CIPHERMAIL EMAIL ENCRYPTION
CipherMail Gateway Virtual
Appliance Guide
May 7, 2018, Rev: 11047
Copyright © 2008-2018, ciphermail.com.
CONTENTS CONTENTS
Contents
1 Introduction 3
2 Virtual machine requirements 3
3 VMWare Installation 3
3.1 Import virtual appliance . . . . . . . . . . . . . . . . . . . . . . . 3
4 Microsoft Hyper-V installation 4
4.1 Supported Hyper-V products . . . . . . . . . . . . . . . . . . . . 4
4.2 Import virtual appliance . . . . . . . . . . . . . . . . . . . . . . . 4
5 Starting the Virtual Appliance 4
6 Virtual Appliance configuration 5
6.1 Filemenu ............................... 5
6.1.1 Openshell .......................... 6
6.1.2 Mountshare ......................... 6
6.1.3 Unmountshare........................ 6
6.1.4 Exit .............................. 7
6.2 Congmenu ............................. 7
6.2.1 Network............................ 7
6.2.2 IPFilter ............................ 7
6.2.3 Timezone........................... 8
6.2.4 Password........................... 8
6.2.5 Configure Keyboard . . . . . . . . . . . . . . . . . . . . . 8
6.3 Backup ................................ 8
6.3.1 Backup ............................ 8
6.3.2 Restore ............................ 8
6.4 Other ................................. 9
6.4.1 Reboot ............................ 9
6.4.2 Shutdown........................... 9
6.4.3 Restart ............................ 9
6.4.4 Update ............................ 9
7 Finish 9
A VirtualBox 11
B Troubleshooting 11
B.1 Incorrect keyboard mapping on a Linux Host . . . . . . . . . . . 11
B.2 Networkfailure ............................ 11
C Port usage 12
3 VMWARE INSTALLATION
1 Introduction
The CipherMail Virtual Appliance is a virtual machine for VMware and Microsoft
Hyper-V with a full installation of the CipherMail Email Encryption Gateway.
This guide explains how to install and setup the CipherMail Virtual Appliance.
2 Virtual machine requirements
2 GB memory (4 GB recommended)
1 vCPU (2 vCPUs recommended)
32 GB disk space
3 VMWare Installation
Supported VMware products1
ESX & ESXi version 5 and higher
VMware Workstation
VMware Player
3.1 Import virtual appliance
1. Download the VMware virtual appliance from
.
2. Unzip the downloaded zip file.
3. import the virtual appliance using the tool that comes with your VMware
product. For example with the vSphere client, select the menu option
Deploy OVF Template... and select the ovf file to import.
4. Set memory reservation of the virtual machine2.
Note
To prevent swapping of the Virtual Appliance, make sure that the mem-
ory ”Reservation” is set to the exact same size as the total memory of
the virtual machine.
1The VMware .vmdk file can also be used with VirtualBox. See Appendix A.
2memory reservation can be set using the following procedure: a) select settings of the virtual
appliance, b) select resources tab and finally, c) select memory and set reservation to the limit
based on parent resource pool or current host (the total memory of the virtual machine is denoted
by the orange colored triangle). For more information on running a JVM on ESX see
5 STARTING THE VIRTUAL APPLIANCE
4 Microsoft Hyper-V installation
4.1 Supported Hyper-V products
Microsoft Hyper-V 2008 R2.
Microsoft Hyper-V 2012.
4.2 Import virtual appliance
This section explains how to import the virtual appliance into Microsoft Hyper-V
using the Hyper-V manager.
1. Download the Hyper-V virtual hard disk (*.vhd.zip) from
.
2. Unzip the virtual hard disk file to the location where the virtual hard disks
are stored.
3. Create a new virtual machine.
4. Set Memory to 2GB.
5. Connect the network.
6. Select “Use an existing virtual hard disk” and select the virtual disk copied
in step 2.
7. Optionally, select more than one “Virtual Processor”3.
8. Finish the “New Virtual Machine Wizard”.
9. The new Virtual Machine can now be started.
5 Starting the Virtual Appliance
After the Virtual Appliance has been imported, the virtual machine can be
“Powered on”. The first time the Virtual Appliance starts, new SSH and SSL/TLS
keys will be generated.
Note
It’s recommened to reboot the appliance after configuring the IP address
and timezone to ensure that the gateway is configured with the correct
timea
athe system time is synchronized with NTP, this requires a valid network connection
3A Virtual Appliance with two virtual processors, can encrypt about twice as much
emails/second as a Virtual Appliance with only one virtual processor.
6 VIRTUAL APPLIANCE CONFIGURATION
Figure 1: Virtual Appliance console
6 Virtual Appliance configuration
The CipherMail Virtual Appliance is a full installation of the CipherMail Email
Encryption Gateway. After first boot, the Virtual Appliance must be configured
4(IP address, DNS etc.) For security reasons, the gateway is not yet config-
ured with an IP address. The IP address can be configured with the console
application after logging into the console using the default credentials.
Default login credentials:
username: sa
password: sa
After logging into the Virtual Appliance, a system configuration tool will be
started (see Figure 1). The system configuration tool can be used to configure
certain aspects of the gateway which cannot be configured from the WEB GUI.
SSH login will be available after the network IP address is set.
The Virtual Appliance system configuration tool contains the following main
menu items: File,Config,Backup and Other.
6.1 File menu
The File menu contains 4 items: Open shell,Mount share,Unmount share and
Exit.
