Deploy Cloud Exchange on a Virtual Machine

Think of Cloud Exchange like a ready-to-use VM based on Ubuntu 20.04, and already set up with all prerequisites of Cloud Exchange (like Docker, Python, Docker Compose, Zip). As easy to set up and start using Cloud Exchange was before, it is available for all major cloud platforms (AWS, Azure, GCP), as well as for on-premises deployment platforms (like VMware ESXi and Hyper-V).

Note

To obtain access to the relevant CE as a VM platform images, contact the Netskope Cloud Exchange Support team.

Support Matrix

Platform	Cloud Exchange Version	Deployment Format
VMware ESXi	5.0.0 (Beta)	OVA
AWS	5.0.0 (Beta)	AMI
Azure	5.0.0 (Beta)	Azure image
GCP	5.0.0 (Beta)	GCP image
Hyper-V	5.0.0 (Beta)	VM exported for Hyper-V

Sizing Matrix

Size	EPM	CPU/RAM(GB)	Disk Space (GB)	AWS Equivalent	Azure Equivalent	GCP Equivalent
Small	50k	6/8	152	C62XL	F8s_v2	E2 Series (Select Custom CPU and RAM)
Medium	100k	8/16	152	C62XL	F8s_v2	E2 Series (Select Custom CPU and RAM)
Large	200k	16/32	152	C64XL	F16s_v2	E2 Series (Select Custom CPU and RAM)

Note

All the CE as VM instances will require a minimum 152 GB of free disk space.

Deployment Options

OVA

Prerequisites

ESXi 6.7 or later.
Minimum 4 CPUs and 4GB RAM available in ESXi.
Minimum 152 GB of free disk space.
Download the Latest 5.0.0 Beta OVA file from either With Github or Without Github.
- With Github: Similar to the 4.2.0 version, where the plugins will be pulled from public GitHub repositories.
- Without Github: This build will contain the current GA and Beta plugins in the build and will not pull default plugins and plugin updates from GitHub.

Configure the OVA

Log in to your vSphere Client.
Select VMs and Templates from the Menu.
Select the Datacenter where you want to deploy CloudExchange.
Right-click on the Datacenter and click Deploy OVF Template.
Deploy the OVF Template wizard.
1. Select the OVF template. Select Local file, upload the latest OVA file, and then click Next.
2. Select a name and folder, and then click Next. Enter the virtual machine name and select the location for virtual machine.
3. Select a compute resource and then click Next.
4. Review the details and click Next.
5. Select a Storage that has a minimum of 150 GB of free disk space available and click Next.
6. Select networks and click Next.
7. When done, click Finish.
Wait for the import task to be finished.
Select the Deployed VM and click Edit Settings.
Change the CPU and Memory of the VM according to your profile requirements and click OK (for a medium profile, 8 CPU and 16GB RAM are required).
Power on the VM.
Launch the web console after powering on the VM.
Wait for the login prompt, and log in using the following these credentials. Change the password with a more secure string.
Username: cteadmin
Password : Cl0ud3xc4ang3!
If your network has DHCP enabled the VM will get its IP assigned. Run the following command $ ip addr to verify whether ip is assigned to the eth0 interface or not. If IP is not assigned automatically, reach out to your IT administrator and follow How to assign ip using netplan.
After the IP is assigned, set up CE using one of these options:
- For standalone installation of Cloud Exchange, use these commands:
```
 	$ cd /opt/cloudexchange/cloudexchange
 	$ ./setup
```
  Complete the setup.
```
$ ./start
```
- For HA installation of Cloud Exchange follow HA installation guidelines.
Wait for 5-10 minutes and then access the CE using the IP address of VM.

Increase the Size of Disk/Volume (Optional)

The following steps will only increase the disk/volume size. After performing the steps, follow Extend File system to new size of Disk/Volume (Optional) to increase the file system size.

Select the VM in which you want to increase disk space.
Power Off the virtual machine.
Click Edit Settings.
Change the Hard disk 1 size as per your requirements and click OK.
Power On the VM.
After the machine starts, follow the Extend File system to new size of Disk/Volume (Optional).

Security Guidelines

We recommend changing the password of the VM to a super secure password and remember it for future login to Virtual machine. If the new password is forgotten then there is no way to recover the VM.

