Deploy Cloud Exchange on a Virtual Machine

Deploy Cloud Exchange on a Virtual Machine

Important

Please contact your SE/AM if you have questions regarding CE installation, deployment, configuration, and upgrade/migration.

Think of Cloud Exchange as a ready-to-use VM based on Ubuntu 20.04, and already set up with all prerequisites of Cloud Exchange (like Docker, Python, Docker Compose, Zip). As easy to set up and start using Cloud Exchange as before, it is available for major cloud platforms (AWS, Azure, and GCP), as well as for on-premises deployment platforms (VMware ESXi).

Note

  • The maintenance and JWT Secret passwords are used internally within Cloud Exchange for database authentication. These passwords will be needed when restoring a backup.
  • Special characters (including, but not limited to “#”, “$”, “/”, etc.) are not supported when setting the maintenance password for CE. Some of the processes do not work and will cause system failures if you use special characters.
  • Only use alphanumeric values for the maintenance and JWT token passwords.

Support Matrix 5.1.0

Platform Cloud Exchange Version Deployment Format
VMware ESXi 5.1.0 OVA
AWS 5.1.0 AMI
Azure 5.1.0 Azure Image

Sizing Matrix

Size EPM CPU/RAM (GB) Disk Space (GB) AWS Equivalent Azure Equivalent
Medium 100k 8/16 80 C62XL F8s_v2
Large 200k 16/32 120 C64XL F16s_v2

Note

You will need to change disk size while creating new instances.

Note for OS Update

  1. Admins CANNOT update the underlying Ubuntu OS when CE is deployed using OVA.
  2. Admins SHOULD NOT update the underlying Ubuntu OS when CE is deployed on AMI (AWS) OR VHDX (Azure).
  3. Admins SHOULD redeploy CE in the event of functionality/stability issues due to unintentional update of Ubuntu OS for CE as a VM deployment on AWS and Azure.

Deployment Options

VMware ESXi OVA

Prerequisites
  1. ESXi 6.7 or later.
  2. Minimum 8 CPUs and 16 GB RAM available in ESXi.
  3. Minimum 152 GB of free disk space.
  4. Download the Latest 5.1.0 OVA file from here.
Configure the OVA
  1. Log in to your vSphere Client.
  2. Select VMs and Templates from the menu.
  3. Select the Datacenter where you want to deploy Cloud Exchange.
  4. Right-click on the Datacenter and click Deploy OVF Template.
  5. Deploy the OVF Template wizard.
    1. For Select the OVF template, select Local file, upload the latest OVA file, and then click Next.
    2. For Select a name and folder, enter the virtual machine name, select the location for virtual machine, and then click Next.
    3. For Select a compute resource, find the wanted resource, and then click Next.
    4. For Review the details, verify the settings, and then click Next.
    5. For Select storage, ensure that it has a minimum of 150 GB of free disk space available, and then click Next.
    6. For Select networks, pick a network, and then click Next.
    7. For Ready to complete, verify the settings, and then click Finish.
  6. Wait for the import task to be finished.
  7. Select the deployed VM and click Edit Settings.
  8. Change the CPU and Memory of the VM according to your profile requirements (for a medium profile, 8 CPU and 16 GB RAM are required), and then click OK.
  9. Power on the VM.
  10. Launch the web console after powering on the VM.
  11. Wait for the login prompt, and log in using the credentials below. Be sure to change the password with a more secure string.
    Username: cteadmin
    Password : Cl0ud3xc4ang3!
  12. If your network has DHCP enabled, the VM will get its IP assigned. Run the command $ ip addr to verify whether the IP is assigned to the eth0 interface or not. If the IP is not assigned automatically, reach out to your IT administrator, and follow these steps (or How to assign static IP using netplan).
    1. Edit the file netskope_netplan_sample.yaml under /home/cteadmin.
      $ vi /home/cteadmin/netskope_netplan_sample.yaml
    2. In the file, add the IP address that you want to assign, and then save the file. (Please check with the IT System Administrator for the IP address.)
    3. Copy the yaml file inside /etc/netplan:
      $ cp /home/cteadmin/netskope_netplan_sample.yaml /etc/netplan
    4. Restart the network service before applying the netplan changes.
      $ sudo systemctl restart systemd-networkd
    5. Apply and assign the IP address:
      $ sudo netplan apply
    6. Validate that IP address is assigned using the following command:
      $ ip addr

  13. After the IP is assigned, set up CE using one of these options:
    • For standalone installation of Cloud Exchange, use these commands:
      $ cd /opt/cloudexchange/cloudexchange
      $ sudo ./setup
      

      Complete the setup.

