Challenge
This article contains instructions for deploying the network hub in an on-premises network.Cause
If you want to place the network hub in an on-premises network, you must deploy a Veeam PN appliance in the VMware vSphere environment. The Veeam PN appliance is distributed as an OVA package. The package contains a pre-configured 64-bit Linux virtual appliance on which Veeam PN components are set up.Solution
To deploy and set up the network hub, you will need to perform the following steps:
1. Deploy a Veeam PN appliance from the OVA package.
2. Configure initial network hub settings.
Deploying Veeam PN Appliance
To deploy the network hub from the OVA package:
1. Download the Veeam PN OVA package here and save it in a network shared folder.
2. In VMware vSphere Web Client, open the hosts and clusters inventory list and select a host on which you want to register the appliance.
3. From the menu at the top of the working area, select Actions > Deploy OVF Template.
4. At the Select source step of the wizard, select Local file, click Browse and browse to the Veeam PN OVA package.
5. Follow the next steps of the wizard and specify appliance deployment settings: datastore on which the appliance disk must be placed, disk format, network to which the appliance must be connected and so on.
6. At the last step of the wizard, select the Power on after deployment check box and click Finish.
VMware vSphere will deploy the Veeam PN appliance on the selected host. The deployment process typically takes several minutes. Wait for this process to complete and proceed to the network hub configuration.
Configuring Initial Network Hub Settings
Right after deployment, the Veeam PN virtual appliance is impersonalized. To set up the network hub, you must customize the appliance — configure the network hub settings on it.
To configure initial settings for the network hub:
1. In VMware vSphere Web Client, navigate to the Summary tab and get an IP address of the appliance.
2. In a web browser, access the network hub portal by the following address: https://<applianceIP>, where <applianceIP> is the IP address of the deployed appliance.
When you access the network hub portal in the web browser, the browser will display a warning notifying that the connection is untrusted. Ignore the warning and agree to proceed to the portal.
3. At the Welcome to Veeam PN screen of the portal, log in to the network hub portal under the in-built Administrator account. The Administrator account has the following credentials:
Username: root
Password: VeeamPN
Click Login.
4. After you log in to the portal for the first time, Veeam PN will offer you to change the password for the built-in account. On the displayed screen, enter the old and new password and click Change.
5. At the first step of the Initial Configuration wizard, select Network hub.
6. Click Next.
7. Veeam PN uses a self-signed SSL certificate to ensure secure data communication in the VPN. Specify parameters for the self-signed certificate: your company details, certificate lifetime (validity) and certificate key length (dhBits).
8. Click Next.
Note: By default, Veeam PN generates a 2048-bit certificate. If you select a key of a greater size, the process of certificate generation may take a long time.
9. Veeam PN will generate a self-signed SSL certificate with the specified parameters. After the certificate is generated, click OK, then click Next to proceed to the network hub setup.
10. Specify VPN settings for the network hub:
- In the Network hub public IP or DNS name field, specify an IP address or full DNS name for the network hub. The IP address or DNS name must be public and accessible from all networks that you add to the VPN, and by all remote users who must have access to the VPN.
- Select the Enable site-to-site VPN check box if you want to implement the site-to-site VPN scenario. In the Protocol field, specify the protocol that must be used for communication between VPN components: UDP or TCP. In the Port field, specify a port on which the network hub must listen for site gateway connections. By default, port 1194 is used.
- Select the Enable point-to-site VPN check box if you want to implement the point-to-site VPN scenario. In the Protocol field, specify the protocol that must be used for communication between VPN components: UDP or TCP. In the Port field, specify a port on which the network hub must listen for standalone computer connections. By default, port 6179 is used.
11. Click Finish.
What You Do Next
After you configure the network hub, you must perform the following steps:
- You must log in to the network hub portal and configure settings for clients — on-premises networks (site-to-site scenario) and standalone computers (point-to-site scenario).
- If necessary, you can change the network hub settings, for example, configure alerts, enable SSH access to the network hub appliance and so on.