Deploy the
Cyber Recovery virtual appliance file to a VMware ESXi host in the
Cyber Recovery vault.
Prerequisites
Before you deploy the
Cyber Recovery virtual appliance file:
Obtain the DNS, default gateway, FQDN, subnet mask, and IP address of the VM. Adjust the time zone setting for your deployment so that logging times are accurate.
Ensure that you satisfy all preinstallation requirements (see
Getting Started).
About this task
The installation procedure takes approximately five minutes.
NOTE: By default, the AppArmor application is installed in a
Cyber Recovery virtual appliance deployment. The
Cyber Recovery software applies a customized AppArmor policy to the
Cyber Recovery Docker container services to provide compatibility and added security benefits.
Steps
From the vSphere Client in the
Cyber Recovery vault, use the Deploy OVF Template wizard to deploy the
Cyber Recovery virtual appliance file.
When the
Cyber Recovery virtual appliance deployment is completed, open the vCenter console for the newly deployed appliance.
Log in as the root user using the default password
changeme.
If you need to impose specific Docker subnets, follow these steps. Otherwise or if you plan to readdress the Docker network after the installation, go to step 5:
Stop the Docker services:
systemctl stop docker.service
Add a
default-address-pools definition for your environment to the
/etc/docker/daemon.json file.
NOTE: This code is an example; use values that are appropriate for your environment.
Update the configuration:
systemctl daemon-reload
Restart the Docker services:
systemctl start docker.service
Verify that the
docker0: interface is allocated from the pool that is defined in step b.
Run the following command to begin the installation:
# ./crsetup.sh --deploy
At the prompts, enter and confirm a lockbox passphrase, database password, and Security Officer (crso) account password of your choosing.
CAUTION:
Do not forget the lockbox passphrase; it cannot be recovered. If you forget or lose the passphrase, a fresh installation of the
Cyber Recovery software is required.
The lockbox passphrase is required to perform updates and reset the Security Officer's password.
The passphrase and password requirements are:
Between 9-64 characters
NOTE: For FIPS compliance, the lockbox passphrase must be at least 14 characters, and after a power loss, the passphrase must be changed.
At least one numeric character (0-9)
At least one uppercase character (A-Z)
At least one lowercase character (a-z)
At least one special character: ~!@#$%^&*()+={}|:";<>?[]-_,^'.
The installation procedure starts
Cyber Recovery services and then exits.
The installation procedure loads the
cyber-recovery.service file. If the
Cyber Recovery management host restarts after a shutdown, this file directs the management host to start the
Cyber Recovery services automatically.
NOTE: At this time, the full system control options are not configured. If you run the
systemctl command for
cyber-recovery.service, the status is displayed as inactive.
Log out of the
Cyber Recovery software and then do the following:
Use SSH to access the
Cyber Recovery virtual appliance as the admin user with the password
changeme.
At the prompt, change the password.
Use the
su command to switch to root.
Enter the root password
changeme.
At the prompt, change the password.
In your browser, go to the URL shown at the end of the installation script. Then, log in to the
Cyber Recovery UI using the default Security Officer (crso) account and the password that you created.
NOTE: If your system has an active firewall, ensure that the ports that are listed at the end of the installation script are open on the firewall.
Next steps
If you:
Readdressed the Docker network during this installation, verify that bridge interfaces and the Docker
cr_back and
cr_front networks are on separate subnets that are based on the
default-address-pools configuration in the
/etc/docker/daemon.json file.