      • The maintenance and JWT Secret passwords are used internally within Cloud Exchange for database authentication. These passwords will be needed when restoring a backup.
      • Special characters (including, but not limited to “#”, “$”, “/”, etc.) are not supported when setting the maintenance password for CE. Some of the processes do not work and will cause system failures if you use special characters.
      • Only use alphanumeric values for the maintenance and JWT token passwords.
      $ sudo ./start
    • For HA installation of Cloud Exchange, follow the HA installation guidelines.
  14. Wait for 5-10 minutes and then access the CE using the IP address of VM.
Security Guidelines
  • We recommend changing the password of the VM to a super secure password and remember it for future logins to the VM. If the new password is forgotten, then there is no way to recover the VM.
  •  Restrict SSH access to specific IP addresses. Please consult with your IT team for the same.
Increase the Size of Disk/Volume (Optional)

The following these steps will only increase the disk/volume size. After performing these steps, follow How to Extend Linux LVM Logical Volume to increase the file system size.

  1. Select the VM in which you want to increase disk space.
  2. Power Off the virtual machine.
  3. Click Edit Settings.
  4. Change the Hard disk 1 size per your requirements and click OK.
  5. Power On the VM.
  6. After the machine starts, follow How to Extend Linux LVM Logical Volume.

Azure

Prerequisites

An Azure account with necessary rights to create virtual machines.

Configure the Azure Virtual Machine
  1. Log in to Azure portal.
  2. Search for Virtual Machine and open it.
  3. Click Create and then Azure virtual machine.
  4. Create a virtual machine. Select your Subscription and Resource group where you want to create the virtual machine. 
  5. Select the Size of the machine according to your requirements (medium or large). 
  6. Click See all images.
  7. Search for and select Netskope Cloud Exchange in Marketplace, and then select the 5.1.0 image published by Netskope.
  8. Change the Size of the machine according to your requirement.
  9. Configure an Administrator account. Select SSH public key as Authentication type.
  10. Configure the following username and select Generate new key pair. Username : cteadmin.
  11. Configure Inbound port rules with Allow selected ports, and allow HTTPS and SSH.
  12. For Licensing, select License Type as Other.
  13. Click Next > Disks and change the OS disk size per your requirements.
  14. (Optional) Configure the Network per the remaining steps according to your organization policy.
  15. Click Review + create.
  16. Once validation is successful, click Create.
  17. Wait for the Virtual Machine to be created (it will take around 2-5 minutes)
  18. Once the Virtual Machine is started, SSH into machine with cteadmin username with private key.
    ssh -i <private-key-path> cteadmin@ip-address-of-vm
  19. Run the following commands to configure Cloud Exchange.
    $ cd /opt/cloudexchange/cloudexchange
    $ sudo ./setup
    

    Complete the setup.   

    • The maintenance and JWT Secret passwords are used internally within Cloud Exchange for database authentication. These passwords will be needed when restoring a backup.
    • Special characters (including, but not limited to “#”, “$”, “/”, etc.) are not supported when setting the maintenance password for CE. Some of the processes do not work and will cause system failures if you use special characters.
    • Only use alphanumeric values for the maintenance and JWT token passwords.
    $ sudo ./start
  20. Wait for 5-10 minutes and then access the Cloud Exchange using the IP address of VM.
Security Guidelines
  • Restrict ssh access to specific IP addresses from the Networking tab of the Virtual Machine.
  • We recommend using SSH public key as the machine Authentication type.
Increase Disk Size (Optional)

If you’re using Mac or Linux-based operating system, you will need to change pem file permissions to readonly.

chmod 400 <private-key-path>
  1. Log in to Azure portal and open the Virtual Machine.
  2. Stop the virtual machine if it’s running, and wait until the status becomes Stopped (deallocated), and then click Disk on the left navigation menu.
  3. Open OS disk.
  4. Click Size + performance and enter Custom disk size (GB) with the new disk size, and then click Save. You cannot decrease the size of the disk once it’s increased.
  5. Start the virtual machine.
  6. To verify the disk change, run this command to verify the disk size change after doing SSH into the instance.
    $ df -h /

AWS

Prerequisites

An AWS account.

