Fortinet black logo

VM Installation Guide

Home FortiADC 5.3.0 VM Installation Guide

Step 3: Deploy the VM image file

5.3.0
5.3.0
5.2.2
5.1.1
Copy Link
Copy Doc ID 96c7833d-d34d-11e9-8977-00505692583a:112104
Download PDF

Step 3: Deploy the VM image file

This section describes two options for deploying the VM image file:

Deploying via Virtual Machine Manager

If you have not yet installed a graphical centralized management tool for Xen on your management computer, begin by installing it. Multiple clients exist for managing Xen Project servers. In these instructions, we use Virtual Machine Manager.

On Debian-related Linux distributions, to install Virtual Machine Manager, open a terminal and enter:

sudo apt-get install virt-manager

On Red Hat-related Linux distributions, the command is :

sudo yum virt-manager

This centralized manager includes a Xen client for connecting to a remote Xen Project hypervisor to deploy FortiADC-VM. It also includes a built-in VNC client that you will need later in order to connect to FortiADC-VM’s local console and configure its network connection. When the download and installation is complete, if you are not already logged into your desktop environment (GNOME, KDE, xfce, etc.), start X Windows and log in.

To enable Virtual Machine Manager to connect to your Xen server, you must also modify the server’s configuration file (usually /etc/xen/xend-config.sxp). Un-comment these lines (remove the hash ( # ) from the beginning) and change ‘no’ to ‘yes’:

(xend-unix-server yes)

(xend-unix-path /var/lib/xend/xend-socket)

To deploy the VM image using Virtual Machine Manager:
  1. On your management computer, open a terminal application and enter the command to extract the package to a folder, then start Virtual Machine Manager:

    2. unzip FAD_XENOPEN-v400-build0547-FORTINET.out.xenopensource.zip

    sudo virtu-manager

    The application will open in your desktop environment, so its appearance might vary slightly.

  2. Go to File > Add Connection and connect to the Xen server where you will deploy the VM.
  3. Click the New icon to open the wizard for a new virtual machine.

  4. Select Import existing disk image, select Virt Type xen (fullvirt), and then click Forward.

  5. Click Browse and locate the bootdisk.img file. In OS type, select Linux, then in Version, expand the list to show all distributions, then select Generic 2.6.x kernel, and click Forward.

  6. Adjust the vRAM and vCPU settings to be appropriate for your deployment. Fortinet recommends a minimum of 4096 MB vRAM and 1 vCPU. Valid vCPU values range from 1 to 32, depending on your FortiADC-VM license. Click Forward.

  7. In Name, type a unique descriptive name for this instance of FortiADC-VM as it will appear in Virtual Machine Manager’s inventory, such as FortiADC-VM. If you will deploy multiple instances of this file, consider a naming scheme that will make each VM’s purpose or IP address easy to remember. (This name will not be used as the host name, nor will it appear within the FortiADC-VM web UI.) Mark the Customize configuration before install check box. Also click to expand Advanced options, then click the drop-down menu to change NAT to Specify shared device name and in Bridge name, enter the name of the Xen bridge (e.g. xenbr0). Virt Type should be xen (fullvirt). Click Finish.

    8. A new dialog will appear where you can add the other vDisk and vNICs.

  8. In the menu on the left, select the virtual disk. In Advanced options, configure boot.disk to be a virtual disk (VMDK). Then click the Add Hardware button virtual disk (VMDK). Then click the Add Hardware button and add the logdisk.img file also as a VMDK.

  9. In the menu on the left, click Add Hardware and add another virtual network adapter that is bound to the bridge.

    10. Repeat this step again until you have 4 vNICs, then click Apply.

  10. Click Begin Installation to send the FortiADC-VM image and its VM settings to the Xen server.

    11. The client connects to the VM environment, and deploys the image to it. Time required depends on your computer’s hardware speed and resource load, and also on the file size and speed of the network connection, but might take 15 minutes to complete.

    When complete, the deployment should appear in the list of deployed VMs for that Xen server, in the pane on the left side of Virtual Machine Manager.

  11. To power on the VM, click the Play button.

Deploying via dom0 command line

Connect to the command line of your dom0 guest. For example, you may be able to use PuTTY to make an SSH connection to the Xen server’s IP address, or you may use a local GNOME Terminal application.