4By default the network connection of the Virtual Appliance is set to Bridged mode. If bridge
mode does not work, try to use NAT mode.
6.1 File menu 6 VIRTUAL APPLIANCE CONFIGURATION
Figure 2: Virtual Appliance file menu
Figure 3: Virtual Appliance mount share
6.1.1 Open shell
This opens a command line shell. The command line shell can be used if the
WEB GUI or the console configuration tool are not sufficient.
6.1.2 Mount share
This can be used to connect to an external SMB share (see figure 3). The
external SMB share will be available from the share sub directory. The external
share can for example be used to restore backups using the console configu-
ration tool’s built-in restore functionality. The Share parameter is the name of
the external SMB server and the name of the share.
Examples:
1. \\192.168.1.2\share
2. \\example.com\backups
6.1.3 Unmount share
This can be used to disconnect the share which was mounted with Mount
share.
6.2 Config menu 6 VIRTUAL APPLIANCE CONFIGURATION
Figure 4: Virtual Appliance config menu
6.1.4 Exit
This exits the system configuration tool.
6.2 Config menu
The config menu contains 5 items: Network,IP Filter,Timezone,Password
and Configure Keyboard (see Figure 4).
6.2.1 Network
The network configuration can be used to configure a network interface (see
Figure 5). The fields address,gateway and netmask are required when config-
Figure 5: Virtual Appliance network
uring a static IP address. All settings should be valid IPv4 addresses. Applying
the settings will reconfigure the network (this can take a few seconds).
6.2.2 IP Filter
The gateway contains a IP filter ((see figure 6)) which can be used to block
access to the WEB Admin GUI from unauthorized IP addresses (only to the
administration pages, not to the public portal). A list of authorised IP addresses
can be configured with a comma separated list of IP addresses. An IP range
can be specified either in CIDR format or with a wildcard (*).
Examples:
1. 192.168.*
6.3 Backup 6 VIRTUAL APPLIANCE CONFIGURATION
Figure 6: IP filter
2. 192.168.*, 127.*, 222.0.0.0/8
6.2.3 Timezone
This can be used to configure the correct timezone of the server. The default
timezone of the gateway is set to Europe/Amsterdam.
6.2.4 Password
This can be used to change the password of the “sa” account.
6.2.5 Configure Keyboard
By default, the console is configured for a standard generic 105-key US key-
board. If a different keyboard layout is used (for example QWERTZ), a new
keyboard layout can be selected with the Configure Keyboard option.
6.3 Backup
The Backup menu contains two items: Backup and Restore.
6.3.1 Backup
Normally a backup should be created from the WEB GUI. However, if the WEB
GUI is unavailable, a direct backup can be created with this option. If a re-
mote share is mounted (see the Mount share option above), the backup can
be stored on the remote share. To create a backup, the backup location and
filename should be specified (see figure 7. A backup can optionally be en-
crypted with a password.
6.3.2 Restore
Normally a backup should be restored from the WEB GUI. However, if the WEB
GUI is unavailable, a backup can be restored with this option. If a remote share
is mounted (see the Mount share option above), the backup can be restored
from the remote share.
6.4 Other 7 FINISH
Figure 7: Backup
6.4 Other
The Other menu contains four items: Reboot,Shutdown,Restart and Update
(see Figure 8).
Figure 8: Virtual Appliance other
6.4.1 Reboot
Reboot will reboot the system.
6.4.2 Shutdown
Shutdown will shutdown and power-off the system.
6.4.3 Restart
This will restart the CipherMail services (the Mail Processing Agent, Postfix
and the Web Application).
6.4.4 Update
Update will check for system updates (security updates and other updates). It
is recommended to reboot the system after any packages are updated.
7 Finish
After the Virtual Appliance has been configured, further configuration, for ex-
ample DNS and MTA, should be done with the WEB GUI. See the CipherMail
7 FINISH
Administration Guide for more details.
B TROUBLESHOOTING
A VirtualBox
The VMWare Virtual Appliance can also be used with VirtualBox with the fol-
lowing procedure:
1. Open the Virtual Media Manager (File Virtual Media Manager) and
press Add to add an existing medium.
2. Select a hard disk image file. Select the Virtual Appliance .vmdk file and
close the dialog.
3. Create a new Virtual Machine. Use Operating system Linux and version
RedHat 7.
4. Set base memory 1024 MB.
5. Select the .vmdk hard disk created in step 2.
6. Make sure the network is set to: Attached to: Host Interface.
7. Enable the advanced option PAE/NX.
8. Finish.
You can now start-up the Virtual Appliance.
B Troubleshooting
B.1 Incorrect keyboard mapping on a Linux Host
VMware Server 1 or 2 on a Linux host sometimes uses in incorrect keyboard
mapping. Many function keys like CTRL, SHIFT, arrows keys etc. do nothing
or map to the wrong key. This can be solved by adding the following line to the
file /etc/vmware/config:
For more information see
.
B.2 Network failure
By default the CipherMail Virtual Appliance is setup in Bridged mode. If Bridged
mode fails, try NAT mode.
C PORT USAGE
C Port usage
CipherMail uses the following ports:
external internal
Port Service Description
22 SSH Console access
25 SMTP Send/Receive email
80 HTTP Web manager
443 HTTPS Web manager
internal external
Port Service Description
25 SMTP Send/Receive email
80 HTTP CRL download
139 SMB/CIFS remote backup and restore
389 LDAP CRL download
443 HTTPS CRL download
445 SMB/CIFS remote backup and restore
11371 HKP HTTP Keyserver Protocol