Prepare a Node on VMware ESXi

Overview

This procedure is for preparing a VM on VMware ESXi before adding it as a node to an existing TOS Aurora cluster.

For all other installation procedures, such as installing TOS Aurora and adding nodes on other platforms, see the menu for the appropriate procedure.

If you are preparing a data node, start with high availability.

If you are preparing a worker node, start with multi-node cluster.

Read and understand Prerequisites, then proceed with Install and Set Up TufinOS.

Prerequisites

General Requirements

  • You cannot use IP Tables. All IP tables rules will be flushed when adding the node.
  • Your servers must have sufficient CPUs, disk storage and main memory for TOS Aurora to work effectively. Consult with your sales engineer or Tufin support to ensure your resources or sufficient.

VMware Requirements

  • Your ESX host must be running VMware ESXi 6.5, 6.7, 7.0 or 8.0 (ESXi 8.0 requires TufinOS 4.20 or later) only.
  • Your ESX host disk(s) must be SSD with 7,500 IOPS and 250MB/s throughput, or higher.

Network Requirements

  • You must allow access to required Ports and Services.
  • If you intend to use syslog, allocate a syslog VIP on the same subnet as your primary VIP.
  • The node's network IP must be on the same subnet as the cluster primary VIP.

  • Make sure your first physical interface is correctly configured and all other interfaces are not on the same network.

    To find the first network interface, run the following command:

    [<ADMIN> ~]$ sudo /opt/tufinos/scripts/network_interface_by_pci_order.sh | awk -F'=' '/NET_IFS\[0\]/ { print $NF }'
    sudo /opt/tufinos/scripts/network_interface_by_pci_order.sh | awk -F'=' '/NET_IFS\[0\]/ { print $NF }'

    Otherwise network errors such as connectivity failures and incorrect traffic routing might occur.

  1. Download the TufinOS 4.30 installation package from the Download Center.

  2. Make sure the TufinOS release you are going to install, supports your target TOS Aurora release - see TufinOS 4 Supported Upgrade Paths.

  3. Create a USB key for installing TufinOS on appliances.

  4. Download the TOS R22-2 PHF4.0.0 installation package from the Download Center.

  5. The downloaded files are in .tgz format <FILENAME>.tgz.

  6. Extract the TufinOS image from its archive.

    [<ADMIN> ~]$ sudo tar xzvf <FILENAME>.tgz
    sudo tar xzvf <FILENAME>.tgz

    The run file name includes the release, version, build number, and type of installation.

    TufinOS ISO file example: TufinOS-4.30-4368238-x86_64-Final.iso

    TufinOS USB file example: TufinOS-4.30-4368238-x86_64-Final.usb.img

  7. Verify the integrity of the TufinOS installation package.

    [<ADMIN> ~]# sha256sum -c TufinOS-X.XX-XXXXXX-x86_64-Final.iso.sha256
    sha256sum -c TufinOS-X.XX-XXXXXX-x86_64-Final.iso.sha256
    [<ADMIN> ~]# sha256sum -c TufinOS-X.XX-XXXXXX-x86_64-Final.usb.img.sha256
    sha256sum -c TufinOS-X.XX-XXXXXX-x86_64-Final.usb.img.sha256

    The output should return OK

  8. Verify the integrity of the TOS installation packages by entering the following commands and comparing the output with the checksum information.

    [<ADMIN> ~]$ sha256sum tos-xxxx-xxxxxxxx-final-xxxx.run.tgz
    sha256sum tos-xxxx-xxxxxxxx-final-xxxx.run.tgz
    [<ADMIN> ~]$ sha1sum tos-xxxx-xxxxxxxx-final-xxxx.run.tgz
    sha1sum tos-xxxx-xxxxxxxx-final-xxxx.run.tgz
  9. Extract the TOS run file from its archive.

    The run file name includes the release, version, and build number.

    TOS file example: R22-2-PHF4.0.0-final-4577.run

Install and Set Up TufinOS

Before you proceed, read and understand Prerequisites - this may prevent unexpected failures.

  1. Extract the ISO image from file downloaded previously.
  2. Place the image file in a location on the VM that you can access from the VMware client (Workstation or vSphere).
  3. Shut down the VM.
  4. Go to the VM settings and delete the current hard disk.

  5. Create a new hard disk that meets your sizing requirements .

  6. Edit the properties of the virtual CD/DVD drive, and do one of the following:

    Using vSphere:

    1. Select device type Datastore ISO file, and browse to the TufinOS ISO image.
    2. Under Device Status, select Connect at power on.

    Using a workstation:

    1. Under Device Status, select Connect at power on.
    2. Under Connection, select Use ISO image file, and browse to the TufinOS ISO image.
  7. Save the settings.
  8. Power on the virtual machine. TufinOS installation begins.
  9. In the virtual machine console, follow the installation prompts. When prompted to enter about the console connection type, type one of the following:
    • kvm-aurora - for production deployments

    • kvm-aurora-light - for test/development/POV deployments

  10. When the installation is complete, the virtual machine will reboot.
  11. TufinOS 3.100 and later. Optional. Create a password for the root user.
    1. Login as the tufin-admin user.

    2. Run the following command:

      sudo passwd root
      sudo passwd root
    3. Enter the password and then retype it.

  12. Change the host name to a unique name in the cluster. Replace <mynode> with your preferred name.

    [New node]# sudo hostnamectl set-hostname <mynode>
    sudo hostnamectl set-hostname
  13. Synchronize the time with the primary data node. This can be achieved by all servers being synchronized via ntpd or chrony