Set Up a VM With TufinOS

Proceed only if...

  1. You have completed all the checks on your current TOS Classic system and the results indicate you are ready to set up your target machine.
  2. Your target platform meets all general and platform-specific prerequisites.
  3. You have available all IP, DNS and other information needed to set up the server and TOS Aurora. We recommended putting this information in your worksheet and sharing with relevant administrators.

Otherwise, go back.

In this step you will:

  1. Install TufinOS
  2. Configure TufinOS

Overview

This procedure is for the setting up of a supported VM platform, ready to create a TOS Aurora cluster on it or to add it as a node to an existing TOS Aurora cluster.

Complete the steps below in sequence.

Install TufinOS

  1. Place the TufinOS ISO image file on the datastore of vSphere. For local installation on a VMware workstation, locate the extracted ISO image file.

  2. Confirm that in your virtual machine settings, Boot Options is configured to use BIOS. If you are using EFI, the procedure will not work.

  3. Edit the properties of the virtual CD/DVD drive, and do one of the following:

    Using vSphere:

    • As Device Type select Datastore ISO file, and browse to the TufinOS ISO image.

    • Under Device Status, select Connect at power on.

    Using a workstation:

    • Under Device Status, select Connect at power on.

    • Under Connection, select Use ISO image file, and browse to the TufinOS ISO image.

  4. Set the VM to boot to BIOS configuration

  5. Power on the VM.
  6. In BIOS > Boot, select CD-ROM Drive.

  7. In BIOS > Exit, select Exit Saving Changes. Click Yes.

  8. Save the settings.

  9. Power on the virtual machine. TufinOS installation begins.

  10. When prompted, select either Install TufinOS 4.30 for Data Node or Install TufinOS 4.30 for Worker Node.

  11. In the virtual machine console, follow the installation prompts. When asked to enter the required configuration, select TufinOS 4.30 installation for TOS Aurora TufinOS 3 upgrade for TOS Aurora. When prompted, confirm and choose Yes.

    Do not select TufinOS 4.30 installation for TOS Aurora! Selecting this option will delete all your data from the node and cause the upgrade to fail.
  12. When the installation is complete, reboot the virtual machine.

  13. When BIOS launches, change the Boot option to Hard Drive.

  14. In BIOS > Exit, select Exit Saving Changes. Click Yes.

  15. Log in using the default admin user credentials:

    username: tufin-admin

    password: admin (you will be prompted to change this on first log in)

    IP address: assigned by DHCP

  16. A new command string in the format curl http://xx.xx.xx.xx:8080/xxxxxxxx | sudo sh will be generated. When prompted, copy/paste this string and run it on the new node.

Configure TufinOS

  1. Restore the TufinOS configuration data that you saved before beginning the upgrade procedure (see Save Your TufinOS Configuration). In general we recommend that the new server configurations be similar to the old configurations.

  2. If you want to reset the host name or IP of the machine, do so now. Once TOS Aurora has been installed, changing the host name or IP address will require reinstalling - see Changing IP Address/Host Names. To change the host name, use the command below, replacing <mynode> with your preferred name:

    [<ADMIN> ~]$ sudo hostnamectl set-hostname <mynode>
    sudo hostnamectl set-hostname <mynode>
  3. Configure the server timezone:

    [<ADMIN> ~]$ sudo timedatectl set-timezone <timezone>
    sudo timedatectl set-timezone <timezone>

    where <timezone> is in the format Area/Location. Examples: America/Jamaica, Hongkong, GMT, Europe/Prague.

    To view a list of the time-zone formats that can be used, run:

    [<ADMIN> ~]$ sudo timedatectl list-timezones
    sudo timedatectl list-timezones
  4. Synchronize your machine time with a trusted NTP server. Follow the steps in Configuring NTP Using Chrony. In an HA deployment, all servers need to be synchronized to the same time.

  5. Configure the IP address and DNS, where <Interface Name> is the name of the interface you are using (for example, ens32):

    Use one of these two configuration methods:

    • Method 1: (Recommended) Run this command:

      [<ADMIN> ~]$ sudo nmtui edit <Interface Name>
      sudo nmtui edit <Interface Name>

      and set the following parameters in the window:

      • Set IPv4 CONFIGURATION to Manual
      • Set Addresses for the physical IP, together with the chosen subnet
      • Set Gateway and DNS Servers to the IPs used by your organization
    • Method 2: Edit the configuration files directly:

      1. Edit file /etc/sysconfig/network-scripts/ifcfg-<Interface Name>: For example:

        sudo vi /etc/sysconfig/network-scripts/ifcfg-ens32

      2. Change line BOOTPROTO=dhcp to BOOTPROTO=static

      3. Add entries at the end of the file:

        IPADDR=<NEWIP>
        NETMASK=<MyNetmask>
        GATEWAY=<MyGateway>
        DNS1=<DNS_IP1>
        DNS2=<DNS_IP2>
        IPADDR=<NEWIP> NETMASK=<MyNetmask> GATEWAY=<MyGateway> DNS1=<DNS_IP1> DNS2=<DNS_IP2>

        where

        <NEWIP> is the physical machine IP

        <MyNetmask> , <MyGateway>, <DNS_IP1>, and <DNS_IP2> are the appropriate values for your network

    Restart the network service.

    [<ADMIN> ~]# systemctl restart network
    systemctl restart network

Can I Proceed?

Continue to the next step only if...

  • You have completed the setup described above.