Using VMware Telco Cloud Automation, you can deploy airgap appliance OVA from vSphere UI. For more details on deployment of OVA via Ovftool, refer to Deploy OVA via ovftool.

Prerequisites

VM Resource Requirements
Type Requirement Comment
CPU 8
RAM 32 GB
Storage 1.5 TB
NIC 1 Single arm design, rerun deploy to switch network

Prerequisites

Verify that you comply with the following prerequisites to initiate the deployment:

  1. Must assign an FQDN to the airgap appliance before deploying OVA.
  2. Must have the new passwords for root user, admin user, and harbor admin user.
  3. (Optional) An internet-accessible environment is required to directly sync data from the internet onto the deployed VM.
  4. (Optional) A set of static IP addresses is required to deploy the airgap appliance in a production environment.

Procedure

  1. Login to vCenter with vSphere Client.
  2. Right click an ESX host and select Deploy OVF Template… from the pop-up list.
  3. In the open wizard, Select an OVF template, select URL or Local file.
    1. For the default URL option, enter the URL to download and install the OVF package.
    2. For uploading a local file, download the OVA to the local desktop. Select Local file, then click Upload Files to select the downloaded OVA. Click Open.
  4. Click Next.
  5. Under Specify a unique name and target location in the Select a name and folder tab, enter Virtual machine name:. Specify a VM folder under Select a location for the virtual machine. to store the VM. Click Next.
  6. Under Select a compute resource, select an ESX host or a resource pool to deploy the OVA.

    This will automatically run a compatibility check and the results will be displayed in the Compatibility field. Once If the check succeeds, click Next.

  7. Verify the appliance publish information on the displayed Review details tab. Click Next.
  8. Review and check I accept all license agreements. under License agreements and click Next.
  9. In the Select storage tab, select a datastore from the list. Click Next.
  10. In the Select networks tab, select a destination network for VM from the dropdown menu and click Next.
  11. In the Customize template tab, there are 7 groups of vApp options which can be used to customize the appliance.
    1. Application
      1. Enable SSH: Checked by default, this enables remote login with SSH.
      2. Initial database password: Photon embedded DB password. The input requires 8 to 32 bytes, at least one number, one lower case character, one upper case character, and one special character.
    2. Networking
      1. VM FQDN name: Enter the FQDN name. IP address is not supported for this field.
      2. Host Network IP Address Family: Select from drop-down options, IPv4, IPv6, and Dual Stack. The default value is IPv4.
      3. DHCP mode: This will be unchecked by default. If checked, all static IP configurations will be ignored.
      4. IP Address IPv4: Enter static IPv4 address.
      5. Netmask IPv4: Enter static IPv4 netmask.
      6. Gateway IPv4: Enter static IPv4 gateway.
      7. DNS IPv4: Enter static IPv4 DNS.
      8. IP Address IPv6: Enter static IPv6 address. This remains active when IP Address Family is set to IPv6 or Dual Stack, and DHCP mode is unchecked.
      9. Netmask IPv6: Enter static IPv6 netmask. This is active when IP Address Family is set to IPv6 or Dual Stack, and DHCP mode is unchecked.
      10. Gateway IPv6: Enter static IPv6 gateway. This is active when IP Address Family is set to IPv6 or Dual Stack, and DHCP mode is unchecked.
      11. DNS IPv6: Enter static IPv6 DNS. This is active when IP Address Family is set to IPv6 or Dual Stack, and DHCP mode is unchecked.
      12. DNS Domain: Enter domain name of DNS. For example: example.com, test.net.
      13. NTP server: Enter NTP server in the environment, FQDN, or IP address.
    3. Proxy
      1. Enable Proxy: Unchecked by default, check the option to enable sync data through proxy server.
      2. HTTP Proxy: Enter URL to HTTP proxy server.
      3. HTTPS Proxy: Enter URL to HTTPS proxy server.
      4. No Proxy Address List: Enter list of addresses which will not go through proxy server when sending/receiving data, separated by comma.
      5. Proxy Certificate: (Optional) In case of proxy server config with certificate, enter the certificate content in Base64 format Use this online tool to convert certificates to Base64 format.
    4. Certificate Type
      1. Certificate Type: The default option is “Customer-Provided” cert. Select “Generate-New” to generate a new self-signed certificate.
    5. Customer Provided Certificate: This section is active when “Customer-Provided” certificate type is selected. All certificates entered should be in Base64 format. Use Base64 Encode to convert certificates to Base64 format.
      1. Server Cert: Enter full chain server certificate contents in Base64 format.
        1. Compose a file with the following content.
          -----BEGIN CERTIFICATE-----
content of server certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
content of intermediate CA certificate, that signed server certificate
-----END CERTIFICATE-----
… < more intermediate CA certificates on the chain if there are>
-----BEGIN CERTIFICATE-----
content of Root CA certificate
-----END CERTIFICATE-----
        2. Use Base64 Encode to convert the file content to Base64 format.
      2. Key of Server Certificate: Enter server certificate key in Base64 format.
      3. CA Cert: Enter trusted Root CA certificate content in Base64 format. This is optional when using a public certificate.
    6. Generate New Certificate: This field is active when the Generate-New certificate type is selected.
      1. CA Common Name: Enter the same input as the domain name.
      2. Country Name: Enter country of certificate.
      3. State Name: Enter the state of certificate.
      4. County Name: Enter the county of certificate.
      5. Organization Name: Enter your organization name.
      6. Business Unit Name: Enter your business unit name.
    7. Credential
      1. Root Password: Enter new password for root user. This has to be of 8 to 32 bytes, at least one number, one lower case character, one upper case character, and one special character.
      2. Admin Password: Enter new password for admin user. This has to be of 8 to 32 bytes, at least one number, one lower case character, one upper case character, and one special character.
      3. Harbor Admin Password: Enter new password for harbor admin user. This has to be of 8 to 32 bytes, at least one number, one lower case character, one upper case character, and one special character.

      Click Next.

  12. In the Ready to complete tab, review details of the previous settings and click Finish to start OVA deployment.