Restrict SSH access to specific IP addresses. Please consult with your IT team for these.

Azure

Prerequisites

Azure account with necessary rights to create virtual machines
Enough CPU and RAM quota (according to your instance size) to create a Virtual Machine
Minimum 152 GB disk space is require

Configure the Azure Virtual Machine

Log in to Azure portal.
Search for Virtual Machine and open it.
Click Create and then Azure virtual machine.
Create a virtual machine.
1. Select your “Subscription” and “Resource group” where you want to create a Virtual Machine
2. Select “Size” of the machine according to your requirements (i.e small, medium, large)
3. You will need to select either of the following images from All image
  - With Github : cloud-exchange-5-0-0-beta-with-github-20231107
    Similar to 4.2.0 version where the plugins will be pulled from public GitHub repositories.
  - Without Github: cloud-exchange-5-0-0-beta-without-github-20231107.
    This build will contain the current GA and Beta plugins in build and will not pull default plugins and plugin updates from github.
4. Click See all images.
5. Click Community Images and search for cloud-exchange-5-0-0, and then select the image per your requirement.
6. Configure an Administrator account.
  1. Select Password as the Authentication type.
  2. Enter the following username and password:
    - Username : cteadmin
    - Password : Cl0ud3xc4ang3!
7. Select the License Type as Other.
8. Click Review + create.
9. Once validation is successful, click Create.
10. Wait for the Virtual Machine to be created (it will take around 15-30 minutes).
  Ignore the Your deployment failed error.
11. Open the Virtual Machine in Azure and click the Networking tab.
12. Click Add inbound port rule.
13. Select HTTPS from the Service dropdown, and then click Add.
14. Add one more ports for SSH access and restrict source IP (add your public IP from where you can access the machine).
15. Ignore following warning.
16. After successful setting up networking rules now, you need to configure Cloud Exchange
17. SSH into machine with the cteadmin user credentials from previous steps.
  1. You will be asked to change the password of the cteadmin user of VM; we recommend you to change it a super secure one.
```
$ ssh cteadmin@ip-address-of-vm
```
  2. Now SSH into to VM with new password and run following commands to configure standalone CE.
    - For standalone installation of Cloud Exchange follow below commands
```
$ cd /opt/cloudexchange/cloudexchange
 $ ./setup
```
      Complete the setup
```
$ ./start
```
    - For HA installation of Cloud Exchange follow HA installation guidelines.
  3. Wait for 5-10 minutes and then access the CE using the IP address of VM.
  Increase Size of Disk/Volume (Optional)
  
  The following steps will only increase the disk/volume size. After performing the steps follow Extend File system to new size of Disk/Volume (Optional) to increase the file system size.
  1. Open Virtual Machine details of which you want to increase disk space and “Stop” the machine if it’s running. Wait till the Status changes to Stopped (deallocated).
  2. Click Disks on the left Navigation menu.
  3. Open details of the OS disk. The initials of disk name will match to the name of the Virtual Machine.
  4. Once the OS disk details page is opened click on “Size + performance”.
  5. Change “Custom disk size (GB)” as per your requirement and then click on “Save” and wait for the disk to be updated.
  6. Go to Virtual machine again and start the Virtual Machine.
  7. Now wait for 5 mins and then follow Extend File system to new size of Disk/Volume (Optional)
  Security Guidelines
  - We recommend changing the password of the VM to a super secure password and remember it for future login to Virtual machine. If the new password is forgotten then there is no way to recover the VM.
  - Restrict ssh access to specific IP addresses from Networking tab of Virtual Machine
  AWS
  
