The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Microsoft Hyper-V is Microsoft’s hardware virtualization platform, also termed as a hypervisor. Hyper-V enables administrators to make better use of hardware by using the same physical server to run multiple virtual machines.
Virtual machines provide more flexibility, save cost, and are a more efficient way to use hardware than running only one operating system on physical hardware.
This chapter contains the following sections:
Management Center Virtual is deployed on Hyper-V by using a VHD image available on Cisco.com. Basic VM control features such as Console Access, Stop/Restart, IPv4, and IPv6 support for management interface are supported. The initial configuration is done using a day-0 configuration script. High availability is supported.
In this sample topology, Management Center Virtual is connected to the management port of the threat defense virtual deployed on an external private or public cloud. The Threat Defense Virtual is connected to both the internet and an internal server. The internet can also be another server in an east-west traffic flow topology.
Management Center Virtual 25 is supported on Windows Server 2019 Standard Edition. The minimum resource requirements for the Management Center Virtual are given below:
CPU: 4 vCPUs
RAM: 28 GB (recommended 32 GB)
Disk storage: 250 GB
Minimum number of interfaces: 1
Management Center Virtual deployed on Hyper-V can be used to manage threat defense virtual clusters that are deployed on other public or private clouds. However, to manage threat defense virtual clusters deployed on public cloud, you must manually register the cluster with Management Center Virtual. See Add the Cluster to the Management Center (Manual Deployment).
Cloning is not supported.
The following license types are supported:
BYOL
Smart License
Specific License Reservation (SLR)
Universal Permanent License Registration (PLR)
Evaluation License
Microsoft Windows Server with Hyper-V role and Hyper-V Manager installed. See Get started with Hyper-V on Windows Server.
Download the Management Center Virtual compressed VHD image from Cisco.com.
BYOL license
New virtual switch (vSwitch) and virtual machine (VM)
Perform the procedures given below to deploy the Management Center Virtual on Hyper-V.
Download the Management Center Virtual compressed VHD image from the Cisco Download Software page to your local machine:
Navigate to Products > Security > Firewalls > Firewall Management > Secure Firewall Management Center Virtual
Click Firepower Management Center Software and download the required VHD image. For example, Cisco_Secure_FW_Mgmt_Center_Virtual_Azure-7.4.0- xxxx.vhd.tar.
You must prepare a Day-0 configuration file before you launch the Management Center Virtual. This file is a text file that contains the initial configuration data that gets applied when a VM is deployed. This initial configuration is placed into a text file named day0-config on your local machine, and is converted to a day0.iso file that is mounted and read on first boot.
 Note |
The day0.iso file must be available during first boot. |
Specify the following parameters in the Day-0 configuration file:
The End User License Agreement (EULA) acceptance.
A host name for the system.
A new administrator password for the admin account.
Network settings that allow the appliance to communicate on your management network.
Note |
We have used Linux in the following example, but there are similar utilities for Windows. |
|
Step 1 |
Enter the CLI configuration for Management Center Virtual in a text file called day0-config . Add the network settings and information about managing Management Center Virtual. |
|
Step 2 |
Generate the virtual CD-ROM by converting the text file to an ISO file: or |
Perform this procedure to create a new virtual switch (vSwitch).
|
Step 1 |
On the Hyper-V Manager Actions tab, click Virtual Switch Manager. |
|
Step 2 |
Click Virtual Switches > New virtual network switch. |
|
Step 3 |
In the Create virtual switch window, select External. |
|
Step 4 |
Click Create Virtual Switch. |
|
Step 5 |
In the Virtual Switch Properties window, enter a Name for the virtual switch. |
|
Step 6 |
Create an external or internal vSwitch.
|
|
Step 7 |
Under VLAN ID, check the check box next to Enable virtual LAN identification for management operating system. |
|
Step 8 |
Click OK. |
Perform this procedure to create a new VM.
|
Step 1 |
On the Hyper-V Manager, click Action > New > Virtual Machine |
|
Step 2 |
Click Next on the New Virtual Machine Wizard dialog box. |
|
Step 3 |
Enter a Name for the VM and click Next. |
|
Step 4 |
Choose Generation 1 and click Next. |
|
Step 5 |
Specify the amount of Startup Memory or RAM, in MB, that has to be allocated for the VM (Minimum is 28672 MB, recommended is 32768 MB) |
|
Step 6 |
Choose the required vSwitch Connection from the drop-down list. |
|
Step 7 |
Choose Use an existing virtual hard disk and click Browse to choose the downloaded Management Center Virtual VHD image. |
|
Step 8 |
Click Finish to create the VM. |
|
Step 9 |
After creating the virtual machine, it is important to increase the number of virtual processors (vCPU) for the virtual machine. By default, its value is set to 1. |
Run the show version command on the serial console to ensure that management center virtual is deployed on Hyper-V.
To access the first boot logs, perform this procedure before turning on the VM that you created on the Hyper-V Manager.
|
Step 1 |
On the Hyper-V Manager, select the newly created VM, and click Settings in the Actions section on the right side of the window. |
|
Step 2 |
In the Hardware section, click COM1 and choose Named Pipe. |
|
Step 3 |
Enter a Pipe name. For example, virtual1 . Note the Named pipe path. |
|
Step 4 |
Click Apply and then click OK. |
|
Step 5 |
Click the VM created by you and click Start in the Actions window on the right side of the window. The State of the VM should now change from Starting to Running. |
|
Step 6 |
You must now connect the named pipe created by you to a serial client, such as PuTTY. |
|
Step 7 |
Go to your local host and bring up the PuTTY window. |
|
Step 8 |
Enter the Named pipe path that you noted down earlier in the Serial line field. For example, \\.\\pipe\\virtual1 . |
|
Step 9 |
Click Open. You can now see the first boot logs on the PuTTY window. |
On the Hyper-V Manager, right-click the VM that you want to shut down, and click Turn Off.
Run the sudo reboot command in expert mode on the Management Center Virtual CLI to initiate a graceful reboot:
Cisco Firepower Extensible Operating System (FX-OS) v82.14.0
(build 205)
Cisco Secure Firewall Management Center for Hyper-V v7.4.0
(build 1493)
> expert
admin@hyperv-automation:~$ sudo rebootAlternatively, you can also go to Hyper-V Manager, right-click the VM that you want to shut down, and click Turn Off.
After the VM is shut down, right-click the VM, and click Delete.
Note |
Deleting does not delete the disk attached to the VM. You must manually delete that disk. |
Issue - Unable to start VM, could not initialize memory
Scenario - This issue occurs when the disk space is not enough to initialize the VM.
Workaround - Clear up space on the disk where the VHD file is located.
Issue - Unable to provision or start the VM; failed to open the attachment.
Scenario - This issue occurs when another VM is using the same image as the new VM
Workaround - Delete the old VM.
Issue - Failed to start the VM, not enough system memory
Scenario - This issue occurs when not enough RAM is available on the host operating system to provision the configured memory to the VM.
Workaround - Ensure that the required RAM is available on the host operating system.
Issue - Unable to SSH to Management Center Virtual or load the Management Center Virtual UI from an external host.
Workaround - Allow port 22 (SSH), 443 (HTTPS), 80 (HTTP) in inbound and outbound rules in the Windows Firewall.
Issue - Device is unable to access the internet.
Workaround - If the device is using an external vSwitch, ensure that the gateway of the VLAN is properly configured.
Feedback