Kaspersky SD-WAN
- Kaspersky SD-WAN Help
- About Kaspersky SD-WAN
- Architecture of the solution
- Deploying Kaspersky SD-WAN
- Redundancy of solution components
- About the installation archive
- About the attended, unattended, and partially attended action modes
- Preparing the administrator device
- Managing passwords
- Preparing the configuration file
- Replacing the graphics of the orchestrator web interface
- Replacement of a failed controller node
- Upgrading Kaspersky SD-WAN
- Removing Kaspersky SD-WAN
- Logging in and out of the orchestrator web interface
- Licensing of Kaspersky SD-WAN
- User interface of the solution
- Navigating to the orchestrator API
- Managing the Kaspersky SD-WAN infrastructure
- Managing domains
- Managing data centers
- Managing management subnets
- Managing controllers
- Managing a VIM
- Managing users and their access permissions
- Multitenancy
- Managing CPE devices
- About the interaction of the CPE device and the orchestrator
- About the interaction of the CPE device and the controller
- Default credentials of KESR CPE devices
- Scenario: Automatic registration (ZTP) of a CPE device
- Scenario: Deployment on the VMware virtualization platform and automatic registration (ZTP) of a vCPE device
- Scenario: Re-registering a CPE device
- Managing CPE templates
- Managing CPE devices
- Adding a CPE device
- Generating an URL with basic CPE device settings
- Manually registering a CPE device
- Unregistering a CPE device
- Specifying the address of a CPE device
- Enabling and disabling a CPE device
- Restarting a CPE device
- Shutting down a CPE device
- Connecting to the CPE device console
- Viewing the password of a CPE device
- Exporting orchestrator and controller connection settings and SD-WAN interfaces from a CPE device
- Exporting network interfaces from a CPE device
- Changing the DPID of a CPE device
- Deleting CPE devices
- Two-factor authentication of a CPE device
- Managing certificates
- Automatically deleting and disabling CPE devices
- Grouping CPE devices using tags
- Configuring logs on CPE devices
- Specifying NTP servers on CPE devices
- Managing modems
- Updating firmware
- Manually updating firmware on a CPE device
- Uploading firmware to the orchestrator web interface
- Scheduling firmware updates on selected CPE devices
- Scheduling firmware updates on CPE devices with specific tags
- Restoring firmware of a KESR-M1 CPE device
- Restoring firmware of a KESR-M2-5 CPE device
- Correspondence of CPE device models with firmware versions
- Deleting firmware
- Additional configuration of CPE devices using scripts
- Managing network interfaces
- Creating network interfaces
- Creating a network interface with automatic assignment of an IP address via DHCP
- Creating a network interface with a static IPv4 address
- Creating a network interface with a static IPv6 address
- Creating a network interface for connecting to an LTE network
- Creating a network interface for connecting to a PPPoE server
- Creating a network interface without an IP address
- Editing a network interface
- Disabling or enabling a network interface
- Canceling the application of network interface settings to a CPE device
- Deleting a network interface
- Creating network interfaces
- Configuring the connection of a CPE device to the orchestrator and controller
- Managing SD-WAN interfaces
- About sending information about SD-WAN interfaces of the WAN type to the controller
- Package fragmentation
- Traffic queues on SD-WAN interfaces
- Creating an SD-WAN interface of the WAN type
- Editing an SD-WAN interface
- Disabling or enabling an SD-WAN interface
- Deleting an SD-WAN interface of the WAN type
- Managing service interfaces
- Managing OpenFlow port groups
- Configuring a UNI for connecting CPE devices to network services
- Adding a static route
- Filtering routes and traffic packets
- Route exchange over BGP
- Route exchange over OSPF
- Using BFD to detect routing failures
- Ensuring high availability with VRRP
- Transmission of multicast traffic using PIM and IGMP protocols
- Managing virtual routing and forwarding (VRF) tables
- Monitoring traffic packet information using the NetFlow protocol
- Diagnosing a CPE device
- Running scheduled tasks on CPE devices
- IP address and subnet ranges for CPE devices
- Managing the firewall
- Managing network services and virtualization of network functions
- Managing network service templates
- Managing network services
- Scenario: Deploying a virtual network function
- Scenario: Deploying a physical network function
- Managing VNF and PNF packages
- Specifying a brief description of a shared network service
- Managing virtual network functions
- Selecting the flavour of a virtual network function
- Configuring external connection points of a virtual network function
- Basic settings of a virtual network function
- Hosting the virtual network function in a data center and on a uCPE device
- Stopping or starting a virtual network function or a VDU that is part of it
- Pausing or unpausing a virtual network function or a VDU that is part of it
- Suspending or unsuspending a virtual network function or a VDU that is part of it
- Soft rebooting a virtual network function or a VDU that is part of it
