Deploying ICS on OpenStack Using Horizon Dashboard

Before proceeding with the ICS deployment, ensure that the necessary prerequisites are set up.

Ivanti recommends using standalone nodes or clusters of a maximum of two nodes behind a load balancer.

Ivanti Security Appliance (ISA)/ISA-V does not support clusters containing more than two nodes for ICS.

To deploy ICS on OpenStack, do the following:

1.Log in to the OpenStack.

2.In the OpenStack dashboard displayed, select Project > Compute > Imagesand then create an image. For more information, see Create Image.

KVM application should be compatible to increase the disk size else you will not be able to resize the disk space.

If the user is upgrading to 22.6R2 or later, then the disk size change from 40 GB to 80 GB have to be done prior to upgrade on open stack KVM platform.

Disk Size Allocation is supported from 22.6R2 and later releases.

3.From the list of images displayed, click on Launch corresponding to the ICS KVM image you want to launch.

The following figure depicts the ICS VA Images screen:

4.In the Launch Instance Details window, fill the following and then click Next.

•Instance Name: Specify host name of the ICS Virtual instance

•Description: Enter a brief description on this instance

•Availability Zone: Select the zone where the instance is deployed

•Count: Number of VM instances

The following figure depicts the Device Details screen:

5.The Source window displays the details of the image used. Click Next.

The following figure depicts the Source Selection screen.

6.In the Flavor window, select required flavors of ISA-V (ISA4000-V, ISA6000-V, ISA8000-V) from the list based on the memory and storage capacity of the instance. Click Next.

The following figure depicts the Flavor Selection screen.

7.In the Networks window, select networks from the list that specifies internal, external and management subnets. ICS supports VM with 2-NICs model and 3-NICs model for deployment. Click Next.

The following figure depicts the Network Selection screen:

8.(Optional) Network Ports window. Click Next.

The following figure depicts the Network Ports Selection screen:

9.In the Security Groups window, select the required network security groups from the list for internal, external and management ports. Click Next. To create new security groups, refer Creating Required Security Groups for Internal, External and Management Ports

The following figure depicts the Security Groups Selection screen:

10.Key Pair is not used. Click Next.

The following figure depicts the Key Pair screen:

11.Click Choose File and import the file that contains the provisioning parameters in XML format OR paste the Customization script and do the required modifications. Select the Configuration Drive check box. The template file is available for ISA-V instance and click Launch Instance upon selecting the Configuration Drive option.

The following figure depicts the Configuration Script screen:

12.The Instances window lists all the ICS VA instances. The blue bar in the Task column shows the status of creation of the instance. This will take a few minutes.

Open the created ICS VA instance by clicking on the Instance Name link.

The Interface tab shows the networks that are created.

The Log tab shows the log details of the device that is created.

The console tab provides the virtual console to view the device coming up.

13.Next, the Internal and External interfaces are configured by DHCP (Zero touch configuration).

The following figure depicts the Internal and External Interfaces Configuration by DHCP screen:

14.The Config URL is downloaded for initial configuration.

The following figure depicts the Download Config URL from Template screen: