icon-unified.svg
Experience Center

Deploying Branch Connector & App Connector with Linux KVM

This deployment guide provides information on prerequisites, how to deploy Zscaler Branch Connector & App Connector as a virtual machine (VM) on Linux KVM, and post-deployment configurations.

This procedure describes the steps for deploying Zscaler Branch Connector & App Connector on Linux KVM. To learn more about deploying Branch Connector & App Connector using a Terraform script, see Deployment Templates for Zscaler Branch Connector & App Connector.

Prerequisites

The role that admins are assigned dictates the level of access they have to the Admin Portal. Zscaler provides a default admin account that provides full access to the portal and scope over the entire organization. Admins must have full access to Branch Connector Provisioning permissions. To learn more, see About Role Management and Adding Admin Roles.

Make sure the following prerequisites are met:

  • Create a dedicated username for the Branch Connector & App Connector deployment in the Admin Portal.
  • Create a dedicated password for the Branch Connector & App Connectordeployment in the Admin Portal. The password must be at least 8 characters in length and include at least one uppercase letter, one number, and one special character. The password must not contain a $, &, >, <, ;, ', or ". Otherwise, the deployment fails.
  • Configure a Branch Provisioning Template and copy the Branch Provisioning URL.
  • Download the combined Branch Connector & App Connector image from the Branch Connector Images page for Linux KVM.
  • Branch Connector uses an API key to authenticate and register the VM with Zscaler. If you do not already have an API key, generate a new key. Then copy the API key from the API Keys page.
  • Review the following Branch Connector & App Connector specifications and sizing requirements:
    • Small VM: requires 4 GB of memory, 2 CPU cores, 128 GB data disk size, and 2 network interface cards (NIC)
    • Medium VM: requires 8 GB of memory, 4 CPU cores, 128 GB data disk size, and 4 NICs

Creating and Applying User Data

You must create user data information for your Branch Connector & App Connector VM. This information can either be applied to the KVM VM with an ISO file that is mounted via a virtual CD-ROM drive or applied manually to the VM in the /etc/cloud/cloud.cfg.d/ directory. For both methods, you must create a text file containing the user data.

  1. Create your user data in a text file named userdata.cfg using the following template, formatted in YAML:

    • ZSCALER:
  cc_url: <CC_URL>
  http_probe_port: 50035 #Optional to change the port for load balancer status checks from the default value 50001 to 50035.
  api_key: <API Key>
  password: <Admin Password>
  username: <Admin Username>
network: 
  config:
  - name: vtnet0
    type: physical
    subnets:
    - address: <IP Address/Netmask> #IP configuration for the management interface
      gateway: <Gateway>
      type: static
  - name: vtnet1    
    type: physical    
    fib: '1'    
    subnets:    
    - address: <IP Address/Netmask> #IP configuration for the App Connector interface  
      gateway: <Gateway>      
      type: static  
    - type: nameserver    
      address:    
     - <IP Address>    
     - <IP Address>    
     search:    
     - zscaler.net  
  version: '1' 
zscaler_app_connector:  
  enable: yes  
  provisioning_key: <Key>
#ssh keys are optional
ssh_authorized_keys:
 - ssh-rsa <Key>

      ZSCALER:
  cc_url: connector.zscaler.net/api/v1/provUrl?name=DemoBC
  api_key: adfads2sd
  password: demopass
  username: bac-demoadmin@12345689.zscaler.net
network: 
  config:
  - name: vtnet0
    type: physical
    subnets:
    - address: 10.66.118.71/24
      gateway: 10.66.118.254
      type: static
  - name: vtnet1    
    type: physical
    fib: '1'    
    subnets:    
    - address: 10.66.118.72/24      
      gateway: 10.66.118.254
      type: static
    - type: nameserver
      address:
      - 10.66.98.1
      - 8.8.8.8
    search:
    - zscaler.net
  version: '1'
zscaler_app_connector:
  enable: yes
  provisioning_key: asldkfjalsdkjflaksasldkfjalsdkjflaksasldkfjalsdkjflaksasldkfjalsdkjflaksasldkfjalsdkjflaks
      Close

