cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
23807
Views
100
Helpful
29
Replies

vFMC on HyperV. Are we there yet?

itsupport
Level 1
Level 1

I administer a site with several FTDs, controlled by a vFMC. At the time of installation, around a year ago, I heard rumours from various sources that support for HyperV was "Roadmapped". Since we use HyperV exclusivly as a virtualisation host, I purchased an "Office PC", threw the free version of ESX 6.5 on it, and used that just to host the vFMC. It sits in the rack with the "real" servers. Has worked fine, but is of course just a PC, so no redundant hard drives, fans, enviromental monitoring, out of band management or any of that nice stuff.  Plan was to move the vFMC to a HyperV machine once supported, and use the office PC for something else.

I notice now that the vFMC is supported on Azure. Azure basically IS HyperV, with a few extra bells and whistles. Hence, I would guess there is a good chance that the vFMC would run just fine on HyperV.  Target I have in mind is a new server we are purchasing, which will be running Server 2019.

Has anyone tried this? Anyone know of any "solid rumours" about  HyperV support in the near future?

29 Replies 29

FYI...apparently the pausing at "usbcore: registered new interface driver..." is normal. I have allowed it to sit there for over 2 hours and it did nothing, but I let it sit overnight, and it is at a login prompt the next morning.

 

However, my install does not seem to be performing the correct 'fresh install' steps. I login as 'admin' and instead of it prompting me to change my password and going to the network setup, it prompts with a large 'warning message' that states the DB is not available, then it just goes to the normal FMC prompt.

EUREKA!!!!

 

Turns our there was something jacked up with the HyperV 'object' that was created for me.

I manually built a new HyperV VM (local vs cluster) from scratch and FMC booted up as expected and I was able to login and assign network.

After that I restored our FMC on KVM 6.7.0 data to the FMC on 'Azure' (actually HyperV) install, and all seems to be working like a champ.

It has been 5 days since I did the above, and we also moved it to be clustered without issue.

I'll give it a few more days before I attempt to update to the latest FMC version. I'll be confident in using this normally about 2 weeks after the update and things are running smoothly.

 

Thanks to all who replied to this old thread and those that replied to my questions!

Hello,

 

I am having some issues when restoring from the backup. (ESXi->HyperV)

 

I followed the instructions on editing etc/sf/ims.conf and the restore went through, but the health monitor shows alerts on all modules and all tests fails.

 

Also, the initial setup script didn't start and I got the following error message:

 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! One or more firstboot scripts have failed. Refer to firstboot log files for more details. !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

I had to run the setup scripts manually in order to configure the management network settings.

 

One more thing that I noticed is that it says Cisco Firepower Management Center for Azure v6.5.0 in the CLI, but in the GUI under FMC information, it still says Cisco Firepower Management Center for VMWare. 

 

Here is the parameters I changed in the ims.conf file

 

MODEL="Cisco Firepower Management Center for Azure"
PRODUCT_ID=FS-AZU-SW-K9

 

Anyone else experienced this?

 

Thanks

/Chess

Chess,

 

This is the exact problem I had when first trying to get to work on HyperV/Azure.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! One or more firstboot scripts have failed. Refer to firstboot log files for more details. !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

That would happen after it hung on the 'usbcore' message for over 4 hours.

 

As I explained someone else had built the VM out for me, and I could never get that to work. I rebuilt the VM myself directly on HyperV (not clustered) and it worked as it should, THEN we migrated it to our cluster environment.

 

 

cmonterr
Cisco Employee
Cisco Employee

Update as of May 2020,

Talking about virtualization environments, Cisco FMCv is available for Amazon Web Services (AWS), Kernel-based Virtual Machine (KVM), Microsoft Azure, and VMware vSphere environments.

 

"The FMCv is supported on Microsoft Azure starting with Cisco Firepower software version 6.4 and later"

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fmcv/fpmc-virtual/fpmc-virtual-azure.html

Michael Braun
Level 1
Level 1

Hi community, 

for the sake of updates, I have been running the (Azure) Hyper-V FMC for quite some time now, even updated to latest 6.6.1.

Everything smooth so far, no issues at all. 

Hi,

You mention that you couldn't restore the configuration from FMC ESXi. Did you install the exact same FMC and VDB version?
I have a customer that want to do the same, but we need to migrate the configuration as well, so I just wanted to make sure it works first.

/Chess

To restore the backup of one type of FMCv to different type of FMCv (KVM to Azure, ESX to KVM, etc.) you have to modify a file within the resulting backup tar file to 'fool' FMC into thinking it is restoring to the correct type of FMCv. But to my knowledge you HAVE to be on the same version (6.7.0 to 6.7.0, not 6.6.1 to 6.7.0).

 

Copied from @chris.kelly post within this thread:

- Backup the existing FMC via the system>tools menu.  You want a Firepower Management backup with both Backup Configuration and Backup Events selected. Download the tar file you created.

- Open the tar file using your favourite compression utility (7zip works fine for this) and edit this file: etc/sf/ims.conf

- Edit the following two lines to match this: MODEL="Cisco Firepower Management Center for Azure" and PRODUCT_ID=FS-AZU-SW-K9 and save the file back to the tar.

Barrett Cowan
Level 1
Level 1

Although I haven't tried Michael's route on getting it into Hyper-V, I do know ISE can run on Hyper-V and they're built on similar platforms. Also, here's another working option to get FMC in Hyper-V using the KVM version ...

https://www.linkedin.com/pulse/vftd-vfmc-hyper-v-nikolaj-pabst-nielsen/

The big question is, would Cisco support it if Hyper-V is not officially supported yet?!

ianwatts
Level 1
Level 1

One and a half years later.. I'm trying to do this for a 7.1.0 migration.  The new VM kept hanging up for console input.. and again after udevd tells me all about unknown device types..  but of course after leaving it and doing other real work it is at a login box.

Is it normal for these things to take forever at boot?  Seems they could REALLY streamline the Linux underpinnings more custom to the hypervisor platform the vDisks were built for... I mean, I'd think a decent Linux engineer at Cisco could do better than detect things which will never exist on a VM.  Sloppy.  May as well just make a repo and have me YUM/APT a package on my own distro.  Will see how goes.

DMel
Level 1
Level 1

Just as an update...we have been successfully (MOSTLY) running our FMCv (Azure) on Hyper-V environment for months now, however, we do keep having issues (potentially a memory or process leak?). Especially when we start changing configs (mostly access lists) and deploy. FMC will start the deploy, but then become unresponsive. At that point no one new can login, and changing between menus/screens is almost impossible.

We have even had it become unresponsive during a routine deploy action (update of SNORT, etc.) that is automated. We are running v7.0.1 at this time and we do have an active TAC opened for troubleshooting....so far they are helping us.

ianwatts
Level 1
Level 1

So after some hours have passed, it is still messed up.  Login at the console yields:  One or more firstboot scripts have failed.  Refer to firstboot log files for details.

The webpage just continues to report the System installations if finalizing.

 

This is pretty bad, I can't even get a vanilla ISO to fire up a base install.  Would it even be worth considering an older rev and maybe upgrade?..  My thoughts of committing a new VM from Azure Marketplace is even less at this point.

ianwatts
Level 1
Level 1

So I scratched that and went with 6.4.  After a weekend, the local console says I have logged in while system start is in progress.. after two full days??

So upon first web login and a new password gets set.. it won't login with the new password nor the original password.  Ridiculous.

Guess which network stack I'm NOT going with for our refresh next year?...

Review Cisco Networking for a $25 gift card