Updated Date: 08/30/2013
This release note documents the version 7 release of the FirePass® Controller Virtual Edition.
FirePass® Virtual Edition (VE) is a version of the FirePass system that runs as a virtual machine, packaged to run in a VMware hypervisor environment. FirePass VE includes all features of FirePass, running on standard hardware.
You can update FirePass Virtual Edition with the same updates, hotfixes, and patches as the hardware version of FirePass. FirePass VE does not require separate software updates.
FirePass Virtual Edition (VE) is compatible with VMware ESX 4.0 and VMware ESXi 4.0 hosts.
The high-level architecture of FirePass Virtual Edition consists of a VMware guest environment, a hypervisor layer, and a physical layer.
|VMware guest environment||This layer represents an image of FirePass VE, potentially sharing physical resources with other virtual machines running on the same hardware platform.|
|VMware hypervisor layer||The VMware hypervisor software layer is a bare-metal hypervisor that simulates a set of dedicated resources for each FirePass virtual machine.|
|Hardware platform layer||Physical resources such as CPU, memory, data storage, and network interface cards (NICs).|
The virtual machine guest environment for FirePass VE includes these minimum characteristics:
Note: The guest environment does not support vmmemctl, the memory balloon driver.
Depending on the license and number of users of the FirePass VE system, you must adjust the initial VMware environment for FirePass VE according to the number of concurrent users you would like to support.
Performance and the ability to support a larger number of concurrent users may vary based on the following factors.
These are some examples of factors that may affect FirePass VE performance. Other factors may also affect performance. Depending on your the deployment goals, you may need to allocate additional virtual machine resources or deploy more FirePass VE instances across multiple ESX hardware systems. Refer to the following table for recommended minimum settings.
|License||Number of Concurrent Users||Virtual CPUs||Virtual RAM|
|5-FP-VE-LAB||up to 10||1||512 MB|
|F5-FP-VE-100||up to 100||1||2 GB|
To deploy the FirePass VE system on a VMware ESX or ESXi server, you perform the following tasks:
After you complete these tasks, you can log in to the FirePass VE maintenance console as an administrative user, and you can perform basic network configuration tasks.
There are specific requirements for the host system on which the FirePass VE system can run.
To successfully deploy and run the FirePass VE system, the host system must contain the following:
F5 Networks highly recommends that the host system contain CPUs based on AMD-V or Intel-VT technology.
The first steps in deploying FirePass VE are to download the Zip file to your local system. You can then run the Deploy OVF Template wizard from within VMware vSphere Client. This wizard copies the file to the ESX/ESXi server and configures some network interface settings. Note that the Zip file contains a virtual disk image based on an Open Virtual Format (OVF) template. By following the steps in this procedure, you create an instance of the FirePass system that runs as a virtual machine on the host system.
You can view the status of the FirePass VE virtual machine on the VMware vSphere Client screen.
You must power on the FirePass VE virtual machine.
FirePass VE needs an IP address assigned to its virtual management port.
Note that you can refer to the FirePass Controller Getting Started Guide for more information on startup techniques.
When deploying FirePass Virtual Edition on a VMware ESX or ESXi host, you should follow these best practices.
|Shared storage for virtual machines||Use iSCSI for shared virtual machine storage. Most types of VMware-supported storage are acceptable.|
|Resource reservations||Increase the 2GHz default CPU reservation to prioritize FirePass VE processing, if your normal traffic patterns cause FirePass VE to consistently exceed that reservation. FirePass VE presents a unique workload when virtualized, compared to other commonly virtualized services. Therefore, FirePass VE is deployed by default with a 2GHz CPU reservation and a 1GB memory reservation. Together, these reservations prevent system instability on heavily loaded VMware hosts. Note that these reservations should be considered minimal.|
The known issues in this release are as follows:
NFS and FirePass VE (CR140161)
Currently, you can not configure FirePass virtual hosts with NFS storage on the VMware ESX platform.
Failover with FirePass VE (CR140485)
In FirePass VE, in some failover situations, a failover FirePass VE system might not respond. Currently, the most stable failover configuration requires that you configure a FirePass VE failover pair on the same ESX or vSphere host, on the same local storage.
For additional information, please visit http://www.f5.com.