Installing and Configuring DSG
Assumptions
This section assumes that there is no prior installation of DSG product and installation is happening from scratch.
GTM and LTM are provisioned and installed. For information about prescribed configurations for GTM or LTM, refer Recommended Traffic Manager.
Pre-requisites
Ensure there is good network connectivity between the machine where DSG is going to be installed and all the ESAs, and they can communicate with each other.
Ensure ESAs in both Primary site- ESA P1, S1, S2 and DR site- ESA S3, S4, S5 are up and running.
Ensure that ESAs in both sites are in TAC.
Ensure that PIM is initialized on all the ESAs.
Ensure that ESAs in Primary site are in Audit Store Cluster and ESAs in DR site are in a separate Audit Store Cluster.
Ensure all the ESAs in the cluster and DSGs in the cluster, and that ESAs and DSGs themselves are reachable using hostname or FQDN.
1. Installing and Configuring the DSGs
Install DSGs of version 3.3.0.0.
For more information about installing DSG 3.3.0.0, refer Installing the DSG.
Create TAC. Create TAC in one of the DSGs installed in the previous step.
Join DSGs to TAC. Join the rest of the DSGs to the TAC created in the previous step.
Upload and Install DSG Management Server Certificates. Upload and install DSG Management Server certificates in each of the DSGs individually. Ensure the SAN field in each of the certificates has the hostname and FQDN of the DSG node it is going to be installed in.
2. Perform ESA Communication
Perform ESA communication from all the DSGs. For all the options in ESA communication except for Update host settings for DSG, provide GTM IP, hostname, or FQDN as applicable.
For more information about performing set ESA communication, refer Setting up ESA communication.
2.1 Update Host Settings for DSG
For Update host settings for DSG in ESA communication, provide Primary ESA P1’s FQDN/hostname as applicable.
For more information about performing set ESA communication, refer Setting up ESA communication.
3. Install DSG Patch on all the ESAs in the Primary and DR site
Install DSG 3.3.0.0 patch on all ESAs in both sites, that is, ESA P1, S1, S2 in the primary site and ESA S3, S4, S5 in the DR site.
3.1 Provide DSG Details During Patch Installation
During the prompt for DSG details during patch installation, provide any of the DSG’s FQDN/hostname in TAC. Ensure the same DSG FQDN or hostname is provided during patch installation in all other ESAs.
4. Perform Post Installation Steps in all ESAs
For information to perform post installation steps, refer Post installation/upgrade steps.
5. Upload and Apply DSG Admin Tunnel Certificates
Upload and apply DSG Admin tunnel certificates from Web UI in ESA P1.
For more information regarding uploading and applying DSG Admin tunnel certificates, refer Upload Certificate/Keys.
6. Create and Deploy DSG Tunnels and Ruleset
6.1 Create Tunnels and Ruleset
Create tunnels and rulesets from the Web UI in ESA P1.
For more information related to creating tunnels, refer Tunnels.
For more information related to creating rulesets, refer Ruleset Reference.
6.2 Deploy Rulesets
Click on the Deploy button from the DSG’s Cluster page in ESA P1 to deploy rulesets in all the DSGs present in the TAC.
For more information related to deploying rulesets, refer Deploying configurations to the cluster.
7. Check Health Status of DSGs under Cluster Page
After the deployment of rulesets is successful, check the health status of DSGs in TAC from the DSG’s Cluster page in ESA P1. All the DSGs should show health status as green.
8. Ensure TAC Replication Job Includes DSG Configuration
Ensure TAC replication job also includes DSG’s configuration to be replicated to all the ESAs in TAC, that is, from Primary ESA P1 to all the Secondary ESAs S1, S2, S3, S4, S5.
Make sure to follow these steps meticulously to ensure a seamless installation and configuration process.
Feedback
Was this page helpful?