Configuring the PxM UI

Configuration of the PxM UI should take around 5 minutes.

Network Configuration

To set the network configuration of the PxM UI Server:

  1. Within VMware vSphere open the Console window of the deployed PxM UI Server.

  2. At the command type sudo netconf and press ENTER.

  3. Within the Configure Static Networking window enter the network configuration to be assigned to the PxM UI Server. Press TAB to navigate between the fields.
    netconf

  4. When completed TAB down to the Save button and press ENTER. The network configuration is saved and you are navigated back to the command prompt.

  5. At the command prompt type sudo reboot to apply the configuration. Wait while the system is rebooted.

    Hint

    You might want to wait to reboot the system until the next configuration step is done.

Configure SSH Access

SSH access configuration is required to allow administrators to SSH onto the PxM UI appliance.

When the first SSH connection is made to the PxM UI a master key will be set. The appliance will generate a unique username for this initial connection which will be deleted once the initial setup has been completed.

Note

Additional keys can be added after setup.

Prerequisites

The following are required before you start the SSH access configuration:

  • PowerShell client.

  • SSH private key.

If you don't have an SSH private key then one can be generated as follows:

  1. Open the powershell client.

  2. At the command prompt type ssh-keygen -t rsa and press ENTER.
    Generate ssh private key

  3. You will be asked to enter a file in which to save the key, press ENTER to accept the default.

  4. You will be asked to enter a passphrase, this can be left blank, press ENTER and again to confirm. Your public key will be saved.

Adding the first SSH public key

  1. Open the console window of the PxM UI appliance.
    SSH Initial Screen

    Note

    Make sure that the text in the box matches your screen.

  2. At the command prompt type:

    sshconf

  3. Follow the instructions displayed on the screen.
    SSH username

  4. On your workstation open up a PowerShell client.

  5. Within the PowerShell client window type the highlighted command in the picture above (your command will differ from the example).

    In the above example it would be:

    ssh setup-HwyrHRn@10.0.2.15

  6. On connecting, the appliance will report that your public key has been added:
    SSH connection

    The PxM UI appliance will add your public key to /var/disk/config/authorized_keys. Append public keys to this file to allow additional administrators access.

Note

Future SSH connections should be made using the support username.

Install HTTPS certificates

Although default HTTPS certificates are installed during the installation to ensure your data to and from the PxM UI is encrypted, it is recommended that you install your own certificates before you start to use your PxM UI.

To install your HTTPS certificates:

  1. On your workstation open up a PowerShell client.

  2. To update the PxM UI appliance with your own HTTPS certificates you will need to replace the following files: /var/disk/certs/https.key and /var/disk/certs/https.crt.
    Within the PowerShell client window type the following:

    tar -c https.key https.crt | ssh support@<address> -C "tar -x --no-same-owner -C /tmp/"

    ssh support@<address> -C "sudo mv /tmp/https.* /var/disk/certs/https.*"

  3. Reboot the PxM UI appliance to apply the configuration and wait while the system is rebooted.

Pair PxM UI with a specific PxM Virtual Appliance OPTIONAL

The PxM UI supports connecting to multiple PxM Virtual Appliances, however it is possible to bind a single instance of the PxM UI to a given PxM Virtual Appliance. In order to do so, we need to save the PxM host to /var/disk/settings/pxm_host.

  1. Open the Console window of the PxM UI Server.

  2. At the command prompt type the following:

    echo "<your PxM Virtual Appliance hostname>" | sudo tee /var/disk/settings/pxm_host

    Example:

    PxM UI Pairing

  3. At the command prompt type sudo reboot to apply the configuration. Wait while the system is rebooted.

Securing against man-in-the-middle (MITM) attacks OPTIONAL

Although this is optional, to avoid MITM attacks between the PxM UI and a given PXM Virtual Appliance implement the following to improve security:

  1. Within VMware vSphere open the Console window of the deployed PxM UI Server if not already open.

  2. Open the /var/disk/settings/hosts.yml file in your preferred editor. You will need to use sudo to write to the file:

    Example using a nano editor:

    sudo nano /var/disk/settings/hosts.yml

    The file should look like the below example: hosts file

  3. The PxM UI Server is configured by default to enable (allow_insecure: true) all connections as we do not have any stored fingerprints. To disable this setting we need to set it to false (allow_insecure: false) and then add the PxM Virtual Appliance hostname (FQDN or IP Address) and host key fingerprint to the list.

    If you have multiple PxM Virtual Appliances then add the hostnames and the host key fingerprints of each of the PxM Virtual Appliances you will be connecting to this list.

    The host key fingerprint can be obtained from the PxM Platform web page. Open a web browser window and enter the following: https://(PxM_Virtual_Appliance_address).

    Example
    Replace the example hostnames (FQDNs or IP Addresses) and host key fingerprints with your own PxM Virtual Appliances.
    hosts file configured

  4. Once updated, save the changes within your editor.