Fortinet Document Library

Version:

Version:

Version:


Table of Contents

Download PDF
Copy Link

Configure FortiAuthenticator-VM hardware settings

Before powering on your FortiAuthenticator-VM you must configure the virtual memory, virtual CPU, and virtual disk (VMDK) configuration, and map the virtual network adapters.

Caution

These settings cannot be configured inside FortiAuthenticator-VM, and must be configured in the VM environment. Some settings cannot be reconfigured after you power on the virtual appliance.

Note

To see information on how to similarly configure FortiAuthenticator KVM on an Ubuntu host running Virtual Machine Manager, see Resizing the virtual disk and other sections in the KVM deployment example.

Resizing the virtual disk (vDisk)

If you configure the virtual appliance’s storage repository to be internal (i.e. local, on its own vDisk), resize the vDisk before powering on.

Note

This step is not applicable if the virtual appliance will use external network file system (such as NFS) datastores.

The FortiAuthenticator-VM package that you downloaded includes pre-sized VMDK (Virtual Machine Disk Format) files of 1GB for disk 1 (for the OS) and 60GB for disk 2 data, which is large enough for most small deployments. This can be extended if necessary. Resize the vDisk before powering on the virtual machine.

Before doing so, make sure that you understand the effects of your vDisk settings.

During the creation of a VM datastore, you have the following formatting options:

  • 1MB block size - 256GB maximum file size
  • 2MB block size - 512GB maximum file size
  • 4MB block size – 1,024GB maximum file size
  • 8MB block size – 2,048GB maximum file size

These options affect the possible size of each vDisk.

For example, if you have an 800GB datastore which has been formatted with 1MB block size, you cannot size a single vDisk greater than 256GB on your FortiAuthenticator-VM.

Consider also that, depending on the size of your organization’s network, you might require more or less storage for the user database and logging.

For more information on vDisk sizing, see http://communities.vmware.com/docs/DOC-11920.

To resize the vDisk:
  1. In the VMware vSphere Client, right-click the name of the virtual appliance, and select Edit Settings.
    The Virtual Machine Properties page is displayed.

  2. Select the Hardware tab and select Hard Disk 2.
  3. Select Remove.
  4. Select Add.
    The Add Hardware page is displayed.
  5. In the list of device types, select Hard Disk and select Next.
  6. Select Create a new virtual disk and select Next.
  7. In Disk Size, enter the size of the vDisk in GB and select Next.
  8. Select the bottom option in Virtual Device Node, select IDE (0:1) from the drop-down list, then select Next.
  9. Select Finish to close the Add Hardware page and then select OK to save the settings to Virtual Machine Properties.

Configuring the number of virtual CPUs (vCPUs)

By default, the virtual appliance is configured to use 2 vCPUs. FortiAuthenticator-VM is not restricted to how many vCPUs can be configured so you can increase the number according to your requirements (e.g., you can allocate 2, 4, or 8 vCPUs).

Note

If you need to increase or decrease the vCPUs after the initial boot, power off FortiAuthenticator-VM, adjust the number of vCPUs, then power on the VM.

For more information on vCPUs, visit http://www.vmware.com/products/vsphere-hypervisor/index.html for VMware vSphere documentation.

To change the number of vCPUs:
  1. In the VMware vSphere Client, right-click the name of the virtual appliance, and select Edit Settings.
    The Virtual Machine Properties page is displayed.

  2. Select the Hardware tab and select CPUs.
  3. Select the number of virtual sockets and the number of cores per socket.
  4. Select OK to save the settings to Virtual Machines Properties.

Configuring the virtual RAM (vRAM) limit

FortiAuthenticator-VM comes pre-configured to use 512MB of vRAM. You can change this value. The valid range is from 512MB to 16GB.

To change the amount of vRAM:
  1. In the VMware vSphere Client, right-click the name of the virtual appliance, and select Edit Settings.
    The Virtual Machine Properties page is displayed.

