Deploy Cloud Exchange on a Virtual Machine

Think of Cloud Exchange like a ready-to-use VM based on Ubuntu 20.04, and already set up with all prerequisites of Cloud Exchange (like Docker, Python, Docker Compose, Zip). As easy to set up and start using Cloud Exchange as before, it is available for major cloud platforms (AWS, Azure, and GCP), as well as for on-premises deployment platforms (VMware ESXi).

Support Matrix

Platform	Cloud Exchange Version	Deployment Format
VMware ESXi	5.0.1	OVA
AWS	5.0.1	AMI
Azure	5.0.1	Azure image
GCP	5.0.1	GCP image

Sizing Matrix

Size	EPM	CPU/RAM (GB)	Disk Space (GB)	AWS Equivalent	Azure Equivalent	GCP Equivalent
Medium	100k	8/16	80	C62XL	F8s_v2	E2 Series (select custom CPU and RAM)
Large	200k	16/32	120	C64XL	F16s_v2	E2 Series (select custom CPU and RAM)

Note for OS Update

1. Admins CANNOT update the underlying Ubuntu OS when CE is deployed using OVA.
2. Admins SHOULD NOT update the underlying the Ubuntu OS when CE is deployed on AMI (AWS) OR VHDX (Azure).
3. Admins SHOULD redeploy CE in the event of functionality/stability issues due to unintentional update of Ubuntu OS for CE as a VM deployment on AWS and Azure.

Deployment Options

VMware ESXi OVA

Prerequisites

1. ESXi 6.7 or later.
2. Minimum 8 CPUs and 16 GB RAM available in ESXi.
3. Minimum 152 GB of free disk space.
4. Download the Latest 5.0.1 OVA file from here.

Click play to watch a video.

Configure the OVA

1. Log in to your vSphere Client.
2. Select VMs and Templates from the menu.
3. Select the Datacenter where you want to deploy Cloud Exchange.
4. Right-click on the Datacenter and click Deploy OVF Template.
5. Deploy the OVF Template wizard.
   1. Select the OVF template. Select Local file, upload the latest OVA file, and then click Next.
   2. Select a name and folder, and then click Next. Enter the virtual machine name and select the location for virtual machine.
   3. Select a compute resource and then click Next.
   4. Review the details and click Next.
   5. Select a Storage that has a minimum of 150 GB of free disk space available and click Next.
   6. Select networks and click Next.
   7. When you’re ready to complete, click Finish.
6. Wait for the import task to be finished.
7. Select the Deployed VM and click Edit Settings.
8. Change the CPU and Memory of the VM according to your profile requirements and click OK (for a medium profile, 8 CPU and 16 GB RAM are required).
9. Power on the VM.
10. Launch the web console after powering on the VM.
11. Wait for the login prompt, and log in using the following these credentials. Change the password with a more secure string.
    Username: cteadmin
    Password : Cl0ud3xc4ang3!
    
12. If your network has DHCP enabled the VM will get its IP assigned. Run the following command $ ip addr to verify whether ip is assigned to the eth0 interface or not. If IP is not assigned automatically, reach out to your IT administrator and follow these steps (or How to assign static IP using netplan).
    1. Edit the file netskope_netplan_sample.yaml under /home/cteadmin.

       $ vi /home/cteadmin/netskope_netplan_sample.yaml

    2. In the file, add the IP address that you want to assign, and then save the file. (Please check with the IT System Administrator for the IP address.)
       
    3. Now, copy the yaml file inside /etc/netplan:

       $ cp /home/cteadmin/netskope_netplan_sample.yaml /etc/netplan

    4. Restart network service before applying the netplan changes.

       $ sudo systemctl restart systemd-networkd

    5. Now, apply and assign the IP address:

       $ sudo netplan apply

    6. Validate that IP address is assigned using the following command:

       $ ip addr

13. After the IP is assigned, set up CE using one of these options:
    • For standalone installation of Cloud Exchange, use these commands:

      $ cd /opt/cloudexchange/cloudexchange
      $ sudo ./setup
      

      Complete the setup.

