Installation and Upgrade Guide for the Cisco Secure Access Control System 5.3
Installing ACS in a VMware Virtual Machine
Downloads: This chapterpdf (PDF - 949.0KB) The complete bookPDF (PDF - 4.43MB) | Feedback

Table of Contents

Installing ACS in a VMware Virtual Machine

Virtual Machine Requirements

Evaluating ACS 5.3

Configuring the ESX 3.5, 4.0, 4.1, i4.1, or 5.0 Server

Install VMWare Server

Install VMware Infrastructure Client

Configuring the VM for ESX 3.5 or 4.0

Configuring the VM for ESX i4.1 or ESX5.0

Preparing the VM for ACS Server Installation

Configuring the VM Using the DVD Drive

Installing the ACS Server on ESX 3.5 or 4.0

Installing the ACS Server on ESXi4.1 or ESX 5.0

VMware Hardening Requirements

Virtual Machine Requirements

The minimum system requirements for the virtual machine must be similar to the CSACS-1121 Series appliance hardware configuration.

Table 6-1 lists the minimum system requirements to install ACS 5.3 on a VMware virtual machine.

 

Table 6-1 Minimum System Requirements

Requirement Type
Minimum Requirements

CPU

2 CPUs (dual CPU, Xeon, Core2 Duo or 2 single CPUs)

Memory

4 GB RAM

Hard Disks

  • 500 GB of disk storage
  • 60 GB disk space if it is an eval version.

Note ACS calculates the available disk space during the installation process and if the disk space is less than 500 GB, it will get installed with 60 GB space.

NIC

NIC interface

Hypervisor

VMware ESX 3.5, 4.0, 4.1, i4.1, or 5.0

Evaluating ACS 5.3

For evaluation, ACS 5.3 can be installed in a VMware ESX virtual machine. When evaluating ACS 5.3, you can configure less disk space in the virtual machine, but a minimum disk space of 60 GB is required.

To download the ACS 5.3 software:


Step 1 Go to the following link:

http://cisco.com/go/acs

Step 2 Click Download Software.

You should have a valid Cisco.com login credentials to access this link.


 

To download a 90-day evaluation license:


Step 1 Go to the following link:

https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet?DemoKeys=Y

Step 2 Click the link available in the Licenses Not Requiring a PAK section.

You should have a valid Cisco.com login credentials to access this link.


 

VMware Server installations that use less than 500 GB of disk space are also not supported for production environment.

To migrate an ACS configuration from an evaluation system to a fully licensed production system, backup the configuration of the evaluation version and restore it to the production system. For more information on backup and restore, see Chapter7, “Upgrading the Cisco Secure Access Control System”

Configuring the ESX 3.5, 4.0, 4.1, i4.1, or 5.0 Server

To install the ACS server, you require a minimum disk space of 500 GB on the VM. This section describes how to set the minimum required disk space on the VM.

To change the disk space size on the VM, log into the ESX Server. Yo can check the following after you are logged in:

To verify the disk space size:


Step 1 Choose Configuration > Storage, and click Properties.

If the hard disk storage is 256 GB, you must change it to 512 GB.

Step 2 Change the hard disk storage to 512 GB by choosing Configuration > Storage.


 

To remove the default configuration:


Step 1 Click Remove .

A confirmation window appears.

Step 2 Click Yes .

The default configuration is removed.


 

To create a new virtual file size


Step 1 Choose Configuration > Storage > Add Storage Wizard .

You can find the Add Storage wizard at the upper-right corner of the configuration window.

Figure 6-1 Configuration Window

 

Step 2 From the Storage Type drop-down list, choose Disk/LUN and click Next .

Step 3 Choose 512 GB, 2 MB block size and click Next .

512 GB is the minimum block size required for installing VMware with ACS. However, ACS will use only 500 GB, even if you assign extra space in your VM.

Step 4 Click Finish .

