Link Search Menu Expand Document

Virtual Appliance Setup

Once you create a remote in SecureX orchestration, you can deploy the virtual appliance OVA and apply the configuration you downloaded. Here’s a summary of this process:

  1. Download the latest version of the SecureX orchestration remote OVA
  2. Generate an SSH key pair and console password
  3. Deploy the OVF template
  4. Verify remote connectivity
  5. (Optional) Define NTP servers

Remote Overview


Download the OVA

  1. In SecureX orchestration, navigate to the Remote Configuration page (under the Admin section)
  2. Click the Download Appliance link next to the New Remote button

If you want to verify the file hash of the OVA, please refer to the following table:

File Name SHA256 Hash
sxo-remote-1.0.ova b7164d23e22f21c7b820d9ea70d7b22779b577692c55dbc62d1c08d47a3e2903
sxo-remote-1.1.ova a3fb8cb3e7c25269bb783c605719821830b28e051923b415a403a67282ff15ab

Deploying the VM

  1. In your VMware vSphere client, right click on the folder you want to deploy the remote in and select Deploy OVF Template

  2. Select the Local file option, select the remote OVA you downloaded, and click Next

  3. Give the virtual appliance a unique name, confirm the machine’s location, and click Next

  4. Select the compute resource to deploy the virtual appliance on and click Next

  5. Review the details of the deployment and click Next
  6. Select the datastore you want to use for the virtual appliance and click Next
    • Note: We recommend a minimum of 30 GB of disk space be available for an orchestration remote
  7. Select the network you want to deploy the virtual appliance on and click Next

  8. On the customize template screen, you’ll need to provide some information:
    • Provide a unique ID and hostname for the virtual appliance

    • (Optional) Provide an SSH public key for SSH access (see these instructions)
    • Set Encoded user-data to the contents of remoteconfig.txt (from the remotePackage.zip you downloaded during remote creation)
    • Provide a password for the virtual appliance for console access (the username will be ubuntu)

    • Click Next
  9. Review all of the virtual appliance’s details and, if everything looks correct, click Finish

Once the virtual appliance finishes deploying, be sure to power it on! Once online, the remote’s status should change from Not Connected to Connected on the remotes list in SecureX orchestration. Note that a newly deployed remote can take up to 10 minutes to show as connected!


(Optional) Define NTP Servers

After deploying your SecureX orchestration remote, you can configure the virtual appliance to use custom NTP servers using these steps:

  1. Log in to your virtual appliance by either:
    • Opening a console to the VM in vSphere and logging in with your password; or
    • SSHing to the VM using the key pair you created during setup
  2. Open the file /etc/chrony/chrony.conf and change the NTP servers to your preferred servers
  3. Save and close the file
  4. Run the following command to restart the NTP service and check that the time is correct: systemctl restart chronyd ; watch chronyc tracking

Generating an SSH Key Pair

If you want to be able to SSH to your remote appliance, you’ll need to generate a key pair for authentication. You can use any key pair you want, as long as it’s valid for a standard Ubuntu authorized_hosts file. Below, we give examples of how to generate a default RSA key pair.

Linux/macOS

  1. Open a terminal
  2. Execute the command: ssh-keygen -t rsa -b 4096 -f /path/to/output/keypair (for a 4096-bit RSA key)
  3. If you want to use a passphrase, provide it and then confirm it. If not, press enter twice
  4. A public and private key will be generated at the path you provided. In this example:
    • keypair will contain the private key
    • keypair.pub will contain the public key

Windows

One of the easiest ways to generate a key pair on Windows is by using the PuTTygen utility:

  1. Download PuTTygen from this page (look for puttygen.exe under Alternative binary files)
  2. Run puttygen.exe
  3. If you want a passphrase on your key pair, provide it in Key passphrase and Confirm passphrase
  4. Select the type of key and key length at the bottom of the window (we recommend at least a 2048-bit RSA key)
  5. Click the Generate button
  6. Use the Save public key and Save private key buttons to export the keys

Next Steps

Now that you’ve deployed the SXo remote virtual appliance, you can configure your on-premise targets to use it!

Target Configuration