Import Virtual Appliance

VMWare

VMware requirements:

  • ESX & ESXi version 5 and up

  • VMware Workstation

  • VMware Player

Import virtual appliance

  1. Download the VMware virtual appliance from https://www.ciphermail.com/downloads-virtual-appliance.html.

  2. Unzip the downloaded zip file.

  3. Import the virtual appliance using the tool that comes with your VMware product. For example with the vSphere client, select the menu option “Deploy OVF Template…” and select the ovf file to import.

  4. To prevent swapping because of memory overcommitment, reserve all memory for the virtual machine.

Tip

VMWare memory reservation can be set using the following procedure:

  1. Select settings of the virtual appliance

  2. Select resources tab and finally

  3. Select memory and set reservation to the limit based on parent resource pool or current host. For more information on running a JVM on ESX see http://www.vmware.com/resources/techresources/1087

Hyper-V

  1. Download the Hyper-V virtual hard disk from https://www.ciphermail.com/downloads-virtual-appliance.html.

  2. Unzip the virtual hard disk file to the location where all the virtual hard disks are stored.

  3. Create a new virtual machine.

  4. Set memory to 2 GB (≥ 4 GB recommended)

  5. Connect the network.

  6. Select “Use an existing virtual hard disk” and select the gateway virtual disk.

  7. Optionally, select more than one “Virtual Processor” (≥ 2 vCPUs recommended)

  8. Finish the “New Virtual Machine Wizard”.

Virtual Appliance configuration

After the Virtual Appliance has been imported, the virtual machine can be “Powered on”. The first time the Virtual Appliance starts, new SSH and SSL/TLS keys will be generated. After starting for the first time, the Virtual Appliance should be configured.

Note

For security reasons, the gateway is not yet configured with an IP address. The IP address can be configured using the console application.

Login to CipherMail from the VM console using the default console login credentials:

username

sa

password

sa

After logging into the Virtual Appliance console, the system console tool will be started. The system console tool can be used to configure certain aspects of the gateway which cannot be configured from the WEB GUI.

Only basic settings, like IP address, Timezone etc., should be configured using the console tool. All other settings should be configured from the Admin Web GUI.

Tip

After configuring the IP address, you can login via ssh.

Virtual appliance system console

The Virtual Appliance system configuration tool contains the following main menu items: “File”, “Config”, “Backup” and “Other”.

File menu

The File menu contains the following menu items: “Open shell”, “Mount share”, “Unmount share” and “Exit”.

Open shell

The “Open shell” option opens a command line shell. The command line shell can be used to manage the system from the command line.

Mount share

The “Mount share” option can be used to mount to an external SMB share. The external SMB share will be mounted on the “share” sub directory. The external share can for example be used to restore backups using the console configuration tool’s built-in restore functionality.

Virtual appliance share

The “Share” parameter should be set to the name of the external SMB server and the name of the share.

Examples:

\\192.168.1.2\share
\\example.com\backups

Unmount share

The “Unmount share” option can be used to disconnect the share which was mounted with “Mount share”.

Exit

The “Exit” option closes the system configuration tool and logs the user off.

Config menu

The config menu contains the following menu items: “Network”, “IP Filter”, “Timezone”, “Password” and “Configure Keyboard”.

Network

The network configuration can be used to configure the network interface.

Virtual appliance network

Note

At the moment only IPv4 is supported

IP Filter

By default the Admin Web GUI can be accessed from any IP address. The “IP filter” can be used to block access to the WEB Admin GUI from unauthorized IP addresses. A comma separated list of authorised IP addresses can be configured. An IP range can be specified in CIDR format or using a wildcard (*).

Note

The IP filter only blocks access to the administration pages, not to the public portal.

Examples:

192.168.*
192.168.*, 127.*, 222.0.0.0/8

Timezone

The timezone of the gateway is by default set to UTC. A new timezone can be set using the “Timezone” option.

Note

It’s recommened to reboot the appliance after configuring the timezone to ensure that the gateway is configured with the correct time.

Password

The “Password” option can be used to change the password of the console login, i.e., of the “sa” user.

Configure Keyboard

By default, the console is configured for a standard generic 105-key US keyboard. If a different keyboard layout is used (for example QWERTZ), a new keyboard layout can be selected with the “Configure Keyboard” option.

Backup menu

The backup menu contains the following menu items: “Backup” and “Restore”.

Backup

A system backup, i.e., a backup of all the relevant system settings, can be created using the “Backup” option. If a remote share is mounted, the backup can be stored on the remote share.

To create a backup, the backup location and filename should be specified. A backup can optionally be encrypted with a password.

Note

A backup can also be created from the WEB GUI.

Restore

The “Restore” option can be used to restore a backup.

Other menu

The other menu contains the following menu items: “Reboot”, “Shutdown”, “Restart” and “Update”.

Reboot

This will reboot the system.

Shutdown

This will shutdown and power-off the system.

Restart

This will restart all the CipherMail services (the Mail Processing Agent, Postfix and the Web Application).

Update

Update will check for system updates (security updates and other updates). It is recommended to reboot the system after packages are updated.