  Prerequisites
  1. An AWS account.
  2. Minimum 152 GB disk space is required.
  Configure the EC2 Instance
  1. Log in to your AWS account.
  2. Open EC2 service in your preferred region.
  3. Click Launch Instance.
  4. Enter a name for this new instance.
  5. Select either of following AMI image from My AMIs tab:
    - With Github : cloud-exchange-5-0-0-beta-with-github-20231107.
      Similar to 4.2.0 version where the plugins will be pulled from public github repositories.
    - Without Github : cloud-exchange-5-0-0-beta-without-github-20231107.
      This build will contain the current GA and Beta plugins in build and will not pull default plugins and plugin updates from github.
  6. Select an appropriate Instance type according to your profile (like c5.xlarge).
  7. For Key pair, select Proceed without a key pair.
  8. For Firewall:
    - Allow SSH traffic from My IP only.
    - Check Allow HTTPS traffic from the internet.
  9. Click on a launch instance.
  10. Once the machine is started, follow these steps to log in.
    1. Copy the Public IPv4 DNS and run this ssh command from your machine’s terminal or from putty
```
$ ssh cteadmin@public-ipv4-dns
```
    2. Enter password : Cl0ud3xc4ang3!
  11. On a first time login, you will be asked to change password of cteadmin user, so change the password to super secure string and keep it safe for later access to machine.
  12. Log in to EC2 with the new password.
  13. Use on of these options to set up a standalone CE.
    - For a standalone installation of Cloud Exchange, use these commands:
```
$ cd /opt/cloudexchange/cloudexchange
 	$ ./setup
```
      Complete the setup.
```
$ ./start
```
      Now wait for few mins for the CE to be started.
    - For an HA installation of Cloud Exchange, follow the HA installation guidelines.
  14. Now open IP public-ipv4-dns with https protocol in the browser and start using CE.
  Increase Size of Disk/Volume (Optional)
  
  The following steps will only increase the disk/volume size. After performing the steps follow Extend File system to new size of Disk/Volume (Optional) to increase the file system size.
  1. Stop EC2 instance in which you want to increase disk size
  2. Open details of EC2 instance and click on “Storage” and then it’s associated volume.
  3. Modify the volume.
  4. Change Size as per your requirements and click on the “Modify” button.
  5. Click Modify on the confirmation popup.
  6. Now wait for 5 mins, and then follow Extend File system to new size of Disk/Volume (Optional)
  Security Guidelines
  - We recommend changing the password of the VM to a super secure password and remember it for future login to Virtual machine. If the new password is forgotten then there is no way to recover the VM.
  - Restrict SSH access to specific IP addresses only
  GCP
  
  Prerequisites
  1. A GCP account.
  2. Minimum 152 GB disk space required.
  Configure theGCP VM Instance
  1. Log in to the GCP account and open the Project where you want to deploy Cloud Exchange.
  2. Search for Compute Engine, and click VM instances, and then Create Instance.
  3. Enter name of the instance and select Region and Zone.
  4. Select a Machine configuration and Machine type as per your profile requirements by clicking on Custom (like 8 CPU and 16GB RAM for a medium profile).
  5. Scroll down to the Boot disk section and click Change.
  6. Click on Custom images and search for latest version of “cloud-exchange-5-0-0” and select the image:
    - With Github : cloud-exchange-5-0-0-beta-with-github-20231107. Similar to 4.2.0 version where the plugins will be pulled from public github repositories.
    - Without Github : cloud-exchange-5-0-0-beta-without-github-20231107. This build will contain the current GA and Beta plugins in build and will not pull default plugins and plugin updates from github.
  7. Select Boot disk type per your organization’s recommendation and click Select.
  8. Scroll down to Firewall and select Allow HTTPS traffic, and then click Create.
  9. Now wait for machine to be started.
  10. Once the machine is started please follow the below steps to configure CE.
  11. Copy the Public IPv4 and run this ssh command from your machine’s terminal, or from putty:
```
$ ssh cteadmin@public-ipv4
```
    Enter this password : Cl0ud3xc4ang3!
  12. On first time login you will be asked to change password of cteadmin user, please change the password to super secure string and keep it safe for later access to machine.
  13. Now again login to EC2 with new password.
  14. Choose an option to set up CE:
    - For standalone installation of Cloud Exchange follow below commands
```
$ cd /opt/cloudexchange/cloudexchange
 	$ ./setup
```
      Complete the setup.
```
$ ./start
```
      Now wait for few mins for the CE to be started.
    - For HA installation of Cloud Exchange follow HA installation guidelines.
  15. Now open IP public-ipv4-dns with https protocol in the browser and start using CE.
  Increase Size of Disk/Volume (Optional)
  
