Provision Service Point v4 on Cisco ENCS devices - BlueCat Edge - Service Point v4.x.x

BlueCat Edge User Guide

Locale
English
Product name
BlueCat Edge
Version
Service Point v4.x.x

This section gives detailed instructions for provisioning Service Point v4 on Cisco ENCS devices.

Prerequisites:

The following prerequisites must be met before you begin:
  • You have a Cisco ENCS device running ENCS5408/K9 NFVIS-4.1.1-FC1
  • The Cisco ENCS device must have one of the following specifications:
    • At least 2 CPU cores, 3 GB of RAM, and 15 GB of disk space
      Note: The 15 GB install image is intended for environments with disk space constraints. The 15 GB install image will not be able to run as many services as the 100 GB install image.
    • At least 2 CPU cores, 3 GB of RAM, and 100 GB of disk space
    Attention:
    • Branch deployments on Cisco ENCS devices require at least 3 GB of memory, 2 CPU cores, and 15 GB of disk space.
    • Any service point with less than 5 GB of memory will have deployed services disabled during platform updates.
    • BlueCat recommends using thick provisioning when allocating disk space.
    • BlueCat recommends configuring an additional 4 GB of memory when using Threat Protection policies or larger domain lists.
    • BlueCat Edge does not support the oversubscription of resources.
  • The Cisco ENCS device must be configured with internet connectivity for VMs.
Downloading the Service Point v4 tarball image:
  1. Log in to the Edge Cloud Instance.
  2. In the top navigation bar, click and select Service points (v4).
  3. Click on the Service Points (v4) page. The Download service point image window appears.

  4. From the Version menu, select the version of service point that you would like to deploy.
    Attention: Before selecting a service point version, ensure that the services that you are deploying to the service point are compatible with that version. For more information on compatibility, refer to Software support matrix.
    Note: If your Edge Cloud is deployed in an EU region, you can only provision Service Point v4.6.2 or greater.
  5. From the Images table, select one of the following:
    • Select Cisco ENCS to download the Cisco ENCS tarball image for provisioning on hardware with 100 GB of disk space.
    • Select Cisco ENCS (small disk) to download the Cisco ENCS tarball image for provisioning on hardware with 15 GB of disk space.
  6. Under SHA256 checksum, click to download the Service Point v4 tarball image checksum file or click to copy the image checksum value to your clipboard.
  7. Click Close to close the window.
Configuring Service Point v4 configuration details:
  1. To add a new service point, click New on the Service points (v4) page.
  2. Under Setup, enter the following information:
    • Name: enter the name of the new service point.
    • Description: add a description. This is optional.
  3. Under Platform, select Cisco ENCS from the drop-down menu.
  4. Click Save and Download. A window appears where you can copy the configuration information.
  5. Click the copy icon next to the Registration Key and Registration Endpoint values.
    Attention: The registration key and registration endpoint of the service point can only be retrieved at this point and cannot be recovered later. These values are required when configuring the VM on Cisco ENCS.
Provisioning a Service Point v4 on Cisco ENCS:
  1. Log in to the Cisco NFVIS portal on the Cisco ENCS device.
  2. Navigate to VM Life Cycle > Deploy.
  3. Click and drag an OTHER instance onto the VM deployment diagram.
  4. Click and drag the OTHER instance circle towards the network that you wish to connect to with the VM.
  5. Click the OTHER instance circle and enter the following information:
    • VM Name: enter the name of the service point virtual machine.
    • Image: select the Service Point v4 tarball package that was downloaded when you created the service point.
    • Profile: this field is populated when you upload the Service Point v4 image. The profile name is DefaultEdgeFleetProfile.
    • VNC Password: leave this field empty.
    • HOSTNAME: enter the hostname of the service point virtual machine.
    • REGISTRATION KEY: enter the registration key returned from the creation of the service point in the Edge UI.
      Attention: Once you have entered the registration key, it becomes invalidated upon the provisioning of the service point. To configure an additional service points, you must use a new registration key.
    • REGISTRATION ENDPOINT: enter the registration endpoint URL returned from the creation of the service point in the Edge UI. For example, https://service-layer.us.fleet.bluec.at.
    • SSH PUB KEY: enter the SSH public key of the service point. You can use an existing key pair by entering the content of the public key in the field, or generate a new key pair and enter the content of the newly created public key in the field.

