Web security virtual appliance technical overview for ses
Sponsored Links
This presentation is the property of its rightful owner.
1 / 21

Web Security Virtual Appliance Technical Overview for SEs PowerPoint PPT Presentation


  • 449 Views
  • Uploaded on
  • Presentation posted in: General

Web Security Virtual Appliance Technical Overview for SEs. AsyncOS 7.7.5 for Web. January 7 , 2013. New Features in this Release Getting Set Up & Operating Your Virtual WSA(s) Q&A. Agenda. What is Penglai (AsyncOS 7.7.5 for Web)?. Virtual form factor of Web Security Appliance (WSA)

Download Presentation

Web Security Virtual Appliance Technical Overview for SEs

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Web Security Virtual Appliance Technical Overview for SEs

AsyncOS 7.7.5 for Web

January 7, 2013


New Features in this Release

Getting Set Up & Operating Your Virtual WSA(s)

Q&A

Agenda


What is Penglai (AsyncOS 7.7.5 for Web)?

  • Virtual form factor of Web Security Appliance (WSA)

  • Functionally equivalent to a hardware WSA running Pikes Peak (AsyncOS 7.7.0). Major features in AsyncOS 7.7 are:

    • Multi-NTLM Forest Support

    • SOCKS proxy support

  • Plus benefits of running a VM:

    • One license (digital certificate), unlimited VMs

    • Self-service provisioning – you can provision & activate new VMs, fully loaded with your licensed feature keys, whenever you want

    • This beta program will be focused on testing the VM features only


Hypervisor & Hardware Requirements

  • Hypervisor: VMware ESXi 4.x or 5.0

  • Hardware: Cisco UCS (officially supported), other vendors (best-effort support)

  • There are 3 standard VM images (corresponding to HW models in capacity). Allocate HW resources based on the VM image you download & the matrix below:


Four Easy Steps for Setting Up a Virtual WSA

  • Make sure the XML license that was emailed to you is ready

  • Download the VM

  • Unzip the VM & deploy it with vSphere

  • Run System Setup Wizard


Start by Downloading the VM File

Download the VM file from the Cisco Software Download Center, under the Cisco Web Security Appliance.

  • Download the file for the model you want:

    • S000V: coeus-X-Y-X-070-S000V.zip

    • S100V: coeus-X-Y-X-070-S100V.zip

    • S300V: coeus-X-Y-X-070-S300V.zip

  • Zipped OVF (Open Virtualization Format)

  • Sample contents for S100V zip file:

    coeus-X-Y-X-070-S100V.zip

    • coeus-X-Y-X-070-S100V.ovf

    • coeus-X-Y-X-070-S100V-disk1.vmdk

    • coeus-X-Y-X-070-S100V.mf


Next: Deploy the VM

Uncompress the zip file to a designated file path (e.g. C:\WSAV\S000V_pristine)

  • If you want to run multiple VMs, use vSphere’s native cloning capabilities or duplicate the zip directory. Cloning must be done before the appliance’s first run. You can also download a pristine image later if you want more VMs.

  • Follow the process below for each VM:

    • With a connected vSphere client, click to select the host or cluster you want to have the image deployed

    • Choose File-->Deploy OVF Template.

    • Enter the path of the OVF file, click Next

    • Follow the wizard to finish the deployment


Next: Load Your License File

  • XML file – looks like picture here

  • Can be applied to multiple VMs (reusable)

    • Apply during System Setup Wizard for each VM

  • Has customer ID, feature keys (Web Reputation, Web Usage Controls, Antivirus signatures) & expiration date embedded

  • If you purchase new feature keys, a new license is issued

  • When license expires, all functionality stops – including proxy

    • You will receive multiple alerts as expiry is approaching


  • Next: Install the License File

    • From the console, note the IP address of the appliance

    • From SSH or telnet, login to the virtual appliance with admin/ironport

    • Enter loadlicense, then

      • Input the license file by pasting its contents and pressing Ctrl-D, OR

      • Load the license file that has been uploaded to the virtual appliance via FTP (covered in next slide)


    Loading the License via FTP or SCP

    • Use FTP to transfer license file to appliance:

      • ftp to appliance with admin/ironport

      • cd into directory configuration

      • putlicense.xml

      • exit

    • OR use SCP to copy license file to appliance:

      • scplicense.xml admin@<IP>:configuration


    Finishing Setup After Loading License File

    • Read and agree to the EULA

    • Enter showlicense to view the license details

    • Log on to the web UI (http://<IP>:8080) and run the System Setup Wizard

    • You are now ready to import your configuration


    Importing your Configuration

    If you are configuring your Virtual WSA from scratch,ignore this step

    • If you provided your config file for migration, you should have received a Config File for your Virtual WSA from the beta team

      • We will have an automated config migration tool available when we release

    • Copy the config file to your new WSAV (Virtual WSA):

      • scpmy_config_file.xmladmin@new_WSAV:configuration

    • Load the config file on your new WSAV:

      • loadconfigmy_config_file.xml


    New and modified CLI commands


    New CLI commands: loadlicense

    loadlicense

    • Reads a license file from a file or cut and paste

    • Verifies the validity of the license

    • Creates and installs the new feature keys

    • Removes old feature keys


    New CLI commands: showlicense

    Showlicense

    • Show data about current license, including expiry date

    vm10c02esa0120.eng> showlicense

    Virtual License

    ===============

    vln VLNWSA171717

    begin_date Sun Jan 15 00:00:00 2012 GMT

    end_date Sat Jan 15 16:06:49 2028 GMT

    company Ironport Test Company

    seats 17

    serial 12B

    email cstillso@ironport.com

    issue fe8f1761f1a94463bc9ddbcf03569805

    license_version 1.0


    Modified CLI commands: version

    Version

    • For virtual appliances, this command will show CPU and memory of appliance, along with limits


    Modified CLI commands: ipcheck

    ipcheck

    • Platform

    • Serial No.

    • RAM reported in MB


    Modified CLI Commands: featurekey

    Featurekey

    All feature keys currently active on appliance & remaining time on license


    More Information for SEs

    • WSAV Questions? Contact wsa-pm@cisco.com

    • ESAV Questions? Contact esa-pm@cisco.com


    Questions


  • Login