SmartCenter on VMWare

[K2Technologies]

Has anyone used a VM running Windows (server 2000/3) as their SmartCenter server? Is this supported or even recommended?

[RayPesek]

I've never used VMWare but I have installed SmartCenter R62 & R65 on Microsoft Virtual Server 2005 R2 for testing and it runs fine. SmartCenter is not a product that does anything weird, so I doubt you would have any problems.

Virtual servers can present a physical security issue, though, if they are running on a box that runs other virtual servers. Non-security admins that have access to the virtual server now have physical access to the SmartCenter server. If there's no controls over the browser management interface, you have the same problem. They've got access to the logon screen.

Ray

[abusharif]

Vmware is not officially supported. Yepp it works like a charm but you may experience cold shoulder from checkpoint support if you need their help in future.

[Reaper]

SmartCenter R62 working ok on Red Hat Enterprise Linux on VMWare on Linux. Problem is the clock drift, to solve update clock frequently with ntpdate (ntpd does not work because of too big too random clock drift).

[Dzenboy]

i have my smartcenter server on vmware win 2000 for testing aims. it works pretty good.

[wowtek]

I use many smart centers, firewalls, connectra and other software under VMWare Server in my lab and I don't have any "hardware/system" problem with this system.
I support few commerce installation, with smart center under VMWare server/ESX and my client don't have any platform specific problem.
In my opinion the platform is critical for support gateway platform, but on smart center platform (VMWare) have second role.

[Routerkid1]

Tac will not support it, only vsx

[masterloo]

I've heard some rumblings that limited support for certain CP products may be on the way.. liek Eventia.. we'll see.
And not to be redundant here ;) but I've run CP R55-R62 on VMware for lab and testing environment and have not found any real problems (win2k/3, Splat, RHEL)

[chillyjim]

Quote:

Originally Posted by Routerkid1

Tac will not support it, only vsx

VSX is not supported on VMWare

[chillyjim]

Quote:

Originally Posted by masterloo

I've heard some rumblings that limited support for certain CP products may be on the way.. liek Eventia.. we'll see.

I haven't heard anything about Eventia on VMWare, but by the end of the year you should start seeing support for at least one product on VMWare Infrastructure and blade servers.

Quote:

And not to be redundant here ;) but I've run CP R55-R62 on VMware for lab and testing environment and have not found any real problems (win2k/3, Splat, RHEL)

We all know it works, and sometimes you can even get support on a SmartCenter running on VMWare but not much else.

If the first project proves not to be a support nightmare, I would suspect you will see official VMWare support for some of the other management products, but not for gateways.

Note -- none of what I just said is anything but guessing on my part and rumors I've heard, nothing official.

[beefdart]

Quote:

Originally Posted by Reaper

SmartCenter R62 working ok on Red Hat Enterprise Linux on VMWare on Linux. Problem is the clock drift, to solve update clock frequently with ntpdate (ntpd does not work because of too big too random clock drift).

that is a common misconception... If you are going to run anything production in VMware: http://www.vmware.com/pdf/vmware_timekeeping.pdf is a must-read.

ntpd or heavy use of ntpdate will slaughter the performance of your VMs. VMware has a timekeeping function already, just poorly documented.

all that being said... SPLAT works great in VMware, and if you really try hard... IPSO does too :]

[dreambuddy]

Quote:

all that being said... SPLAT works great in VMware, and if you really try hard... IPSO does too :]

Fellow Members/Seniors,

It's a news for me.. can we run IPSO under VMWare, if we have the image. Have anyone really achieved this. It's seemingly hard to believe, keeping in mind IPSO is an appliance.

Regards
-=KIK=-

[mcnallym]

IPSO is based on BSD so in theory no reason why not. I haven't tried it myself as if going to do this then SPLAT is easier to get going.

SMARTCenter and Connectra and VPN-1 are now all tested and certified to run with VMWare ESX/ESXi providing on SPLAT.

[dsb.nepo]

Quote:

SMARTCenter and Connectra and VPN-1 are now all tested and certified to run with VMWare ESX/ESXi providing on SPLAT.

Do you have a link to a document from Checkpoint where the certification is confirmed?
I like to read a document, where this setup is described, for example with/without VMware-tools ...

[Routerkid1]

Quote:

Originally Posted by Routerkid1

Tac will not support it, only vsx

Correction I intended to say ESX not VSX.

[chillyjim]

Quote:

Originally Posted by dsb.nepo

Do you have a link to a document from Checkpoint where the certification is confirmed?
I like to read a document, where this setup is described, for example with/without VMware-tools ...

Posted on the HCL Check Point Software: Virtual Machines for VPN-1 and Connectra on SecurePlatform -

No vmware tools as of yet.

[fireverse]

Link to Check Point VMWare document:

From the document:

VPN-1 NGX R65 for VMware supports the following VMware ESX Server versions:
• VMware ESX Server versions 3.0.2, 3.5 or 3i
• VirtualCenter 2.0.1 or higher (Optional - useful for managing multiple ESX Server hosts using
a single GUI client, cloning virtual components and deploying objects from templates)

VPN-1 NGX R65 for VMware currently supports the following Check Point products:
• VPN-1 Power NGX R65
• VPN-1 UTM NGX R65
• VPN-1 Power UTM NGX R65
• SmartCenter NGX R65

BTW if you are looking at hosting more than one SmartCenter on VMware, you should consider Provider-1 Enterprise. Will be more cost effective:

SmartCenter Power Unlimited = $22k
P1 Enterprise 3 (equivalent to 3 SmartCenter Powers) = $45k

A separate SmartCenter for your Internet, WAN, and data center is a common architecture when moving away from a single SmartCenter.

HTH

[chillyjim]

Quote:

Originally Posted by fireverse

BTW if you are looking at hosting more than one SmartCenter on VMware, you should consider Provider-1 Enterprise. Will be more cost effective:

SmartCenter Power Unlimited = $22k
P1 Enterprise 3 (equivalent to 3 SmartCenter Powers) = $45k

Please note that P1 is not supported in ESX and in fact doesn't work.

For testing though, it does work with workstation and GSX (the free version of Server). Not good for production, but to look at.

[dsb.nepo]

@chillyjim,fireverse
Thanks for the link to the documents

One point that is special interesting at ESX Clusters

Quote:

Known Limitations
----------------------------
2. VMotion is not supported
3. VMtools is not supported

[chillyjim]

Yeah none of the add-on packages are supported. Hopefully at some point they be if there is enough customer demand for them.