  Note : Following steps will only increase the disk/volume size. After performing the steps follow Extend File system to new size of Disk/Volume (Optional) to increase the file system size.
  1. Open details of the VM for which you want to increase disk size and stop it.
  2. Wait for machine to be stopped, and then scroll down to Storage and open the first Boot disk. The name of disk will be same as your VM name.
  3. Edit the disk by clicking on the “:” menu and Edit.
  4. Change the disk size as per your requirement and click Save.
  5. Now wait for the disk to be updated, and then follow the Extend File system to new size of Disk/Volume (Optional).
  Troubleshooting
  
  Not able to install any third-party package in instance. While installing any additional package using apt if you face error like below, run the following command to fix the error.
```
$ sudo sed -i 's/UNAVAILABLE/focal/g' /etc/apt/sources.list && sudo apt-get update
```
  Security Guidelines
  - We recommend changing the password of the VM to a super secure password and remember it for future login to Virtual machine. If the new password is forgotten then there is no way to recover the VM.
  - Restrict SSH access to specific IP addresses only, update your firewall security settings for the same.
  Hyper-V
  
  Prerequisites
  1. A Hyper-V account.
  2. Minimum 4 CPUs and 4GB free RAM available on the server.
  3. Minimum 152 GB free disk space.
  4. Download the Hyper-V virtual machine zip file from here
  Configure the Hyper-V Virtual Machine
  1. Unzip the downloaded virtual machine file.
  2. Open Hyper-V manager and right-click on the server where you want to install Cloud Exchange, and click Import Virtual Machine….
  3. Click Next on the Before you begin page.
  4. Locate the folder where you have extracted the zip file and click Next.
  5. Select the virtual machine and click Next.
  6. Choose the import type Copy the virtual machine (create a new unique ID) and click Next.
  7. (Optional) Choose the destination and click Next.
  8. (Optional) Choose Storage Folders and click Next.
  9. Configure the memory according to your profile (like small, medium, large) and click Next. Make sure your server has sufficient free memory available.
  10. Click Finish.
  11. Wait for machine to be imported, right-click on newly import virtual machine, and then click Settings.
  12. Click Processor and change the processor according to your profile (like medium, large, etc.), and then click OK.
  13. Right-click and go to Settings > Network Adaptor.
  14. Select the value for Virtual Switch to Default Switch and click OK.
  15. Now start the virtual machine. Right-click on the virtual machine and click Start.
  16. Now connect to virtual machine.
  17. Log in to your virtual machine by using these credentials:
    - Username : cteadmin
    - Password : Cl0ud3xc4ang3!
  18. Change the default password to more secure password, and re-login to the VM.
  19. Choose one of these options to set up a standalone CE.
    - For a standalone installation of Cloud Exchange, use these commands.
```
$ cd /opt/cloudexchange/cloudexchange
$ ./setup
```
      Complete the setup.
```
$ ./start
```
      Now wait for a few minutes for the CE to be started.
    - For HA installation of Cloud Exchange, follow the HA installation guidelines.
  20. Now open your virtual machine IP with the HTTPS protocol in the browser and start using CE.
    - - Run this command to know the ip address of virtual machine (check ip of eth0 interface)
```
$ ip addr
```
  Increase Size of Disk/Volume (Optional)
  
  Theollowing steps will only increase the disk/volume size. After performing the steps follow Extend File system to new size of Disk/Volume (Optional) to increase the file system size.
  1. Turn off the Virtual Machine for which you want to increase the disk size. Select the Virtual Machine and right-click on it to open options menu.
  2. Open Settings of Virtual Machine of which you want to increase disk size from Hyper-V manager of Windows server. Select the Virtual Machine and right-click on it to open the options menu.
  3. Select Hard Drive for the SCSI Controller and click Edit.
  4. Click Next in Locate Virtual Hard Disk.
  5. Select the Expand option and click Next in the Choose Action section.
  6. Enter a New size as per your requirement in the Configure Disk section and click Next.
  7. Verify the new disk size and click Finish.
  8. Click OK in Settings for virtual machine.
  9. Start the VM and follow Extend File system to new size of Disk/Volume (Optional).
  10. Select the Virtual Machine and right-click on it to open the options menu.
  Security Guidelines
  
  We recommend changing the password of the VM to a super secure password and remember it for future login to Virtual machine.If the new password is forgotten then there is no way to recover the VM.
  
  Validate the Instance Deployment
  
  If you’re able to SSH into a machine using the private or public IP of a VM with default credentials it indicates the instance is deployed properly.
  