      ZSCALER:
  cc_url: connector.zscaler.net/api/v1/provUrl?name=DemoBC
  http_probe_port: 50035
  api_key: adfads2sd
  password: demopass
  username: bac-demoadmin@12345689.zscaler.net
network: 
  config:
  - name: vtnet0
    type: physical
    subnets:
    - address: 10.66.118.71/24
      gateway: 10.66.118.254
      type: static
  - name: vtnet1    
    type: physical
    fib: '1'    
    subnets:    
    - address: 10.66.118.72/24      
      gateway: 10.66.118.254
      type: static    
   - type: nameserver      
     address:      
     - 10.66.98.1    
     - 8.8.8.8    
   search:    
   - zscaler.net  
  version: '1'
zscaler_app_connector:
  enable: yes
  provisioning_key: asldkfjalsdkjflaksasldkfjalsdkjflaksasldkfjalsdkjflaksasldkfjalsdkjflaksasldkfjalsdkjflaks 
ssh_authorized_keys:  
  - ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCh3ru9CCnEow69WlQyJuxvZJGHcjhcgJzp8XnoKTJk6o1bit+rq4BNyjS0orauMF6fNMHAyGZqDWw6RICvoeh386xNqnD7+AGE9VGz4cPv0CjoV2HvkKnA2Dj8KZFFJ/bBV0BndNdGATsbDnhq0wkJ+WXFmamb9kx4dSDL5ZD15SybFop0b/3JoqXoU+9pxFc0bQ/cediaifCztliI9i7NAmvIUinLy2OlDW/uPEcB8nBgXhAAc9ALe6+Q4wZt8JUdrcF04bgoAHYsNuzyEk4dNvov97JyExCAwzSLomiHFtdzhGw7/o6KhfhxxBRodKy4wQBwDzPbD6EbN9iCqoK8DY4HZ2L7HyQKRjhnnY/Y0uldO0tleogElbk+4LsoyAPjPAbogu89xSOa6D7sl2G+dPpqTlFBmO/3m/2JhBnGU= admin@branchpc
      Close

      Close

  2. Apply your user data to the VM using one of the following methods:

      1. Apply the user data to the VM as an ISO image:

        • On Centos, install the genisoimage:

          sudo yum install genisoimage

        • On Ubuntu, install the genisoimage:

          sudo apt install genisoimage

      2. Configure the required user data.

        The user data file must be named user-data.

        zuser@hostname:~$ mkdir isodir
zuser@hostname:~$ cat > isodir/user-data <<EOF #cloud-config
<TEXT FROM TEXT FILE>
EOF
user@hostname:~genisoimage -o user-data.iso -r isodir/user-data

        You attach the ISO to your Branch Connector VM in the Deploy the Branch Connector procedure.

      Close

    • You apply your user data at the end of the Deploy the Branch Connector procedure.

      Close

Deploying the Branch Connector & App Connector

After you have met all the prerequisites, created user data, and applied user data to the VM (if you used the ISO method), perform the following procedure to deploy your Branch Connector & App Connector on Linux KVM.

  1. Log in to Virtual Machine Manager.
  2. Go to File > New Virtual Machine.

  1. In the New VM window, select Import existing disk image. Then, click Forward.

  1. Click Browse to upload the Linux KVM image downloaded from the Branch Connector Images page.

  1. For Choose the operating system you are installing, select Free BSD 11.4. Then, click Forward.

  1. For Choose Memory and CPU settings, configure the memory and CPU settings based on the VM specifications. Then, click Forward.

  1. Enter a Name for the Branch Connector, select a network under Network selection, and enable Customize configuration before install. Then, click Finish.

  1. The Branch Connector configuration window appears displaying an overview of your Branch Connector and hypervisor details. Click Add Hardware.

  1. If you applied user data to the VM using the ISO method: In the Locate or create storage volume window, select the user-data.iso file created in the ISO Method procedure. Then, click Choose Volume.

  1. In the Add New Virtual Hardware window, select Storage from the left-side navigation, and ensure Select or create custom storage is selected.
  2. For Device type, select CDROM device from the drop-down menu, then click Finish.

  1. Select Network from the left-side navigation to add another network:
    a. For Network source, select a network from the drop-down menu.
    b. Enable and enter the MAC address.
    c. For Device model, select the device model.

  1. Click Finish.
  2. In the Branch Connector configuration window, click Begin Installation.
  3. If you applied user data to the VM using the Manual Method:

    1. In the VM console, create a new userdata.cfg file:

      zsroot@zscaler_node : ~ > sudo ee /etc/cloud/cloud.cfg.d/userdata.cfg

    2. Paste in the contents of your user data file.
    3. Press ESC to exit the editor.
    4. Press a to leave the editor.
    5. Press a to save the file.

    6. Reboot the VM:

      zsroot@zscaler_node : ~ > sudo reboot

Close

Managing the Branch Connector & App Connector

After your VM is fully deployed, you can manage the Branch Connector VM from the Admin Portal. A deployed VM is displayed in the dashboard. The Cloud & Branch Connector Monitoring page provides information on the name, group, location, geolocation, and status of your VMs deployed in your branch account.

After verifying deployment, you can configure the following policies:

Related Articles
Downloading Branch Connector ImagesDeployment Templates for Branch Connector & App ConnectorDeploying Branch Connector on VMware PlatformsDeploying Branch Connector & App Connector on VMware PlatformsDeploying Branch Connector with Linux KVMDeploying Branch Connector & App Connector with Linux KVMDeploying Branch Connector with Hyper-VDeploying Branch Connector & App Connector with Hyper-VHandling DNS Resolutions for Zscaler Branch Connector