Technical Overview for SEs
AsyncOS 7.7.5 for Web
January 7, 2013
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
1
New Features in this Release
Getting Set Up & Operating
Your Virtual WSA(s)
Q&A
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
2
• Virtual form factor of Web Security Appliance (WSA)
• Functionally equivalent to a hardware WSA running Pikes Peak
(AsyncOS 7.7.0). Major features in AsyncOS 7.7 are:
Multi-NTLM Forest Support
SOCKS proxy support
• Plus benefits of running a VM:
One license (digital certificate), unlimited VMs
Self-service provisioning – you can provision & activate new VMs, fully loaded
with your licensed feature keys, whenever you want
This beta program will be focused on testing the VM features only
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
3
• Hypervisor: VMware ESXi 4.x or 5.0
• Hardware: Cisco UCS (officially supported), other vendors (best-effort
support)
• There are 3 standard VM images (corresponding to HW models in
capacity). Allocate HW resources based on the VM image you
download & the matrix below:
VM Image
Cores
Disk (GB)
Mem(GB)
S000V
1
250
4
S100V
2
250
6
S300V
4
1024
8
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
4
1. Make sure the XML license that was emailed to you is ready
2. Download the VM
3. Unzip the VM & deploy it with vSphere
4. Run System Setup Wizard
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
5
Download the VM file from the Cisco Software Download
Center, under the Cisco Web Security Appliance.
• Download the file for the model you want:
S000V: coeus-X-Y-X-070-S000V.zip
S100V: coeus-X-Y-X-070-S100V.zip
S300V: coeus-X-Y-X-070-S300V.zip
• Zipped OVF (Open Virtualization Format)
• Sample contents for S100V zip file:
coeus-X-Y-X-070-S100V.zip
coeus-X-Y-X-070-S100V.ovf
coeus-X-Y-X-070-S100V-disk1.vmdk
coeus-X-Y-X-070-S100V.mf
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
6
Uncompress the zip file to a designated file path
(e.g. C:\WSAV\S000V_pristine)
• If you want to run multiple VMs, use vSphere’s native cloning
capabilities or duplicate the zip directory. Cloning must be done
before the appliance’s first run. You can also download a pristine
image later if you want more VMs.
• Follow the process below for each VM:
1. With a connected vSphere client, click to select the host or cluster you want
to have the image deployed
2. Choose File-->Deploy OVF Template.
3. Enter the path of the OVF file, click Next
4. Follow the wizard to finish the deployment
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
7
• XML file – looks like picture here
• Can be applied to multiple VMs (reusable)
Apply during System Setup Wizard for each VM
• Has customer ID, feature keys
(Web Reputation, Web Usage Controls, Antivirus
signatures) & expiration date embedded
• If you purchase new feature keys, a new
license is issued
• When license expires, all functionality
stops – including proxy
You will receive multiple alerts as expiry is
approaching
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
8
• From the console, note the IP address of the appliance
• From SSH or telnet, login to the virtual appliance with
admin/ironport
• Enter loadlicense, then
Input the license file by pasting its contents and pressing Ctrl-D, OR
Load the license file that has been uploaded to the virtual appliance
via FTP (covered in next slide)
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
9
• Use FTP to transfer license file to appliance:
ftp to appliance with admin/ironport
cd into directory configuration
put license.xml
exit
• OR use SCP to copy license file to appliance:
scp license.xml admin@<IP>:configuration
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
10
• Read and agree to the EULA
• Enter showlicense to view the license details
• Log on to the web UI (http://<IP>:8080)
and run the System Setup Wizard
• You are now ready to import your configuration
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
11
If you are configuring your Virtual WSA from scratch,
ignore this step
• If you provided your config file for migration, you should have
received a Config File for your Virtual WSA from the beta team
We will have an automated config migration tool available when we release
• Copy the config file to your new WSAV (Virtual WSA):
scp my_config_file.xml admin@new_WSAV:configuration
• Load the config file on your new WSAV:
loadconfig my_config_file.xml
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
12
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
13
loadlicense
Reads a license file from a file or cut and paste
Verifies the validity of the license
Creates and installs the new feature keys
Removes old feature keys
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
14
Showlicense
Show data about current license, including expiry date
vm10c02esa0120.eng> showlicense
Virtual License
===============
vln
VLNWSA171717
begin_date
Sun Jan 15 00:00:00 2012 GMT
end_date
Sat Jan 15 16:06:49 2028 GMT
company
Ironport Test Company
seats
17
serial
12B
email
cstillso@ironport.com
issue
fe8f1761f1a94463bc9ddbcf03569805
license_version
1.0
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
15
Version
For virtual appliances, this command will show CPU and memory of appliance,
along with limits
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
16
ipcheck
Platform
Serial No.
RAM reported in MB
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
17
Featurekey
All feature keys currently active on appliance & remaining time on license
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
18
WSAV Questions? Contact wsa-pm@cisco.com
ESAV Questions? Contact esa-pm@cisco.com
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
19
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
20
Thank you.
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
21