.. _deploy-vm-install: Deploy and VM installation -------------------------------- .. _22.2|EKB-13160: .. _23.1|EKB-14224: .. _23.1|EKB-15117: .. _23.2|EKB-16057: .. _24.2|EKB-21311: .. _25.2|EKB-24083: .. same instruction for Arbitrator and Dashboard Deploy the installation on the VM ................................. See: :ref:`virtualization-platforms-insights` Select virtualization platform: * :ref:`vmware-esxi-8-insights` * :ref:`hyper-v-insights` * :ref:`nutanix-community-edition-insights` .. _run-vm: Run the VM .......... 1. Run the VM, and monitor installation of the packages (this may take some time). .. image:: /src/images/analytics-install-2.png Once all packages are installed, the VM is automatically powered off, confirmed via the ``auto-poweroff`` message on the console. .. image:: /src/images/insights-install-3.png 2. The system reboots. Wait until you see the **About** console, which displays placeholder values for hostname, version, license, days licensed and remaining, and so on. :: About =============================================== Hostname: Version: Theme: Flavor: License: AAAAA-BBBBB-CCCCC-DDDDD-EEEEE Days Licensed: nnnnn Days Remaining: nnnnn Product Key: Website: Kernel: Linux n.nn.nn-lxt-3 x86_64 GNU/Linux login: .. _log-in-to-admin-console: Log in to the Administration console .................................... Once the system reboots, you'll need to provide admin user credentials to log in. 1. On the **About** console, at ** login:**, fill out username ``admin``. 2. Initial password varies according to deployment: * For Hyperv, Nutanix, Azure, AWS the default password is ``V0s$Adm1n``. * Otherwise, for the password, use the last *10 characters* (``DDDDDEEEEE`` in example above) of the value at **License**, *excluding the dash*. .. important:: The **License** key value displays *only* on the **About** console. When you *ssh* in, it is not visible. For this reason, copy the admin password from the **About** console. For security purposes, it is recommended that you update this admin password prior to configuring the VMs networking address. 3. View the **Administration** menu, which displays once you're logged in. For Arbitrator: .. image:: /src/images/Administration-menu.png For Netflow Collector (DS-9): .. image:: /src/images/DS-9-Administration-menu.png .. _change-admin-user-pword: Change the admin user password .............................. This procedure updates the admin password that is set during the installation process, using the last 10 digits of your license key. .. note:: The admin password will need to be updated for all Insights products you install. For security purposes, it is recommended that you update this admin password prior to configuring the VM networking address. Once you update the password, it is strongly recommended that you make a written or digital copy of any system passwords and share the copies with trusted team members or store them in a secure location from where they may be retrieved if needed. 1. On the **Administration** menu, select **Change Passwords**. For Arbitrator: | .. image:: /src/images/Administration-menu.png | For Netflow Collector (DS-9): | .. image:: /src/images/DS-9-Admin-change-passw.png 2. Select **Change Admin Password**. 3. Fill out a new password. 4. Save your changes. .. important:: It is strongly recommended that you make a written or digital copy of any system passwords and share the copies with trusted team members or store them in a secure location from where they may be retrieved if needed. .. _config-network-settings: Configure network settings ........................... 1. On the **Administration** menu, select **Network Configuration**. .. image:: /src/images/insights-install-network-config-menu.png 2. Configure interface settings: i. Select **Interface Settings**. #. Select the relevant interface. .. image:: /src/images/insights-install-7.png #. Select **IPs**. Set the IP address and netmask in the format ``nn.nn.nn.nn/24``. Click **OK**. .. image:: /src/images/insights-install-IP.png #. For Netflow Collector (DS-9), go to: **Network Configuration > Interface Settings > eth0 > DHCP** and select **off**. .. image:: /src/images/DS-9-DHCP-off.png #. Select **Extra Routes** to configure the default gateway. .. image:: /src/images/insights-install-7.png * Use the following format for the entry: `default ` * The word *default* is required. For additional route entries use the ` < gateway>` format. Similar to what would be done on a Linux system at the CLI. .. image:: /src/images/insights-install-8.png #. Save your changes. 3. Configure DNS settings: i. Select **DNS Settings** .. image:: /src/images/dns-settings-1.png #. Select **DNS Servers**. .. image:: /src/images/dns-settings-2.png #. Add the IP address for each DNS server, one per line, then click **OK**. .. image:: /src/images/dns-settings-3.png #. Click **Save**. .. image:: /src/images/dns-settings-4.png 4. Configure the hostname: i. Select **Hostname**. #. Save to trigger the update. The console displays a message, *Updating hosts*. This setup may take a few minutes. .. image:: /src/images/insights-install-9.png 5. Update SSL ciphers. i. Select **Apache Config**. :: SSLCipherSuite HIGH: !MEDIUM: !ADH: !LOW .. note:: * ``SSLCipherSuite`` defaults to ``HIGH`` encryption. * For ``SSLProtocol``, only TLSv1.2 is supported. * OpenLDAP defaults to ``HIGH`` encryption. * OpenSSH does not support weak ciphers. * On system upgrade, if the contents of this configuration are no longer valid, then the contents will be will be reset to an empty state. .. image:: /src/images/insights-install-9.png 6. Configure SSH settings: i. Select **SSH Config**. Custom entries can be added, if required. The following entries have been added: :: kexalgorithms diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha1 hostkeyalgorithms ssh-rsa .. note:: On system upgrade, if the contents of this configuration are no longer valid, the contents will be reset to an empty state. 7. Configure SSHD: i. Select **SSHD Config**. .. note:: * Multi-line entries can be added, if required. For example, for CUCM v11.5 support, see: :ref:`multiline-cucm-cipher-support`. * This step is relevant *only* to an Insights Assurance solution and its integration with Cisco UC systems. This step is *not* relevant to the DS9 and Insights NetFlow solution. * On system upgrade, if the contents of this configuration are no longer valid, then the contents will be will be reset to an empty state. 8. Enable/disable FTPD or restart the FTPD daemon: #. Select **FTPD Config**. .. important:: On new installs, the FTPD daemon is disabled by default. It is strongly recommended that the FTPD daemon remains disabled, unless there is a good reason you need to use it. It has been seen that enabling the FTPD daemon may introduce a system vulnerability. FTPD is typically *only* required in rare situations, where FTP is the only way to transfer files to the server. Instead of using FTPD, it is recommended that you use the drop account with SCP or SFTP. The drop account username is "drop". You can set the password via the **Administration** menu. .. image:: /src/images/insights-network-config-ftpd.png 9. Enable/disable Sendmail or restart Sendmail on port 25: .. image:: /src/images/sendmail.png i. Select **Sendmail Config**. The current status of the service displays on the menu. ii. Choose to enable, disable, or restart the service as required. 10. Base system installation is now complete. Select **Quit** to exit the **Administration** menu on the console. .. rubric:: Next steps * :ref:`create-gui-admin-pword` .. _create-gui-admin-pword: Create GUI admin password for Arbitrator and Dashboard ...................................................... This procedure creates the GUI admin password, which is the password you will need to log in to Arbitrator or Dashboard via the browser. The default credentials will not allow browser access, so the GUI admin password must be set up for the Arbitrator and Dashboard systems. The procedure is the same for both Arbitrator and Dashboard. .. important:: It is strongly recommended that you make a written or digital copy of any system passwords and share the copies with trusted team members or store them in a secure location from where they may be retrieved if needed. The steps to create the GUI admin password for Netflow Management. 1. Log in via the CLI, then from the **Administration** menu, select **Change Passwords**. (Use the password obtained from the product key above) Keep a note as this will be needed in further steps. 2. Select **Reset GUI admin user (local LDAP only)** and reset a new GUI admin password. .. image:: /src/images/insights-install-reset-gui-admin-user.png 3. For Netflow Collector, select **Change DS9 Public Database Password** and reset the password. :bdg:`Netflow Management` .. image:: /src/images/ds-9-install-reset-db-passwd.png Keep a note as this will be needed in further steps. 4. Log in to GUI via the browser, using the GUI admin user password created in this procedure. .. rubric:: Next steps * :ref:`prod-ref-and-sys-config` .. _prod-ref-and-sys-config: Product registration and system configuration .............................................. Once you've installed and configured initial settings via the Administration console, you can continue with product registration, and with the configuration of your system through the GUI: * Insights Arbitrator (relevant only to an Insights Assurance solution and its integration with Cisco UC systems) src/user/install/index-enterprise.html .. .. raw:: html ..

