After installing the CVSG-VE Location, you should return to its CVSG-VE Location form in App Net Manager to configure additional functionalities of the CVSG-VE Location and to partner the CVSG-VE Location with other Corente Locations (for example, the head-end gateways at your datacenter), CVSG-VE Locations, or Corente Clients. Whenever the procedure for configuring these tabs is the same for a CVSG-VE Location as it is for an ordinary Corente Virtual Services Gateway, this guide will provide a cross reference to the appropriate section or chapter of the Corente manual that explains the fields and options on the tab.
In addition to the Identity and Location and Maintenance sections that are explained in the Installation section (Section 6.2, “Installation in App Net Manager”) of this guide, the Location tab provides two other options:
If you would like this CVSG-VE Location to send system log messages to be captured by another server, use the options provided in this section. For more information on remote logging with Corente, refer to the “Location” section in the II B. Corente Services Policy Definition and Provisioning manual.
This tab also includes a Notes field if you would like to save any notes about this CVSG-VE Location.
The Network tab allows you to:
Enable OSPF, RIPv2, or BGP to automate routing if you have more than one subnet on your LAN that you would like to participate in your secure network, and one or both of these services are enabled on your LAN routers;
Enable backhaul to aggregate your Internet traffic and have it exit outbound to the Internet and enter inbound to your network via a single Location (or multiple locations, if you prefer); and
Allow or deny nested subnets between this CVSG-VE Location and its partners.
For more information on the features available on this tab, refer to the “Network” section in the II B. Corente Services Policy Definition and Provisioning manual.
The Applications tab allows you to register applications installed on VMs or local servers, which can then be shared by the CVSG-VE Location with the head-end Corente Virtual Services Gateways at your datacenter (or any other partner), registered with Corente DNS, and monitored via the Reports feature of App Net Manager and Gateway Viewer.
Once you complete the application definition, it can be used to create tube definitions on the Partners tab between this CVSG-VE Location and its partners (see Section 6.3.7, “Partners Tab”).
Additionally, if you would like a VM itself (and not just its applications) to be reachable via DNS name, you can register the VM as an application on this Applications tab and select the Register Application Name in DNS option for it.
For information on creating an application definition and completing the fields and options available on this tab, refer to the “Applications” section in the II B. Corente Services Policy Definition and Provisioning manual.
The Monitored Servers tab allows you to register servers with this CVSG-VE Location in order to monitor the availability of these servers and the usage of certain resources on these servers (CPU, physical memory, disk space, and/or swap space).
This feature can also be used to monitor each VM that is installed in a CVSG-VE Location as if it were an ordinary server on the LAN, as long as the appropriate SNMP MIBs have been installed on the VM.
For more information registering a local server or VM to be monitored with this feature, refer to the “Monitored Servers” section in the II B. Corente Services Policy Definition and Provisioning manual.
The User Groups tab lets you identify groups of VMs and machines on the CVSG-VE Location’s local network (computers, servers, printers, etc.) that will be allowed to participate in your secure network.
The IP addresses of all secure network participants must be included in the Default User Group. To edit the Default User Group, select Default User Group and click the Edit button. When assigning an address to the WAN/LAN or LAN interface of your CVSG-VE Location, you may have added the entire subnet of that address to the Default User Group by clicking Yes on the Add Address Range dialog box.
In order to share a VM application across the secure network, the IP address of that VM must be included in the Default User Group.
For policy purposes and tube configuration, you can click the Add button to create additional User Groups that are subsets of the Default User Group.
For more information on creating User Groups, refer to the “User Groups” section in the II B. Corente Services Policy Definition and Provisioning manual.
If your local network is organized into different subnets of computers and you would like more than one of these subnets to be included in your secure network, you can use OSPF, RIPv2, or BGP to automatically manage these routes (enabled on the CVSG-VE Location using the Network tab of the Location form) or add static routes from your CVSG-VE Location to these computers with the Routes tab of the Location form.
For more information on registering local routes with the CVSG-VE Location, refer to the “Routes” section in the II B. Corente Services Policy Definition and Provisioning manual.
The Partners tab is used to partner the CVSG-VE Location with any Corente Virtual Services Gateway, CVSG-VE Location, or Corente Client in your Corente domain or extranet (for example, the head-end gateways at your datacenter). You will also use this tab to create tubes to refine the access between the applications/User Groups of the CVSG-VE Location and those of its partners.
This tab also contain two access partners that automatically appear in the Partner list: LAN to Internet Access and LAN to Location Access. These partners can be used to configure firewalls on different connections that your CVSG-VE Location provides.
