Install cloudSwXtch for an Air-Gapped Environment

  • Updated on Nov 25, 2024
  • Published on Jun 5, 2023
  • 5 minute(s) read
Prev Next

WHAT TO EXPECT

In this article, you will learn how to install a cloudSwXtch in an Air-Gapped (Closed Network) environment for Azure. For standard Azure installation instructions, please see the cloudSwXtch on Azure article. 

Before You Start

Review VM Requirements for a cloudSwXtch Instance in cloudSwXtch System Requirements.

VM Image Creation

The cloudSwXtch software is delivered as a Virtual Machine Disk Image. This Image file can be added to an Azure Image Gallery. Images in an Image Gallery can be used to create Virtual Machines.

To assist with creation of VMs from images in a gallery, swXtch.io provides instructions on how to accomplish the following:

  1. Get the VM Disk Image

  2. Upload the VM Image into an Azure Storage Account

  3. Create a VM Image from the Disk Image

  4. Create cloudSwXtch from VM Image

  5. License the cloudSwXtch

Complete all steps to successfully install cloudSwXtch in an Air-Gapped environment.

STEP ONE: Get the VM Disk Image

Log onto an environment that has access to the internet and download the following file onto a machine with access to the Azure Air-Gapped Environment (~30GB):

https://swxtchpublic.blob.core.windows.net/3hwgfe98hfglsrdfh4/cloudSwXtch_osdisk_3.0.0.airgap.vhd

STEP TWO: Upload the VM Disk Image into an Azure Storage Account

  1. Upload the files into an Azure storage account in the secure Azure Environment.

    1. Log into the Azure Portal

    2. Navigate to Storage Accounts.

    3. Select the desired storage account or create a new one.

    4. Select the desired Container or create a new one.

    5. Select Upload and select the VM Disk Image file you copied to the local PC.

      Azure-Air Gapped-Storage Accounts_Upload file

    6. Start the upload and wait for it to complete.

This may take some time to upload the file (up to an hour). When completed, the file should show with a green checkbox.

Failed to Upload Blob(s) Message

If you receive a "Failed to Upload Blob(s)" message when uploading the file in the Storage Account, select Configuration and validate the Allow storage key access is enabled.

Azure-airgapped_failedtouploadpng

STEP THREE: Create a VM Image from the Disk Image

Once we have a disk image in storage, we can use it to create a VM image. A VM image is a snapshot of a VM. The real VM will be created later. The VM Image only needs to be created once. Any number of VMs can be instantiated from a single VM image.

  1. In the Azure Portal, Search for and select Images.

  2. Select Create.

  3. Select the appropriate Resource Group.

  4. Give the VM Image a name. The cloudSwXtch instance will be created later with a different name. Pick a name with the cloudSwXtch software version in it as you may end up with multiple images after some time.

  5. Ensure that the region is the same for the storage account holding the disk image.

  6. Select Linux as the OS type

  7. Select Gen 1.

  8. Click Browse on the Storage Blob.

    1. In the new panel, navigate to the storage account and container holding the disk image.

    2. Select the file that was previously uploaded.

  9. For Account Type, select Standard SSD. See the example of the screen filled out completely.

    Azure-Air Gapped Create an Image

  10. If tags are desired, then select Tags and enter the required tags.

  11. The other fields can be left as default.

  12. Select Review and create.

  13. When validation passes, select Create. When it is complete, click Go to Resource to see the image.

STEP FOUR: Create cloudSwXtch from VM Image

Now that we have a cloudSwXtch VM Image, we can use it to instantiate a cloudSwXtch.

  1. Navigate to Images

  2. Select the image with the cloudSwXtch version you require. 

  3. Select Create VM.

    Air-Gapped_createVM

  4. Fill out the Create Virtual machine form like below: 

    1. Under Project Details, set the subscription and Resource Group for where you want the cloudSwXtch instance to be located.

      Azure_Airgapped_Project-Details

    2. Under Instance Details, Name the Virtual Machine with a valid host name.

    3. Select No infrastructure redundancy required for Availability options.

    4. Select appropriate machine size. For recommendations based on features, endpoints, and bandwidth needs, read the cloudSwXtch System Requirements

      Azure_Airgapped_ Instance

    5. Under Administrator account, use SSH for the authentication type. Enter your SSH public key source. Refer to ssh-keys-portal for details.

      Azure_Airgapped_Admin

    6. Select your preference in Inbound port rules.

      Azure_Airgapped-Inbound

    7. Set the Licensing Type to Other.

      Azure_Airgapped-Licensing

    8. Navigate to the Networking tab and fill out the form like below: 

      Azure-Air Gapped Create VM-3

      1. Select the appropriate Virtual Network

      2. Select the appropriate control subnet.

    9. Navigate to other tabs as desired and enter in information as preferred. For example, some installations expect Tags to be entered.

    10. Select Review + Create.

    11. When validation passes, select Create.

  5. When the deployment is complete, select Go to Resource.

    Azure_Airgapped-Go-to-Resource

  6. Select Stop to stop the VM.

  7. Navigate to Network Settings under Networking.

    Azure_Airgapped-StopandNetwork

  8. Select Attach network Interface.

    Azure_Airgapped-AttachNetworkInterface

  9. Select Create and attach Network. A new form will open.

  10. Enter your information into the form to add a new NIC like shown. It is good practice to include the word, “data”, in the name to distinguish between the two.

    Azure-Air Gapped Add Network Interface to swxtch VM

    1. Note: For Public inbound ports, it is up to the user to decide.

  11. Select Create.

  12. When it is done, the screen will automatically refresh with the new “data” interface listed as the top network interface. There should now be a control and data interface in the dropdown.

    Azure_Airgapped-DataNIC-2

  13. Click the Data Network Interface.

    Azure_Airgapped-DataNIC-3

    1. Select Overview in the side menu.

      Azure_Airgapped-DataNIC_Overview

    2. Select Edit accelerated Networking. A new window will display.

      Azure_Airgapped-Edit-Accelerated-Networking

    3. Select Enabled.

    4. Check the agreement. 

    5. Select Save.

  14. The page will automatically refresh and navigate back to Overview page. Validate that Accelerated networking is Enabled.

    Azure_Airgapped-Accelerated-Enabled

  15. Start the newly created cloudSwXtch VM.

STEP FIVE: License the cloudSwXtch

  1. Log onto the newly created VM.

  2. Run this command:

    Text

    swxtch-top

  3. The swXtch-top dashboard will display.

    swxtch-top_SwXtchID

  4. Copy the “SwxtchId” and email it to support@swxtch.io requesting a license.

  5. When you receive the license file, upload it onto the cloudSwXtch VM.

  6. Move the license.json file to the /swxtch directory using the following command replacing user with the appropriate value:

    Text

    sudo mv /home/<user>/license.json /swxtch

  7. Reboot the cloudSwXtch and run swxtch-top again or journal to check the license took place:

    Text

    sudo journalctl  -u swxtch-ctrl.service -f -n 500

swxtch-top_Licensing

The cloudSwXtch is ready for use. IMPORTANT: Each client that is expected to get traffic from the cloudSwXtch will need an xNIC installed. See Installing xNIC for next steps in preparing clients (producers and consumers of Multicast).

Prerequisite: Installing Dependencies for Air-Gapped Clients

Before installing the xNIC, users will need to install the necessary packages on their air-gapped clients. Failure to complete this prerequisite will result in an unsuccessful xNIC deployment. To learn more, see How to Install xNIC Dependencies in an Air-Gapped Environment