Deploying the ERM Installer virtual machine
The primary purpose of the ERM Installer is to enable the deployment, configuration and updating of the main ERM modules. Currently, there is only one module, the core Enhanced Rooms Management application. Pexip intends to release additional modules in due course.
You can deploy ERM on VMware in your own server network, or you can deploy it as a cloud service in Microsoft Azure or Google Cloud Platform.
- For VMware in your own server network see VMware deployments below.
- For Microsoft Azure see Deploying ERM in Microsoft Azure.
- For Google Cloud Platform see Deploying ERM in Google Cloud Platform (GCP).
The first step is to add the ERM Installer virtual machine to your server network.
Where this server should be set up depends on your particular network environment. For examples and more detailed network schemas, see Network schematics.
Start by downloading our Installer VM. The latest version is available at the Pexip download page.
Currently only VMware 6.5 and later is supported.
When you first start up the virtual machine, you are presented with a list of choices that you can navigate using the arrow keys. The first section is for your network settings:
The options are:
|Refresh status||Run this to see the current status of the machine, such as which IP number has been assigned via DHCP, as well as disk space and usage, which can both be helpful during installation.|
|Change hostname for server||Here you can set the hostname for the server (this is primarily for internal use). This is helpful when monitoring entries in different types of event logs.|
|Change IP-settings on first/second NIC||Choose this option to switch between using DHCP or manually entering IP numbers and other network settings such as gateway and DNS servers.|
|Set DNS-servers||This option allows you to specify a standalone DNS server to apply to the server. Even if DHCP is used, an override DNS or similar setup might be used, which you then can specify here.|
|Set NTP-servers||You can manually specify which NTP servers to use. This can, for example, be useful for a more secure network with a dedicated internal server which you can then enter an IP number or hostname for. If a hostname is specified, it requires an available working DNS server.|
Use this option if you lock outgoing HTTP(s) requests in your network. It allows all requests to exit via a third-party HTTP proxy where you can verify the traffic and lock down addresses that are not allowed. The format for defining the HTTP(s) proxies is:
|Set static routes||This option is available if you have several different subnets in your network. For example, traffic can go by default through the default gateway, but that 10.0.0.0/24 should instead go through a router that has an IP address 192.168.1.100.|
Some choices may require a restart to take effect. You can choose to either restart after each step or, if you prefer, you can complete all settings and then restart at the end of your setup.
When you are satisfied with your network settings, selectat the bottom of the list. This takes you to the next section on security settings.
After configuring the network settings you can define the security settings for your server.
The options are:
|Set password for admin system account||
Here you create a password for the default system user (username: admin), which can then be used to log in to the Linux console, for example, to troubleshoot or change a specific setting (with guidance from Pexip support).
After the password has been set, this option changes to allow the disabling or re-enabling of the admin account.
|Disable SSH-login using password||
Choose this option to disable login via SSH with a password. SSH is enabled with the use of SSH keys by default, and not by using a password.
First, add your SSH key to the VM. To do this, temporarily activate SSH login using a password, add your SSH public key (to the ~/.ssh/authorized_keys file) and then deactivate this option for increased security.
|Disable further changes using boot console-wizard||
If you select this option, you will no longer be able to access the terminal menu without first logging in.
If you have not enabled the admin system account, you will be locked out of the VM entirely and be unable to log in so will need to redeploy the appliance.
When you have chosen your options in this section, select Disable further changes using boot console-wizard, you can always return to these security choices later on to make additional changes.at the bottom of the list to proceed. As long as you have not selected
VM deployment now completed
Selectingfrom the security settings section means you have completed setting up the new server. If you have made changes to any of the sections that require a restart, you can now restart the machine before proceeding to the next step.
You now see the status view of the ERM Installer VM, including whether the Installer is running, and filesystem information. The following options are available:
|Refresh status||Updates the current status view.|
|Network settings||Brings up the network settings (as described above).|
|Security settings||Brings up the security settings (as described above).|
|Login shell||Lets you log in to the VM terminal shell.|
|Upgrade installer||Even though you can update the Installer from the web interface, you can upgrade it directly from the terminal if, for example, the Installer cannot be reached via the browser. Note that this option does not work in offline environments.|
|Hard drive cleanup||This option lets you clean up data from your VM including debug logs/raw call data, old versions and unused images.|
The status view also indicates the IP address of the machine. You can now start adding products from the ERM product suite.
To proceed, make a note of the URL of the ERM Installer displayed in the command line and enter that URL in your web browser to start the Installer.
You may now continue as described in ERM Installer: initial setup and license management.