web security virtual appliance technical overview for ses

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

Web Security Virtual Appliance Technical Overview for SEsAsyncOS 7.7.5 for Web

January 7, 2013


AgendaNew Features in this Release

Getting Set Up & Operating Your Virtual WSA(s)

Q&A


What is Penglai (AsyncOS 7.7.5 for Web)?

• Virtual form factor of Web Security Appliance (WSA)

• Functionally equivalent to a hardware WSA running Pikes Peak (AsyncOS 7.7.0). Major features in AsyncOS 7.7 are:

Multi-NTLM Forest SupportSOCKS proxy support

• Plus benefits of running a VM:One license (digital certificate), unlimited VMsSelf-service provisioning – you can provision & activate new VMs, fully loaded with your licensed feature keys, whenever you want This beta program will be focused on testing the VM features only


Hypervisor & Hardware Requirements

• Hypervisor: VMware ESXi 4.x or 5.0• Hardware: Cisco UCS (officially supported), other vendors (best-effort

support)• There are 3 standard VM images (corresponding to HW models in

capacity). Allocate HW resources based on the VM image you download & the matrix below:

VM Image Cores Disk (GB) Mem(GB)

S000V 1 250 4

S100V 2 250 6S300V 4 1024 8


Four Easy Steps for Setting Up a Virtual WSA

1. Make sure the XML license that was emailed to you is ready

2. Download the VM

3. Unzip the VM & deploy it with vSphere

4. Run System Setup Wizard


Start by Downloading the VM File

Download the VM file from the Cisco Software Download Center, under the Cisco Web Security Appliance.• Download the file for the model you want:

S000V: coeus-X-Y-X-070-S000V.zipS100V: coeus-X-Y-X-070-S100V.zipS300V: coeus-X-Y-X-070-S300V.zip

• Zipped OVF (Open Virtualization Format)

• Sample contents for S100V zip file:coeus-X-Y-X-070-S100V.zip

coeus-X-Y-X-070-S100V.ovf coeus-X-Y-X-070-S100V-disk1.vmdk

coeus-X-Y-X-070-S100V.mf


Next: Deploy the VM

Uncompress the zip file to a designated file path (e.g. C:\WSAV\S000V_pristine)• If you want to run multiple VMs, use vSphere’s native cloning

capabilities or duplicate the zip directory. Cloning must be done before the appliance’s first run. You can also download a pristine image later if you want more VMs.

• Follow the process below for each VM:1. With a connected vSphere client, click to select the host or cluster you want

to have the image deployed2. Choose File-->Deploy OVF Template.3. Enter the path of the OVF file, click Next4. Follow the wizard to finish the deployment


Next: Load Your License File• XML file – looks like picture here

• Can be applied to multiple VMs (reusable)

Apply during System Setup Wizard for each VM

• Has customer ID, feature keys (Web Reputation, Web Usage Controls, Antivirus signatures) & expiration date embedded

• If you purchase new feature keys, a new license is issued

• When license expires, all functionality stops – including proxy

You will receive multiple alerts as expiry is approaching


Next: Install the License File

• From the console, note the IP address of the appliance

• From SSH or telnet, login to the virtual appliance with admin/ironport

• Enter loadlicense, thenInput the license file by pasting its contents and pressing Ctrl-D, ORLoad the license file that has been uploaded to the virtual appliance via FTP (covered in next slide)


Loading the License via FTP or SCP

• Use FTP to transfer license file to appliance:ftp to appliance with admin/ironportcd into directory configurationput license.xmlexit

• OR use SCP to copy license file to appliance:scp license.xml admin@<IP>:configuration


Finishing Setup After Loading License File

• Read and agree to the EULA

• Enter showlicense to view the license details

• Log on to the web UI (http://<IP>:8080) and run the System Setup Wizard

• You are now ready to import your configuration


Importing your Configuration

If you are configuring your Virtual WSA from scratch, ignore this step• If you provided your config file for migration, you should have

received a Config File for your Virtual WSA from the beta teamWe will have an automated config migration tool available when we release

• Copy the config file to your new WSAV (Virtual WSA):scp my_config_file.xml admin@new_WSAV:configuration

• Load the config file on your new WSAV:loadconfig my_config_file.xml


New and modified CLI commands


New CLI commands: loadlicenseloadlicense

Reads a license file from a file or cut and pasteVerifies the validity of the licenseCreates and installs the new feature keysRemoves old feature keys


New CLI commands: showlicenseShowlicense

Show data about current license, including expiry date

vm10c02esa0120.eng> showlicense

Virtual License

===============

vln VLNWSA171717

begin_date Sun Jan 15 00:00:00 2012 GMT

end_date Sat Jan 15 16:06:49 2028 GMT

company Ironport Test Company

seats 17

serial 12B

email [email protected]

issue fe8f1761f1a94463bc9ddbcf03569805

license_version 1.0


Modified CLI commands: versionVersion

For virtual appliances, this command will show CPU and memory of appliance, along with limits


Modified CLI commands: ipcheckipcheck

Platform Serial No.RAM reported in MB


Modified CLI Commands: featurekey

FeaturekeyAll feature keys currently active on appliance & remaining time on license


More Information for SEs

WSAV Questions? Contact [email protected]

ESAV Questions? Contact [email protected]

mailto:[email protected]

mailto:[email protected]


Questions


Thank you.

web security virtual appliance technical overview for ses

Documents