web security virtual appliance technical overview for ses
DESCRIPTION
Web Security Virtual Appliance Technical Overview for SEs. AsyncOS 7.7.5 for Web. January 7 , 2013. New Features in this Release Getting Set Up & Operating Your Virtual WSA(s) Q&A. Agenda. What is Penglai (AsyncOS 7.7.5 for Web)?. Virtual form factor of Web Security Appliance (WSA) - PowerPoint PPT PresentationTRANSCRIPT
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Web Security Virtual Appliance Technical Overview for SEsAsyncOS 7.7.5 for Web
January 7, 2013
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
AgendaNew Features in this Release
Getting Set Up & Operating Your Virtual WSA(s)
Q&A
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
What is Penglai (AsyncOS 7.7.5 for Web)?
• Virtual form factor of Web Security Appliance (WSA)
• Functionally equivalent to a hardware WSA running Pikes Peak (AsyncOS 7.7.0). Major features in AsyncOS 7.7 are:
Multi-NTLM Forest SupportSOCKS proxy support
• Plus benefits of running a VM:One license (digital certificate), unlimited VMsSelf-service provisioning – you can provision & activate new VMs, fully loaded with your licensed feature keys, whenever you want This beta program will be focused on testing the VM features only
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Hypervisor & Hardware Requirements
• Hypervisor: VMware ESXi 4.x or 5.0• Hardware: Cisco UCS (officially supported), other vendors (best-effort
support)• There are 3 standard VM images (corresponding to HW models in
capacity). Allocate HW resources based on the VM image you download & the matrix below:
VM Image Cores Disk (GB) Mem(GB)
S000V 1 250 4
S100V 2 250 6S300V 4 1024 8
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Four Easy Steps for Setting Up a Virtual WSA
1. Make sure the XML license that was emailed to you is ready
2. Download the VM
3. Unzip the VM & deploy it with vSphere
4. Run System Setup Wizard
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Start by Downloading the VM File
Download the VM file from the Cisco Software Download Center, under the Cisco Web Security Appliance.• Download the file for the model you want:
S000V: coeus-X-Y-X-070-S000V.zipS100V: coeus-X-Y-X-070-S100V.zipS300V: coeus-X-Y-X-070-S300V.zip
• Zipped OVF (Open Virtualization Format)
• Sample contents for S100V zip file:coeus-X-Y-X-070-S100V.zip
coeus-X-Y-X-070-S100V.ovf coeus-X-Y-X-070-S100V-disk1.vmdk
coeus-X-Y-X-070-S100V.mf
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Next: Deploy the VM
Uncompress the zip file to a designated file path (e.g. C:\WSAV\S000V_pristine)• If you want to run multiple VMs, use vSphere’s native cloning
capabilities or duplicate the zip directory. Cloning must be done before the appliance’s first run. You can also download a pristine image later if you want more VMs.
• Follow the process below for each VM:1. With a connected vSphere client, click to select the host or cluster you want
to have the image deployed2. Choose File-->Deploy OVF Template.3. Enter the path of the OVF file, click Next4. Follow the wizard to finish the deployment
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Next: Load Your License File• XML file – looks like picture here
• Can be applied to multiple VMs (reusable)
Apply during System Setup Wizard for each VM
• Has customer ID, feature keys (Web Reputation, Web Usage Controls, Antivirus signatures) & expiration date embedded
• If you purchase new feature keys, a new license is issued
• When license expires, all functionality stops – including proxy
You will receive multiple alerts as expiry is approaching
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Next: Install the License File
• From the console, note the IP address of the appliance
• From SSH or telnet, login to the virtual appliance with admin/ironport
• Enter loadlicense, thenInput the license file by pasting its contents and pressing Ctrl-D, ORLoad the license file that has been uploaded to the virtual appliance via FTP (covered in next slide)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Loading the License via FTP or SCP
• Use FTP to transfer license file to appliance:ftp to appliance with admin/ironportcd into directory configurationput license.xmlexit
• OR use SCP to copy license file to appliance:scp license.xml admin@<IP>:configuration
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Finishing Setup After Loading License File
• Read and agree to the EULA
• Enter showlicense to view the license details
• Log on to the web UI (http://<IP>:8080) and run the System Setup Wizard
• You are now ready to import your configuration
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Importing your Configuration
If you are configuring your Virtual WSA from scratch, ignore this step• If you provided your config file for migration, you should have
received a Config File for your Virtual WSA from the beta teamWe will have an automated config migration tool available when we release
• Copy the config file to your new WSAV (Virtual WSA):scp my_config_file.xml admin@new_WSAV:configuration
• Load the config file on your new WSAV:loadconfig my_config_file.xml
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
New and modified CLI commands
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
New CLI commands: loadlicenseloadlicense
Reads a license file from a file or cut and pasteVerifies the validity of the licenseCreates and installs the new feature keysRemoves old feature keys
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
New CLI commands: showlicenseShowlicense
Show data about current license, including expiry date
vm10c02esa0120.eng> showlicense
Virtual License
===============
vln VLNWSA171717
begin_date Sun Jan 15 00:00:00 2012 GMT
end_date Sat Jan 15 16:06:49 2028 GMT
company Ironport Test Company
seats 17
serial 12B
email [email protected]
issue fe8f1761f1a94463bc9ddbcf03569805
license_version 1.0
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Modified CLI commands: versionVersion
For virtual appliances, this command will show CPU and memory of appliance, along with limits
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Modified CLI commands: ipcheckipcheck
Platform Serial No.RAM reported in MB
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Modified CLI Commands: featurekey
FeaturekeyAll feature keys currently active on appliance & remaining time on license
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
More Information for SEs
WSAV Questions? Contact [email protected]
ESAV Questions? Contact [email protected]
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Questions
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Thank you.