Next, unpack the file that you downloaded from Fortinet, and open the configuration file in a plain text editor such as nano.

unzip FAD_XENOPEN-v400-build0547-FORTINET.out.xenopensource.zip

cd FAD_XENOPEN-v400-build0547-FORTINET.out.xenopensource

nano fortiadc.hvm

Then edit these lines in fortiadc.hvm file:

memory = 4096

vcpus = 2

vif = [ ‘type=netfront, bridge=xenbr0’, ‘type=netfront, bridge=xenbr0’, ‘type=netfront, bridge=xenbr0’, ‘type=netfront, bridge=xenbr0’, ]

disk = [ 'file:<disk image path>/bootdisk.img,xvda,w','file:<logdisk image path>/logdisk.img,xvdb,w' ]

As an alternative to locally stored disk images, you can reference an NFS or CIFS share:

#Mount point on the server’s local file system

root = "/dev/nfs"

nfs_server = '192.0.2.100'

#Root directory on the NFS server

nfs_root = '/path/to/directory'

Configure virtual hardware settings to allocate appropriate resources for the size of your deployment before powering on the virtual appliance. For details, see the documentation for the open source Xen Hypervisor.

Change the value if necessary to allocate enough vCPUs for the size of your deployment. Valid vCPU values range from 1 to 32, depending on your FortiADC-VM license.

Similarly, FortiADC-VM for Xen Project comes pre-configured to use 4 GB of vRAM (memory). However, this is not enough for most deployments. Change this value to be appropriate for your deployment. The valid range is from 4 GB to 64 GB.

If you configure the virtual appliance’s storage to be internal (that is, local, on its own vDisk), resize the vDisk before powering on. The FortiADC-VM package that you downloaded includes pre-sized VMDK (Virtual Machine Disk Format) files. However, they are only 32 GB, which is not large enough for most deployments. Resize the vDisk before powering on the virtual machine.

This step is not applicable if the virtual appliance will use external network file system (such as NFS or CIFS) datastores.

Depending on your Xen dom0 platform, you may also need to reconfigure fortiadc.hvm with the path to your hvmloader. For example, this may be correct for CentOS or Red Hat Linux:

kernel = "/usr/lib/xen/boot/hvmloader

but this is required by Ubuntu 12.0.4 LTS:

kernel = "/usr/lib/xen-4.1/boot/hvmloader

Apply the changes by rebooting or restarting networking. (In some cases rebooting is required: sudo /etc/init.d/networking restart may not delete your old IP address from eth0 and therefore not correctly bring up all interfaces.)

Run these commands to deploy the VM, power it on, and show its Xen domain ID number (highlighted below in bold):

xenuser@LabXen:/$ sudo xm create fortiadc.hvm

xenuser@LabXen:/$ sudo xm list

Name ID Mem VCPUs State Time(s)

Domain-0 0 5877 4 r----- 1556.9

fortiadc-vm 2 2048 2 -b---- 126.8

If your dom0 is Ubuntu 12.04 and/or when creating the VM, you receive this error:

Error: Domain ‘fortiadc-xen’ does not exist.

and if /var/log/xen/qemu-dm-fortiadc-xen.log contains this line:

Could not read keymap file: ‘/usr/share/qemu/keymaps/en-us’

then the key mapping is not in its expected location. Enter this line:

sudo ln -s /usr/share/qemu-linaro /usr/share/qemu

then retry the command to create FortiADC-VM.

Since VNC listening port numbers are dynamically allocated to guest VMs, use the domain ID number in the output from the previous command to run this command to show the current VNC listening port number and IP address for FortiADC-VM:

xenuser@LabXen:/$ sudo xenstore-ls /local/domain/2/console

port = "4"

limit = "1048576"

type = "ioemu"

vnc-port = "5900"

vnc-listen = "127.0.0.1"

tty = "/dev/pts/5"

Finally, on your management computer, install and start a VNC viewer and connect to the Xen server’s IP address and listening port number for VNC. (In the images below, the VNC viewer is installed in dom0 on the Xen server that is hosting FortiADC-VM, so the VNC viewer connects to 127.0.0.1. If connecting from your management computer, replace this with the IP address of your Xen server.) For example, on a Debian or Ubuntu Linux management computer, you could use these commands:

sudo apt-get install remmina

remmina

You must run this command from a terminal with an X Windows environment such as GNOME Terminal in order for it to be able to open the VNC viewer window.

