSTALLATION

When you purchase the VMware appliance, you will receive an email containing links to

download the Accellion VMware images. Once you have downloaded the Accellion

image, find your VMware version below, and follow the installation instructions.

NOTE: Some installations of VMware server will use DHCP if it cannot access the default

IP range of the appliance (192.168.1.111). You MUST set the IP via the CMI before the

Accellion appliance will be accessible (see: Initial Configuration for details).

Server 2.0

If you are running the image on VMware Server 2.0

1. Download and Install VMware server from

http://www.vmware.com/products/server/

2. Extract the Accellion VMware image into the "Virtual Machines" directory on the

VMware server. It will take about 1GB of space

3. Click "Add Virtual Machine to Inventory", or go under Virtual Machine -> Add

Virtual Machine to Inventory

4. Browse to the .vmx file and click Ok. The VMWare machine will now be created

5. Click “Add Hardware” under the Commands section

a. Select “Hard Disk

b. Select “Create New Virtual Disk”

c. Select Capacity (25GB minimum recommended) and browse/enter

location, then click “Finish” to create the drive

6. Power on the VM. The default IPAddress will be 192.168.1.111.

ESX 3.5

If you are running the image on ESX 3.5:

1. Download and extract the Accellion OVF image.

2. Using VMware Infrastructure Client, import the Virtual Appliance (File -> Virtual

Appliance -> Import) - choose "Import from file" ,browse and select the .ovf file

that was extracted - view the VM details - name, download size, size on disk of

your ESX system - on the next step type the VM name, for example "Accellion

SFTA”, and click Finish to start the import

3. Edit the Virtual Machine Settings, and add a hard disk (recommended size is

25GB or greater)

4. Once the image is imported, power on the VM. The default IPAddress will be

192.168.1.111


ESX 4.x

If you are running the image on ESX 4.x:

1. Download and extract the Accellion OVF image

2. Using the vSphere Client log in to your ESX server

3. Choose File -> Deploy OVF Template and browse to the Accellion OVF image,

name the image and click through the next parts of the install

4. Once created, edit the Virtual Machine Settings, and add a hard disk

(recommended size is 25GB or greater)

5. Once the image is deployed, power on the VM. The default IPAddress will be

192.168.1.111

WINDOWS HYPER-V

Hyper-V 2008 R2:

1. Unzip the Accellion Hyper-V image.

2. Open Hyper-V manager (Start->Administrative Tools->Hyper-V Manager

3. Import Virtual Machine.

CITRIX XENSERVER

Xenserver 5.6

1. Import OVA using XenCenter File�Appliance Import

2. Add an additional disk for desired size for File Storage.

3. Power on the appliance and then follow initial configuration instrucstions.

INITIAL CONFIGURATION

The initial configuration of the appliance will allow it to connect to your network. Using the

Appliance’s Command Menu Interface (CMI) you will be able to configure the IP address,

Subnet mask, and Gateway. Once these are configured, you will have access to the

administrative web interface. The CMI is only available by logging into the Console of the

appliance. Full details on using the CMI can be found in Appendix B.


Command Menu Interface (CMI)

After establishing a connection to the console, login using the following information:

Username: admin

Password: accellion

After the appliance validates your login it will display the Main Menu of the CMI.

Appliance Administration

1. Configuration

2. Information

3. Services

4. System Option

5. Testing

Choose <b> to previous menu, <m> to main menu, <q> to quit.

or one of the above submenu

acsh>>

Configuration

The following three items must be configured before the Administrative website can be

accessed: IP Address, Subnet Mask, and Gateway.

IP Address and Subnet Mask - To setup the IP address and Subnet mask for the

appliance, choose option 1. Configuration -> NIC1 Modification (eth0). Enter the IP

address to be used, then the enter key. Then add the Subnet Mask to be used and push

the enter key.

Gateway - To setup the Gateway, choose option 1. Configuration -> Gateway

Modification -> and enter an IP address for the gateway for this appliance’s network

traffic.

