Set up a virtual HIPswitch in VMware ESX/ESXi

This section contains instructions to install a virtual HIPswitch on the ESXi/ESX (VMware) platform.

Prerequisites

  • An existing installation of VMware ESX/ESXi server version 5.0 and later
  • A Conductor or HIPswitch OVA

System Requirements

The following VMware ESX/ESXi server hardware is required:

Processor
  • Minimum requirement of a single processor with hyper-threading support, VT-x technology, and 64-bit architecture.
  • Optimum configuration is minimum 4 processing cores with hyper-threading support, VT-x technology, 64-bit architecture, and AES-NI enabled in the host's BIOS.
Virtual image

Below are the minimum configuration requirements available for a virtual Conductor or HIPswitch image:

Platform Memory Disk
Conductor 4GB 120GB*
HIPswitch 1GB 1GB*

* Already included in the default OVA package

Port Group Configuration

By default, a virtual HIPswitch OVA image comes with two network interfaces. It is recommended each interface is attached to its own port group.
  • Port 1 functions as the underlay network
  • Port 2 functions as the overlay network

The virtual HIPswitch is expandable up to 6 ports. You may optionally configure one port for HA heartbeats with the HA role.

Security configuration

Port groups have default security settings inherited from their parent virtual HIPswitch. The following port group security settings should be changed to Accept:

Note: These changes only need to be made on the port group associated with the overlay device network port group.
  • Promiscuous Mode
    • Allows virtual interface adapters connected to this port group to see all Ethernet frames passed on the virtual switch that are allowed under the VLAN policy for the port group.
  • Forged Transmits
    • Allows virtual machines to send frames with a MAC Address that is different from the one specified on the virtual interface.

VLAN configuration

  • Set VLAN type to VLAN
  • Set a VLAN ID unique to this HIPswitch overlay device network and protected device
Note: Due to the nature of virtual HIPswitch port groups functioning as logical groups and not independent network groups, each port group attached to a HIPswitch should have a unique VLAN.

To deploy the virtual image

  1. Deploy a new OVF template from within vSphere or vCenter. For most deployments, the default settings are sufficient.
  2. Browse to the location of the downloaded OVA file.
  3. Give the virtual machine a unique name and select its storage location.
  4. Map the virtual machine's network interfaces with the correctly assigned port groups for the HIPswitch.
  5. Disk provisioning can be set to Thin Provisioned.
  6. Verify the configuration, select the Power on after deployment checkbox, and then click Finish to begin the update.

To configure a running virtual HIPswitch

Once the HIPswitch virtual image is successfully running, you can configure the unit to connect to Conductor. The underlay network interface (port 1) will default to a DHCP configured interface.

To determine the IP address assigned to port 1, from the console prompt, type username macinfo with password macinfo.

To manually set the IP address for port 1, from the console prompt, type username net with password net.

From the HIPswitch console, log in with the user account mapconfig. At the password prompt, type mapconfig. The prompt will ask you for the Conductor address and port.