Deploy the Firepower Management Center Virtual Using Cisco Hyperflex

Cisco HyperFlex systems deliver hyperconvergence for any application, and anywhere. HyperFlex with Cisco Unified Computing System (Cisco UCS) technology that is managed through the Cisco Intersight cloud operations platform can power applications and data anywhere, optimize operations from a core datacenter to the edge and into public clouds, and therefore increase agility through accelerating DevOps practices.

You can deploy the Firepower Management Center Virtual (FMCv) on Cisco Hyperflex.

Host System Requirements

Firepower Management Center Virtual Requires 28 GB RAM

We recommend you do not decrease the default settings: 32 GB RAM for most Firepower Management Center Virtual (FMCv) instances, 64 GB for the FMCv 300. To improve performance, you can always increase a virtual appliance’s memory and number of CPUs, depending on your available resources.

Memory and Resource Requirements

  • You can deploy the Firepower Management Center Virtual using HyperFlex cluster provisioning hosted on HyperFlex ESX and ESXi hypervisors. See the Cisco Firepower Compatibility Guide for hypervisor compatibility.

  • For the FMCv, check the latest Firepower Release Notes for details on whether a new release affects your environment. You may be required to increase resources to deploy the latest version of Firepower.

  • The specific hardware used for FMCv deployments can vary, depending on the number of instances deployed and usage requirements. Each virtual appliance you create requires a minimum resource allocation—memory, number of CPUs, and disk space—on the host machine.

  • The following table lists the recommended and default settings for the FMCv appliance.


    Important

    Be sure to allocate enough memory to ensure the optimal performance of your FMCv. If your FMCv has less than 32 GB memory, your system could experience policy deployment issues. Do not decrease the default settings, as they are the minimum required to run the system software.

Table 1. FMCv Virtual Appliance Settings

Setting

Minimum

Default

Recommended

Adjustable Setting?

Memory

28 GB

32 GB

32 GB

With restrictions.

Virtual CPUs

4

4

8

Yes, up to 8

Hard disk provisioned size

250 GB

250 GB

n/a

No, based on Disk Format selection
Table 2. FMCv300 Virtual Appliance Settings

Setting

Default

Adjustable Setting?

Memory

64 GB

Yes

Virtual CPUs

32

No

Hard disk provisioned size

2.2 TB

No, based on Disk Format selection

For a list of supported platforms and specific hardware and operating system requirements, see the Compatibility Guide.

Limitations and Guidelines for the Firepower Management Center Virtual on Cisco HyperFlex

Limitations

The following limitations exist when you deploy the Firepower Management Center Virtual for Cisco HyperFlex:

  • FMCv appliances do not have serial numbers. The System > Configuration page shows either None or Not Specified depending on the virtual platform.

  • Cloning a virtual machine is not supported.

  • Restoring a virtual machine with snapshot is not supported.

  • VMware Workstation, Player, Server, and Fusion do not recognize OVF packaging and are not supported.

OVF File Guidelines

Virtual appliances use Open Virtual Format (OVF) packaging. You deploy a virtual appliance with a virtual infrastructure (VI) OVF template. The selection of the OVF file is based on the deployment target-

For deployment on vCenter—Cisco_Firepower_Management_Center_Virtual_VMware-VI-X.X.X-xxx.ovf

where X.X.X-xxx is the version and build number of the Firepower System software you want to deploy. The installation process allows you to perform the entire initial setup for FMCv appliance. You can specify:

  • A new password for the admin account.

  • Network settings that allow the appliance to communicate on your management network.

High Availability Support

You can establish high availability (HA) between two Firepower Management Center Virtual (FMCv) virtual appliances deployed on Hyperflex host:

  • FMCv HA is supported on both FMCv models: FMCv and FMCv 300.

  • The two FMCv virtual appliances in a high availability configuration must be the same model. You cannot pair an FMCv with an FMCv 300.

  • To establish FMCv HA, FMCv requires an extra FMCv license entitlement for each FTD device that it manages in the HA configuration. However, the required FTD feature license entitlement for each FTD device has no change regardless of the FMCv HA configuration. See License Requirements for FTD Devices in a High Availability Pair in the Firepower Management Center Configuration Guide for guidelines about licensing.

  • If you break the FMCv HA pair, the extra FMCv license entitlement is released, and you need only one entitlement for each FTD device.

See Establishing Firepower Management Center High Availability in the Firepower Management Center Configuration Guide for guidelines about high availability.

