Secure VERDE Gateway install and configuration Instructions

Secure VERDE Isolated Gateway install and configuration Instructions

Product Line:  VERDE

 

These instructions are for each VERDE Gateway host and each VERDE Cluster Master candidate. (Note: If 3 VERDE Gateway hosts and 2 VERDE Cluster Master candidates are being configured, 2 "authorized_keys" files will be required with each containing 3 public key lines

 

On all VERDE Gateway hosts, do the following:

1.  Install the VERDE software via the CD/DVD created by the ISO downloaded from the VERDE resource site (Please refer to the VERDE Administrator Guide sections “VERDE Gateways” for installation requirements and preparation and section “Installing VERDE on Bare Metal”. 

2.  During the VERDE Server Configuration process, a request for “External Storage Type” will occur.  Select “3 – Do not configure mount point”.

3.  SSH into the VERDE Gateway.

4.  Switch from root user to vb-verde user:

  • su - vb-verde

5.  Delete any existing .ssh directories (in /home/vb-verde): 

  • rm -rf .ssh

6.  Create passphraseless key:

  • ssh-keygen -t rsa
  • Do NOT enter a passphrase, use default file location.

7.  SSH to Cluster Master candidates to add the gateways  

  • ssh vb-verde@IPADDRESS
  • Accept "yes", then CTRL-C at the password prompt, no need to actually log in)

8.  Exit back to root:

  • exit

9.  Run "/usr/lib/verde/bin/verde-config -i", set Isolate GW parameters by following the Configuration planning and Installation Guide” , Page 47.

10.  VERDE Gateway is now configured.

 

On all VERDE Cluster Master candidates, do the following:

1.  Install and configure the VERDE Cluster Master on all Cluster Master candidates via instructions in the VERDE Administrator Guide.

2.  SSH into the VERDE Cluster Master.

3.  Switch from root user to vb-verde user:

  • su - vb-verde

4.  Create a new .ssh directory (/ho:

  • mkdir .ssh
  • chmod 700 .ssh
  • cd .ssh

5.  Create a “authorized_keys” file in the /home/vb-verde/.ssh directory on the VERDE Cluster Master.

6.  For each VERDE Gateway, select the key ("cat id_rsa.pub") from within the /home/vb-verde/.ssh directory (located on the Gateway server) into your copy-paste buffer

7.  Use the Linux vi editor to edit the "authorized_keys" file in the /home/vb-verde/.ssh subdirectory on the Cluster Master:

  • vi authorized_keys
  • Type i to go into "typing insert mode".
  • Paste the key, make sure it starts with "ssh-rsa".
  • Position cursor at first column of the line, before "ssh-rsa" and type:

command="/usr/lib/verde/bin/verde-mc-runas vb-verde -",no-port-forwarding,no-pty

  • Add one space between "pty" and "ssh-rsa".
  • Type ESC to exit out of "typing insert mode".
  • Type ZZ to save and exit.  (or, if a mistake is made, use  :q!   to not save)
  • Run “chmod 600 /home/vb-verde/.ssh/authorized_keys” to apply the required access rights to the authorized_keys file.
  • Do all the above steps for the id_rsa.pub files on all gateway nodes.

            

Test each VERDE Gateway Host communication with Cluster Master by doing the following:

1.  SSH into the VERDE Gateway.

2.  Switch from root user to vb-verde user:

  • su - vb-verde

3.  Run the following command as user vb-verde

  •  /usr/lib/verde/bin/verde-mc-runas root verdecmon-ni -c hello

4.  Exit code should return a value of zero.  If a 127 code appears, there's an error.


5.  If installing via rpm's disable/stop the iptables.
 
  • /etc/init.d/iptables stop
  • chkconfig iptables off

 


    • Related Articles

    • Installing Centos7.x for VERDE 8.2.1, 8.2.2(rpm) vGPU, 8.2.2 and 8.2.3+

      Product Line:  VERDE With the new Centos 7, installation and networking have changed.  Here are the instructions to get VERDE 8.2.1  and 8.2.2(rpm) and Centos 7 installed. Burn Centos 7 Minimal to a CD/DVD or USB Install the OS Select your timezone ...
    • Instructions for a WPAD.PAC File to VERDE DHCPD or Proxy Gateway

      Produce Line:  VERDE The following is the documentation on adding wpad.pac file to Verde DHCPD or Proxy Gateway:                      Steps to Modify the DHCPD Process for Including wpad.pac file   #]  cat dhcpd.conf.template ddns-update-style ...
    • VLAN Prep Steps - Enable Linux Networking and Installing verde-brctl

      Product Line:  VERDE The following steps need to be implemented before enabling VLAN. Switching VERDE Node from Openvswitch to Linux Native:  Disable openvswitch and enable “Standard Linux Network Configuration” (verde-menu -> 1 Network Configuration ...
    • Install VERDE (rpm) on Centos 7 with NIC Teaming

      Product Line:  VERDE NIC Teaming is a very nice networking feature that lets us use more than one adapter in a paired mode (team) for better speed and more redundancy.  Here are instructions for TEAMING two NICs while installing Centos7 with VERDE. ...
    • VERDE VDI Optimization for Windows 10

      Product Line:  VERDE   Introduction   A basic Windows 10 ISO is not configured by default for VDI implementation.  If not configured correctly, a Windows 10 guest will consume a a large amount of CPU, Memory and network resources per desktop. The ...