Virtual Edge Hypervisor Deployment Guide

Taylor Colwell

Virtual Edge Hypervisor Deployment Guide

This article walks through the steps to onboard, configure, and manage a Hypervisor Hosted Virtual Edge (Virtual Machine). The Elisity Virtual Edge VM can be deployed on VMware ESXi or Microsoft Hyper-V hypervisors, providing flexibility for environments with different virtualization platforms.

The deployment process consists of three main phases:

Deploy the Virtual Edge VM on your hypervisor (VMware ESXi or Microsoft Hyper-V)
Configure the Virtual Edge with network settings (IP, DNS, NTP)
Register the Virtual Edge with Cloud Control Center

For VMware ESXi deployments, the Virtual Edge is distributed as an OVA file that can be deployed through ESXi or vCenter. For Microsoft Hyper-V deployments, the Virtual Edge is distributed as a VHDX file.

NOTE: Elisity is an API-first platform, and the user community has developed a PowerShell automation script for Hyper-V deployments that streamlines the entire process including VM creation, network configuration, and CCC registration. This script has been used successfully by deployment teams and is documented in the Hyper-V section below.

For information on how to use the Virtual Edge dashboard, see our VE/VEN management article.

Prerequisites

Be sure to review Virtual Edge Connectivity Requirements article before moving forward with deploying a Virtual Edge.

Important:
Elisity supports Virtual Edge deployments on an N-2 basis — meaning we provide full support for the current release plus the two previous versions.

Minimum VM Configuration

Requirement	VMware ESXi	Microsoft Hyper-V
Hypervisor	VMware ESXi 7.x or later. VMware vCenter is supported.	Windows Server 2019 or later, or Windows 10/11 Pro with Hyper-V enabled
VM Generation	N/A	Generation 1
vCPU	8 vCPU (with hyper-threading)	8 vCPU
RAM	8 GB RAM	8 GB RAM
Storage	40 GB Storage	40 GB Storage
Network Adapter	1 x Virtual Network Adapter	1 x Virtual Network Adapter
IP Addressing	Static IPv4 Address	Static IPv4 Address
Image Format	OVA	VHDX

Additional Notes:

It is mandatory to configure a reachable NTP server on all deployed Virtual Edges.
It is recommended to use a static IP when addressing the Virtual Edge interface. If the IP address field is left blank, DHCP will be used instead and you must create a static DHCP entry in your DHCP server configuration.

Terminology

The following chart describes the terminology used in this document:

Term	Description
Cloud Control Center	Elisity's cloud native and cloud delivered control, policy and management plane.
Virtual Edge VM	The Elisity software running as a virtual machine on a hypervisor such as VMware ESXi or Microsoft Hyper-V.
Virtual Edge Node	An access switch onboarded to a Virtual Edge to be leveraged as an enforcement point in the network.

Architecture Overview

The Elisity Virtual Edge VM has a single virtual interface used to communicate with Cloud Control Center as well as with Virtual Edge Nodes. In more detail, the Virtual Edge VM virtual interface is used to maintain a persistent control plane connection to Cloud Control Center in order to receive identity based policies as well as to send identity metadata and analytics to Cloud Control Center. This same interface is used to glean identity metadata, traffic analytics and other switch information from the Virtual Edge Nodes and to read the Catalyst configuration and configure security policies, traffic filters and other switch functions.

Elisity Virtual Edge VM allows you to onboard any type of switch on the compatibility matrix as Virtual Edge Nodes for policy enforcement. The Virtual Edge VM model is depicted below:

Downloading the Virtual Edge Package

VMware ESXi (OVA)

Download the Virtual Edge OVA by going to the Virtual Edge dashboard in Cloud Control Center and clicking the DOWNLOAD SOFTWARE button in the top right of the Virtual Edges pane.

Select the appropriate version of the Virtual Edge package from the list, typically the latest available release that has been deployed in your environment.

Microsoft Hyper-V (VHDX)

The VHDX file for Hyper-V deployments is available via direct download from the CCC repository. Use the following URL format:

https://<your-ccc-hostname>/repository/releases/x86_64/virtual-edge-<version>.vhdx

For example, to download version 16.15.2:

https://your-tenant.elisity.io/repository/releases/x86_64/virtual-edge-16.15.2.vhdx

NOTE: If you are using the Hyper-V automated deployment script with the -VEVersion parameter, the script will automatically download the VHDX file from this URL.

VMware ESXi Deployment

The following steps walk through deploying the Virtual Edge VM on VMware ESXi. The steps are identical for VMware vCenter.