Version 8.0 Accellion VMware Installation Guide

10

ADMINISTRATIVE WEB INTERFACE

In Explorer, Firefox, or Safari, go to https://<eth 0 IP address>/admin. (or

https://192.168.1.111/admin if the IP address was not changed during Initial

Configuration). You will be prompted with a security warning press “OK” to accept. You

will then be shown the login page shown below.

Initial Login Page

The default login information is as follows.

User: superuser

Password: Courier#1

After logging in, you will be presented with the End User License Agreement. Click

“Agree” after thoroughly reading it.

Next, the appliance will ask you to upload the license file. Please check the email you

received that contained the link to your appliance: there will be a link to the license file

there as well. Download this to your local computer, click “Choose File”, and “Submit” to

upload the license and activate your Accellion Appliance.


11

Once successfully uploaded, click “Continue Setup”. This will bring you to the First Time

Setup page where you will need to enter the following:

First Time Setup

• Administrator Email address. This is where update notifications and other

administrator emails will be sent.

• New Password for administrative superuser login. The password must be at

least six characters in length and contain one Uppercase letter and one number.

• Notification Email address. This is the address used when the appliance sends

notifications. Notifications include: Invitations, forgot password, verification, and

similar emails.

• Application Hostname (this is the Fully Qualified Domain name) which is used

for access via the web browser and will be used when generating links for files

that are sent (example: company.accellion.net). NOTE: To ensure your appliance

works correctly, do not alter this setting.

Administrative Web Interface



12

• Filter distinguishes internal from external users. This should be everything to the

right of the @ symbol in your email address (ie: [email protected] would have

a domain filter of company.com). If you have multiple email domains, separate

them with a comma.

• Time Zone should be set to your local time. If your area practices daylight

savings time, check the Daylight Savings box and the appliance will automatically

adjust during the time change.

Once you have typed in the information and selected Submit the browser will display a

page stating the Settings are being updated

Once updated, you will be redirected back to the Administrative web interface and

prompted for your manager login information. Login using the username superuser and

the password you selected in the first time setup page.

You will then see the First time Setup page. Click “Continue Login”. To access the

administrative interface go to: https://<FQDN>/admin




13

Activate Storage

Once you have activated the appliance and logged in you will need to Activate the virtual

disk you added for file storage. To do this you will need to go to Appliance�Status and

Click Move Storage.

On the next screen you’ll be presented with selecting the virtual disk and click Move

Storage.

Once completed you’ll see your new file storage available.

Optional Configuration Items

The appliance needs to be able to send email for normal operation of the device. By

default, it will attempt to deliver the email to recipients email server directly using DNS.

The appliance can also be configured to relay email through a gateway or relay server.

To make this change you can go to Settings�Appliance and make an entry in the Mail

Relay Host parameter specifying either the IP address or FQDN of the relay server.

If you are going to be integrating with a Directory Service (Active Directory/LDAP) you will

need to configure LDAP from the Manager interface under Administration �LDAP. A

description of these settings can be found in Appendix A.



14

LDAP Interface


15

If you have purchased Anti-virus service you will need to enable Anti-Virus protection,

configure the update schedule, and configure the update notification email address.

Anti Virus

For adjusting setting which will modify how your appliance operates refer to the Accellion

Administrator Guide.



16

APPENDIX A - APPLIANCE INFORMATION WORKSHEET

HOSTNAME

Mail Host Relay

Administrator email

Notification email

IP Information

Eth0 Internal External

IP

Mask

Gateway

Eth1

IP

Mask

Gateway

ILO(maintenance

port)

IP

Mask

Gateway

DNS Servers

Server1

Server2

LDAP

Protocol

Directory Hostname

Port

User Attribute

Base DN

Bind DN

Bind Password

Domain Filter

Group


17

Worksheet Description

Hostname - Name used to resolve appliance in browser. Links for file downloads will be

generated with this hostname. This can be configured from the Administrative web

interface.