Previous
Next

Step 3: Deploy the VM image file

This section describes two options for deploying the VM image file:

Deploying via Virtual Machine Manager

If you have not yet installed a graphical centralized management tool for Xen on your management computer, begin by installing it. Multiple clients exist for managing Xen Project servers. In these instructions, we use Virtual Machine Manager.

On Debian-related Linux distributions, to install Virtual Machine Manager, open a terminal and enter:

sudo apt-get install virt-manager

On Red Hat-related Linux distributions, the command is :

sudo yum virt-manager

This centralized manager includes a Xen client for connecting to a remote Xen Project hypervisor to deploy FortiADC-VM. It also includes a built-in VNC client that you will need later in order to connect to FortiADC-VM’s local console and configure its network connection. When the download and installation is complete, if you are not already logged into your desktop environment (GNOME, KDE, xfce, etc.), start X Windows and log in.

To enable Virtual Machine Manager to connect to your Xen server, you must also modify the server’s configuration file (usually /etc/xen/xend-config.sxp). Un-comment these lines (remove the hash ( # ) from the beginning) and change ‘no’ to ‘yes’:

(xend-unix-server yes)

(xend-unix-path /var/lib/xend/xend-socket)

To deploy the VM image using Virtual Machine Manager:
  1. On your management computer, open a terminal application and enter the command to extract the package to a folder, then start Virtual Machine Manager:

    2. unzip FAD_XENOPEN-v400-build0547-FORTINET.out.xenopensource.zip

    sudo virtu-manager

    The application will open in your desktop environment, so its appearance might vary slightly.

  2. Go to File > Add Connection and connect to the Xen server where you will deploy the VM.
  3. Click the New icon to open the wizard for a new virtual machine.

  4. Select Import existing disk image, select Virt Type xen (fullvirt), and then click Forward.

  5. Click Browse and locate the bootdisk.img file. In OS type, select Linux, then in Version, expand the list to show all distributions, then select Generic 2.6.x kernel, and click Forward.

  6. Adjust the vRAM and vCPU settings to be appropriate for your deployment. Fortinet recommends a minimum of 4096 MB vRAM and 1 vCPU. Valid vCPU values range from 1 to 32, depending on your FortiADC-VM license. Click Forward.

  7. In Name, type a unique descriptive name for this instance of FortiADC-VM as it will appear in Virtual Machine Manager’s inventory, such as FortiADC-VM. If you will deploy multiple instances of this file, consider a naming scheme that will make each VM’s purpose or IP address easy to remember. (This name will not be used as the host name, nor will it appear within the FortiADC-VM web UI.) Mark the Customize configuration before install check box. Also click to expand Advanced options, then click the drop-down menu to change NAT to Specify shared device name and in Bridge name, enter the name of the Xen bridge (e.g. xenbr0). Virt Type should be xen (fullvirt). Click Finish.

    8. A new dialog will appear where you can add the other vDisk and vNICs.

  8. In the menu on the left, select the virtual disk. In Advanced options, configure boot.disk to be a virtual disk (VMDK). Then click the Add Hardware button virtual disk (VMDK). Then click the Add Hardware button and add the logdisk.img file also as a VMDK.

  9. In the menu on the left, click Add Hardware and add another virtual network adapter that is bound to the bridge.

    10. Repeat this step again until you have 4 vNICs, then click Apply.

  10. Click Begin Installation to send the FortiADC-VM image and its VM settings to the Xen server.

    11. The client connects to the VM environment, and deploys the image to it. Time required depends on your computer’s hardware speed and resource load, and also on the file size and speed of the network connection, but might take 15 minutes to complete.

    When complete, the deployment should appear in the list of deployed VMs for that Xen server, in the pane on the left side of Virtual Machine Manager.

  11. To power on the VM, click the Play button.

Deploying via dom0 command line

Connect to the command line of your dom0 guest. For example, you may be able to use PuTTY to make an SSH connection to the Xen server’s IP address, or you may use a local GNOME Terminal application.