Configure the EC2 Instance
  1. Log in to your AWS account.
  2. Open the EC2 service in your preferred region.
  3. Click Launch Instance.
  4. Enter name for this new instance and click Browse more AMIs.
  5. Search for Netskope Cloud Exchange and click AWS Marketplace AMIs, and then select Netskope Cloud Exchange AMI.
  6. Click Subscribe now.
  7. Select the Instance Type according to your requirements.
  8. Click Create new key pair and save the private key securely. This key will be required to access the machine.
  9. Change the Network Settings and allow SSH traffic according to your organization policy. We recommend you change it to allow from your IP only. This applies the same for the HTTPS port as well.
  10. Configure the storage per your requirements.
  11. Click Launch Instance.
  12. After the machine is started, follow the below steps to configure CE.
  13. Copy the Public IPv4 DNS and run the ssh command as follows. If you’re using Mac or Linux based operating system you will need to change pem file permissions to readonly.
    chmod 400 <private-key-path>
    ssh -i <private-key-path> cteadmin@public-ipv4-dns
  14. Enter these commands to setup CE:
    $ cd /opt/cloudexchange/cloudexchange/
    $ sudo ./setup

    Complete the setup.

    • The maintenance and JWT Secret passwords are used internally within Cloud Exchange for database authentication. These passwords will be needed when restoring a backup.
    • Special characters (including, but not limited to “#”, “$”, “/”, etc.) are not supported when setting the maintenance password for CE. Some of the processes do not work and will cause system failures if you use special characters.
    • Only use alphanumeric values for the maintenance and JWT token passwords.
    $ sudo ./start
  15. Wait for few mins for the CE to be started.
  16. Now open the IP public-ipv4-dns with the https protocol in a browser and start using CE.
Security Guidelines

Restrict ssh access to specific IP addresses only.

Increase Size of Disk/Volume (Optional)

Following these steps will only increase the disk/volume size. After performing these steps, follow Extend a Linux file system after resizing a volume – Amazon Elastic Compute Cloud to increase the file system size.

  1. Log in to AWS and open the EC2 instance for which you want to increase the size of the disk, and stop the machine if it’s running.
  2. Click Storage and then open the volume by clicking Volume ID.
  3. Select the volume and click Modify volume on the Actions menu.
  4. Change Size (GB) to the new disk size you want click Modify.
  5. Click Modify again on the confirmation popup.
  6. Wait for 8-10 minutes, start the EC2 instance, and SSH into the VM.
  7. Now follow Extend a Linux file system after resizing a volume – Amazon Elastic Compute Cloud.

Hyper-V

Prerequisites
  1. A Hyper-V instance.
  2. Minimum 8 CPUs and 16GB RAM available in the server
  3. Minimum 152 GB of free disk space
  4. Download the Hyper-V virtual machine zip file from here.
Configure Hyper-V
  1. Unzip the downloaded virtual machine file.
  2. Open the Hyper-V manager and right-click on the server where you want to install Cloud Exchange, and then click Import Virtual Machine….
  3. Click Next on the Before you begin page.
  4. For Locate Folder, go to where you have extracted the zip file, and then click Next.
  5. For Select Virtual Machine, select the Cloud Exchange 5.1.0 VM, and then click Next.
  6. For Choose Import Type, select Copy the virtual machine (create a new unique ID), and then click Next.
  7. (Optional) Choose the destination and click Next.
  8. (Optional) Choose Storage Folders and click on Next
  9. Click Finish.
  10. Wait for machine to be imported, right-click on the newly imported virtual machine, and then click Settings.
  11. Click Processor, change the processor according to your profile (medium, large, etc.), and then click Apply.
  12. Click Memory, change the RAM according to your profile (medium, large, etc.), and then click OK.
  13. Click Network Adapter, and on the Virtual switch dropdown, select the appropriate virtual switch per your organization recommendations, and then click Apply and OK.

