Introduction
This document is a guide for installation of Zentera Network Switch - ZNS - software appliance hosted in a customer owned VM or physical server. For other forms of deployment, please see cloud-based or generic ZNS installation guide.
Zentera ZNS appliances act as distributed data-channel switch, that offers both redundancy and load balancing in the form of clusters.
The ZNS installation consists of two major steps - installing the software in a particular VM configuration, and then registering and configuring in tandem with the zCenter (orchestrator).
Deployment Considerations
If the ZNS appliance is intended to service data connections that are coming from users or machines outside of a corporate network and connecting to resources inside the network, it is necessary to have a public IP associated with the VM, and the IP be reachable from the relevant source areas. In this case, the typical deployment strategies are in corporate or regional DMZ, or public or private cloud managed by the corporation, with full control over the IP and network firewall.
In some cases, the ZNS can be deployed privately. In this case the users and machines that use the appliance for data channel must be able to route and reach the appliance.
Another important consideration is having DNS record and certificate configured for each ZNS node. This is important as any user endpoint or target server may connect to the ZNS appliance via some firewall, or through network inspection service that may reject the TLS traffic if its server name does not match the certificate.
Requirements
-
CentOS 7.9 minimal clean OS installation with sudo privileges to install the software
-
For VM sizing, please contact Zentera support
-
-
While the fundamental principle of the CoIP architecture is to minimize impact on corporate firewall configuration, there may be some environments that purposely and very strictly limit network traffic. For such consideration, the following network requirements must be met for proper operation of the ZNS and data tunnels
-
Control channel from zCenter to ZNS, TLS on TCP port 443 (configurable)
-
Control channel from ZNS to zCenter, TLS on TCP port 443
-
Data channel from users/VMs/servers/gateways/gatekeeps to ZNS, TLS on TCP port 443
-
ZNS SW Installation
-
Download the latest installation package from Zentera's ZenDesk Support Pages. The below references ZNS version 8.2
-
Extract package
-
tar -xzf zns_node_install-*.tar.gz
-
-
Run installer
-
cd zns-install-centos7.9.2009/
-
sudo sh install_zns_generic-7.9.2009.sh
-
zCenter Configuration - Pairing ZNS appliance with zCenter
-
In zCenter Admin Portal, create ZNS Cluster and Node objects
-
Go to Advanced Management → Service Management → ZNS Clustering
-
If needed, enable ZNS Clustering
Create a new ZNS Cluster or find an existing one to which more nodes would be added
Click “Add ZNS Node” for the desired ZNS Cluster
-
Fill out details for the new ZNS Node. Each ZNS Node is one VM with ZNS software installed. It is recommended to use DNS entries that would match the SSL certificate. Click OK.
Click Show Info and capture the ZNS ID. This unique string will be used to pair the appliance.
-
-
In the appliance zCLI shell, run the following commands to configure
-
sudo su ztu
-
enable # Note, default password is zcli123, it is recommended to change for production environments
-
service
- zns
-
cluster enable myzcenter.zentera.net <unique_string> 443
-
cluster show
-
This should now show “Cluster is enabled on this gateway”
-
After about a minute, the status icon on the zCenter Admin portal should show a green check mark for this node. Once the green check mark appears, the ZNS Node is ready for assignment and use in access policies
-
-
Comments
0 comments
Please sign in to leave a comment.