metaSEC virtual appliance

The metaSEC Software Environment MZF can be purchased on hardware as well as on a Virtual Appliance. This article describes the metaSEC Virtual Applaince, its requirements, the host system and the sources of supply


Supported systems #

Die Basis unserer Umgebung bildet ein aktuelles Debian Linux. Aus Blickwinkel der MZF Bibliotheken ist die Architektur nicht relevant. Die Architektur der empfohlenen Systeme ist bevorzugt 64 Bit ( amd64 )

The goal of the appliances is to reduce the installation time to a minimum. The images are so-called “Ready to Deploy” templates.


General system requirements #

Die Anforderungen an die virtuelle Umgebung ist relativ gering:

  • 16 GB Harddisk
  • 2 assigned cores
  • 1 network card
  • 4 GB RAM

The advantage of virtualization is that the configuration can be easily adjusted if necessary. On systems with a higher load, the advantage is that the number assigned cores. Usually this already brings a noticeable optimization of the execution speed.

This article assumes an executable system environment as well as the appropriate knowledge in handling a virtual environment.


Vmware ESX #

The most common system in virtualization is currently VMWare ESX. The metaSEC provides an OVA template for deployment within the ESX (vSphere ) environment. The template can be rolled out on the following systems:

  • VMWare ESX 6.0
  • VMWare ESX 6.5
  • VMWare ESX 6.7
  • VMWare Workstation
  • VMWare Player

The current image can always be obtained via the following link [Download]

Since Debian 9 there has been a change to the “Open VM Tools”. If required, the native VMware Tools can of course be installed. If you need help with this, please follow the corresponding article in our Wiki.


Installation #

Sie können den Import-Assistenten in VMWare verwenden, um eine virtuelle Appliance hinzuzufügen. Abhängig vom der eingesetzten Version kann sich das Verfahren etwas unterscheiden.

Entweder bereits beim Importvorgang oder zu einem späteren Zeitpunkt können die Einstellungen angepasst werden.
Mindestens die Netzwerkeinstellungen ( Mapping des richtigen Netzwerks / vSwitches zur virtuellen Netzwerkkarte ) muss angepasst werden. Die restlichen Einstellungen sind bereits in der Vorgabe für die meisten Anforderungen genügend.

After importing the template, you can boot the VM. The further configuration is generic for all system types and can be defined in the section Configuration can be continued.


Microsoft HyperV #

Since Microsoft Windows Server 2012, a so-called hypervisor is available in the operating system and offers the possibility of virtualization directly within the operating system. metaSEC offers a corresponding template for this infrastructure. Currently the following host systems are supported:

  • Microsoft Server 2012R2
  • Microsoft Server 2016
  • Microsoft Server 2019
  • Microsoft Windows 10 Pro

The interesting thing about virtualization with HyperV is the availability in every Windows based desktop PC (as long as it meets the hardware requirements).


Installation #

Requirements: Make sure that Microsoft Hyper-V Server 2012/2016/2019/Win10 is installed in your system. For information on installing Microsoft Hyper-V Server, refer to the instructions:

Schritt 1: Herunterladen und Entpacken von VHD-Disks
Schritt 2: Verbinden mit dem Host-Server
Schritt 3: Hinzufügen einer neuen virtuellen Maschine
Schritt 4: Benennen Sie die virtuelle Appliance.
Schritt 5: Version festlegen
Schritt 6: Einstellen des virtuellen Speichers für die Appliance
Schritt 7: Auswählen der Netzwerkschnittstelle für die Appliance
Schritt 8: Auswählen der primären virtuellen Festplatte
Schritt 9: Vervollständigen Sie die Grundeinrichtung.
Schritt 10: Konfigurieren Sie die Einstellungen für die virtuelle Appliance.
Schritt 11: Netzwerkadapter zur virtuellen Appliance hinzufügen
Schritt 12: Verbinden mit der virtuellen Appliance

After importing the template, you can boot the VM. The other Configuration is generic for all system types and can be continued in the Configuration section.


Amazon AWS #

This article will be delivered promptly!


Other virtualization products #

In principle, the environment can be operated within any virtualization environment that supports the execution of Linux guests (KVM, XEN, Virtual box, etc… ) . You may have to delete the disk image with to a converter. The best starting point here is to use of the VMWare OVA template. Here we have made the best experiences.


Configuration #

The configuration of the virtual appliance requires only the adjustment of the IP address.

Log in to the virtual console. Username and password are by default “root” and “metasec”. Please change the password to an individual one after login. The configuration of the IP address is done via the script:

/usr/share/metasec_core/scripts/setup_network.sh

The script queries all relevant information, which requires to be able to run the James Appliance in the network. This includes:

  • IP Address
  • Subnet Mask
  • Standard-Gateway
  • DNS servers ( please use the DNS servers of your organization and no external ones )
  • Hostname
  • local domain

After successful execution, the values are written to the respective system files are written and the system reboots. The system should then be accessible via the network. The portal is available at https://IHRE_IP_ODER_FQDN/ at your disposal. The setup of the system itself is covered in a separate article.