Related Documents

Release Notes for Cisco HX Data Platform

Configuration Guides for Cisco HX Data Platform

Cisco HyperFlex 4.0 for Virtual Server Infrastructure with VMware ESXi

Cisco HyperFlex Systems Solutions Overview

Cisco HyperFlex Systems Documentation Roadmap

Deploy the FMCv to Cisco Hyperflex on a vSphere vCenter Server

Use this procedure to deploy the Firepower Management Center Virtual (FMCv) appliance to Cisco Hyperflex on a vSphere vCenter Server.

Before you begin

  • Ensure that you have deployed Cisco HyperFlex and performed all the post-installation configuration tasks. For more information, see Cisco HyperFlex Systems Documentation Roadmap.

  • You must have at least one network configured in vSphere (for management) before you deploy the FMCv.

  • Download the FMCv VI OVF template file from Cisco.com: Cisco_Firepower_Management_Center_Virtual-VI-X.X.X-xxx.ovf, where X.X.X-xxx is the version and build number.

Procedure

Step 1

Log in to the vSphere Web Client.

Step 2

Select the Hyperflex cluster where you want to deploy the FMCv, and click ACTIONS > Deploy OVF Template.

Step 3

Browse your file system for the OVF template source location, and click NEXT

You want to select the Firepower Management Center Virtual VI OVF template:

Cisco_Firepower_Management_Center_Virtual-VI-X.X.X-xxx.ovf

where X.X.X-xxx is the version and build number of the archive file you downloaded.

Step 4

Specify a name and folder for the FMCv deployment, and click NEXT.

Step 5

Select a compute resource, and wait until the compatibility check is complete. If the compatibility check succeeds, click NEXT.

Step 6

Review the OVF template information (product name, vendor, version, download size, size on disk, and description), and click NEXT.

Step 7

Review and accept the license agreement that is packaged with the OVF template (VI templates only), and click NEXT.

Step 8

Select a storage location and virtual disk format, and click NEXT.

On this window, you select from datastores already configured on the destination HyperFlex cluster. The virtual machine configuration file and virtual disk files are stored on the datastore. Select a datastore large enough to accommodate the virtual machine and all of its virtual disk files.

When you select Thick Provisioned as the virtual disk format, all storage is immediately allocated. When you select Thin Provisioned as the virtual disk format, storage is allocated on demand as data is written to the virtual disks. Thin provisioning can also reduce the amount of time it takes to deploy the virtual appliance.

Step 9

Map the networks specified in the OVF template to networks in your inventory, and click NEXT.

Step 10

Set the user-configurable properties packaged with the OVF template:

Note 

You must mandatorily configure all the required customizations in this step.

  1. Password

    Set the password for FMCv admin access.

  2. Network

    Set the network information, including the Fully Qualified Domain Name (FQDN), DNS, and network protocol (IPv4 or IPv6).

  3. Click NEXT.

Step 11

Review and verify the displayed information. To begin the deployment with these settings, click FINISH. To make any changes, click BACK to navigate back through the screens.

After you complete the wizard, the vSphere Web Client processes the virtual machine; you can see the “Initialize OVF deployment” status in the Global Information area Recent Tasks pane.

When it is finished, you see the Deploy OVF Template completion status.

The Cisco Firepower Management Center Virtual instance appears under the specified data center in the Inventory. Booting up the new VM could take up to 30 minutes.

Note 

To successfully register the Cisco Firepower Management Center Virtual with the Cisco Licensing Authority, the Firepower Management Center requires Internet access. You need to perform additional configuration after deployment to achieve Internet access and successful license registration. DNS server configuration is mandatory for license registration.

What to do next

Initialize the virtual appliance; see Power On and Initialize the Virtual Appliance

Power On and Initialize the Virtual Appliance

After you complete the deployment of the virtual appliance, initialization starts automatically when you power on the virtual appliance for the first time.


Caution

Startup time depends on a number of factors, including server resource availability. It can take up to 40 minutes for the initialization to complete. Do not interrupt the initialization or you may have to delete the appliance and start over.

Procedure

Step 1

Power on the appliance.

In the vSphere Client, right-click the name of your virtual appliance from the inventory list, then select Power > Power On from the context menu.

Step 2

Monitor the initialization on the VM console.

What to do next

After you deploy a FMCv, you must complete a setup process to configure the new appliance to communicate on your trusted management network. If you deploy with a VI OVF template on Hyperflex, setting up a FMCv is a two-step process.