Step 1. To deploy Elisity Virtual Edge VM on a hypervisor you will need to first download the OVA or acquire the Virtual Edge VM OVA file from your Elisity SE. In this example we will be using VMware ESXi but the steps are identical for VMware vCenter. Once you have the OVA log into your ESXi instance and select Create / Register VM.

Step 2. Select Deploy a Virtual Machine from an OVF or OVA file and then select Next.

Step 3. Enter the name for the virtual machine and upload the OVA and select Next.

Step 4. Select the VM Datastore you wish to use as persistent storage for the VM and select Next.

Step 5. Select the Uplink Port Group that provides the correct access for the Virtual Edge VM to reach the internet as well as the access switches to be onboarded as Virtual Edge Nodes for policy enforcement. Select the Disk Provisioning option of your choice and ensure Power on automatically is enabled.

Step 6. Optionally configure a static IP Address, Netmask, Gateway and DNS server. If left blank, DHCP will be used instead and you must create a static DHCP entry for this appliance in your DHCP server configuration. Set the NTP server and root password then click Next.

NOTE: Configuring NTP servers during Virtual Edge deployment is mandatory. Do not skip this step. If you forgot to configure an NTP server during deployment, you can use the config ntp command in the Virtual Edge shell to configure it. Then, use the show ntp command to verify that the clock is synchronized.

Step 7. If everything looks good select Finish and wait for the OVA to complete the deployment.

Make sure to enable Autostart so that the Virtual Edge VM starts up automatically after ESXi boots up.

Step 8. Select Console and then select Open Console in new window.

After completing these steps, proceed to the Configuring the Virtual Edge VM section below.

Microsoft Hyper-V Deployment

The Virtual Edge can be deployed on Microsoft Hyper-V using either the automated PowerShell script (recommended) or manual deployment through Hyper-V Manager.

Option 1: Automated Deployment Script (Recommended)

The Elisity user community has developed a PowerShell automation script that streamlines Hyper-V deployments. This script automates the entire deployment process including:

Downloading the VHDX image from Cloud Control Center
Creating and configuring the Hyper-V VM
Configuring network settings (IP, DNS, NTP) via console automation
Registering the Virtual Edge with Cloud Control Center

Download the script from GitHub: https://github.com/mikekorenbaum/hyperV-VE-deployment

Script Prerequisites:

Windows Server 2019 or later with Hyper-V role enabled, or Windows 10/11 Pro with Hyper-V feature
PowerShell 5.1 or later
Administrator privileges
Network connectivity to Cloud Control Center
A configured Hyper-V virtual switch

Example Usage with CCC API Integration:

.\deploy-ve.ps1 -VMName "VE-Site-01" `
    -VEVersion "16.15.2" `
    -SwitchName "Your-Hyper-V-Switch" `
    -IPAddress "192.168.1.100" `
    -SubnetMask "255.255.255.0" `
    -DefaultGateway "192.168.1.1" `
    -DNSServers @("8.8.8.8", "8.8.4.4") `
    -NTPServers @("time.google.com") `
    -CCCURL "https://your-tenant.elisity.io" `
    -CCCClientId "your-client-id" `
    -CCCClientSecret "your-client-secret" `
    -VEGroupName "Production-VEs"

Example Usage with Manual OTP (VE already created in CCC):

.\deploy-ve.ps1 -VMName "VE-Site-01" `
    -VHDXPath "C:\Images\virtual-edge-16.15.2.vhdx" `
    -SwitchName "Your-Hyper-V-Switch" `
    -IPAddress "192.168.1.100" `
    -SubnetMask "255.255.255.0" `
    -DefaultGateway "192.168.1.1" `
    -DNSServers @("8.8.8.8", "8.8.4.4") `
    -NTPServers @("time.google.com") `
    -CCCURL "https://your-tenant.elisity.io" `
    -OTP "your-otp-from-ccc"

Script Parameters:

Parameter	Required	Description
`VMName`	Yes	Name of the virtual machine to create
`VEVersion`	Yes*	VE version to auto-download (e.g., "16.15.2")
`VHDXPath`	Yes*	Path to existing VHDX file (alternative to VEVersion)
`SwitchName`	No	Hyper-V virtual switch name (default: "Default Switch")
`IPAddress`	Yes	IP address to assign to the Virtual Edge
`SubnetMask`	Yes	Subnet mask (e.g., 255.255.255.0)
`DefaultGateway`	Yes	Default gateway IP address
`DNSServers`	Yes	Array of DNS server addresses
`NTPServers`	Yes	Array of NTP server addresses
`CCCURL`	Yes	Cloud Control Center URL for registration
`CCCClientId`	Yes**	OAuth2 Client ID for CCC API
`CCCClientSecret`	Yes**	OAuth2 Client Secret for CCC API
`VEGroupName`	Yes**	VE Group name for API integration
`OTP`	Yes**	One-Time Password (alternative to API credentials)
`MemoryStartupGB`	No	VM memory in GB (default: 8)
`ProcessorCount`	No	Number of virtual CPUs (default: 8)

