This section gives detailed instructions for provisioning Service Point v4 on Cisco ENCS devices.
Prerequisites:
- You have a Cisco ENCS device running ENCS5408/K9 NFVIS-4.1.1-FC1
- The Cisco ENCS device must have one of the following specifications:
- At least 2 CPU cores, 3 GB of RAM, and 15 GB of disk spaceNote: The 15 GB install image is intended for environments with disk space constraints. The 15 GB install image will not be able to run as many services as the 100 GB install image.
- At least 2 CPU cores, 3 GB of RAM, and 100 GB of disk space
Attention:- Branch deployments on Cisco ENCS devices require at least 3 GB of memory, 2 CPU cores, and 15 GB of disk space.
- Any service point with less than 5 GB of memory will have deployed services disabled during platform updates.
- BlueCat recommends using thick provisioning when allocating disk space.
- BlueCat recommends configuring an additional 4 GB of memory when using Threat Protection policies or larger domain lists.
- BlueCat Edge does not support the oversubscription of resources.
- At least 2 CPU cores, 3 GB of RAM, and 15 GB of disk space
- The Cisco ENCS device must be configured with internet connectivity for VMs.
- Log in to the Edge Cloud Instance.
- In the top navigation bar, click and select Service points (v4).
- Click
on the Service Points (v4) page. The Download
service point image window appears.
- From the Version menu, select the version of service
point that you would like to deploy.Attention: Before selecting a service point version, ensure that the services that you are deploying to the service point are compatible with that version. For more information on compatibility, refer to Software support matrix.Note: If your Edge Cloud is deployed in an EU region, you can only provision Service Point v4.6.2 or greater.
- From the Images table, select one of the following:
- Select Cisco ENCS to download the Cisco ENCS tarball image for provisioning on hardware with 100 GB of disk space.
- Select Cisco ENCS (small disk) to download the Cisco ENCS tarball image for provisioning on hardware with 15 GB of disk space.
- Under SHA256 checksum, click to download the Service Point v4 tarball image checksum file or click to copy the image checksum value to your clipboard.
- Click Close to close the window.
- To add a new service point, click New on the Service points (v4) page.
- Under Setup, enter the following information:
- Name: enter the name of the new service point.
- Description: add a description. This is optional.
- Under Platform, select Cisco ENCS from the drop-down menu.
- Click Save and Download. A window appears where you can copy the configuration information.
- Click the copy icon next to the Registration Key and
Registration Endpoint values. Attention: The registration key and registration endpoint of the service point can only be retrieved at this point and cannot be recovered later. These values are required when configuring the VM on Cisco ENCS.
- Log in to the Cisco NFVIS portal on the Cisco ENCS device.
- Navigate to .
- Click and drag an OTHER instance onto the VM deployment diagram.
- Click and drag the OTHER instance circle towards the network that you wish to connect to with the VM.
- Click the OTHER instance circle and enter the following
information:
- VM Name: enter the name of the service point virtual machine.
- Image: select the Service Point v4 tarball package that was downloaded when you created the service point.
- Profile: this field is populated when you upload
the Service Point v4 image. The profile name is
DefaultEdgeFleetProfile
. - VNC Password: leave this field empty.
- HOSTNAME: enter the hostname of the service point virtual machine.
- REGISTRATION KEY: enter the registration key
returned from the creation of the service point in the Edge UI. Attention: Once you have entered the registration key, it becomes invalidated upon the provisioning of the service point. To configure an additional service points, you must use a new registration key.
- REGISTRATION ENDPOINT: enter the registration
endpoint URL returned from the creation of the service point in the Edge
UI. For example,
https://service-layer.us.fleet.bluec.at
. - SSH PUB KEY: enter the SSH public key of the
service point. You can use an existing key pair by entering the content
of the public key in the field, or generate a new key pair and enter the
content of the newly created public key in the field.
This adds the public key to the .ssh directory of the Service Point v4 VM and allows you to SSH into the service point. Once you have provisioned the service point, you can access the service point using SSH and the associated private key to log into the operations user account.
- IPV4 ADDR: enter the IPv4 address of the service point virtual machine.
- IPV4 NETMASK: enter the IPv4 subnet mask of the network where the service point virtual machine will be provisioned.
- IPV4 GATEWAY: enter the IPv4 gateway address of the network.
- DNS SERVERS: enter a list of IP addresses of DNS
servers used by the service point virtual machine. The list must be in
JSON list format. For example:
["8.8.8.8"]
for a single DNS server or["1.1.1.1", "8.8.8.8"]
for multiple DNS servers.Note:- If you do not want to configure any DNS servers, you must
enter an empty list. For example:
[]
. - If you do not configure any DNS servers, the service point will use 8.8.8.8 as the default DNS server.
- If you do not want to configure any DNS servers, you must
enter an empty list. For example:
- NTP SERVERS: enter a list of IP addresses or
FQDNs of NTP servers used by the service point virtual machine. The
list must be in JSON list format. For example:
["1.2.3.4"]
for a single NTP server or["ntp.example.com", "ntp2.example.com"]
for multiple NTP servers.Note:- If you do not want to configure any NTP servers, you must
enter an empty list. For example:
[]
. - If you do not configure any NTP servers, the service point
will use the following default Debian NTP servers:
0.debian.pool.ntp.org
1.debian.pool.ntp.org
2.debian.pool.ntp.org
3.debian.pool.ntp.org
- If you do not want to configure any NTP servers, you must
enter an empty list. For example:
- (Optional) If you are configuring the service point to use an
HTTP proxy, enter the following information:
- PROXY SCHEME: enter the proxy scheme. For
example,
http
. - PROXY HOST: enter the IP address of the proxy.
- PROXY PORT: enter the port number to connect to the proxy. By default, the value is 443.
- PROXY USERNAME: enter the username to authenticate with the proxy.
- PROXY PASSWORD: enter the password to authenticate with the proxy.
Note:- Currently, HTTP is the only supported proxy type.
- SOCKS proxy servers are not supported.
- Basic authentication is supported.
- The proxy server must be configured to allow HTTP POST traffic.
- The proxy server must be able to resolve all BlueCat Edge Cloud addresses.
- For proxy servers and firewalls that do SSL interception:
- mTLS must exclude/except *.bluec.at.
- You can't install certificates as a workaround.
- The only tested and supported authorization is Basic authorization with username and password provided.
- PROXY SCHEME: enter the proxy scheme. For
example,
- CONSOLE PASSWORD: Enter the console password for
the service point. The password must meet the following requirements:
- It must contain lowercase characters
- It must contain uppercase characters
- It must contain numbers
- It must contain symbols
- It must not contain spaces
- It must contain at least 12 characters
- Deployment Disk: select a disk where the service point will be provisioned.
- Leave the Add Storage configurations unset.
- Click Deploy.
Once you have provisioned the Service Point v4 VM, you can deploy DNS resolver service. For more information, refer to DNS resolver services.
For more information on the Service Point v4 telemetry APIs, refer to Service Point v4 Telemetry APIs.