The CGW requires a single virtual machine (VM) to deploy on Hyper-V host. For High-Availability (HA) deployment, you will need two VMs on two separate Hyper-V hosts.
For Modern Workplace security use case, you will create a VM with at least two network interfaces (a LAN interface and a WAN interface). If you plan to leverage SD-WAN capability, you will need two WAN interfaces. Similarly, if you have multiple LANs, you can create as many LAN interfaces on the VM as you wish.
Hyper-V with version 10.0.x or above
Valid Administrator credentials to deploy or manage VMs/Networks
Ubuntu ISO - download it from here
Download and store ISO in on local hard drive
Existing network configuration which provides Internet access
Existing network configuration which provides connectivity to private resources
Open Hyper-V Manager UI and click on New
Click on Virtual Machine…
Specify VM Name and click on Next
Select Generation 1 and click on Next
Specify Memory [minimum 2GB] and click on Next
Configure Networking, by selecting Connection.
Select network which provides access to Internet, this will become primary interface for WAN connectivity.
Specify Hard Disk Size [minimum 30GB] and click on Next
Select Installation Media . Click on Browse and navigate to path where the ISP is downloaded
Select the ISO which was downloaded previously in first step. Click on Next
Verify VM summary and click on Finish
From Hyper-V UI, select the CGW VM, right click and select Settings…
Select Processor and specify no. of CPU or processors [minimum 2]
Click on Apply and OK
Configure LAN interface by accessing VM Settings…
Click on Add Hardware
Select Network Adapter and click on Add
Click on OK to complete
Select newly added network Adapter and from drop down list, select the network which will provide access to private/LAN resources.
Click on Apply and OK to finish the configuration
On Hyper-V UI, select CGW VM, right client and click on Start to power on
Connect to CGW VM
On Hyper-V UI, select VM, right click and select Connect option
Follow typical Ubuntu installation steps as UI displays. For reference, all the installation steps can be checked below:
Select interface Name
Press space button to expand
Select Edit IPv4 and press space button to expand
If ESXi network provides DHCP IP then select Automatic (DHCP)
If ESXi network does not provide DHCP IP, then select Manual and configure IP address
Save configuration and continue
Provide inputs, and specify username with password
Select Install Open SSH Server and press Done
Press enter on Reboot now , after installation/updates
Once VM boots, press Enter , when VM console displays Remove installation medium and press enter
Login to VM using username and password which was created during installation
After login check VM has an IP address with DHCP or manual configuration [Use ip addr command to check configuration]
Check WAN connectivity [Use ping 8.8.8.8 and ping google.com ]
In case DNS resolution fails, add nameservers 8.8.8.8 entry in /etc/resolv.conf and try ping google.com again
Check internal/private application servers on the LAN are accessible from the VM.
Ping internal/private application server IP to verify connectivity
Internet / WAN connectivity is required to install CGW software and connect it to Cyber Mesh
SSH to CGW VM IP, which will be required to copy command on VM terminal
To create a Single-Interfce Cyber Gateway (CGW-SIF), follow the steps below.
Navigate to the MSP admin console -> Client Workspace
Click on Gateways in the left menu bar → Add Gateway
Make sure LAN/WAN Interface is selected
Enter a name for the cyber gateway, admin email and phone number
Specify the LAN Subnet , this is the subnet that you like to remotely access in the AWS cloud
Select Allowed User Groups (you can give access to the whole organization or a select group)
Mark DHCP Server with No. Mark HA and VLAN Network Segments as per requirements. [Recommended is no if they are not being used]
Click Update
Copy the Script for the cyber gateway you just created as shown in the screenshot below
Paste the Script in the VM SSH console
Press Enter
The Cyber gateway deployment will start. At this time, you can leave the deployment running unattended. You will receive an email on the admin email that you specified earlier when the deployment is complete. You can also check the status of the cyber gateway in the Exium admin console. When cyber gateway is deployed successfully and connected, you will see a Green Connected Status as in the screenshot below.
Once the cyber gateway is deployed successfully and connected, you can start testing the Zero Trust Secure Private Access policies.