  Extend File System to a New Size of Disk/Volume (Optional)
  
  Note : These steps are applicable only when you have increased the size of Disk/Volume.
  https://networklessons.com/uncategorized/extend-lvm-partition
  
  Migration
  
  Migration from a 4.2.0 standalone instance to CE as a VM instance (eg. ova, ec2, gcp instance)
  
  To preserve existing data (indicators, plugin configurations) while migrating from any version of CE 4.x to a higher version, follow the steps listed below.
  1. 1. SSH into current standalone instance
    2. Navigate inside the existing ta_cloud_exchange directory with the docker-compose.yml file.
    3. Stop the CE containers.
```
$ ./stop
```
      If the output of ./stop command is ./stop: No such file or directory, execute the following command:
```
$ docker-compose stop
```
    4. Grab the MONGO_DB password from the old setup. This will be required during the installation of the new setup (as the value for the Maintenance Password). If the Mongo password is lost, the data will not be retained.
    5. The MongoDB password can be found in docker-compose.yml (value of MONGODB_PASSWORD) or in the .env file (value of MONGODB_PASSWORD). Use this as the value for the Maintenance Password while running the setup in step 5.
    6. Create a zip file for Mongo and RabbitMQ data.
```
$ sudo zip -r ce_backup.zip data/mongo-data/ data/rabbitmq/data data/custom_plugins
```
    7. Add custom plugins to backup zip. This step is applicable only if you’re using custom plugins.
```
$ sudo zip -r ce_backup.zip data/custom_plugins
```
    8. Copy the backup to new CE as VM instance using this scp command.
```
$sudo scp ce_backup.zip cteadmin@<ip-of-vm>:/opt/cloudexchange/cloudexchange
```
    9. Now SSH into new CE as VM instance.
```
$ ssh cteadmin@<ip-of-vm>
```
    10. Go to the Cloud Exchange directory.
```
$ cd /opt/cloudexchange/cloudexchange
```
    11. Make sure Cloud exchange is not started yet.
    12. If it was started, stop it by running this command.
```
$ ./stop
```
    13. Restore the backup data using the unzip command.
```
$ unzip ce_backup.zip
```
      You might will be asked to replace the data, select “A” to replace all the data.
    14. Execute the setup script and follow the steps:
```
$ ./setup
```
      Make sure you enter the same password that you noted down on step 4 of migration.
    15. Launch the Cloud Exchange (do not use sudo).
```
$ ./start
```
      Please check the configured plugins after migration, you may need to re-configure some plugins due to new plugin changes.
    The UI is now accessible with the system’s IP (like I).
    
    Troubleshooting
    
    How to assign IP using netplan
    - Sample config file can be found at following location.
```
/home/cteadmin/netskope_netplan_sample.yaml
```
    - Refer a below open source documentations which can be helpful to assign ip address using netplan:
    - https://linuxhint.com/configure-static-ip-netplan/
    - https://medium.com/@chatila/configure-static-ip-address-on-ubuntu-20-04-916fe410fda3
    Cannot complete setup because of timeout error
    - If you’re facing the following error “Error occurred while verifying connectivity to ***”, because of network connectivity issues.
      What to do: If you’re facing network connectivity issues while running setup for the first time please run one more time.
    - If the error persists please reach out to your IT admin as this is a network connectivity issue.
      
      ERROR: for *** UnixHTTPConnectionPool
      
      If you’re facing the following error “ERROR: from core UnixHTTPConnectionPool” please follow the below steps to resolve the error.
      What to do: If you’re facing the above error, please down the container and run the start script.
      Refer the following commands:
```
$ cd /opt/cloudexchange/cloudexchange
```
```
$ docker-compose down
$ ./start
```
    ERROR: Failed to Setup IP tables
    
    If you are facing following error “ERROR: Failed to Setup IP tables:” please follow below steps to resolve the error.
    
    What to do: If you’re facing the above error, please restart the docker service as this issue might have occurred after enabling firewall (e.g. firewalld or ufw).
```
$ sudo systemctl restart docker
```
    Limitations
    - All deployment formats come with 150 GB of disk space and it cannot be decreased.
    - Azure image users might see “Your deployment failed” error when they create a virtual machine from an Azure image. This error can be ignored as long as the user is able to do SSH into the virtual machine.