ASG V7 Virtual Appliance Readme

Overview

   Welcome! This note is about how to get Astaro Security Gateway V7
   (ASG V7) running as a virtual appliance in any VMware virtualization
   product.

   You can download the ASG Virtual Appliance image from
   http://www.astaro.com/vmware. New customers are requested to fill
   out the registration form. Already registered users can directly
   download the virtual appliances from one of the following locations:
     * ftp://ftp.astaro.com/pub/Astaro_Virtual_Appliance/
     * http://download.astaro.com/Astaro_Virtual_Appliance/

   In addition, Astaro offers a free home use license including all base
   level components of ASG at no cost for home users for personal,
   non-commercial and non-revenue generating use.

   Once Astaro Security Gateway virtual appliance is installed and
   running, please refer to the ASG V7 Administration Guide or the online
   help for further usage information, both of which are included in
   Astaro Security Gateway.
  
Installation

   Have any VMware virtualization product installed. Supported VMware
   virtualization software is:
     * VMware Player
     * VMware Server
     * VMware Workstation
     * VMware ESX Server

   If you just want to glance at ASG Virtual Appliance to get a first
   impression of what ASG really does, we recommend using VMware Player
   for its ease-of-use. However, if you are considering using ASG Virtual
   Appliance in a production environment, or if you would like to conduct
   performance or load testing with ASG, we recommend using VMware ESX
   Server, because its network performance is much better.

   Download the ASG Virtual Appliance image from
   (http://www.astaro.com/vmware). If you are using VMware ESX Server,
   make sure to get one of the ESX optimized images depending on your ESX
   Server version (supported are ESX Server v2 and v3).
     * ESX Server v2: astaro-security-gateway-ESX_v2-va-6_808.zip
     * ESX Server v3: astaro-security-gateway-ESX_v3-va-6_808.zip
     * All other VMware virtualization software:
       astaro-security-gateway-va-6_808.zip

Using VMware Player

   1. Open the image in your VMware product and boot it. If you are using
   ESX, please follow the instructions below.

   ASG has a network interface card pre-configured as eth0, whose IP
   address is 192.168.150.5 by default.

   2. System boot was successful when you hear 5 beeps in a row and when
   the command-line login screen appears.
   
   3. Configure your Vmnet8 network adapter with the IP address
   192.168.150.1 and the subnet 255.255.255.0.

   In Windows, this can be done in the Network Connections menu. To open
   Network Connections, click Start, click Control Panel, and then
   double-click Network Connections. Select VMware Network Adapter VMnet8
   and change its IP address to 192.168.150.1.
  
   4. Then point your browser to https://192.168.150.5:4444, accept the
   SSL certificate, and you are ready to go. From here on configuring
   Astaro Security Gateway Virtual Appliance is like working with any
   Astaro Security Gateway.

   5. The first time you start ASG's Web frontend (called "WebAdmin"), the
   initial setup page will open. Enter accurate information
   of your company in the text boxes presented here. In addition, specify
   a password and valid e-mail address for the administrator account. When
   done, click the Perform Basic System Setup button to continue logging
   in. The login page appears. Type admin in the Username field and enter
   the password you have specified on the previous screen. After logging
   in, the system dashboard of WebAdmin appears, providing you with all
   system status information of the Astaro Security Gateway unit.
   
   6. Astaro Security Gateway V7 comes with a 15 day trial license. You
   can register at https://my.astaro.com to obtain a free home use
   license including all base level components of ASG at no cost for home
   users for personal, non-commercial and non-revenue generating use.
  
Using VMware ESX Server

  
ESX Server Version 2

   Note: The following instructions assume that you have VMware
   VirtualCenter installed. Alternative ways to install ASG for VMware ESX
   Server are neither supported nor documented.

   1. Add the Astaro Security Gateway virtual appliance image as a new
   template and follow the instructions in the wizard.
   
   First, specify the path to the configuration file for this template.
   Second, type in the name for this template and a brief description. In
   the Location of Template Files dialog, please select the option Use the
   virtual machine's files as template files.

   2. Deploy a virtual machine from this template (see Figure 5) and
   follow the instructions in the wizard.
  
   First, choose a name for the new virtual machine. Second, select the
   destination farm or virtual machine group for the deployed virtual
   machine. Third, select the host that this virtual machine will reside
   on. Then enter the locations on the destination host to place the
   virtual machine's configuration and disk files. Assign each network
   interface card to a network.

   3. In the Assign Resources dialog assign sufficient memory for the
   virtual machine: 256 MB are recommended.

   4. In the Guest Operating System Customization dialog select Do not
   customize the guest operating system.

   5. ASG V7 has a network interface card (NIC) pre-configured as eth0,
   whose IP address is 192.168.150.5 by default. However, a default
   gateway is not configured. Therefore you have to configure a network
   interface within your ESX server that allows you to connect to ASG
   using this IP address.