The LAN to Internet Access partner allows you to enable a Corente Virtual Services Gateway-based Internet firewall and to enable port forwarding for your LAN.
The LAN to Gateway Access partner allows you to limit the local machines on a the LAN that are allowed to access the CVSG-VE Location's IP address for such services as monitoring via SNMP or using the Corente Gateway Viewer application.
When either of these partners is selected, Tubes can be defined for the connection. For more information about the purpose of these access partners and how to use them, refer to “Appendix B: Additional Tube Configurations” in the II B. Corente Services Policy Definition and Provisioning manual.
To add a new partner, click the Add button. To edit an existing partnership, select the name of the partner and click Edit.
The Add Partner screen for CVSG-VE Locations will be displayed. This screen is similar to the Add Partner screen for Locations, but contains fewer options due to the differences in functionality of the devices. You can use this screen to configure several parameters for the partnership, including NAT settings, connection sharing, and failover specifications when you would like the partner to be a Backup partner only.
You can also create tubes for this partnership in the Tubes section.
Remember that all Location partnerships are based on mutual consent—not only must the partnership be enabled and configured for this CVSG-VE Location on its CVSG-VE Location form, but it must be enabled and configured for the partner on that partner’s form.
For more information on these fields and on creating tubes, refer to the “Partners” section of the II B. Corente Services Policy Definition and Provisioning manual.
The Simple Network Management Protocol (SNMP) is a protocol used to monitor network performance and certain aspects of network devices. With the options on the SNMP tab, you can configure how SNMP will be used to retrieve information about this CVSG-VE Location and its tunnel connections.
For more information on the features available on this tab, refer to the “SNMP” section in the III. Corente Services Administration manual.
The User Remote Access tab allows an administrator to manage remote access to this CVSG-VE Location. Corente Clients, SSL Clients, and Mobile Users can be granted access to the VMs, local servers, and their applications.
For information on how Corente Client and SSL Client access to a CVSG-VE Location is configured, refer to the section “User Remote Access” in the VI. Corente Services Client and VII. Corente Services SSL Client manuals.
The High Availability tab allows you to enable failover for the CVSG-VE Location, allowing you to redirect partner traffic that is bound for VMs on this CVSG-VE Location or to servers on the CVSG-VE Location’s s LAN to other Backup Locations in your domain.
Because VMs reside in the CVSG-VE Location itself, VMs themselves are unavailable if the connection to the CVSG-VE Location fails. Traffic failover for User Groups containing VMs or applications served by VMs can only be used when the Backup Location provides access to a subnet where these VMs are mirrored.
For more information on configuring traffic failover for a CVSG-VE Location, refer to the section “High Availability” in the II B. Corente Services Policy Definition and Provisioning manual.
The Alerts tab allows you to enable email notifications and SNMP traps for alerts generated by the Corente Virtual Services Gateway Software in the CVSG-VE Location.
For more information on configuring alerts for a CVSG-VE Location, refer to the section “Alerts” in the II B. Corente Services Policy Definition and Provisioning manual.
.
VMs and their applications are updated by overwriting the current disk images on the VM with new disk image files. To update a VM on a CVSG-VE Location, ensure that the new virtual disk image(s) have been placed on the Rsync Application Deployment Server used by your CVSG-VE Locations (if the disk images are supplied remotely) and/or that you have a USB flash drive or CD/DVD with the new disk images (if the disk images are supplied locally).
In App Net Manager, on the CVSG-VE Location form for each
CVSG-VE Location, access the Virtual Machines tab and Edit the
VM you want to update. In the window that is displayed, locate
the disk(s) you want to update and enter higher value(s) for
their Version parameter(s). Click OK on this window and the
CVSG-VE Location form window, then Save your changes in
App Net Manager. Make sure that a monitor and keyboard are
connected to the CVSG-VE Location. The SCP will contact the
CVSG-VE Location and notify it that new version(s) of the
virtual disk file(s) are available for the virtual disk(s) you
want to update. The CVSG-VE Location will fetch the new file(s)
by the method that is specified for the disk(s) on the Virtual
Machines tab (i.e., fetchlocal or
fetchremote) and overwrite the current
virtual disk image(s) on the VM.
Because updating a virtual disk completely overwrites the previous disk image file, any persistent or temporary data previously stored on the disk will be deleted permanently. If the VM is arranged so that you are storing data on a virtual disk that you would like to update, you can avoid losing the data by logging into the VM and copying the data out before updating. However, because entire disk image files cannot be retrieved from a CVSG-VE Location once they are installed, it is easier to avoid a time-consuming data retrieval process by simply having the VM arranged so that persistent or temporary data is stored on another virtual disk during normal operation of the VM.