  14. Now start the virtual machine. Right-click on your virtual machine and click Start.
  15. Connect to the virtual machine.
  16. Wait for login prompt, log in using the following credentials, and then change the password with a more secure string
    • Username: cteadmin
    • Password : Cl0ud3xc4ang3!
  17. If your network has DHCP enabled, the VM will get its IP assigned. Run the following command $ ip addr to verify whether an IP is assigned to the eth0 interface or not. If an IP is not assigned automatically, reach out to your IT administrator and follow these steps (or How to configure static IP using Netplan).
    1. Edit the file netskope_netplan_sample.yaml under /home/cteadmin,
      $ vi /home/cteadmin/netskope_netplan_sample.yaml
    2. In the file, add the IP address that you want to assign, and then save the file. (Check with the IT System Administrator for the IP address.)
    3. Copy the yaml file inside /etc/netplan:
      $ cp /home/cteadmin/netskope_netplan_sample.yaml /etc/netplan
    4. Restart the network service before applying the netplan changes
      $ sudo systemctl restart systemd-networkd
    5. Apply and assign the IP address:
      $ sudo netplan apply
  18. Validate that IP address is assigned using the following command:
    $ ip addr

  19. After the IP is assigned, set up CE using these commands:
    • For standalone installation of Cloud Exchange, use these commands:
      $ cd /opt/cloudexchange/cloudexchange
      $ sudo ./setup

      Complete the setup.

      • The maintenance and JWT Secret passwords are used internally within Cloud Exchange for database authentication. These passwords will be needed when restoring a backup.
      • Special characters (including, but not limited to “#”, “$”, “/”, etc.) are not supported when setting the maintenance password for CE. Some of the processes do not work and will cause system failures if you use special characters.
      • Only use alphanumeric values for the maintenance and JWT token passwords.
      $ sudo ./start
    • For HA installation of Cloud Exchange follow HA installation instructions.
  20. Wait for 5-10 minutes and then access the CE using the IP address of VM.
Security Guidelines
  • We recommend changing the password of the VM to a super secure password, and remember it for future login to the VM. If the new password is forgotten, then there is no way to recover the VM.
  • Restrict SSH access to specific IP addresses. Consult with your IT team for the same.
Increase Size of Disk/Volume (Optional)

The following steps will only increase the disk/volume size. After performing these steps, follow the instructions in the next section Extend File system to new size of Disk/Volume (Optional) to increase the file system size.

  1. Turn off Virtual Machine for which you want to increase disk size.
  2. Select the Virtual Machine and do “Right Click” on it to open options menu.
  3. Open Settings for the Virtual Machine that you want to increase the disk size from Hyper-V manager of windows server.
  4. Select the Virtual Machine and right-click on it to open the Options menu.
  5. Select Hard Drive for SCSI Controller, and click Edit.
  6. Click Next for Locate Disk.
  7. Select Expand and click Next for Choose Action.
  8. Enter a New size per your requirement in the Configure Disk section, and then click Next.
  9. Verify the new disk size and click Finish.
  10. Click OK in Settings for virtual machine.
  11. Select the Virtual Machine and right-click on it to open Options menu.
  12. Start the VM and proceed to the Extend File system to new size of Disk/Volume (Optional) section below.
Extend the File System to a New Size of Disk/Volume (Optional)

These steps are applicable only after you have increased the size of the Disk/Volume.
Follow these steps to increase the disk space of the Cloud Exchange virtual machine.