      This adds the public key to the .ssh directory of the Service Point v4 VM and allows you to SSH into the service point. Once you have provisioned the service point, you can access the service point using SSH and the associated private key to log into the operations user account.

    • IPV4 ADDR: enter the IPv4 address of the service point virtual machine.
    • IPV4 NETMASK: enter the IPv4 subnet mask of the network where the service point virtual machine will be provisioned.
    • IPV4 GATEWAY: enter the IPv4 gateway address of the network.
    • DNS SERVERS: enter a list of IP addresses of DNS servers used by the service point virtual machine. The list must be in JSON list format. For example: ["8.8.8.8"] for a single DNS server or ["1.1.1.1", "8.8.8.8"] for multiple DNS servers.
      Note:
      • If you do not want to configure any DNS servers, you must enter an empty list. For example: [].
      • If you do not configure any DNS servers, the service point will use 8.8.8.8 as the default DNS server.
    • NTP SERVERS: enter a list of IP addresses or FQDNs of NTP servers used by the service point virtual machine. The list must be in JSON list format. For example: ["1.2.3.4"] for a single NTP server or ["ntp.example.com", "ntp2.example.com"] for multiple NTP servers.
      Note:
      • If you do not want to configure any NTP servers, you must enter an empty list. For example: [].
      • If you do not configure any NTP servers, the service point will use the following default Debian NTP servers:
        • 0.debian.pool.ntp.org
        • 1.debian.pool.ntp.org
        • 2.debian.pool.ntp.org
        • 3.debian.pool.ntp.org
        BlueCat recommends testing the connection between the service point and NTP servers for reachability, as some networks do not allow NTP traffic by default.
    • (Optional) If you are configuring the service point to use an HTTP proxy, enter the following information:
      • PROXY SCHEME: enter the proxy scheme. For example, http.
      • PROXY HOST: enter the IP address of the proxy.
      • PROXY PORT: enter the port number to connect to the proxy. By default, the value is 443.
      • PROXY USERNAME: enter the username to authenticate with the proxy.
      • PROXY PASSWORD: enter the password to authenticate with the proxy.
      Note:
      • Currently, HTTP is the only supported proxy type.
      • SOCKS proxy servers are not supported.
      • Basic authentication is supported.
      • The proxy server must be configured to allow HTTP POST traffic.
      • The proxy server must be able to resolve all BlueCat Edge Cloud addresses.
      • For proxy servers and firewalls that do SSL interception:
        • mTLS must exclude/except *.bluec.at.
        • You can't install certificates as a workaround.
      • The only tested and supported authorization is Basic authorization with username and password provided.
    • CONSOLE PASSWORD: Enter the console password for the service point. The password must meet the following requirements:
      • It must contain lowercase characters
      • It must contain uppercase characters
      • It must contain numbers
      • It must contain symbols
      • It must not contain spaces
      • It must contain at least 12 characters
    • Deployment Disk: select a disk where the service point will be provisioned.
    • Leave the Add Storage configurations unset.
  6. Click Deploy.

Once you have provisioned the Service Point v4 VM, you can deploy DNS resolver service. For more information, refer to DNS resolver services.

Attention: You can use the Service Point v4 telemetry APIs to verify that the Service Point v4 VM has successfully registered. The registrationStatus field within the Service Point v4 telemetry API response returns a value of REGISTERED when the Service Point v4 VM has successfully registered with the BlueCat Edge Cloud. If the value is not REGISTERED, this may indicate that there is an issue with the service point provisioning and the service point may not operate as intended.

For more information on the Service Point v4 telemetry APIs, refer to Service Point v4 Telemetry APIs.