*Either VEVersion or VHDXPath is required
**Either CCC API credentials (ClientId, ClientSecret, VEGroupName) or OTP is required

NOTE: When using the automated script with CCC API integration, the script will automatically create the Virtual Edge in Cloud Control Center and retrieve the OTP. Do not move the mouse or type during console automation.

Important - Default Credentials: The automated script uses the default Virtual Edge credentials to log in and configure the VM:

Username: elisity
Password: El1sity@1234

The script does not change this password. It is recommended to log into the Virtual Edge after deployment and change the password using the config password command.

After the script completes, the Virtual Edge will be registered with Cloud Control Center and show a status of Online.

Option 2: Manual Deployment via Hyper-V Manager

Important - Default Credentials: For Hyper-V manual deployments, the VHDX image uses default credentials since no password is set during deployment. Use the following to log in:

Username: elisity
Password: El1sity@1234

It is recommended to change this password after initial configuration using the config password command.

Step 1. Open Hyper-V Manager and select New > Virtual Machine from the Actions pane.

Step 2. In the New Virtual Machine Wizard, click Next on the Before You Begin page.

Step 3. Enter a name for the virtual machine (e.g., "Elisity-VE-01") and optionally specify a different storage location. Click Next.

Step 4. Select Generation 1 and click Next.

Step 5. Assign 8192 MB (8 GB) of startup memory. Uncheck "Use Dynamic Memory for this virtual machine" for appliance stability. Click Next.

Step 6. Select the virtual switch that provides network access to Cloud Control Center and to the switches to be onboarded as Virtual Edge Nodes. Click Next.

Step 7. Select Use an existing virtual hard disk and browse to the downloaded VHDX file. Click Next.

Step 8. Review the summary and click Finish to create the VM.

Step 9. Before starting the VM, right-click the VM and select Settings:

Under Processor, set the number of virtual processors to 8
Under Automatic Start Action, select Always start this virtual machine automatically

Step 10. Start the VM and connect to the console by double-clicking the VM name.

After completing these steps, proceed to the Configuring the Virtual Edge VM section below.

Configuring the Virtual Edge VM

After deploying the Virtual Edge VM on your hypervisor, connect to the VM console to configure network settings.

NOTE: If you used the Hyper-V automated deployment script, these configuration steps are performed automatically and you can skip to the Adding the Virtual Edge in Cloud Control Center section.

Step 1. Log into the Virtual Edge VM using the following credentials:

VMware ESXi: Username elisity and the password you set during OVA deployment
Hyper-V (manual deployment): Username elisity and password El1sity@1234

Step 2. Confirm the IP address and other network configurations on the VM by typing show config. Ensure the appliance has access to the internet using the ping command. You can also change the ntp and domain name servers after deployment using the config command. A full list of commands and uses is found in this article.

» ?
commands:
show Show virtual edge commands
config Configure virtual edge commands
quit Exit the shell
help Show this help message
register Initialize the application
restart Restart the virtual edge service
stop Stop the virtual edge service
reboot Reboot the virtual machine
ping Check ICMP or TCP connectivity to an IP address.
» show config
IP Address: 10.100.102.34
DHCP Enabled: false
DNS Servers: 10.100.102.20, 8.8.8.8
NTP Servers: us.pool.ntp.org
CCC URL: https://<yourdomain>.elisity.io
»

Step 3. If you need to configure or change network settings after deployment, use the following commands:

Command	Description
`config ip <address> <netmask> <gateway>`	Configure IP address, subnet mask, and gateway
`config dns <server1> [server2]`	Configure DNS servers
`config ntp <server1> [server2]`	Configure NTP servers
`show config`	Display current configuration
`show ntp`	Verify NTP synchronization
`ping <address>`	Test connectivity

NOTE: Currently we do not support changing the IP address of the Virtual Edge after it has been registered with Cloud Control Center. Please redeploy the Virtual Edge if you want to make an IP address change.

Adding the Virtual Edge in Cloud Control Center

NOTE: If you used the Hyper-V automated deployment script with CCC API integration, the Virtual Edge is already created in Cloud Control Center and registered. You can verify the status in the Virtual Edge dashboard.