    1. Change the Disk size of the VM per your requirement (for example, 200GB).
    2. Now start the VM and SSH into the machine.
    3. Check the current disk size:
      $ df -h /
    4. Check disks and identify the device name associated with the disk (like /dev/sda):
      $ sudo fdisk -l
    5. Modify the disk and create a new partition:
      $ sudo fdisk /dev/<device-name>
      • (like $ sudo fdisk /dev/sda)
      • There will be an error message like:
        “GPT PMBR size mismatch (317263871 != 335544319) will be corrected by write.”
        This represents that there is some space available in the disk.
    6. Create new partition by entering the n command in the fdisk CLI.
      Command (m for help): n
    7. Enter the partition number, and the first and last sector of the new partition (Keep all the values to default). Click enter to keep the values to default.
      • Partition number (4-128, default 4):
      • First sector (317261824-335544286, default 317261824):
      • Last sector, +/-sectors or +/-size{K,M,G,T,P} (317261824-335544286, default 335544286):
    8. Write partition changes by entering the w command in the fdisk CLI.
      Command (m for help): w
    9. Now fdisk will be exited automatically with the following message:
      “The partition table has been altered.
      Syncing disks.”
    10. Create a physical volume:
      $ sudo pvcreate /dev/<device-name><partition-number>

      (like $ sudo pvcreate /dev/sda4)

    11. Extend the physical volume to the Cloud Exchange volume group:
      $ sudo vgextend ce_vg /dev/<device-name><Partition-number>

      (like $ sudo vgextend ce_vg /dev/sda4)

    12. Extend the logical volume to OS volume of Cloud Exchange volume group:
      $ sudo lvextend -l +100%FREE /dev/ce_vg/OS
    13. Resize the OS volume:
      $ sudo resize2fs  /dev/ce_vg/OS
    14. Verify the disk size:
      $ df -h /

GCP

Cloud Exchange 5.1.0 can be deployed on GCP in two ways:

  • Configure Cloud Exchange in GCP compute instance.
  • Create a GCP Image from an OVA file. Note that creating a GCP Image from an OVA file has limited support.
Configure Cloud Exchange in a GCP Compute Instance
  1. Log in to your GCP account and go to Compute Engine. If you don’t see it on your main GCP dashboard, search for it.
  2. Click on Create Instance.
  3. Enter a new instance Name, and select a Region, Zone, and Machine configuration per your requirements.
  4. Select a Machine type as per your profile requirements by clicking Custom (like 8 CPU and 16GB RAM for a medium profile).
    To help you decide on size, check out our Sizing the System section here.
  5. Scroll down to Boot disk section and click Change.
  6. Select Ubuntu for the Operating system and Ubuntu 20.04 LTS for the Version. Select a Boot disk type and Size (like 80 GB Free Disk space for medium profile) as per your requirements, and then click Select.
    To help you decide on size, check out our Sizing the System section here.
  7. Scroll down to Firewall and select Allow HTTPS traffic.
  8. Scroll down to Advanced options and select the expand icon.
  9. Scroll down to Network interfaces, select a Network and Subnetwork based on your requirements.
  10. Click Create.
  11. SSH into your Instance. Click SSH.

    Now set up Cloud Exchange on your new GCP instance by following these instructions: Install Cloud Exchange on Ubuntu.
Create a GCP Image from an OVA File

Prerequisites

  • A GCP account with these permissions:
    Storage Admin
    Compute Admin
  • Enable Cloud Build API for your project. Ref : Cloud Build API.

To create an image from an OVF file:

Note

These steps will be deprecated soon and you might have to select Use the Old Version while creating an image.

