Skip to content

Verity VM Installation (VMware 7.0.3)πŸ”—

IntroductionπŸ”—

The Verity management and orchestration system is comprised of three functional components, all of which are instantiated as Virtual Machines (VMs). This document describes the installation and configuration of these VMs within a VMWare ESXi server.

Resource CalculatorπŸ”—

Use the Verity VM Resource Calculator to determine system resources.

Virtual Machine OverviewπŸ”—

Verity’s three VM functional components:

Virtual Machine Function
Virtual Network Commander (vNetC) Orchestration logic, GUI hosting, northbound RESTful API, and databases.
Software Defined LAN Controller (SDLC) The SDLC VM is comprised of a series of containers that map one-to-one to the managed switch devices. Network discovery, device provisioning, and network assurance. The SDLC serves as the abstraction layer between the managed switch and the vNetC by translating the native management protocols into the vNetC’s NETCONF interface and Yang model.
Monitoring The Monitoring VM is comprised of various containers that collect, process and display the network device details that are managed by Verity.

Virtual Machine TopologyπŸ”—

Below is the basic VM and hardware topology for reference:

Recommended Network Management Architecture

Each system requires a management subnet that can support 5 system IP addresses as well as 3 IP addresses per managed switch. The breakdown is as follows:

IP address Allocations for Management Component Allocation
Verity System components vNETC LAN side, SDLC, ACS, GuiA, Monitoring 5 Static Addresses
Managed Switches Verity Switch Controller 1 Dynamic Address per switch
Managed Switches Switch in ZTP Process 1 Dynamic Address per switch
Managed Switches Switch post ZTP Process 1 Static Address per switch

The orchestration platform (vNETC) is configured on the customer’s network with one static IP address to be accessed by users.

The following diagram shows the recommended management network architecture. Variations are possible based on individual customer’s network needs.

PrerequisitesπŸ”—

  1. vNetC
    1. Resolvable, fully qualified domain name
    2. Static IP address, gateway, DNS servers
    3. Valid Verity license
  2. SDLC
    1. IP addressing per table above. This must be routable to the vNetC!
  3. Controllers (within SDLC)
    1. IP Addressing per table above. The diagram above shows that the controllers are bridged to NIC 2 of the SDLC. The IP must be on the same VLAN/subnet as the SDLC!
  4. Monitoring
    1. IP addressing per table above. This must be routable to the vNetC!
  5. ESXi
    1. Compute resources meeting Verity requirements based on the number of switches being managed. See Resource documentation for computing CPU and memory needs.
    2. Virtual Switch
      1. The vNetC and SDLC should be on the same virtual switch in ESXi or at minimum they must be routable.
      2. Your system requires promiscuous mode to be set to enabled.
  6. Routable or switched network between Verity components and managed switching devices
    1. If using a router or firewall between Verity and the switches, the following ports must be allowed to pass.
      1. Port 8080 for gNMI
      2. Port 80 - HTTP
      3. Port 443 - HTTPS
      4. Port 22 - SSH
      5. Port 161 - SNMP

Obtaining the vNetC, SDLC and Monitoring VM Images and FilesπŸ”—

Obtain the following files from BE Networks:

Description Filename Example File Type Notes
vNetC VM Image vNetC-x_x_x_x.ova VMware OVA Resources including vCPU and memory should be adjusted based on iVN resource needs documentation. Networking will need to be altered to the correct virtual switch names used in the server
vNetC β€œcore” Upgrade core-x_x_x_x- full.tar tarball vNetC needs to be updated via GUI SD-Admin immediately after configuration and boot
SDLC VM Image SDLC-x_x_x_x.ova VMware OVA Resources including vCPU and memory should be adjusted based on iVN resource needs documentation. Networking will need to be altered to the correct virtual switch names used in the server
SDLC Binary Firmware Upgrade firmware-x_x_x_x.tar tarball SDLC should be upgraded via web page immediately after configuration and boot
Monitoring VM Image verity-monitoring_x.x.x.ova VMware OVA Resources including vCPU and memory should be adjusted based on iVN resource needs documentation. Networking will need to be altered to the correct virtual switch names used in the server
Monitoring Software Upgrade verity-monitoring_x.x.x.tar tarball Monitoring needs to be updated via GUI SD-Admin immediately after configuration and boot
License license.cms or sitexxxxx.tar License file Is uploaded using GUI
Firmware Upgrade Package firmware-x_x_x_x.tar Binary SDLC should be upgraded via web page immediately after configuration and boot