See: Install Arbitrator System

.. .. raw:: latex .. See the Install Arbitrator System section in the VOSS Insights Install Guide. :bdg:`Netflow Management` * Netflow Collector (DS9) For Netflow Management: 1. Log in to the Core framework GUI with the admin account and ensure Netflow Management solution in Global Settings is enabled. 2. Create your Provider user 3. Create any other hierarchy that you require ( Customer Etc.) 4. Add Netflow Collector (DS9) license: .. note:: Prior to opening the DS9 GUI, reboot the system. .. raw:: html

See: DS9 Product Registration .. raw:: latex See the DS9 Product Registration and Configuration on the Dashboard section in the VOSS Insights DS9 for NetFlow Install Guide. .. rubric:: Allow Netflow Management to access the database on Netflow Collector (DS9) 1. Log in to the Netflow Collector (DS-9) CLI and go to **DS9 Configuration** .. image:: /src/images/DS-9-config.png 2. Go to **Remote database access device(s)** and click **Add** .. image:: /src/images/DS-9-remote-db-access.png 4. Add the IP Address of Netflow Management and click **OK** .. image:: /src/images/DS-9-remote-IP.png 5. Continue in Netflow Management GUI. .. raw:: html See: Netflow collection servers :bdg:`UC Monitoring` .. _multiline-cucm-cipher-support: Configure multi-line CUCM cipher support ............................................ This section provides details for the use of the **SSHD Config** menu option. .. note:: This section is not relevant to Netflow Collector (DS9) and NetFlow Management. This solution is relevant only to an UC Monitoring and its integration with Cisco UC systems. You can copy the keys into the screen in a comma separated list (without spaces). For CUCM v11.5 support: :: kexalgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 ciphers aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com macs hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 hostkeyalgorithms ssh-rsa,ssh-dss