Skip to main content
Virtual Appliance

Search

Cequence UAP Virtual Appliance on VMware ESXi

© 2024 Cequence Security. All Rights Reserved.

Cequence UAP Virtual Appliance on VMware ESXi

  • Updated on
  • ~ minute read
Download PDF

Prerequisites

Before you start, confirm that your environments match the following pre-requisites. Download the OVA file.

VMware Compatibility and Permissions

  • ESXi 7.x or better
  • Access to VMware vCenter Management Console
  • Ability to upload OVA files
  • Ability to launch OVA templates from vCenter

Hardware Requirements

  • 16 vCPU x86_64 architecture
  • 64 GB RAM
  • 100 GB SSD or better disk

Launch Instance of the Cequence UAP OVA from the vSphere HTML5 Console

  1. Log In to vSphere HTML5 Client: Open your web browser and navigate to the vSphere HTML5 client URL. Log in with your credentials.

  2. Navigate to the Host or Cluster: In the vSphere HTML5 client, navigate to the host or cluster where you want to deploy the OVA. Click on the host or cluster in the "Hosts and Clusters" view.

  3. Go to "Actions" Menu: Once you are on the host or cluster view, click on the "Actions" menu.

  4. Select "Deploy OVF Template": From the "Actions" menu, select "Deploy OVF Template." This option initiates the OVA deployment wizard.

  5. Browse for OVA File: In the "Deploy OVF Template" wizard, click on "Browse" to locate and select the OVA file from your local machine.

  6. Review OVF Template Details: After selecting the OVA file, review the details displayed in the wizard. Ensure that the information is correct and matches the specifications of your virtual machine.

  7. Specify Name and Location: Enter a name for the virtual machine and select the location where you want to deploy it.

  8. Select Deployment Configuration: Choose the deployment configuration that best suits your needs. This may include options like storage, networks, and other settings depending on your virtual environment.

  9. Review Configuration: Review the configuration settings to ensure they are correct. Make any necessary adjustments.

  10. Complete Deployment: Click "Finish" to start the deployment process. vSphere HTML5 client will begin importing and deploying the OVA.

  11. Monitor Deployment Progress: Monitor the progress of the deployment in the vSphere HTML5 client. This may take some time depending on the size of the OVA and the resources available.

  12. Power On the Virtual Machine: Once the deployment is complete, power on the virtual machine from the vSphere HTML5 client.

Create DNS entries

  1. Identify a subdomain you will use to access the resources on Cequence UAP, such as cqai.yourdomain.com
  2. Once the machine is up, use the routable IP address of the virtual machine to create the following DNS entries, all pointing to the same IP address of the virtual machine -
    • auth.cqai.yourdomain.com
    • edge.cqai.yourdomain.com
    • ui.cqai.yourdomain.com
    • policy-engine.cqai.yourdomain.com
    • airflow.cqai.yourdomain.com

Note: If you’re using AWS Route 53, you can simply create an entry like - *.cqai.yourdomain.com to point to the virtual machine's IP address

Note: If you’re using AWS Route 53, you can create an entry like - *.cqai.yourdomain.com to point to the virtual machine's IP address

Set up Cequence UAP

  • SSH to the virtual machine with the following credentials
# ssh cq-user@ui.cqai.yourdomain.com
password: apiprotection

  1. Choose a deployment option.
    To deploy the Cequence UAP platform on its own, run the following setup command. Substitute yourdomain.com with your actual subdomain.

    # /opt/cequence/bin/setup.sh cqai.yourdomain.com

    To deploy Redis and Prometheus as well as the Cequence UAP platform, run the following setup command.

    # /opt/cequence/bin/setup.sh cqai.yourdomain.com stage

    Setup takes around 15 minutes to complete.

  2. Run the following command to display the password for the default account. Note the password for later use.
    kubectl get secret  ui-default-user  -n cequence --template={{.data.password}} |  base64 -d
  3. Navigate to the https://auth.cqai.yourdomain.com URL and accept the self signed certificate in the browser.
  4. Log in with the default credentials.
    The default username is cq-ui. Use the default password displayed earlier in this procedure.

Cequence UAP platform configuration is discussed in the product documentation.

Configuring HTTP traffic management

Prerequisites

Confirm that you have access to the Cequence UAP platform web UI.

Steps:

  1. Access the HTTP Traffic Filters configuration page.
    1. Navigate to the Cequence UAP portal.
    2. Click Applications tab.
    3. In the Applications section, click HTTP Traffic Filters.
    4. Click Configure.
  2. Set the filter type. In Filter Type, select the UAP and Sentinel checkboxes.
  3. Set the domain. In Domain, type *.
  4. Set the path:
    1. In Path, type /**.
    2. Select the Includes subpaths checkbox.
  5. Set the HTTP methods. In Select HTTP Methods to be processed, select ALL from the dropdown menu.
  6. Save the configuration. Click Save.

Filter-Config.png

Next Steps

Configure Data Plane Components:

Was this article helpful?