Create the vNetC Virtual MachineπŸ”—

  1. Go to Virtual Machines.
  2. Click Create/Register VM.
  3. In the window that appears select Deploy a virtual machine from an OVF or OVA file.
  4. Click Next.
  5. Enter a name for the VM and upload the vNetC VM Image OVA file via the prompt that says Click to Select file or drag/drop.
  6. Click Next.
  7. Select the desired data store options. Click Next.
  8. Set the Deployment options and network mappings to the correct Port Group. . This Port Group must be set to promiscuous mode.
  9. Click Next.
  10. Review the settings and if they are correct, click Finish.
  11. The VM creation process will start. When the process completes the progress bar in Recent tasks at the bottom of the screen will say Completed Successfully.

Configure the vNetC from the ConsoleπŸ”—

This step requires you to configure the vNetC with an IP address and Fully Qualified Domain Name (FQDN). To do so, you need to open the VM console.

  1. Select your VM under the Virtual Machine column and click Console/Open browser console.
  2. The VM console appears. The vNetc initialization may take several minutes. While waiting you can press Enter and wait for login prompt.
  3. Login to the vNetC with username root and password vnc1234.
  4. Enter a new password if prompted (new password = vnc1234). If not prompted for the password, you can continue to use the default password or change it with the passwd command.
  5. Run the administration application from the shell by typing ns_admin and pressing Enter.
  6. You are prompted to enter a web user interface admin account password (ex. admin). Document the password you choose as it will be required for GUI authentication later in the process. It is very important that you remember the password!
  7. Press Enter when complete.

Special Instructions for Port Group Security without promiscuous mode

In cases where the system is installed without Device Controllers, it is possible to use default VMWare security for the SDLC interfaces. In this case, an extra connection from the SDLC VM is used for the ACS. If not using this case, then skip the following instructions and resume with Network Configuration in step 11.

  1. In the Admin Menu, select SD-LAN Features
  2. Disable option 8 - Virtual Machine promiscuous interfaces allowed

  3. Save Settings

  4. In the Admin Menu, select Network Configuration.

  5. Press Enter.
  6. Select FQDN (Fully Qualified Domain Name). Press Enter and set to the desired Fully Qualified Domain Name. If the field is prepopulated, it is required that you replace the default text with your own FQDN.
  7. Verify that WAN IP DHCP is disabled. If WAN IP DHCP is enabled, disable it using the menu.
  8. Select WAN Static IP Settings, press enter.
  9. Enter the following information:
    1. IPv4 Address and subnet in CIDR format (x.x.x.x/#)
    2. Default Route (Gateway)
    3. DNS Server 1 & DNS Server 2 (optional)
  10. Return to the network configuration menu.
  11. Save Settings.
  12. Follow the prompt and the VM will reboot with the new settings configured.

Install the License (required) and Upgrade to the Latest vNetC Core SoftwareπŸ”—

  1. Use Chrome Web Browser to access the vNetC IP address that was just configured.
  2. At the login prompt enter username admin and the administration password configured in the menu during installation. These are the credentials you entered in step 3 of Configure the vNetC from the Console.
  3. When the window appears, record the information on the Licensing tied to line. Provide this information to BE Networks to obtain your license file.
  4. After you obtain your license.cms file you are required to upload it to the application. In the License window select data center or campus (depending on your system). Use the drag and drop palette to upload the file or browse for the file. The license file may also be embedded in a \<filename>.tar file and this can also be directly imported and the system will extract the license.cms file.
  5. After you upload the file make sure a success message is presented.
  6. Click the button that says Complete.
  7. After the Verity window has fully completed populating select the Administration button (lower left).
  8. Select Software Packages tab (top of screen) and click vNetC Packages.
  9. Using the Browse Files (or drag and drop) field, import the vNetC Core Upgrade file provided by BE Networks.
  10. When the process is complete you are presented with a success message.
  11. Click the Deploy button.
  12. When prompted to continue, click Yes. The software updates.

