Deploying the ERM Installer virtual machine

The primary purpose of the ERM Installer is to enable the deployment, configuration and updating of the main ERM modules. Currently, there is only one module, the core Enhanced Rooms Management application. Pexip intends to release additional modules in due course.

You can deploy ERM on VMware or Hyper-V in your own server network, or you can deploy it as a cloud service in Microsoft Azure or Google Cloud Platform.

VMware and Hyper-V deployments

The first step is to add the ERM Installer virtual machine to your server network.

Where this server should be set up depends on your particular network environment. For examples and more detailed network schemas, see Network schematics.

Before you start, you should review the Server specifications for the virtual machine, and the Network port requirements.

Download the ERM Installer VM

Start by downloading our Installer VM. The latest version is available at the Pexip download page.

The OVA on the download site is signed by a DigiCert public certificate. You must install the DigiCert root CA on your VMware instances to validate the OVA. To do this:

  1. Download the following two DigiCert certificates (you may need to right-click and select Save link as...):

  2. Put the two certificates into the same file, root first, then code signing.
  3. Upload that bundle of two certificates to your vCenter instance.

Supported hypervisors

We currently support:

  • VMware 6.5 and later
  • Hyper-V 2016 and later (you must use Generation 1 VMs)

Initial VM deployment and network settings

When you first start up the virtual machine, you are presented with a list of choices that you can navigate using the arrow keys. The first section is for your network settings:

The options are:

Option Description
Refresh status Run this to see the current status of the machine, such as which IP number has been assigned via DHCP, as well as disk space and usage, which can both be helpful during installation.
Change hostname for server Here you can set the hostname for the server (this is primarily for internal use). This is helpful when monitoring entries in different types of event logs.
Change IP-settings on first/second NIC Choose this option to switch between using DHCP or manually entering IP numbers and other network settings such as gateway and DNS servers.
Set DNS-servers This option allows you to specify a standalone DNS server to apply to the server. Even if DHCP is used, an override DNS or similar setup might be used, which you then can specify here.
Set NTP-servers You can manually specify which NTP servers to use. This can, for example, be useful for a more secure network with a dedicated internal server which you can then enter an IP number or hostname for. If a hostname is specified, it requires an available working DNS server.
Set HTTP-proxy

Use this option if you lock outgoing HTTP(s) requests in your network. It allows all requests to exit via a third-party HTTP proxy where you can verify the traffic and lock down addresses that are not allowed. The format for defining the HTTP(s) proxies is:


Set static routes This option is available if you have several different subnets in your network. For example, traffic can go by default through the default gateway, but that should instead go through a router that has an IP address

Some choices may require a restart to take effect. You can choose to either restart after each step or, if you prefer, you can complete all settings and then restart at the end of your setup.

When you are satisfied with your network settings, select Continue at the bottom of the list. This takes you to the next section on security settings.

Server security settings

After configuring the network settings you can define the security settings for your server.

The options are:

Option Description
Set password for admin system account

Here you create a password for the default system user (username: admin), which can then be used to log in to the Linux console, for example, to troubleshoot or change a specific setting (with guidance from Pexip support).

After the password has been set, this option changes to allow the disabling or re-enabling of the admin account.

Disable SSH-login using password

Choose this option to disable login via SSH with a password. SSH is enabled with the use of SSH keys by default, and not by using a password.

First, add your SSH key to the VM. To do this, temporarily activate SSH login using a password, add your SSH public key (to the ~/.ssh/authorized_keys file) and then deactivate this option for increased security.

Disable unattended upgrade for Host Information for this option will be added soon.
Disable further changes using boot console-wizard

If you select this option, you will no longer be able to access the terminal menu without first logging in.

If you have not enabled the admin system account, you will be locked out of the VM entirely and be unable to log in so will need to redeploy the appliance.

When you have chosen your options in this section, select Continue at the bottom of the list to proceed. As long as you have not selected Disable further changes using boot console-wizard, you can always return to these security choices later on to make additional changes.

VM deployment now completed

Selecting Continue from the security settings section means you have completed setting up the new server. If you have made changes to any of the sections that require a restart, you can now restart the machine before proceeding to the next step.

You now see the status view of the ERM Installer VM, including whether the Installer is running, and filesystem information. The following options are available:

Option Description
Refresh status Updates the current status view.
Network settings Brings up the network settings (as described above).
Security settings Brings up the security settings (as described above).
Login shell Lets you log in to the VM terminal shell.
Upgrade installer Even though you can update the Installer from the web interface, you can upgrade it directly from the terminal if, for example, the Installer cannot be reached via the browser. Note that this option does not work in offline environments.
Hard drive cleanup This option lets you clean up data from your VM including debug logs/raw call data, old versions and unused images.

VM migration and maintenance

We recommend that you shutdown ERM before migrating VMs or changing a VM's configuration, for example memory or storage.

Next steps

The status view also indicates the IP address of the machine. You can now start adding products from the ERM product suite.

To proceed, make a note of the URL of the ERM Installer displayed in the command line and enter that URL in your web browser to start the Installer.

You may now continue as described in ERM Installer: initial setup and license management.