KB N° 2798: MANAGEMENT OF OLFEO VIRTUAL APPLIANCES
Contents
- Selecting the right virtual appliances
- Virtual appliance contents
- Importing virtual appliances
- Troubleshooting import problems
- Virtual appliance configuration
SELECTING THE RIGHT VIRTUAL APPLIANCES
There are 4 virtual appliance profiles (3 master profiles and 1 slave profile) available for VMware vSphere (v5.0 and higher) and Microsoft Hyper-V (Windows Server 2008 and higher). Virtual appliances can be downloaded from this page (customer account required): https: //www.olfeo.com/fr/telechargements
The master machine comes with 3 hard disk sizes for storing browsing logs over 365 days, depending on the number of users to be secured:
See the article on sizing an Olfeo infrastructure for more information on this subject.
VIRTUAL APPLIANCE CONTENT
Olfeo virtual appliances are equipped with a Linux Debian 9 x64 operating system and embed the Olfeo environment in the form of a chroot accessible in the /opt/olfeo/chroot tree.
To optimize the integration of Linux virtual machines into VMware and Microsoft hypervisors, the open-vm-tools (open-source implementation of VMware tools) and LIS(Linux Integration Service for MS Hyper-V) packages are pre-installed.
IMPORTING VIRTUAL APPLIANCES
Once the file has been downloaded from the customer area, unzip the ZIP archive and check the integrity of the OVA or VHD file using the associated text file and an appropriate tool.
VMware vSphere
From the web console (vSphere Client (HTML5) or vSphere Web Client (Flex)), access the context menu and select Deploy an OVF template... :
In the installation wizard, select the Local file option and specify the location of the OVA file:
Microsoft Hyper-V
Create a new virtual machine and adjust its size (vCPU and RAM memory) according to the machine's role (master or slave).
Select Generation 1 for this machine:
Attach the corresponding virtual disk using the recovered VHD file.
TROUBLESHOOTING IMPORT PROBLEMS
VMware vSphere
Olfeo virtual appliances are generated from VMware vSphere 6.5 with the SHA256 encryption algorithm.
Consequently, an attempt to deploy these appliances from vSphere Client will fail with the following error:
It is necessary to use the web console (vSphere Client (HTML5) or vSphere Web Client (Flex)) to import these virtual appliances for compatibility with the SHA256 cryptographic hash algorithm. This problem also affects the PowerCLI tool.
However, if you wish to import via the vSphere Client, you will need to convert the OVA from the SHA256 cryptographic hash algorithm to SHA1: https: //kb.vmware.com/s/article/2151537
When using the vSphere 5/6 web console, the deployment wizard may display a looping message even though the Client Integration Plug-In program has been installed:
"Version 6.0 of the client integration plug-in has not been detected. Install version 6.0 of the client integration plug-in using the following link."
"The Client Integration Plug-in must be installed to enable OVF functionality. Click the link below to download the installer. If installed, refresh the browser and allow access. "
The problem occurs with all browsers, and is linked to the prerequisites for SSL certificates in recent browsers, which are incompatible with the certificates of the "Client Integration Plug-In" program. VMware provides workarounds described in these articles:
Microsoft Hyper-V
Olfeo virtual appliances are Generation 1. If you select Generation 2, you will get this type of error:
VIRTUAL APPLIANCE CONFIGURATION
Once the virtual appliance has been imported and the hardware configuration verified, you can move on to system configuration.
Points to configure on a virtual appliance :
- Host name: /etc/hostname and /etc/hosts
- Network configuration (IP address, mask and gateway): /etc/network/interfaces
- DNS servers: /etc/resolv.conf
- Installing security updates: apt update then apt upgrade
Reboot the system with the reboot command to finalize system preparation. This reboot is required to take into account the machine name change and to update the Linux kernel.
Once the host system has been configured, you can proceed to initial Olfeo configuration by logging on to the web administration interface: https: //IP_OLFEO:8443
Note: in the event of an error during license activation, temporarily modify the DNS configuration file present in the Olfeo environment /opt/olfeo/chroot/etc/resolv.conf, then restart the operation. DNS configuration can then be carried out in the administration interface.