The metaSEC software environment MZF can be obtained both on a hardware and on a virtual appliance.
This article describes the metaSEC Virtual Appliance, its requirements, the host system and the sources of supply.
Supported systems
The basis of our environment is a current Debian Linux. From the point of view of the MZF libraries, the architecture is not relevant. The architecture of the recommended systems is preferably 64 bit (amd64).
The aim of the appliances is to reduce the installation time to a minimum. The images are so-called "Ready to Deploy" templates.
General system requirements
The requirements for the virtual environment are relatively low:
- 16 GB hard disk
- 2 allocated cores
- 1 network card
- 4 GB RAM
The advantage of virtualisation is that the configuration can be easily adjusted if necessary.
On systems with higher loads, it is advantageous to increase the number of allocated cores. As a rule, this already brings a noticeable optimisation of the execution speed.
This article assumes a running system environment as well as the corresponding knowledge in dealing with a virtual environment.
Vmware ESX
The most common system in virtualisation is currently VMWare ESX. The metaSEC offers an OVA template for deployment within the ESX ( vSphere ) environment.
The template can be rolled out on the following systems:
- VMWare ESX 6.0
- VMWare ESX 6.5
- VMWare ESX 6.7
- VMWare Workstation
- VMWare Player
The current image can always be obtained via the following link [Download].
Since Debian 9 there has been a change to the "Open VM Tools". If necessary, the native VMware Tools can be installed. If you need help with this, please follow the corresponding article in our Wiki.
Installation
You can use the import wizard in VMWare to add a virtual appliance. Depending on the version you are using, the procedure may differ slightly.
Either already during the import process or at a later time, the settings can be adjusted.
At least the network settings ( mapping of the correct network / vSwitches to the virtual network card ) must be adjusted. The remaining settings are already sufficient in the template for most requirements.
After importing the template, you can boot the VM. Further configuration is generic for all system types and can be continued in the Configuration section.
Microsoft HyperV
Seit Microsoft Windows Server 2012 ist ein s.g. Hypervisor im Betriebssystem vorhanden und bietet die Möglichkeit der Virtualisierung direkt innerhalb des Betriebssystems an.
metaSEC bietet ein entsprechendes Template auf für diese Infrastruktur an.
Aktuell unterstützt werden folgende Hostsysteme:
- Microsoft Server 2012R2
- Microsoft Server 2016
- Microsoft Server 2019
- Microsoft Windows 10 Pro
Das Interessante an der Virtualisierung mit HyperV ist die Verfügbarkeit in jedem Windows basierten Desktop PC (soweit er die Hardwareanforderungen erfüllt).
Installation
Prerequisites:
Ensure that Microsoft Hyper-V Server 2012/2016/2019/Win10 is installed in your system.
For information on installing Microsoft Hyper-V Server, see the instructions:
- http://technet.microsoft.com/en-us/library/dd283085(v=ws.10).aspx
- http://technet.microsoft.com/en-us/library/hh831620.aspx
Step 1: Download and unpack VHD disks
Step 2: Connect to the host server
Step 3: Add a new virtual machine
Step 4: Name the virtual appliance.
Step 5: Set version
Step 6: Set the virtual memory for the appliance
Step 7: Select the network interface for the appliance
Step 8: Select the primary virtual hard drive
Step 9: Complete the basic setup.
Step 10: Configure the settings for the virtual appliance.
Step 11: Add network adapters to the virtual appliance.
Step 12: Connect to the virtual appliance
After importing the template, you can boot the VM. Further configuration is generic for all system types and can be continued in the Configuration section.
Amazon AWS
This article will be delivered soon!
Other virtualisation products
In principle, the environment can be operated within any virtualisation environment that supports the execution of Linux guests (KVM, XEN, Virtualbox, etc ... ). In this case, you may have to adapt the disk image with a converter. The best starting point here is to use the VMWare OVA template. We have had the best experience with this.
Configuration
The configuration of the virtual appliance only requires the adjustment of the IP address.
Log in via the virtual console. Username and password are "root" and "metasec" by default. Please change the password to an individual one after login.
The configuration of the IP address is done via the script:
/usr/share/metasec_core/scripts/setup_network.sh
The script queries all relevant information required to operate the James Appliance in the network. This includes:
- IP address
- Subnet mask
- Default gateway
- DNS server (please use the DNS server of your organisation and no external ones)
- Hostname
- local domain
After successful execution, the values are written to the respective system files and the system reboots. Afterwards, the system should be accessible via the network. The portal is available at "https://IHRE_IP_ODER_FQDN/."
The setup of the system itself is covered in a separate article.