Temporary Error Message

You may see an error titled Fatal Error WebSocket Error: Connection lost -2 appear, this is normal. The browser may temporarily say that the site cannot be reached. When the process is done the landing page will render.

  1. If you see a migrations prompt click Accept. .
  2. If you see a tan prompt that says GuiA not attached, no GuiA Switch, clear the message by clicking it.
  3. The display should look like the following image:
  4. Go back to the VNC Console in VMware and type poweroff in the CLI. This will cleanly shutdown the VNC.

Congratulations

You have now successfully installed the VNetC VM.

Create the SDLC Virtual MachineπŸ”—

  1. Go to Virtual Machines. Click Create/Register VM.
  2. In the window that appears select Deploy a virtual machine from an OVF or OVA file.
  3. Click Next.
  4. Enter a name for the VM and upload the SDLC VM Image OVA file via the prompt that says Click to Select file or drag/drop. Click Next.
  5. Select the desired data store options. Click Next.
  6. Set the deployment options. Click Next.
  7. Review the settings and if they are correct, click Finish.
  8. The VM creation process will start. Wait until you see the message Completed Successfully.

Special Instructions for Port Group Security without promiscuous mode

In cases where the system is installed without Device Controllers, it is possible to use default VMWare security for the SDLC interfaces. In this case, an extra connection from the SDLC VM is used for the ACS. If not using this case, then skip the following instructions and resume with the next section - Configure the SDLC from the Console

  1. Power down the SDLC VM
  2. Edit Settings
  3. Connect Network Adapter 3

Configure the SDLC from the ConsoleπŸ”—

The SDLC must be configured with a Static IP address and the vNetC FQDN.

  1. Select the SDLC from the VMWARE ESXi interface and click the Console tab.
  2. Select Open browser console.

  3. The console appears.

    DHCP Error Messages

    During the following process DHCP errors may appear. These can be ignored.

  4. Press Enter to get the login prompt, enter username: admin and password: admin.

  5. At the command line interface (CLI) press Enter to see a list of options.
  6. Select Admin and press Enter.
  7. Type Wizard and press Enter.

Note

If vNetC and SDLC (GuiA, ACS) are on different subnets, it is recommended to have three consecutive static IP addresses on the same subnet for GuiA, ACS and DHCP. However, if vNetC is on the same subnet as GuiA, ACS and DHCP, it is recommended to use four sequential IP addresses.

Prompt Answer
Enter new hostname SDLC
Enter MGMT IP or enter 'd' to use DHCP Enter management IP
Enter URL connection protocol http
Enter default gateway IP/Prefix in CIDR format Enter the default gateway IP address
Enter ACS IP or type 'none' to remove config Enter IP
Enter vNetC FQDN or IP vNetC IP address
Enter DNS server Enter DNS server IP
Enter Comma separated NTP server(s) Enter vNetCs IP address
Enter ACS url Press Enter or Enter a different url
  1. Type y and press Enter
  2. Reboot is required for any changes to take effect. In the console, type reboot and press Enter.

Power On the vNetCπŸ”—

  1. In the VMware ESXi interface power on the vNetC. This takes a few minutes.
  2. Open the GUI and select Administration/Network.
  3. Select the Settings tile.
  4. Set up the Management VLAN used to access the Management network. This field is required even if your management switches are using untagged connections.

  5. For Permissible IP Address Ranges on Managed Devices enter the relevant IP address range (IP address and Mask).

    Permissible IP Range Requirement

    The range entered MUST include SDLC components.

  6. Click the Save button to save your settings. ().

  7. Wait until the process is finished. The application landing page resembles the image below when all processes have been completed.

Update SDLCπŸ”—

  1. In Topology/Topology uncheck the box titled Disable Upgrades .
  2. Click the Administration tab.
  3. Click Software Packages.
  4. Double-click Image Packages.
  5. Select and place the SDLC Binary Firmware Upgrade firmware file on the Drag & Drop area or use the Browse Files button to select the file.
  6. When uploaded, you are prompted with a green success message.
  7. Deploy the upgrade by clicking the Deploy button.
  8. A validation message appears. Click Yes.
  9. Wait while the package is applied.
  10. Click the Administration icon then click the VNFs panel.
  11. Double click the SDLC section.
  12. Double click the box with the title of SW Version.
  13. Set the Target Package field to the Firmware version .
  14. Click the Save button ().
  15. Click Yes to the validation message.
  16. Let the process complete.
  17. When the window appears the initial state of System Applications are offline. When the System Applications come online their LED icons render green. This may take up to 5 minutes. Admin/VNFs

Site CertificateπŸ”—

In order to avoid having to accept the self signed certificate delivered with the system you will need to add a server.pem file to the system. This will need to be obtained from your internet domain administrator.