The new VM with a 512 GB memory and a 2 MB block size is created successfully.


 

To check the new file size, choose Configuration > Storage , and click Properties.

Figure 6-2 displays the properties of a disk space created with the name ds1.

Figure 6-2 Disk Space Properties Window

 

Install VMWare Server

Install VMware Server with default option and proper IP Address.

Install VMware Infrastructure Client

VMware vSphere client is used to access VMware server from a remote location.

To install VMware Infrastructure client:


Step 1 Go to the following link.

http://IP Address of VMWare server

You should have a valid Cisco.com login credentials to access this link.

Step 2 Click Download to download the VMware vSphere client software.

Step 3 Run the Installer.

Step 4 Log into VMware server.

Figure 6-3 displays the Login window of the VMware server.

Figure 6-3 Login Window

The vSphere client window is displayed (.Figure 6-4)

Figure 6-4 vSphere Client Window

Step 5 Choose Help > About VMware vSphere to verify the VMWare ESXi and vSphere client versions.

Figure 6-5 displays the VMware vSphere versions.

Figure 6-5 About VMware vSphere

 


 

Configuring the VM for ESX 3.5 or 4.0

This section describes the VM configuration process using the VMware Infrastructure Client.

Before You Begin

Before installing the ACS server, verify that the VM has a minimum of 500 GB disk space. For more information, see Configuring the ESX 3.5, 4.0, 4.1, i4.1, or 5.0 Server.

To configure the VM:


Step 1 Log into the ESX Server.

Step 2 In the VMware Infrastructure Client, in the left pane, right-click your host container and choose New Virtual Machine.

The New Virtual Machine Wizard appears.

Step 3 In the Configuration Type dialog box, choose Typical as the VM configuration as shown in /5-3/installation/guide/csacs_book/csacs_vmware.html#79451">Figure 6-6, and click Next .

Figure 6-6 Virtual Machine Configuration Dialog Box

 

The Name and Location dialog box appears. (Figure 6-7)

Step 4 Enter a name you will use to reference the VM, and click Next .

Figure 6-7 Name and Location Dialog Box

 


Tip Use the hostname you will use for your VM host.


The Datastore dialog box appears. (Figure 6-8)

Step 5 Choose a datastore that has a minimum of 500 GB free space available, and click Next .

Figure 6-8 Datastore Dialog Box

 

The Guest Operating System dialog box appears. (Figure 6-9)

Step 6 Click the Linux radio button and from the Version drop-down list, choose Other Linux (32-bit) .

Figure 6-9 Guest Operating System Dialog Box

 

The Number of Virtual Processors dialog box appears. (Figure 6-10)

Step 7 From the Number of virtual processors drop-down list, choose 2 (if 2 is available); or you can choose and click Next .

Figure 6-10 Number of Virtual Processors Dialog Box

 

The Memory Configuration dialog box appears. (Figure 6-11)

Step 8 Enter 4096 MB , and click Next .

Figure 6-11 Memory Configuration Dialog Box

 

The NIC Configuration dialog box appears. (Figure 6-12)

Step 9 Choose 1 NIC , and click Next .

Figure 6-12 NIC Configuration Dialog Box

 

The Virtual Disk Capacity dialog box appears. (Figure 6-13)

Step 10 In the Disk Size field, enter 500 GB , and click Next .

Figure 6-13 Virtual Disk Capacity Dialog Box

 

The Ready to Complete New Virtual Machine dialog box appears. (Figure 6-14)

Step 11 Verify the configuration details, such as Name, Guest OS, Virtual CPU, Memory, and Virtual Disk Size, of the newly created VM.

Figure 6-14 Ready to Complete Dialog Box

 

Step 12 Click Finish .

The VM is installed.


 

To activate the newly created VM, right-click the VM in the left pane and choose Power On .

