1 / 21

Web Security Virtual Appliance Technical Overview for SEs

Web Security Virtual Appliance Technical Overview for SEs. AsyncOS 7.7.5 for Web. January 7 , 2013. New Features in this Release Getting Set Up & Operating Your Virtual WSA(s) Q&A. Agenda. What is Penglai (AsyncOS 7.7.5 for Web)?. Virtual form factor of Web Security Appliance (WSA)

dai
Download Presentation

Web Security Virtual Appliance Technical Overview for SEs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web Security Virtual Appliance Technical Overview for SEs AsyncOS 7.7.5 for Web January 7, 2013

  2. New Features in this Release Getting Set Up & Operating Your Virtual WSA(s) Q&A Agenda

  3. What is Penglai (AsyncOS 7.7.5 for Web)? • Virtual form factor of Web Security Appliance (WSA) • Functionally equivalent to a hardware WSA running Pikes Peak (AsyncOS 7.7.0). Major features in AsyncOS 7.7 are: • Multi-NTLM Forest Support • SOCKS proxy support • Plus benefits of running a VM: • One license (digital certificate), unlimited VMs • Self-service provisioning – you can provision & activate new VMs, fully loaded with your licensed feature keys, whenever you want • This beta program will be focused on testing the VM features only

  4. Hypervisor & Hardware Requirements • Hypervisor: VMware ESXi 4.x or 5.0 • Hardware: Cisco UCS (officially supported), other vendors (best-effort support) • There are 3 standard VM images (corresponding to HW models in capacity). Allocate HW resources based on the VM image you download & the matrix below:

  5. Four Easy Steps for Setting Up a Virtual WSA • Make sure the XML license that was emailed to you is ready • Download the VM • Unzip the VM & deploy it with vSphere • Run System Setup Wizard

  6. Start by Downloading the VM File Download the VM file from the Cisco Software Download Center, under the Cisco Web Security Appliance. • Download the file for the model you want: • S000V: coeus-X-Y-X-070-S000V.zip • S100V: coeus-X-Y-X-070-S100V.zip • S300V: coeus-X-Y-X-070-S300V.zip • Zipped OVF (Open Virtualization Format) • Sample contents for S100V zip file: coeus-X-Y-X-070-S100V.zip • coeus-X-Y-X-070-S100V.ovf • coeus-X-Y-X-070-S100V-disk1.vmdk • coeus-X-Y-X-070-S100V.mf

  7. Next: Deploy the VM Uncompress the zip file to a designated file path (e.g. C:\WSAV\S000V_pristine) • If you want to run multiple VMs, use vSphere’s native cloning capabilities or duplicate the zip directory. Cloning must be done before the appliance’s first run. You can also download a pristine image later if you want more VMs. • Follow the process below for each VM: • With a connected vSphere client, click to select the host or cluster you want to have the image deployed • Choose File-->Deploy OVF Template. • Enter the path of the OVF file, click Next • Follow the wizard to finish the deployment

  8. Next: Load Your License File • XML file – looks like picture here • Can be applied to multiple VMs (reusable) • Apply during System Setup Wizard for each VM • Has customer ID, feature keys (Web Reputation, Web Usage Controls, Antivirus signatures) & expiration date embedded • If you purchase new feature keys, a new license is issued • When license expires, all functionality stops – including proxy • You will receive multiple alerts as expiry is approaching

  9. Next: Install the License File • From the console, note the IP address of the appliance • From SSH or telnet, login to the virtual appliance with admin/ironport • Enter loadlicense, then • Input the license file by pasting its contents and pressing Ctrl-D, OR • Load the license file that has been uploaded to the virtual appliance via FTP (covered in next slide)

  10. Loading the License via FTP or SCP • Use FTP to transfer license file to appliance: • ftp to appliance with admin/ironport • cd into directory configuration • putlicense.xml • exit • OR use SCP to copy license file to appliance: • scplicense.xml admin@<IP>:configuration

  11. Finishing Setup After Loading License File • Read and agree to the EULA • Enter showlicense to view the license details • Log on to the web UI (http://<IP>:8080) and run the System Setup Wizard • You are now ready to import your configuration

  12. Importing your Configuration If you are configuring your Virtual WSA from scratch,ignore this step • If you provided your config file for migration, you should have received a Config File for your Virtual WSA from the beta team • We will have an automated config migration tool available when we release • Copy the config file to your new WSAV (Virtual WSA): • scpmy_config_file.xmladmin@new_WSAV:configuration • Load the config file on your new WSAV: • loadconfigmy_config_file.xml

  13. New and modified CLI commands

  14. New CLI commands: loadlicense loadlicense • Reads a license file from a file or cut and paste • Verifies the validity of the license • Creates and installs the new feature keys • Removes old feature keys

  15. New CLI commands: showlicense Showlicense • Show data about current license, including expiry date vm10c02esa0120.eng> showlicense Virtual License =============== vln VLNWSA171717 begin_date Sun Jan 15 00:00:00 2012 GMT end_date Sat Jan 15 16:06:49 2028 GMT company Ironport Test Company seats 17 serial 12B email cstillso@ironport.com issue fe8f1761f1a94463bc9ddbcf03569805 license_version 1.0

  16. Modified CLI commands: version Version • For virtual appliances, this command will show CPU and memory of appliance, along with limits

  17. Modified CLI commands: ipcheck ipcheck • Platform • Serial No. • RAM reported in MB

  18. Modified CLI Commands: featurekey Featurekey All feature keys currently active on appliance & remaining time on license

  19. More Information for SEs • WSAV Questions? Contact wsa-pm@cisco.com • ESAV Questions? Contact esa-pm@cisco.com

  20. Questions

More Related