Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
3255
Views
5
Helpful
2
Comments

Deploying Cisco CML-Personal in the cloud!

jdoyl28
Level 1
Level 1
‎09-05-2021 02:06 PM

Hello Everyone! I posted the below information on Reddit yesterday, but want to ensure it is spread through the community. Apologies if this is the incorrect approach/forum. I also posted this in the Learning Network.

 

 

First, a disclosure. I'm not a cloud/virtualization/network expert... nor an expert in generally anything. With that said, my below explanation was written to hopefully help others and the community. My apologies for any ill-defined terms or whatever may be utilized to illustrate my incompetence. Please feel free to offer anything constructive and/or beneficial. Nonetheless, I hope this helps!

 

I've been trying to get Cisco CML 2.x up and running in the cloud. I believe I've finally reached a solution. I did see a previous guide referenced on GitHub about utilizing AWS on a metal EC2 instance, but after many attempts and combinations, I couldn't justify the hourly rate. The only way that AWS apparently supports this nested virtualization is by having the customer leverage bare-metal instances that also leverage processors that support virtualization.

To keep things short, I looked into Azure (Microsoft) and GCloud (Google) and read both support nested virtualization to some degree. Further research had be conclude to proceed with GCloud. This was incentivized by the documentation and easily discoverable guides that led me to believe it to be possible. The main point-of-sale was this article Google provides to explain it all. GCloud outlined the approved methods of leveraging Type I and Type II hypervisors. Basically Type I's must be Linux-based OS's and requires a particular processor, which further prohibits E2 and N2D instance types.

I'm pretty drained at the moment, but here is a mediocre overview of the steps and I hope to create a more thorough guide and visual instruction-set to better illustrate the process.

 

1. On a local host, download the Cisco CML .OVA, install VMWare Player, and create the Cisco CML virtual machine.

  • run the initial install

  • set access credentials

  • mount the .RPM (look in release v2.1.1) for iOS images

 

This is necessary because you cannot run through the initial install in the cloud instance. You could later import the .qcow2 files for the iOS images, but that's a different route.

Reference Guide

 

2. With the VM now created and operational, export the VM utilizing the OVF Tool.

This will export the VM and will provide the .VMDK that will be used to create a system image.

OVF Tool Download

 

3. Create GCloud account and begin with creating a Google Bucket and upload the VMDK

 

4. After upload has completed, in GCloud Compute Engine, create an image using the VMDK located in the Google Bucket.

 

5. Once image is created, create a Compute Engine instance utilizing the newly created image and approved Type I VM specifications listed in the first GCloud Doc.

I used 'n1-standard-8' (8vCPUs/30 GB RAM) and specified the CPU platform as Intel Haswell.

 

6. After the instance has been created and now active, it requires the enabling Nested Virtualization on the host.

  • Export the VM .yaml file and add the required value (value wasn't present in my exported .yaml)

  • Re-upload modified .yaml to VM

All the underlying virtualized HW fully supports what we're trying to do here, but the host doesn't have nested virtualization capability enabled.

Reference to .yaml export/import (Scroll to 'Enabling Nested Virtualization directly on an existing VM')

 

7. Don't forget to add a VPC rule to allow TCP/9090 traffic and check the 'Enable HTTPS Traffic' inside your instance, otherwise you're not getting to your host :).

 

Proof-of-Concept:

In previous attempts in cloud VM instances, in the CML dashboard right-hand corner, the Health Status box indicated 'HW Acceleration' was not functioning. This happened within AWS and GCloud instances. This was my indicator that something surrounding nested virtualization wasn't working. The process above has resolved this health status error and I can now create labs, open samples, and activate them as well. But I do want to clarify I have completed this process within the last few hours, so I will continue to monitor and ensure functionality upholds. This may require adjusting vCPU/RAM to better service the workload, but too early for me to tell.

 

Lastly, I recommend utilizing Powershell where you can via the GCloud Module. This was particularly useful with the .yaml portion in step 6.

 

Reference to Powershell GCloud install module and usage

0 Helpful
2 Comments
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Popular Articles
Customers Also Viewed These Support Documents