Next, unpack the file that you downloaded from Fortinet, and open the configuration file in a plain text editor such as nano.

unzip FAD_XENOPEN-v400-build0547-FORTINET.out.xenopensource.zip

cd FAD_XENOPEN-v400-build0547-FORTINET.out.xenopensource

nano fortiadc.hvm

Then edit these lines in fortiadc.hvm file:

memory = 4096

vcpus = 2

vif = [ ‘type=netfront, bridge=xenbr0’, ‘type=netfront, bridge=xenbr0’, ‘type=netfront, bridge=xenbr0’, ‘type=netfront, bridge=xenbr0’, ]

disk = [ 'file:<disk image path>/bootdisk.img,xvda,w','file:<logdisk image path>/logdisk.img,xvdb,w' ]

As an alternative to locally stored disk images, you can reference an NFS or CIFS share:

#Mount point on the server’s local file system

root = "/dev/nfs"

nfs_server = '192.0.2.100'

#Root directory on the NFS server

nfs_root = '/path/to/directory'

Configure virtual hardware settings to allocate appropriate resources for the size of your deployment before powering on the virtual appliance. For details, see the documentation for the open source Xen Hypervisor.

Change the value if necessary to allocate enough vCPUs for the size of your deployment. Valid vCPU values range from 1 to 32, depending on your FortiADC-VM license.

Similarly, FortiADC-VM for Xen Project comes pre-configured to use 4 GB of vRAM (memory). However, this is not enough for most deployments. Change this value to be appropriate for your deployment. The valid range is from 4 GB to 64 GB.

If you configure the virtual appliance’s storage to be internal (that is, local, on its own vDisk), resize the vDisk before powering on. The FortiADC-VM package that you downloaded includes pre-sized VMDK (Virtual Machine Disk Format) files. However, they are only 32 GB, which is not large enough for most deployments. Resize the vDisk before powering on the virtual machine.

This step is not applicable if the virtual appliance will use external network file system (such as NFS or CIFS) datastores.

Depending on your Xen dom0 platform, you may also need to reconfigure fortiadc.hvm with the path to your hvmloader. For example, this may be correct for CentOS or Red Hat Linux:

kernel = "/usr/lib/xen/boot/hvmloader

but this is required by Ubuntu 12.0.4 LTS:

kernel = "/usr/lib/xen-4.1/boot/hvmloader

Apply the changes by rebooting or restarting networking. (In some cases rebooting is required: sudo /etc/init.d/networking restart may not delete your old IP address from eth0 and therefore not correctly bring up all interfaces.)

Run these commands to deploy the VM, power it on, and show its Xen domain ID number (highlighted below in bold):

xenuser@LabXen:/$ sudo xm create fortiadc.hvm

xenuser@LabXen:/$ sudo xm list

Name ID Mem VCPUs State Time(s)

Domain-0 0 5877 4 r----- 1556.9

fortiadc-vm 2 2048 2 -b---- 126.8

If your dom0 is Ubuntu 12.04 and/or when creating the VM, you receive this error:

Error: Domain ‘fortiadc-xen’ does not exist.

and if /var/log/xen/qemu-dm-fortiadc-xen.log contains this line:

Could not read keymap file: ‘/usr/share/qemu/keymaps/en-us’

then the key mapping is not in its expected location. Enter this line:

sudo ln -s /usr/share/qemu-linaro /usr/share/qemu

then retry the command to create FortiADC-VM.

Since VNC listening port numbers are dynamically allocated to guest VMs, use the domain ID number in the output from the previous command to run this command to show the current VNC listening port number and IP address for FortiADC-VM:

xenuser@LabXen:/$ sudo xenstore-ls /local/domain/2/console

port = "4"

limit = "1048576"

type = "ioemu"

vnc-port = "5900"

vnc-listen = "127.0.0.1"

tty = "/dev/pts/5"

Finally, on your management computer, install and start a VNC viewer and connect to the Xen server’s IP address and listening port number for VNC. (In the images below, the VNC viewer is installed in dom0 on the Xen server that is hosting FortiADC-VM, so the VNC viewer connects to 127.0.0.1. If connecting from your management computer, replace this with the IP address of your Xen server.) For example, on a Debian or Ubuntu Linux management computer, you could use these commands:

sudo apt-get install remmina

remmina

You must run this command from a terminal with an X Windows environment such as GNOME Terminal in order for it to be able to open the VNC viewer window.

Previous
Next