Installing TOSIBOX® Virtual Central Lock - VCL

1. Installing the VM image

TOSIBOX Virtual Central Lock images;

https://downloads.tosibox.com/VCL/

2.1 VMWare vSphere/ESXi

1. Download the latest TOSIBOX_Virtual_Central_Lock_YYYYMMDDNN_esx.ova appliance
2. Use the Deploy OVF Template function of the vSphere client to import the downloaded .ova file.
   1. Alternatively, it is possible to download the TOSIBOX_Virtual_Central_Lock_YYYYMMDDNN.vmdk virtual disk file and create the virtual machine out of it.
3. Adjust the CPU and RAM hardware settings according to your needs, keeping in mind the minimum requirements mentioned above.
4. Make sure that the video memory setting is set to "auto-detect" or at least 32 MB is available for the VM if configured manually.
5. Make sure that the network adapter is in bridged mode and satisfies the requirement of the non-firewalled public IP address.
6. Please check from VMWare virtual switch security settings your virtual LAN adapter for VCL has security options like in picture below:

2.2 Microsoft Hyper-V

1. Download the latest TOSIBOX_Virtual_Central_Lock_YYYYMMDDNN.vhdx image
2. If needed, create a new Virtual Switch using type External and the interface that is connected to the Internet
3. Create a new VM with the downloaded .vhdx image, select Generation 2
4. Edit the settings of the created VM (right-click on the VM and select Settings)
   1. Add new Network Adapter (not the Legacy one) on Hardware > Add Hardware
   2. In the Network Adapter's settings, select the correct Virtual Switch (if you created one earlier, select it)
   3. In the Network Adapter's settings, go to Advanced Features and tick Enable MAC address spoofing
   4. Disable Secure Boot from Hardware > Security

2.3 VMWare Workstation/Fusion (not officially supported)

1. Download the latest TOSIBOX_Virtual_Central_Lock_YYYYMMDDNN_vbox.ova appliance
2. Use the import function of the VMware product to load the downloaded .ova file
3. If you get a dialog saying that the .ova file "did not pass OVF specification conformance or virtual hardware compliance checks", click "Retry" to continue with the import.
4. Adjust the CPU and RAM hardware settings according to your needs, keeping in mind the minimum requirements mentioned above.

2.4 Oracle VirtualBox (not officially supported)

1. Download the latest TOSIBOX_Virtual_Central_Lock_YYYYMMDDNN_vbox.ova appliance.
2. Use the import function to load the downloaded .ova file.
3. Adjust the CPU and RAM hardware settings according to your needs, keeping in mind the minimum requirements mentioned above.
4. Make sure that the network adapter is in bridged mode and satisfies the requirement of the non-firewalled public IP address. The detailed settings of Network Adapter 1 should be:
   1. Check Enable Network Adapter
   2. Attached to: Bridged Adapter
   3. Name: (choose the correct physical interface)
   4. Advanced > Adapter Type: Intel PRO/1000 T Server (82543GC)

2.5 KVM

In most cases, one of the images referenced above can be imported to the virtualisation platformdirectly or converted to a suitable format. Please refer to the documentation of your virtualisationplatform for the supported image formats and import method. After VCL installation please enable in BIOS -> UEFI (OVMF) boot.

2.6 On Cloud installation

How to install VCL on Cloud via CLI (Command Line interface)

How to install VCL on Azure via CLI 

How to install VCL on AWS via CLI 

How to install VCL on Cloud via Web-GUI interface

How to install VCL on Microsoft Azure Cloud via WEB-GUI 

How to install VCL on Amazon AWS Cloud via WEB-GUI  

2. Initial setup

3.1 Accessing the configuration interface

Start the virtual machine that was installed in the previous step. The virtual machine will automatically boot into graphical console / desktop and launch the activation user interface through a browser. The browser will automatically close after it has been inactive for a long time. In this case it can be restarted by interacting on the desktop with mouse or keyboard.

3.2 WAN interface configuration and product activation

In the activation user interface, configure the IP address settings for the WAN interface. The IP address has to be assigned dynamically with DHCP during activation. After activation is complete, youcan configure IP address manually.. When configuring the IP address manually, it is very important toenter also working DNS servers as many product features, including the activation, require a workingDNS service.6Enter the delivered license key into its own field and click Activate. The product will be now activatedand it will download rest of the product components using the defined WAN connection. This can takeup to 15 minutes, depending on the Internet connection speed. After the activation and installationis finalized, a message “Activation completed, rebooting...” will appear and the VM will automaticallyreboot. After reboot, you can proceed with the configuration.

3.3 Change admin password

After the virtual machine has booted up again, the graphical console provides now access to the Virtual Central Lock web user interface. Log in with the default admin credentials (admin / admin) and go to Settings > Change admin password to change the password. The web user interface can be accessed also remotely over VPN connection from master Key(s). If there is a need to access the web user interface from other Keys or networks, the access rights can be explicitly allowed in the Access Groups (see User Manual).

3.4 Configuring LAN interfaces

The Virtual Central Lock can have multiple LAN and VLAN interfaces that can provide access to your own local networks and services. The initial configuration of Virtual Central Lock contains a default LAN1 interface that is not connected to any real adapter. In order to assign LAN1 to a real adapter, it must be first deleted by navigating to Network > Interfaces and selecting Delete next to interface 'LAN1'.

In order to add additional LAN interfaces for the Virtual Central Lock, you must first configure a new network adapter for the virtual machine. This is done differently depending on your virtualisation platform and typically requires restarting the virtual machine. In case layer 2 VPN connections from Keys or Locks are required, the network adapter should be configured to allow MAC address spoofing or promiscuous mode:

• Hyper-V: In the Network Adapter's settings, go to Advanced Features and tick Enable MAC address spoofing
• VirtualBox: In the Network Adapter's settings, open Advanced menu and set Promiscuous Mode: Allow All

After the new network adapter is added, it can be configured in the web user interface by selecting Network > Interfaces > Add. In the "Add interface" view, set the port role as 'LAN', define a number for the interface (e.g. starting from '1'), choose the IP address assignment method

(DHCP or static) and finally choose the newly added network adapter. After clicking Submit, the IP address and DHCP server settings can be configured if protocol was set to static. After clicking Save, the new interface is ready to be used and it can be included in Access Groups or additional VLANs utilising the interface can be created (see User Manual).

3.4 Matching the Master Key

After the Virtual Central Lock is activated and has Internet connection, the Master Key needs to be matched to the Virtual Central Lock instance. This is done with the remote matching feature, see instructions here.

After the Virtual Central Lock has been matched with the Master Key, the product is ready to be used. Additional networks, Keys, and Locks can be connected to the Virtual Central Lock as explained in the User Manual.