Mail Host Relay - Mail host for relaying all mail from appliance. No entry needed if the

FTA delivers email directly.

Administrator Email - Email address used for the Administrator of the appliance.

Notification Email - All notification emails (User invitations, lost password requests,

email verification) will be sent with this address as the sender.

IP Information - This is the information needed to be configured for eth0 and eth1 (if

used). You need the IP address, subnet mask, and gateway. If the machine is in a DMZ

or internal network you will need an externally translated address as well.

A note about using both Ethernet interfaces is that you will need to ensure DNS will

resolve to the proper interface (split-DNS). This information is configured using the CLI at

the console. Refer to Appendix B for information on using the CLI

Static Routes - If the appliance needs to route traffic through another IP besides the

default gateway you will need to configure static routes. This information is configured

using the CLI at the console. Refer to Appendix B for information on using the CLI

ILO IP Information - Most appliances come with an integrated Lights-Out management

interface that allows remote access to the box even if the server is offline but has power.

Used for hardware diagnostics.

DNS Servers - The appliance needs to be configured with DNS servers to allow

hostname lookups for software updates, anti-virus updates (if used), and LDAP

integration. This information is configured using the CLI at the console. Refer to

Appendix B for information on using the CLI

Appendix A - Appliance Information Worksheet


18

LDAP Information -

• Host - Hostname of the Directory Services server

• Protocol- Need to specify which protocol is being used for communication with

your directory service. Choices are LDAP, LDAPS, START_TLS.

• Port- Need to specify the port on which communication will take place. The

default LDAP is 389 and 636 for LDAPS. When integrating with Active Directory

it is possible to use Global Catalog through port 3268.

• User Attributes - This is the attribute used to determine a person’s identity

within LDAP. The attribute is usually mail within most Directory Services.

• Base DN - The Base DN used for user identification

• Bind DN - The Bind DN is the DN information for a user that has read

permissions to the Directory for doing lookups.

• Bind Password - This is the password used by the Bind DN.

• Domain Filter - This is used if there is more than one domain in your Directory

Service and want to restrict users of certain domains. You specify the domains

here for inclusion and exclusion.

• Group - When integrating with Active Directory you can limit permissions to

people that only exist in the Groups configured here. More then one (1) Group

can be configured by separating with a “|” .The Group(s) must be entered in the

complete CN Object and when a user attempts to authenticate membership to

the group(s) will be checked.

Appendix A - Appliance Information Worksheet


19

APPENDIX B – COMMAND MENU INTERFACE

CMI

The Command Menu Interface, or CMI, gives you access to various settings without using

the web interface.

The default username and password to log in to the CMI is:

Username: admin

Password: accellion

After the appliance validates your login it will display the Main Menu of the CMI.

You can change the password by selecting Configuration�User Configuration� Change

Account Password. Then follow the instructions on updating the password.

The Accellion Appliance’s CMI has these main menu administration items:

Appliance Administration

1. Configuration

2. Information

3. Services

4. System Option

5. Testing

Choose <b> to previous menu, <m> to main menu, <q> to quit.

or one of the above submenu

acsh>>

Configuration

Menu items to configure the Anti-virus settings, network, and user:

F-Secure Antivirus Configuration

• Change F-Secure Anti-virus Auto Update Frequency

• Set/modify the time of day when updates are normally done or to disable auto-

update

• Change Email Notification


20

• Enable/disable notification of alerts. Alerts are sent to the email address you

configure here

Network Configuration

Displays menu items for configuring the network interfaces, gateway and DNS

DNS Modification

• Add DNS Server: Displays any existing DNS server configured and allows you

to add additional DNS servers − add DNS Servers by entering its IP addresses

• Remove DNS Server: Displays any existing DNS server configured and allows

you to remove any − remove a DNS Server from the list by entering its IP

address.