- Hard rebooting of a virtual network function or a VDU that is part of it
- Redeploying a virtual network function or a VDU that is part of it
- Auto-healing a virtual network function or a VDU that is part of it
- Managing VDU snapshots
- Managing physical network functions
- Configuring a P2P service
- Configuring a P2M service
- Configuring an M2M service
- Configuring a shared network (OS 2 SHARED)
- Configuring a virtual router (OS vRouter)
- Configuring a VLAN
- Configuring a VXLAN
- Configuring a flat network
- Configuring a UNI
- Monitoring solution components
- Specifying the Zabbix server
- Specifying the Zabbix proxy server
- Configuring CPE device monitoring
- Viewing monitoring results
- Viewing problems
- Viewing the status of the solution and its components
- Viewing logs
- Viewing and deleting service requests
- Sending CPE device notifications to users
- Selecting the Docker container log verbosity
- Monitoring CPE, VNF, and PNF devices using SNMP
- Link monitoring
- Building an SD-WAN network between CPE devices
- Quality of Service (QoS)
- Transmission of traffic between CPE devices and client devices using transport services
- Traffic packet duplication
- Scenario: Directing application traffic to a transport service
- Managing Point-to-Point (P2P) transport services
- Managing Point-to-Multipoint (P2M) transport services
- Managing Multipoint-to-Multipoint (M2M) transport services
- Managing L3 VPN transport services
- Managing IP multicast transport services
- Managing transport services in an SD-WAN instance template
- Managing transport services in a CPE template
- Traffic mirroring and forwarding between CPE devices
- Appendices
- Glossary
- Control plane
- Controller
- Customer Premise Equipment (CPE)
- Data plane
- Orchestrator
- Physical Network Function (PNF)
- PNF package
- Port security
- SD-WAN Gateway
- SD-WAN instance
- Software-Defined Networking (SDN)
- Software-Defined Wide Area Network (SD-WAN)
- Tenant
- Transport strategy
- Universal CPE (uCPE)
- Virtual Deployment Unit (VDU)
- Virtual Infrastructure Manager (VIM)
- Virtual Network Function Manager (VNFM)
- VNF Package
- Contacting Technical Support
- Information about third-party code
- Trademark notices
Deploying Kaspersky SD-WAN > Preparing the administrator device
Preparing the administrator device
Preparing the administrator device
You can use a local or remote virtual machine, or a personal computer as the administrator device. When deploying a Kaspersky SD-WAN testbed in accordance with the all-in-one deployment scenario, you must use a virtual machine as the administrator device.
If you experience any problems while preparing the administrator device, we recommend contacting Kaspersky Technical Support.
To prepare the administrator device:
- Make sure the administrator device satisfies the hardware and software requirements.
- Make sure that the same root account is used on the administrator device and the virtual machines or physical servers on which you want to deploy Kaspersky SD-WAN components. After deploying the solution, you can use a different root account on the virtual machines or physical servers.
- Download the knaas-installer_<version information> installation archive from the root directory of the distribution kit and extract the installation archive on the administrator device.
- Go to the directory with the extracted installation archive and prepare the administrator device:
- Make sure the pip package management tool is installed by running the command:
python3 -m pip -V - If the pip package management tool is not present, do one of the following:
- If the administrator device is running Ubuntu:
apt-get install python3-pip - If the administrator device is running RED OS 8:
yum install python3-pip
- If the administrator device is running Ubuntu:
- Install the Ansible tool and its dependencies:
python 3 -m pip install -U --user -r requirements.txt - Update the PATH variable:
echo 'export PATH=$PATH:$HOME/.local/bin' >> ~/.bashrcsource ~/.bashrc
- Verify that the Ansible tool is ready for use:
ansible --version - Install the operating system packages for Kaspersky SD-WAN deployment on the administrator device:
ansible-playbook -K knaas/utilities/toolserver_prepare/bootstrap.ymlEnter the root password when running the command.
You only need to complete this step when initially deploying the solution.
- Make sure the pip package management tool is installed by running the command:
- Make sure the administrator device is ready for use:
- Restart the administrator device.
- Go to the extracted installation archive and start the automatic check of the administrator device:
ansible-playbook knaas/utilities/pre-flight.yml
- If you want to deploy Kaspersky SD-WAN on multiple virtual machines or physical servers:
- Make sure SSH keys have been generated on the administrator device. If the SSH keys do not exist, generate them.
- Place the SSH keys on virtual machines or physical servers:
ssh-copy-id user@<IP address of the virtual machine or physical server>
If you are deploying a Kaspersky SD-WAN testbed in accordance with the all-in-one deployment scenario, skip this step.
The administrator device is prepared for Kaspersky SD-WAN deployment.
Article ID: 273496, Last review: Oct 14, 2024