Configuring the VM for ESX i4.1 or ESX5.0

The host uses the virtualization software like ESXi server to run virtual machine. Host provides the CPU and memory resource to the virtual machine to access the storage and to connect to the network.

This section describes the VM configuration process using the VMware Infrastructure Client.

Before You Begin

Before installing the ACS server, verify that the VM has a minimum of 500 GB disk space. For more information, see Configuring the ESX 3.5, 4.0, 4.1, i4.1, or 5.0 Server

To configure the VM for ESXi 4.1 or 5.0, complete the following steps:


Step 1 Log into the ESX Server.

Step 2 In the VMware Infrastructure Client, in the left pane, right-click your host container and choose New Virtual Machine.

The New Virtual Machine Wizard appears.

Step 3 In the Configuration Type dialog box, choose Typical as the VM configuration as shown in Figure 6-3, and click Next.

Figure 6-15 Virtual Machine Configuration Dialog Box

The Name and Location dialog box appears. Figure 6-16

Step 4 Enter a name you will use to reference the VM, and click Next.

Figure 6-16 Name and Location Dialog Box


Tip Tip: Use the hostname you will use for your VM host.


The Data store dialog box appears. Figure 6-17

Step 5 Choose a data store that has a minimum of 500 GB free space available, and click Next.

Figure 6-17 Data Storage Dialog Box

The Guest Operating System dialog box appears. Figure 6-18

Step 6 Click the Linux radio button and from the Version drop-down list, choose Other Linux (32-bit).

Figure 6-18 Guest Operating System Dialog Box

 

The Create a Disk dialog box appears. Figure 6-19

Step 7 Select the disk size as 500 GB in the virtual disk capacity window and click Next.


Note We can configure the minimum virtual disk space requirement as 60 GB (Figure 6-8). There may be a critical issue if we use 60 GB as virtual disk space. We can see the workaround in the troubleshooting section.


Figure 6-19 Create a Disk Dialog Box

The Ready to Complete dialog box appears. Figure 6-20


Note Do not choose VMware thin provisioning as a storage type because ACS supports only thick provisioning on all supported VMware servers.


If ACS is installed in a VMware with thin provisioning storage type, you are recommended to:

1. Take a backup of the ACS configuration.

2. Reimage the VMware with the thick provisioning storage type.

3. Restore the backup in the newly converted thick provisioned storage VMware.


Note Do not over-provision hardware resources such as RAM, CPU, and disks for your virtual machines.


Step 8 Verify the configuration details, such as Name, Guest OS, Virtual CPU, Memory, and Virtual Disk Size, of the newly created VM.

Figure 6-20 Ready to Complete Dialog Box

Step 9 Check the checkbox Edit the virtual machine settings before completion and click Next.

The Memory Configuration dialog box appears Figure 6-21

Step 10 Enter 4096 MB, and click Next.

Figure 6-21 Memory Configuration Dialog Box

The Number of Virtual Processors dialog box appears. Figure 6-22

Step 11 From the Number of virtual processors drop-down list, choose 2 (if 2 is available); or you can choose any number and click Finish.

Figure 6-22 Number of Virtual Processors Dialog Box

Step 12 Virtual machine is installed and it will be listed in the VMware drawer as follows.

Figure 6-23 vSphere Client


 

Preparing the VM for ACS Server Installation

After configuring the VM, you are ready to install the ACS server. To install the ACS server from your ACS Install Disk, you need to configure the VM to boot from the ACS Install Disk.

The VM must be configured with a virtual DVD drive to boot off the ACS 5.3 DVD.

This can be performed using different methods depending on your environment.

See Configuring the VM Using the DVD Drive to configure the VM using the DVD drive of your VMware ESX server host.

Configuring the VM Using the DVD Drive

This section describes how to configure the VM to boot from the ACS Install Disk using the DVD drive of the VMware ESX server host.

To configure the VM using the DVD drive:


Step 1 In the VMware Infrastructure Client, highlight the newly created VM, and choose Edit Virtual Machine Settings .

