.. _deploy-vm-install: Deploy and VM Installation -------------------------------- .. _22.2|EKB-13160: .. _23.1|EKB-14224: .. _23.1|EKB-15117: .. _23.2|EKB-16057: Base Install and Configuration ..................................... This procedure installs the base system, and involves the following tasks: * Download the OVA. * Deploy the OVA. * Run the VM. * Log in as ``admin``. * Change your password. * Configure network settings. 1. Download the OVA for your system, to a directory accessible by the VM client. 2. Deploy the OVA: 2.1. Select the downloaded OVA file, and choose a VM name. .. image:: /src/images/insights-deploy-ova.png 2.2. At **Select storage**, configure storage settings, based on the recommended hardware specifications for the required configuration. See the *VMWare Specification and Requirements* for your system. 2.3. Configure the network mappings based on the recommended hardware specifications for the required configuration. See the *VMWare Specification and Requirements* for your system. 3. Run the VM, and monitor installation of the packages, which may take some time. .. image:: /src/images/analytics-install-2.png Once all packages are installed, the VM is automatically powered off, confirmed via the ``auto-poweroff`` message on the console. .. image:: /src/images/insights-install-3.png The system reboots. Wait until you see the **About** console, which displays placeholder values for hostname, version, license, days licensed and remaining, and so on. :: About =============================================== Hostname: Version: Theme: Flavor: License: NNNNN-NNNNN-NNNNN-NNNNN-NNNNN Days Licensed: nnnnn Days Remaining: nnnnn Product Key: Website: Kernel: Linux n.nn.nn-lxt-3 x86_64 GNU/Linux login: 4. Log in: On the **About** console, at ** login:**, log in as ``admin`` and use as the password, the last 10 characters of the value at **License**, *excluding the dash*. .. important:: The **License** key value is *only* displayed on the **About** console. When you *ssh* in, it is not visible, thus, you must copy the admin password from the **About** console. Once you're logged in, the **Administration** menu displays (the image displays an example for DS9): .. image:: /src/images/insights-install-6.png 5. Change your password: On the **Administration** menu, select **Change Passwords**, then change your password. .. note:: It is strongly recommended that you change your password immediately. 6. Configure network settings. On the **Administration** menu, select **Network Configuration**, then: 6.1 Configure interface settings: 6.1.1 Select the **Interface Settings** menu, then select the interface to configure. 6.1.2 Modify the parameters for the selected interface: .. image:: /src/images/insights-install-7.png * Select **IPs**, then set the IP address and netmask in the format ``nn.nn.nn.nn/24``. * Save your changes. .. image:: /src/images/insights-install-IP.png 6.2 Configure the default gateway: Select the **Extra Routes** menu: .. image:: /src/images/insights-install-7.png * Use the following format for the entry: `default ` * The word *default* is required. For additional route entries use the ` < gateway>` format. Similar to what would be done on a Linux system at the CLI. .. image:: /src/images/insights-install-8.png 6.3 Configure DNS settings: 6.3.1 Select the **DNS Settings** menu. .. image:: /src/images/dns-settings-1.png 6.3.2 Select **DNS Servers**. .. image:: /src/images/dns-settings-2.png 6.3.3 Add the IP address for each DNS server, one per line, then click **OK**. .. image:: /src/images/dns-settings-3.png 6.3.4 Click **Save**. .. image:: /src/images/dns-settings-4.png 6.4 Configure the hostname: 6.4.1 Select the **Hostname** menu to configure settings. 6.4.2 Save to trigger the update. The console displays a message, *Updating hosts*. This setup may take a few minutes. .. image:: /src/images/insights-install-9.png 6.5 Configure Apache. Select the **Apache Config** menu to configure settings. .. note:: * ``SSLCipherSuite`` defaults to ``HIGH`` encryption. * For ``SSLProtocol``, only TLSv1.2 is supported. * OpenLDAP defaults to ``HIGH`` encryption. * OpenSSH does not support weak ciphers. .. image:: /src/images/insights-install-9.png .. image:: /src/images/Insights-CLI-menu-Apache-Config-Ciphers.png 6.6 Configure SSH. Select the **SSH Config** menu to configure settings. Custom entries can be added, if required. The following entries have been added: :: kexalgorithms diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha1 hostkeyalgorithms ssh-rsa 6.7 Configure SSHD: Select the **SSHD Config** menu to configure settings. Multi-line entries can be added, if required. For example, for CUCM v11.5 support, see: :ref:`multiline-cucm-cipher-support`. .. note:: This step is relevant *only* to an Insights Assurance solution and its integration with Cisco UC systems. This step is *not* relevant to the DS9 and Insights NetFlow solution. 6.8 Enable/disable FTPD, or restart the FTPD daemon: On the **Administration** menu, select **Network Configuration**, then select **FTPD Config**. .. important:: On new installs, the FTPD daemon is disabled by default. It is strongly recommended that the FTPD daemon remains disabled, unless there is a good reason you need to use it. It has been seen that enabling the FTPD daemon may introduce a system vulnerability. FTPD is typically *only* required in rare situations, where FTP is the only way to transfer files to the server. Instead of using FTPD, it is recommended that you use the drop account with SCP or SFTP. .. image:: /src/images/insights-network-config-ftpd.png 7. Base system installation is now complete. Select **Quit** to exit the **Administration** menu on the console and continue with product registration, and with the configuration of your system through the GUI: * Insights Dashboard .. raw:: html

See: VOSS Automate Database Setup

.. raw:: latex See the VOSS Automate Database Setup section in the VOSS Insights Install Guide. * Insights Arbitrator (relevant only to an Insights Assurance solution and its integration with Cisco UC systems) .. raw:: html

See: Install Arbitrator System

.. raw:: latex See the Install Arbitrator System section in the VOSS Insights Install Guide. * Insights DS9 .. note:: Prior to opening the DS9 GUI, reboot the system. .. raw:: html

See: DS9 Product Registration and DS9 Configuration on the Dashboard

.. raw:: latex See the DS9 Product Registration and Configuration on the Dashboard section in the VOSS Insights DS9 for NetFlow Install Guide. .. _multiline-cucm-cipher-support: Multi-line CUCM Cipher Support ................................ This section provides details for the use of the **SSHD Config** menu option. .. note:: This section is not relevant to the DS9 and Insights NetFlow solution. This solution is relevant only to an Insights Assurance solution and its integration with Cisco UC systems. You can copy the keys into the screen in a comma separated list (without spaces). For CUCM v11.5 support: :: kexalgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 ciphers aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com macs hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 hostkeyalgorithms ssh-rsa,ssh-dss