QEMU/KVM

The following chapter illustrates how to set up cognitix Threat Defender in a virtual environment using QEMU/KVM.

Depending on your operating system, you may have to adapt some of the settings.

Preparations

You need the following tools:

• QEMU KVM

• libvirt

• virt-manager

Optionally, you can set up virtual bridges for every port of Threat Defender you want to implement. To do so, access the connection details of your virtual network in virt-manager.

Optional setup of virtual bridges.

Creating a Virtual Machine for cognitix Threat Defender

1. Start virt-manager.

2. Create a new virtual machine. A wizard guides you through the setup process.

3. Select Manual install.

4. Set the following configuration:

   • Operating system: Red Hat Enterprise Linux 8.5

   • Memory: minimum of 8 GB RAM and 4 CPUs

   

   VM setup steps 1 to 3.

   • Disk image: 60 GB HDD

   • Network selection: we recommend using the default NAT for the management interface

   • Activate Customize configuration before install.

   

   VM setup steps 4 and 5.

5. When the you have finished the setup wizard for the VM, adjust its detailed settings:

   • In the overview, set its firmware to UEFI x86_64 without secure boot.

   

   Set up the firmware of the VM.

   • Add new hardware to the VM.

   • In the storage settings of the new hardware, select the installation image as custom storage.

   • Set it up as USB disk device.

   

   Set up the installation image as a USB disk device.

   • In the boot options, set the new USB disk as the first boot device.

   

   Set up the boot order.

   • Add new hardware to the VM for each Threat Defender port you want to implement plus at least one additional network interface.

   • In the network settings of the new hardware, adjust the following:

     • Use the virtual bridges (see Preparations.)

     • Use macvtap as network source.

     

     Port setup.

6. Install the VM.

Installing cognitix Threat Defender

1. Install cognitix Threat Defender.

2. If you set default NAT for the management interface as recommended, use the following settings:

   • IP address: 192.168.122.10/24

   • Gateway: 192.168.122.1

3. Open the IP address of the management interface in the browser to access the Threat Defender user interface.

Note

If cognitix Threat Defender does not boot correctly, check that the CPU is using the host configuration. Also make sure that CPU sockets is set to 1 and that the cores/threads match your CPU.