The Virtual Machine Properties window appears. Figure 6-24 displays the properties of a VM created with the name ACS 5.3.

Figure 6-24 Virtual Machine Properties Dialog Box

 

Step 2 In the Virtual Machine Properties dialog box, choose CD/DVD Drive 1 .

The CD/DVD Drive1 properties dialog box appears.

Step 3 Choose the Host Device option, and from the drop-down list, choose your DVD host device.

Step 4 Choose the Connect at Power On option, and click OK to save your settings.

You can now use the DVD drive of the VMware ESX server to install the ACS server.


 

When you complete the configuration, click the Console tab, right-click the VM from the left pane, and choose Send Ctrl+Alt+Del to restart the VM.

Installing the ACS Server on ESX 3.5 or 4.0

This section describes the installation process for the ACS server on VMware ESX 3.5 or 4.0.

To install the ACS server, complete the following steps:


Step 1 Log into the VMware Infrastructure Client.

Step 2 Insert the ACS 5.3 Install Disk into the VMware ESX host CD/DVD drive, and power on the VM.

You can also download the ACS 5.3 software from the Cisco Software Download Site at:

http://www.cisco.com/cisco/software/navigator.html?a=a&i=rpm.

After installation if you do not install a permanent license, ACS will automatically install a 90 day evaluation license.

When the ACS 5.3 Install Disk boots, the console displays:

Welcome to Cisco Secure ACS 5.3 Recovery

To boot from the hard disk press <Enter>

Available boot options:

[1] Cisco Secure ACS 5.3 Installation (Monitor/Keyboard)

[2] Cisco Secure ACS 5.3 Installation (Serial Console)

[3] Reset Administrator Password (Keyboard/Monitor)

[4] Reset Administrator Password (Serial Console)

<Enter> Boot from hard disk

Please enter boot option and press <Enter>.

boot: 1

You can select either the monitor and keyboard port, or the console port to perform the initial setup.

Step 3 At the system prompt, type 1 to select a monitor and keyboard port, or type 2 to select a console port, and press Enter .

This starts the installation of the ACS server on the VM.


Note Allow 20 minutes for the installation process to complete.


When the installation process finishes, the VM reboots automatically.

When the VM reboots, the console displays:

Type 'setup' to configure your appliance

localhost:

Step 4 At the system prompt, type setup , and press Enter .

The Setup Wizard appears and guides you through the initial configuration. For more information on the setup process, see Running the Setup Program.


 

Installing the ACS Server on ESXi4.1 or ESX 5.0

This section describes the installation process for the ACS 5.3 server on VMware ESXi 4.1 or 5.0.

To install the ACS 5.3 server, complete the following steps:


Step 1 Log into the VMware Infrastructure Client.

Step 2 Insert the ACS 5.3 Install Disk into the VMware ESX host CD/DVD drive, and power on the VM.

Figure 6-25 Power on the Virtual Machine

Step 3 Store the ACS 5.3 recovery ISO image in the VMware vSphere client to access the VMware Server.

Step 4 Click the CD icon on the tool bar and choose Connect CD/DVD 1 > Connect to ISO image on local disk.

Figure 6-26 Connecting to ISO image on Local Disk

 

Step 5 Browse and locate the ACS 5.3 ISO image.

Move to the console tab. You will lose your cursor control as soon as you enter the console tab.

Step 6 Press Ctrl + Alt to get cursor control.

Step 7 Press Enter.

The machines restarts with the ACS 5.3 recovery ISO image loaded. Now, the user will be prompted with the install option for ACS 5.3.


 

VMware Hardening Requirements

Both the VMware server and the operating system on which the vmware is running must be hardened according to the guidelines specified by the VMware and operating system vendors.

See the vmware support website for more details. A few websites are:

  • http://www.vmware.com/support/
  • http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1017910
  • http://communities.vmware.com/community/vmtn