   6. System boot was successful when you hear 5 beeps in a row and when
   the command-line login screen appears. Then point your browser to
   https://192.168.150.5:4444, accept the SSL certificate, and you are
   ready to go.

   Note: Please note that the network interface of the client system onto
   which the browser runs must be connected to the correct ESX server
   interface, having an IP address of the same subnet, for example
   192.168.150.2.

   From here on configuring Astaro Security Gateway Virtual Appliance is
   like working with any Astaro Security Gateway.

   7. The first time you start ASG's Web frontend (called "WebAdmin"), the
   initial setup page will open. Enter accurate information of your
   company in the text boxes presented here. In addition, specify a
   password and valid e-mail address for the administrator account. When
   done, click the Perform Basic System Setup button to continue logging
   in. The login page appears. Type admin in the Username field and enter
   the password you have specified on the previous screen. After logging
   in, the system dashboard of WebAdmin appears, providing you with all
   system status information of the Astaro Security Gateway unit.

   8. Astaro Security Gateway V7 comes with a 15 day trial license. You
   can register at https://my.astaro.com to obtain a free home use
   license including all base level components of ASG at no cost for home
   users for personal, non-commercial and non-revenue generating use.
  
ESX Server Version 3

   For the ESX v3 management software (Virtual Infrastructure Client)
   there is no template import as for ESX v2. Therefore, the installation
   of ASG Virtual Appliance must partly be installed via the command-line
   interface.

   The following describes one possible way of installing ASG Virtual
   Appliance on the console.

   1. Copy the ZIP archive containing ASG Virtual Appliance to a directory
   of your choice.

   2. Unpack the downloaded ZIP archive to an appropriate location. Note
   that you might need administrator privileges to do so.

   3. Change into the directory ASG_6.808_esx_v3 (note that the name may
   change in later versions)

   4. Start the Shell script astaro_va_install_ESX_v3.sh
   
       [root@dell2 ASG_6.808_esx_v3]# ./astaro_va_install_ESX_v3.sh

   This will convert the VMDK image and register the ASG Virtual
   Appliance.
       Converting VMDK image:
       Destination disk format: VMFS thick
       Cloning disk 'tmp_12150/ASG_6.808_esx_v3.vmdk'...
       Clone: 100% done.
       Registering ASG/ACC Virtual Appliance...
       register(/vmfs/volumes/storage1/ASG_6.808_esx_v3/ASG_6.808_esx_v3.vmx) = 1
       All done, have fun!

   After the script is finished, the ASG Virtual Appliance image will be
   displayed in the Virtual Infrastructure Client program under the
   Inventory tab in the folder Virtual Machines and Templates >> New
   Folder >> New Datacenter >> Discovered Virtual Machines.
   The ASG Virtual Appliance can be used right away or be converted to a
   Template, which can then be used to deploy a Virtual Appliance from it.
  
   After the ASG Virtual Appliance has been registered, adjust your
   network adapter settings. Make sure that you have selected both 
   checkboxes in the Device Status area. From the Network label 
   drop-down list in the Network Connection area, select VM Network.
   Click OK to save your settings.
   
Additional Information

   Once Astaro Security Gateway virtual appliance is installed and
   running, please refer to the ASG V7 Administration Guide and online
   help for further usage information, both of which are included in
   Astaro Security Gateway.
  
About Astaro Security Gateway

   Astaro Security Gateway (formerly Astaro Security Linux) is an
   award-winning, unique network security solution in an integrated and
   easy-to-use and manage package. It includes a combination of the
   following security applications:

   Web Security
     * Spyware Protection blocks incoming spyware, adware and other
       malicious applications, and prevents them from sending out
       confidential information.
     * Virus Protection for the Web defends computers against virus
       infections from web downloads and web-based email.
     * Content Filtering can block Internet access to 60 categories of web
       sites during working hours.

   Email Security
     * Virus Protection for Email catches viruses in SMTP and POP3 emails
       and attachments, even in compressed and archived formats.
     * Spam Protection uses eight different techniques to filter out spam
       without stopping legitimate emails.
     * Phishing Protection blocks emails from criminals trying to trick
       users into revealing confidential information.

   Network Security
     * Intrusion Protection detects and blocks probes and
       application-based attacks using heuristics, anomaly detection, and
       pattern-based techniques.
     * Firewall, with stateful packet inspection and application-level
       proxies, guards Internet communications traffic in and out of the
       organization.
     * Virtual Private Network assures secure communications with remote
       offices and "road warriors".

Support

   If you run into problems please contact us through
   http://www.astaro.com/support_security/support/ or by writing an
   email to our Support team (mailto:support@astaro.com). Our customer
   service representatives will be happy to help you.

   Finally, we recommend to register at https://my.astaro.com to
   obtain a free home use license for Astaro Security Gateway or to gain
   access to latest security and product information.

   Enjoy,

   Your Astaro Team