  2. Select the Hardware tab and select Memory.
  3. Enter the maximum memory in GB to allocate to the VM instance.
  4. Select OK to save the settings to Virtual Machine Properties.

Mapping the virtual NICs (vNICs) to physical NICs

Appropriate mappings of the FortiAuthenticator-VM ports to physical ports depends on your existing virtual environment. Often, the default bridging vNICs work, and do not need to be changed.

If you are unsure of your network mappings, try bridging first before non-default vNIC modes such as NAT or host-only networks. The default bridging vNIC mappings are appropriate where each of the host’s guest virtual machines should have their own IP addresses on your network. The most common exceptions to this rule are for VLANs and the transparent modes.

When you deploy the FortiAuthenticator-VM package, 4 bridging vNICs are created and automatically mapped to a port group on 1 virtual switch (vSwitch) within the hypervisor. Each of those vNICs can be used by one of the 4 network interfaces in FortiAuthenticator-VM.

Alternatively, if you prefer, some or all of the network interfaces may be configured to use the same vNIC. vSwitches are themselves mapped to physical ports on the server.

Example network mapping:

VMware vSphere FortiAuthenticator-VM
Physical Network Adapter Network Mapping (vSwitch Port Group) Virtual Network Adapter for FAC VM Network Interface Name in GUI and CLI
eth0 VM Network 0 Management port1
eth1 VM Network 1 External port2
eth0 VM Network 2 Internal (LDAP) port3
eth0 VM Network 1 Unconfigured port4
To map network adapters:
  1. In the VMware vSphere Client, right-click the name of the virtual appliance, and select Edit Settings.
    The Virtual Machine Properties page is displayed.
  2. Select the Hardware tab and select Network adapter 1.
  3. From the Network Connection dropdown list, select the virtual network mapping for the virtual network adapter. Repeat this step for the other three network adapters. The correct mapping varies by your virtual environment’s network configuration.
  4. Select OK to save the settings to Virtual Machine Properties.

Configure FortiAuthenticator-VM hardware settings

Before powering on your FortiAuthenticator-VM you must configure the virtual memory, virtual CPU, and virtual disk (VMDK) configuration, and map the virtual network adapters.

Caution

These settings cannot be configured inside FortiAuthenticator-VM, and must be configured in the VM environment. Some settings cannot be reconfigured after you power on the virtual appliance.

Note

To see information on how to similarly configure FortiAuthenticator KVM on an Ubuntu host running Virtual Machine Manager, see Resizing the virtual disk and other sections in the KVM deployment example.

Resizing the virtual disk (vDisk)

If you configure the virtual appliance’s storage repository to be internal (i.e. local, on its own vDisk), resize the vDisk before powering on.

Note

This step is not applicable if the virtual appliance will use external network file system (such as NFS) datastores.

The FortiAuthenticator-VM package that you downloaded includes pre-sized VMDK (Virtual Machine Disk Format) files of 1GB for disk 1 (for the OS) and 60GB for disk 2 data, which is large enough for most small deployments. This can be extended if necessary. Resize the vDisk before powering on the virtual machine.

Before doing so, make sure that you understand the effects of your vDisk settings.

During the creation of a VM datastore, you have the following formatting options:

  • 1MB block size - 256GB maximum file size
  • 2MB block size - 512GB maximum file size
  • 4MB block size – 1,024GB maximum file size
  • 8MB block size – 2,048GB maximum file size

These options affect the possible size of each vDisk.

For example, if you have an 800GB datastore which has been formatted with 1MB block size, you cannot size a single vDisk greater than 256GB on your FortiAuthenticator-VM.

Consider also that, depending on the size of your organization’s network, you might require more or less storage for the user database and logging.

For more information on vDisk sizing, see http://communities.vmware.com/docs/DOC-11920.

