English (US) Italiano
Follow

How to install an Endian Switchboard on a Virtual Machine

Introduction

Welcome to the installation and setup guide for Endian Switchboard. This document will walk you through the steps to install the software on a Virtual Machine and configure it for initial use. By following these instructions, you will ensure a smooth installation process and proper configuration to meet your specific needs. Let's get started!

Prerequisites

Virtual Machine

  1. You need to download the EndianOS image for your Virtual Machine

  2. You need to setup a public IP address and choose the FQDN, usually the following convention is used: "connect.<yourdomain.com"

  3. You need to generate an SSL Certificate containing both the domain defined before as the CN ("connect.< yourdomain.com") and the wildcard domain as the SAN ("*.connect<yourdomain.com")

  • The only way to configure the wildcard domain is by putting the * symbol at the beginning and only once in the domain
  • The wildcard domain should not be like "*.<yourdomain>.com" because it will be both a security risk and also not all the browser will accept it
  • You need to insert in your DNS an entry for the FQDN and the wildcard domain. Here an example:
connect.yourdomain.com IN A XX.XX.XX.XX
*.connect.yourdomain.com IN CNAME connect.yourdomain.com
  • You will need to prove that you own the domain by responding to a DNS challenge and adding the corresponding entry in the DNS.

Setup the Virtual Machine Environment

Instance creation

  • Create a Virtual Machine respecting the following parameters:

Switchboard up to 50 Nodes

Cores: 2 or more

Memory: 4GB

Storage: 80GB

 

Switchboard up to 250 Nodes

Cores: 4 or more

Memory: 8GB

Storage: 256GB

 

Switchboard up to 2500 Nodes

Cores: 8 or more

Memory: 32GB

Storage: 1TB

 

  • Mount the ISO and start the Virtual Machine

  • Once the virtual machine will be booted the installation wizard will start

  • You will then be able to choose your language

  • Accept the Service and License Agreement

  • Choose your preferred configuration mode (here we will show the Setup Assistant)

  • Setup the root and admin passwords in order to access respectively via SSH (root) and via Web Interface (admin)

  • Select the time zone

  • Choose your preferred network mode

  • Choose how you would like to establish access to the internet

  • Configure the internet access by selecting a network interface

  • You can configure a backup access to the internet and assign it to a network interface

  • Configure your network by assigning network interfaces to every zone you want to use

  • Configure the network zones

  • Configure a mail server to send notifications

  • Click on "Finish" to complete the setup

  • Access with your Endian Network account or create it in order to register the Switchboard and start the subscription

  • This is an example of what you might see after completing the installation and configuration process. You will then be able to access to the Admin portal of the Switchboard from the browser by accessing to the Management URL you see in your console on port 10443.

Setup the Endian Switchboard

After setting up the environment, you can access the Admin portal of the Switchboard from the browser at: https://<the public IP previously assigned>:10443.

  • Login using the initial credentials you configured in the installation wizard

  • Under "System", "Endian Network", "Subscriptions", you need to register the appliance inserting your Endian Network account (or create a new one) and the activation code received

  • Under "System", "Updates", you can eventually install the last updates by clicking on "Install updates"

General settings

  • Under "Switchboard", "Settings", "General settings" you need to insert the Fully qualified domain name (FQDN) mentioned defined before

  • In order to be able to select the HTTPS certificate mentioned in the prerequisites, you need to upload the certificate from the menu "VPN", "Certificates", "Certificates", click on "Add new certificate" and then "Upload a certificate"

  • The certificate must be encapsulated in the format PKCS12 with a password

  • You will then select the PKCS12 file and the related password and then click on "Add"

  • Select the imported certificate

  • You can choose to use the Exclusive access In order to avoid concurrent connections at endpoint level or at gateway level

  • You can allow sending email for generating and resetting passwords only if you also configure the SMTP settings under the "Proxy" menu

  • You can also enable the remote API by adding the corresponding API key

  • Click on "Save"

Note: Be aware that after saving the configurations, the web server will restart and you will might need to reload the page

  • Now you can configure the VPN server under "Switchboard", "Settings", "Network"

  • The OpenVPN server is running out of the box, but you can select your own certificate and add it under "VPN", "OpenVPN server", "Server configuration"

  • Under VPN", "OpenVPN server", "Server instances" you can add other instances for example in case the default one listening on port 1194 is not compliant with your internal rules

  • If you cannot open the UDP 1194 port, but you can open another port you can do a DNAT port forwarding (from the "Firewall" menu)

  • If in some cases you will allow only port TCP 443, then you will have to add a new OpenVPN instance which will run on port 443, but will be bound to a different private IP address (which is the external IP address seen in the AWS configuration) since the port is already used by the Switchboard Portal

  • You can select the IP address to which the switchboard should bind

    • This is important if you have multiple public IP addresses

Network settings

  • Under "Switchboard", "Settings", "Network" you can select a different IP address on which you can bind the Switchboard (if you leave it blank, the active uplink will be used)

  • You need to select as "OpenVPN instance" the UPD OpenVPN instance

  • As "OpenVPN server public IP/FQDN and port" you need to choose the public IP/FQDN address previously set

  • You can also enable a fallback OpenVPN instance by clicking on "Enable fallback OpenVPN instance" and filling in the details of the fallback instance

  • You can check "Enable automated virtual subnet assignment" to assign virtual IP addresses inside the network and let two machines with the same set of IP addresses communicate between them

  • You can also define manually the virtual IP pool

Portal

  • Under "Switchboard", "Settings", "Portal" you should enable the Switchboard portal by checking the corresponding box

Outgoing mail settings

  • Under "Switchboard", "Settings", "Outgoing mail settings" you can uncheck the box and configure the outgoing mail settings (using a smart host if needed) or otherwise globally configure the settings under "System", "Settings", "Outgoing mail server" or under "Proxy", "SMTP"
Have more questions? Submit a request

Comments