  1. Go to Administration/Certificates/Vnetc Server Certificates
  2. Click on vNetC Server Certificate box.
  3. Drag and drop the server.pem file.

Create the Monitoring VMπŸ”—

Procedure:

  1. Go to Virtual Machines.
  2. Click Create/Register VM.
  3. In the window that appears select Deploy a virtual machine from an OVF or OVA file.
  4. Click Next.
  5. Enter a name for the VM and upload the Monitoring VM OVA file via the prompt that says Click to Select file or drag/drop.
  6. Click Next.
  7. Select the desired data store options.
  8. Click Next.
  9. Set the Deployment options – Network mappings to the correct Port Group.
  10. This Port Group must be set to promiscuous mode.
  11. Click Next.
  12. Review the settings and if they are correct.
  13. Click Finish.
  14. The VM creation process will start. When the process completes the progress bar in Recent tasks at the bottom of the screen will say Completed Successfully.

Configure Monitoring VM from the ConsoleπŸ”—

This step requires you to configure Monitoring with an IP address, default gateway, and DNS servers. Then the script will ask for the Fully Qualified Domain Name (FQDN) of the VNetC so it knows how to connect the monitoring dashboard. To do so, you need to open the VM console.

  1. Select your VM under the Virtual Machine column and click Console/Open browser console.
  2. The VM console appears. The Monitoring initialization may take several minutes. While waiting you can press Enter and wait for login prompt.
  3. Login to Monitoring with username verity and password vnc1234.
  4. Enter a new password. Remember this password.
  5. Run the setup application from the shell by typing sudo ./setup.sh and pressing Enter.
  6. Enter the following information :
    1. IPv4 Address and subnet in CIDR format (x.x.x.x/#)
    2. Default Route (Gateway)
    3. DNS Servers seperated by a comma
  7. Enter the FQDN or IP address of the vNetC host.
  8. Press Enter.
  9. Setup of monitoring is complete. The display will show the current settings and provide a note about if you need to make changes in the future, re-run this script.
  10. Type sudo reboot to reboot the VM for all the settings to take effect. After the reboot, it takes about 3 minutes for the Docker containers to start up and to announce itself to the vNetC.
  11. When the Monitoring VM connects to the vNetC, in Verity, a Growl with the MAC Address of the Monitoring VM will appear. Once this does, use the refresh button on Chrome.
  12. There will be a new dashboard icon in the top left corner showing the Monitoring Dashboard. Also, the Monitoring Dashboard will be the new startup screen.

Upgrade to the Latest Monitoring SoftwareπŸ”—

  1. Upgrade the Monitoring software via the vNetC Web Administration.
  2. Use Chrome Web Browser to access the vNetC IP address that was just configured.
  3. At the login prompt enter username admin and the administration password configured in the menu during installation. These are the credentials you entered in step 3 of Configure the vNetC from the Console.
  4. From the Administration web page, select the Software Packages and click Application Packages.
  5. Using the Browse Files (or drag and drop) field, import the Monitoring Upgrade file provided by BE Networks.
  6. When the process is complete you are presented with a success message.
  7. Click the Deploy button.
  8. When prompted to continue, click Yes. The software updates.

Wait for System

It take about 5 minutes for the tarball to be uploaded to the Monitoring VM, and the changes to be applied and the new containers started up. If you SSH into the Monitoring VM, and go to the /be_install directory, you will see the tarball uploaded. If you run sudo docker ps you will see the uptime of the containers to be less than 5 minutes online letting you know that everything is updated. We are working on adding a panel to Monitoring Dashboard that will show the latest installed Version.

Congratulations

Verity has been successfully installed. Treat yourself to an iced coffee!