NIC1 Modification (eth0) - the external facing network interface. Its IP address and

netmask have to be set correctly for appliances to be able to connect to the Internet/DMZ.

Displays existing configuration (if any)

• To disable interface

• To configure, enter an IP address to be assigned to this network interface

• Turn on Auto-negotiation

• Force 100 –Full Duplex turning off Auto-Negotiation

• Displays current IP info, speed, duplex, link

NIC2 Modification(eth1) - the second network interface which may be used to connect to

other devices or to mount NFS storage if needed. Displays existing configuration (if any)

• To disable interface

• To configure, enter an IP address to be assigned to this interface followed by the

Subnet Mask

• Turn on Auto-negotiation

• Force 100-Full Duplex turning off Auto-Negotiation

• Displays current IP info, speed, duplex, link

Appendix B – Command Line Interface


21

Gateway Modification — Displays existing gateway configuration. To configure, enter an

IP address for the gateway for this appliance’s network traffic

Appliance Name Modification — Displays existing hostname. To configure, enter a new

hostname for the appliance

IPSEC Modification — Used for configuring IPSEC tunnels between Accellion

appliances

• Add IPSEC Profile — Add an IPSEC profile name and destination IP address

• Remove IPSEC Profile — Remove IPSEC profile and IP address

NTP Server Modification You can configure the appliance to update it’s time and date

using NTP. Specify the NTP server(s) separated by blank space

Mail Relay Modification — Displays the existing mail relay. You can modify the relay or

disable mail relay

Static Route Modification — Allows you to make modifications to the appliance’s IP

Routing Table

• Add Static Route — Add a static route for a host or network

• Remove Static Route — Remove any static route you have added to the

appliance’s IP Routing Table

Search Domain Modification — Make modifications to the domains in which the

machine will search for when search for FQDN of hosts

• Add Search — Add new Search Domain

• Remove Search — Remove Search Domain

User Configuration

Change the user account password for the CMI

• Enter the existing password

• Enter a new password

• Re-enter the new password



22

Information

Displays current network and system configuration

• F-Secure Antivirus Information – Displays summary of current Antivirus

configuration including email notification, current version, and update host

• Network Information - Displays a summary of the current network configuration

including IP, subnet mask, NIC settings, DNS server, Gateway, NTP server, and

IPSEC information

• Services Information - Displays summary of current processes running

• System Information - Displays System information which includes current date,

time, time zone, OS and FTA Version

Services

Menus to start and stop services

• Start Apache – Start Apache web service

• Stop Apache – Stop Apache web service

• Services Information – Displays summary of current services running

• Start sshd – Starts the sshd service

• Stop sshd – Stops the sshd service

System Option

Menus to shutdown or reboot the appliance

• System Shutdown - Shutdown the appliance - prompts for user password to

confirm

• System Reboot - Reboot the appliance - prompts for user password to confirm

Testing

Menu items to run various network tests on the appliance to check the network

configuration

• DNS Test - Test DNS configuration - enter a hostname to resolve

• Mail Test - Enter an email of recipient you would like to send test email to

• Ping Test - Enter a hostname or IP address to ping

• Traceroute Test - Enter a hostname or IP address to do a traceroute to



23

APPENDIX C – RESOURCES

For further information on settings for the rest of the appliance, please refer to the

Administration and Best Practices guides.

If you have questions that were not answered by this guide, please visit our support portal

at:

https://support.accellion.net/

Our support portal has information to help you with your new service including Knowledge

Base Articles, Up to Date Documentation and, New releases on software updates.

Email: [email protected]

Phone: 1-888-654-3778 (toll-free)

1-603-695-6555 (International)

Documents

VIRTUAL APPLIANCE INSTALLATION GUIDE - Servnet Virtual... · VIRTUAL APPLIANCE INSTALLATION GUIDE ... Choose File -> Deploy OVF Template and browse to the Accellion OVF image,