  1. Log in to GCP and select the project in which you want to create the GCP image.
  2. Create a new Cloud Storage named cloud-exchange-bucket by following these instructions: Create a new bucket.
  3. Download the latest version of Cloud Exchange OVA file from here and upload it to the cloud- exchange-bucket bucket by following these instructions: Uploading an object.
  4. Open Images under Compute Engine. Search for and select Images.
  5. Click Create Image.
  6. Enter a unique name in Name field and select Virtual disk (VMDK, VHD) as the Source.
    (like cloud-exchange-gcp-image-demo)
  7. Click Browse and select the latest uploaded OVA file from the cloud-exchange-bucket, and then select Ubuntu 20.04 Focal Fossa as the Operating system on virtual disk.
  8. Enter ubuntu-2004 as the Family. Click Create, and enter a log location as well if prompted.
  9. Wait for the image to be created; it takes around 25-30 minutes.
  10. After the image is created, you can start creating Compute Machines from it.
Deploy the VM Instance
  1. Log in to the GCP account and open the Project where you want to deploy Cloud Exchange.
  2. Search for Compute Engine, click VM instances, and then Create Instance.
  3. Enter a name for the instance and select a Region and Zone.
  4. Select the Machine configuration and Machine type as per your requirements by clicking
    Custom (like 8 CPU and 16 GB RAM for medium profile).
  5. Scroll down to the Boot disk section and click Change.
  6. Click Custom images, and Search for image name created earlier (e.g. “cloud-exchange-gcp-image-demo” ) and select the image.
  7. Select a Boot disk type as per your organization’s requirements, and then click Select.
  8. Scroll down to Firewall, select Allow HTTPS traffic, and then click Create.
  9. Wait for the machine to start. After the machine is started, continue to the next step to configure CE.
  10. Copy the Public IPv4, and run this ssh command from your machine’s terminal, or from putty:
    $ ssh cteadmin@public-ipv4
  11. Enter this password:
    Cl0ud3xc4ang3!
  12. The first time you log in, you will be asked to change the password of the cteadmin user. Change the password to a super secure string, and keep it safe for later access to machine.
  13. Now log in to EC2 with new password.
  14. Use these commands to setup CE.
    • For a standalone installation of Cloud Exchange, use these commands:
      $ cd /opt/cloudexchange/cloudexchange
      $ sudo ./setup
      

      Complete the setup.

      • The maintenance and JWT Secret passwords are used internally within Cloud Exchange for database authentication. These passwords will be needed when restoring a backup.
      • Special characters (including, but not limited to “#”, “$”, “/”, etc.) are not supported when setting the maintenance password for CE. Some of the processes do not work and will cause system failures if you use special characters.
      • Only use alphanumeric values for the maintenance and JWT token passwords.
      $ sudo ./start

      Now wait for few minutes for CE to be started.

    • For an HA installation of Cloud Exchange, follow the HA installation instructions.
  15. Now open the IP public-ipv4-dns with the HTTPS protocol in a browser to start using CE.
Security Guidelines

Restrict ssh access to specific IP addresses from Networking tab of Virtual Machine

Increase Size of Disk/Volume (Optional)

The following steps will only increase the disk/volume size. After performing these steps, follow How to Extend Linux LVM Logical Volume to increase the file system size.

  1. Open the details of the VM for which you want to increase disk size and stop it.
  2. Wait for machine to be stopped, and then scroll down to Storage and open the Boot disk. The name of disk will be the same as your VM name.
  3. Edit the disk by clicking the Operation menu icon and select Edit.
  4. Change the disk size per your requirements and click Save.
  5. Wait for the disk to be updated, then follow How to Extend Linux LVM Logical Volume.

Troubleshooting

How to assign the IP using netplan
Cannot complete setup because of a timeout error

If you’re facing the following error “Error occurred while verifying connectivity to ***”, because of network connectivity issues.

What to do: If you’re facing network connectivity issues while running setup for the first time, run it one more time.

If the error persists,each out to your IT admin as this is a network connectivity issue.

ERROR: for *** UnixHTTPConnectionPool

Getting the error: ERROR: from core UnixHTTPConnectionPool.

A computer screen with white text

Description automatically generated

What to do: If you’re getting this error, down the container and run the start script.

Refer the following commands:

$ cd /opt/cloudexchange/cloudexchange
$ sudo docker-compose down
$ sudo ./start
ERROR: Failed to Setup IP tables

Getting the error ERROR: Failed to Setup IP tables:.

What to do: Restart the docker service, as this issue might have occurred after enabling a firewall (like firewalld or ufw).

$ sudo systemctl restart docker
Error occurred while fetching plugin updates

When you try to update the plugins from the UI, despite having github connectivity, you might get this error.

What to do:

If you are getting this error, use the Upload plugin feature to upload the latest plugin, or run these commands in the host machine from the directory where the Cloud Exchange is deployed.

$ cd /opt/cloudexchange/cloudexchange
$ sudo docker-compose exec core git -C netskope/repos/Default reset --hard

If you’re using an OVA file, you will need to raise a support ticket to get this command executed by the Netskope Support team.

Share this Doc

Deploy Cloud Exchange on a Virtual Machine

Or copy link

In this topic ...