      $ sudo ./start

    • For HA installation of Cloud Exchange, follow the HA installation guidelines.
14. Wait for 5-10 minutes and then access the CE using the IP address of VM.

Security Guidelines

• We recommend changing the password of the VM to a super secure password and remember it for future login to Virtual machine. If the new password is forgotten then there is no way to recover the VM.
•  Restrict SSH access to specific IP addresses. Please consult with your IT team for the same.

Increase the Size of Disk/Volume (Optional)

The following these steps will only increase the disk/volume size. After performing these steps, follow Extend File system to new size of Disk/Volume (Optional) to increase the file system size.

1. Select the VM in which you want to increase disk space.
2. Power Off the virtual machine.
3. Click Edit Settings.
4. Change the Hard disk 1 size as per your requirements and click OK.
5. Power On the VM.
6. After the machine starts, follow the Extend File system to new size of Disk/Volume (Optional).

Azure

Prerequisites

1. Azure account with necessary rights to create virtual machines.

Click play to watch a video.

Configure the Azure Virtual Machine

1. Log in to Azure portal.
2. Search for Virtual Machine and open it.
3. Click Create and then Azure virtual machine.
4. Create a virtual machine.
   1. Select your Subscription and Resource group where you want to create Virtual Machine.
   2. Select the Size of the machine according to your requirements (i.e medium, large).
   3. Click See all images.
5. Search for and select Netskope Cloud Exchange in Marketplace, and then select the 5.0.1 image published by Netskope.
6. Change the Size of the machine according to your requirement.
7. Configure an Administrator account.
   1. Select SSH public key as Authentication type.
   2. Configure the following username and Generate new key pair. Username : cteadmin.
   3. Configure Inbound port rules: allow HTTPS and SSH.
      
8. Select License Type as Other.
9. Click Next > Disks and change the OS disk size per your requirements.
10. (Optional) Configure the Network and remaining steps as per your organization policy.
11. Click Review + create.
12. Once validation is successful, click Create.
13. Wait for the Virtual Machine to be created (it will take around 2-5 minutes)
14. Once the Virtual Machine is started, SSH into machine with cteadmin username with private key.
    1. If you’re using Mac or Linux based operating system you will need to change pem file permissions to readonly.

       chmod 400 <private-key-path>
       

    2. ssh -i <private-key-path> cteadmin@ip-address-of-vm

    3. Run following commands to configure Cloud Exchange.

       $ cd /opt/cloudexchange/cloudexchange
       $ sudo ./setup
       

       Complete the setup.

       $ sudo ./start

    4. Wait for 5-10 minutes and then access the Cloud Exchange using the IP address of VM.

    Security Guidelines

    • Restrict ssh access to specific IP addresses from Networking tab of Virtual Machine
    • We recommend using “SSH public key” as a machine Authentication type.

    Increase Disk Size (Optional)

    1. Log in to Azure portal and open Virtual Machine.
    2. Stop the virtual machine if it’s running, and wait until the status becomes Stopped (deallocated), and then click Disk on the left navigation menu.
    3. Open OS disk.
    4. Click Size + performance and enter Custom disk size (GB) with the new disk size, and then click Save. You cannot decrease the size of the disk once it’s increased.
    5. Start the virtual machine.
    6. To verify the disk change, run this command to verify the disk size change after doing SSH into instance.

       $ df -h /

AWS

Prerequisites

1. An AWS account.

Click play to watch a video.

Configure the EC2 Instance

1. Log in to your AWS account.
2. Open EC2 service in your preferred region.
3. Click Launch Instance.
4. Enter name for this new instance and click Browse more AMIs.
5. Search for Netskope Cloud Exchange and click AWS Marketplace AMIs,  and then select Netskope Cloud Exchange AMI.
6. Click Subscribe now.
7. Select the Instance Type according to your requirements.
8. Click Create new key pair and save the private key securely. This key will be required to access the machine.
9. Change the Network Settings and allow SSH traffic according to your organization policy. We recommend to change and allow from your IP only. This applies the same for HTTPS port as well.
10. Configure the storage as per your requirements.
11. Click Launch Instance.
12. After the machine is started, follow the below steps to configure CE.
13. Copy the Public IPv4 DNS and run ssh command as follows:
    • If you’re using Mac or Linux based operating system you will need to change pem file permissions to readonly.

      chmod 400 <private-key-path>

    • ssh -i <private-key-path> cteadmin@public-ipv4-dns

14. Enter these commands to setup CE:

    $ cd /opt/cloudexchange/cloudexchange/
    $ sudo ./setup

    Complete the setup.