In Cloud Control Center 16.3 with Virtual Edge Groups enabled, the process of deploying Virtual Edges has been updated.

See this article for more information on Virtual Edge Groups.

Step 1. Log into Cloud Control Center and navigate to Virtual Edges > Add Virtual Edge. To onboard a new VE to a VE Group, select the appropriate VE Group in the left menu pane and click +Add Virtual Edge.

Note: This workflow also applies to deploying Standalone Virtual Edges, just select "Standalone Virtual Edges" from the left pane instead of selecting a VE Group. This is similar to the traditional deployment method that existing customers are familiar with.

Step 2. Select the Virtual Edge Type of Hypervisor Hosted (16.x if present).

NOTE: For the purposes of graceful migration to Virtual Edge 16.0+, only existing customers will have the option to deploy older Virtual Edge versions.

Step 3. Fill out all the required fields. Importantly, select a previously created Virtual Edge Group, which contains important Site Label and Distribution Zone assignments. If deploying a Standalone-VE, you can assign a Site Label and Distribution Zone.

Double check your selections in the summary page, make any necessary changes by clicking EDIT, and click Submit.

Field Descriptions:

Virtual Edge Group	Assign the Virtual Edge to a pre-configured group, allowing it to inherit Site Labels and Distribution Zones automatically. VE Groups streamline the deployment process by managing multiple VEs together.
IP Address	This is the IP assigned to the Virtual Edge VM. This IP needs to be routable and must have access to reach Cloud Control Center. This IP also needs reachability to any Virtual Edge Node management interface you plan to onboard. This IP address must match what was configured on the Virtual Edge VM during deployment. This field is mandatory.
Host Name	This is the host name assigned to the Virtual Edge VM. This is the name you will see in Cloud Control Center.
Description	Description of the Virtual Edge for Cloud Control Center display.
Site Label (Standalone VE)	You can assign a pre-created Site Label to your Virtual Edge that is inherited by any associated Virtual Edge Node, or you can create a new Site Label on the spot. This allows you to filter and view assets and Virtual Edges using these Site Labels, and apply Policy Sets based on Site Label for selective policy distribution. See our VE/VEN management article for info on how to create and manage your Site Labels effectively.
Distribution Zone (Standalone VE)	Here you can assign the Virtual Edge to a pre-created Distribution Zone label for selective distribution of device to Policy Group mappings, or create a new DZ label and assign to the VE immediately. See our VE/VEN management article for info on how to create and manage your Distribution Zone labels effectively.

Step 4. After clicking Add, the Virtual Edge will be provisioned in Cloud Control Center and credentials will be generated.

Select the newly provisioned Virtual Edge and copy the credentials under the Additional Information section. You must first click SHOW CREDENTIALS to view the following information:

Cloud Control Center URL - The CCC URL for your tenant
Client Secret - The authentication secret (OTP) for the Virtual Edge

The final step of the onboarding wizard displays all these credentials together for easy reference:

Step 5. Return to the Virtual Edge VM console and initiate the bootstrap process by issuing the following command:

register

Enter the URL of Cloud Control Center, provide the OTP, and select "Y" to all prompts that follow.

Within a couple seconds, the Virtual Edge will register with Cloud Control Center and show a status of Online.

Now you can onboard your existing access switches as Elisity Virtual Edge Nodes for policy enforcement by following this guide.

Deleting a Virtual Edge

Step 1. In Cloud Control Center, select the more options icon to the right of the Virtual Edge and then select Delete Virtual Edge.

NOTE: Before you can delete a Virtual Edge, all Virtual Edge Nodes onboarded with that Virtual Edge must first be deleted. Follow the guide here to first decommission Virtual Edge Nodes attached to the Virtual Edge you are trying to decommission.

The delete action for the Virtual Edge will appear in the Cloud Control Center audit logs.

Step 2. After the Virtual Edge has been deleted in Cloud Control Center, delete the VM on your hypervisor:

VMware ESXi: Right-click the VM in the ESXi or vCenter console and select Delete from Disk
Hyper-V: In Hyper-V Manager, right-click the VM, select Delete, then manually delete the VHDX file from the storage location

new-vm-hv.png
(500 KB)
name-vm.png
(900 KB)
vm-generation.png
(800 KB)
vm-memory.png
(800 KB)
vm-network.png
(700 KB)
vm-vhdx.png
(900 KB)
summary.png
(700 KB)
vm-cpu-update.png
(1 MB)