To resize the vDisk:
  1. In the VMware vSphere Client, right-click the name of the virtual appliance, and select Edit Settings.
    The Virtual Machine Properties page is displayed.

  2. Select the Hardware tab and select Hard Disk 2.
  3. Select Remove.
  4. Select Add.
    The Add Hardware page is displayed.
  5. In the list of device types, select Hard Disk and select Next.
  6. Select Create a new virtual disk and select Next.
  7. In Disk Size, enter the size of the vDisk in GB and select Next.
  8. Select the bottom option in Virtual Device Node, select IDE (0:1) from the drop-down list, then select Next.
  9. Select Finish to close the Add Hardware page and then select OK to save the settings to Virtual Machine Properties.

Configuring the number of virtual CPUs (vCPUs)

By default, the virtual appliance is configured to use 2 vCPUs. FortiAuthenticator-VM is not restricted to how many vCPUs can be configured so you can increase the number according to your requirements (e.g., you can allocate 2, 4, or 8 vCPUs).

Note

If you need to increase or decrease the vCPUs after the initial boot, power off FortiAuthenticator-VM, adjust the number of vCPUs, then power on the VM.

For more information on vCPUs, visit http://www.vmware.com/products/vsphere-hypervisor/index.html for VMware vSphere documentation.

To change the number of vCPUs:
  1. In the VMware vSphere Client, right-click the name of the virtual appliance, and select Edit Settings.
    The Virtual Machine Properties page is displayed.

  2. Select the Hardware tab and select CPUs.
  3. Select the number of virtual sockets and the number of cores per socket.
  4. Select OK to save the settings to Virtual Machines Properties.

Configuring the virtual RAM (vRAM) limit

FortiAuthenticator-VM comes pre-configured to use 512MB of vRAM. You can change this value. The valid range is from 512MB to 16GB.

To change the amount of vRAM:
  1. In the VMware vSphere Client, right-click the name of the virtual appliance, and select Edit Settings.
    The Virtual Machine Properties page is displayed.

  2. Select the Hardware tab and select Memory.
  3. Enter the maximum memory in GB to allocate to the VM instance.
  4. Select OK to save the settings to Virtual Machine Properties.

Mapping the virtual NICs (vNICs) to physical NICs

Appropriate mappings of the FortiAuthenticator-VM ports to physical ports depends on your existing virtual environment. Often, the default bridging vNICs work, and do not need to be changed.

If you are unsure of your network mappings, try bridging first before non-default vNIC modes such as NAT or host-only networks. The default bridging vNIC mappings are appropriate where each of the host’s guest virtual machines should have their own IP addresses on your network. The most common exceptions to this rule are for VLANs and the transparent modes.

When you deploy the FortiAuthenticator-VM package, 4 bridging vNICs are created and automatically mapped to a port group on 1 virtual switch (vSwitch) within the hypervisor. Each of those vNICs can be used by one of the 4 network interfaces in FortiAuthenticator-VM.

Alternatively, if you prefer, some or all of the network interfaces may be configured to use the same vNIC. vSwitches are themselves mapped to physical ports on the server.

Example network mapping:

VMware vSphere FortiAuthenticator-VM
Physical Network Adapter Network Mapping (vSwitch Port Group) Virtual Network Adapter for FAC VM Network Interface Name in GUI and CLI
eth0 VM Network 0 Management port1
eth1 VM Network 1 External port2
eth0 VM Network 2 Internal (LDAP) port3
eth0 VM Network 1 Unconfigured port4
To map network adapters:
  1. In the VMware vSphere Client, right-click the name of the virtual appliance, and select Edit Settings.
    The Virtual Machine Properties page is displayed.
  2. Select the Hardware tab and select Network adapter 1.
  3. From the Network Connection dropdown list, select the virtual network mapping for the virtual network adapter. Repeat this step for the other three network adapters. The correct mapping varies by your virtual environment’s network configuration.
  4. Select OK to save the settings to Virtual Machine Properties.