    $ sudo ./start

15. Wait for few mins for the CE to be started.
16. Now open the IP public-ipv4-dns with the https protocol in a browser and start using CE.

Security Guidelines

• Restrict ssh access to specific IP addresses only.

Increase Size of Disk/Volume (Optional)

Following these steps will only increase the disk/volume size. After performing the steps follow Extend File system to new size of Disk/Volume (Optional) to increase the file system size.

1. Log in to AWS and open the EC2 instance for which you want to increase the size of the disk and stop the machine if it’s running.
2. Click Storage and then open the volume by clicking Volume ID.
   
3. Select the volume and click Modify volume on the Actions menu.
   
4. Change Size (GB) to the new disk size you want click Modify.
   
5. Click Modify again on the confirmation popup.
   
6. Wait for 8-10 minutes, start the EC2 instance and SSH into the VM.
7. Now follow Extend a Linux file system after resizing a volume – Amazon Elastic Compute Cloud.

GCP

Create a Server in GCP

1. Log in to your GCP account and go to Compute Engine. If you don’t see that on your main GCP dashboard you can search for Compute Engine.
2. Click on CREATE INSTANCE
   
3. Give your new instance a name, select Region, Zone and Machine configuration as per requirement.
4. Select Machine type as per your profile requirements by clicking on “CUSTOM” (like 8 CPU and 16GB RAM for a medium profile).
   To help you decide on size, check out our Sizing the System section here: https://docs.netskope.com/en/cloud-exchange-system-requirements.html
   
5. Scroll down to “Boot disk” section and click on “Change.
   
6. Select Ubuntu in Operating system and select Ubuntu 20.04 LTS in Version. Select “Boot disk type” and “Size” (like 80 GB Free Disk space for medium profile) as per your organization recommendation and click on “SELECT”.
   To help you decide on size, check out our Sizing the System section here: https://docs.netskope.com/en/cloud-exchange-system-requirements.html
   
7. Scroll down to “Firewall” and select “Allow HTTPS traffic.
   
8. Scroll down to “Advanced options” and select the unfold icon
   
9. Scroll down to Network interfaces, select Network and Subnetwork based on your requirements.
   
10. Click on “CREATE.
    
11. SSH into an Instance. Click SSH.
    

Now set up Cloud Exchange on your new GCP instance by following these instructions: Install Cloud Exchange on Ubuntu.

Create a GCP Image from an OVA File

Prerequisites

A GCP account with following permissions:

• Storage Admin
• Compute Admin
• Enable Cloud Build API for your project. Ref : Cloud Build API.

To create an image from an OVF file:

1. Log in to GCP and select the project in which you want to create the GCP image.
2. Create a new Cloud Storage named cloud-exchange-bucket by following these instructions: Create a new bucket.
3. Download the latest version of Cloud Exchange OVA file from here and upload it to the cloud-exchange-bucket bucket by following these instructions: Uploading an object.
4. Open Images under Compute Engine. Search for and select Images.
   
5. Click Create Image.
   
6. Enter cloud-exchange-5-0-1 in the Name field, and then select Virtual disk (VMDK, VHD) as the Source.
   
7. Click Browse and select the uploaded OVA file from the cloud-exchange-bucket, and then select Ubuntu 20.04 Focal Fossa as the Operating system on virtual disk.
   
   
   
8. Enter ubuntu-2004 as the Family and click Create.
9. Wait for the image to be created; it takes around 25-30 minutes.
   
10. After the image is created, you can start creating Compute machines from it.

Deploy the VM Instance

1. Log in to the GCP account and open the Project where you want to deploy Cloud Exchange.
2. Search for Compute Engine, click VM instances, and then Create Instance.
   
3. Enter name of the instance and select a Region and Zone.
   
4. Select the Machine configuration and Machine type as per your profile requirements by clicking Custom (like 8 CPU and 16 GB RAM for medium profile).
   
5. Scroll down to the Boot disk section and click Change.
6. Click Custom images, search for cloud-exchange-5-0-1, and then select the image.
   
7. Select a Boot disk type as per your organization’s requirements, and then click Select.
   
8. Scroll down to Firewall, select Allow HTTPS traffic, and then click Create.
   
9. Wait for the machine to start. After the machine is started, continue to the next step to configure CE.
10. Copy the Public IPv4, and run this ssh command from your machine’s terminal, or from putty:

    $ ssh cteadmin@public-ipv4

11. Enter this password:

     Cl0ud3xc4ang3!

12. The first time you login, you will be asked to change the password of the cteadmin user. Change the password to a super secure string, and keep it safe for later access to machine.
13. Now log in to EC2 with new password.
14. Use these commands to setup CE.
    • For a standalone installation of Cloud Exchange, use these commands:

      $ cd /opt/cloudexchange/cloudexchange
      $ sudo ./setup

      Complete the setup.

      $ sudo ./start

      Now wait for few minutes for CE to be started.

    • For an HA installation of Cloud Exchange, follow the HA installation instructions.
15. Now open the IP public-ipv4-dns with the HTTPS protocol in a browser to start using CE.

Security Guidelines

Restrict ssh access to specific IP addresses from Networking tab of Virtual Machine

Increase Size of Disk/Volume (Optional)

The following steps will only increase the disk/volume size. After performing these steps, follow How to Extend Linux LVM Logical Volume to increase the file system size.

1. Open the details of the VM for which you want to increase disk size and stop it.
   
2. Wait for machine to be stopped, and then scroll down to Storage and open the Boot disk.
   The name of disk will be the same as your VM name.

   

3. Edit the disk by clicking the Operation menu icon and select Edit.
   
4. Change the disk size per your requirements and click Save.
   
5. Wait for the disk to be updated, then follow How to Extend Linux LVM Logical Volume.

Troubleshooting

How to assign the IP using netplan

• Follow the https://linuxhint.com/configure-static-ip-netplan/ to assign static ip using netplan
• Sample config file can be found at following location: /home/cteadmin/netskope_netplan_sample.yaml

Cannot complete setup because of timeout error

• If you’re facing the following error “Error occurred while verifying connectivity to ***”, because of network connectivity issues.

What to do: If you’re facing network connectivity issues while running setup for the first time please run one more time.

If the error persists please reach out to your IT admin as this is a network connectivity issue.

ERROR: for *** UnixHTTPConnectionPool

• If you’re facing the following error “ERROR: from core UnixHTTPConnectionPool” please follow the below steps to resolve the error.

What to do: If you’re facing the above error, please down the container and run the start script.

Refer the following commands:

$ cd /opt/cloudexchange/cloudexchange

$ sudo docker-compose down

$ sudo ./start

ERROR: Failed to Setup IP tables

• If you are facing following error “ERROR: Failed to Setup IP tables:”, follow these steps to resolve the error:

What to do: If you’re facing the above error, please restart the docker service as this issue might have occurred after enabling firewall (e.g. firewalld or ufw).

$ sudo systemctl restart docker

Error occurred while fetching plugin updates

• When user tries to update the plugins from UI, despite having github connectivity user might get following error

What to do:

If you are facing the above error then please use the “Upload plugin” feature to upload the latest plugin or run the following command in the host machine from the directory where the Cloud Exchange is deployed.

$ cd /opt/cloudexchange/cloudexchange

$ sudo docker-compose exec core git -C netskope/repos/Default reset --hard

If you’re using the OVA file, you will need to raise a support ticket and get this command executed by the Netskope Support team.