You can use this document to update the network configuration for your upgraded virtual machine.
In short, during the upgrade process, most upgraded virtual machines were updated with a temporary Gen34 network configuration. For optimal performance, these virtual machines must be upgraded to a native Gen4 network configuration.
Although your upgraded virtual machines will not experience a price increase, any virtual machine you create directly in the Armor Management Portal (AMP), will be priced to the Gen4 model.
If you prefer to have Armor perform these steps, you can open a support ticket; however, there is a charge for this service.
In this document, the term upgraded virtual machine refers to the original virtual machine that was upgraded from Gen3 to Gen4 Armor Complete.
Step 1: Review your permissions
In order to fully convert you Gen34 virtual machine to a Gen4 virtual machine, you must have the following permissions assigned to your account:
To review your permissions:
In the Armor Management Portal (AMP), in the top-right corner, click the vertical ellipses.
Click Settings.
Click Roles.
Select a role that is Granted.
Review the list of marked permissions.
If you are listed as an Admin, then by default, your account already contains every permissions in AMP.
Step 2: Create a new virtual machine
In the Armor Management Portal (AMP), you will essentially create a new virtual machine that contains the same configurations as your upgraded virtual machine. In a later step, you will delete your upgraded virtual machine.
In the Armor Management Portal, in the left-side navigation, click Infrastructure.
Click Virtual Machines.
Hover over the plus ( + ) icon, and then click the Virtual Machine icon.
Locate and select the desired operating system and operating system version.
On the right side, use the Region drop-down menu to select the data center to host your virtual machine.
Select the desired virtual machine based on your CPU and memory needs (GB).
You can click High CPU or High Memory to filter the list of virtual machines. You can also click Show All Options to see every virtual machine offering.
Armor labels virtual machines by CPU and memory features. For instance, 2x4 indicates that the virtual machine has 2 CPU and 4 GB of memory.
In Name, enter a descriptive name for your virtual machine.
In Workload, select New Workload.
In New Workload Name, enter a descriptive name.
In New Tier Name, enter a descriptive name.
In Location, select and verify the data center to host your virtual machine.
Under Access Credentials, note your username to access the virtual machine.
In Password, enter a secure password to use to access the virtual machine.
(Optional) For additional storage, under Storage Substrate and Disk Size, select your desired storage, and then click Add Disk.
On the right-side menu, review the pricing information, and then click Purchase.
To view the status of your newly created virtual machine, in the left-side navigation, click Infrastructure, click Virtual Machines, and then search for your newly created virtual machine.
Step 3: Update firewall rules
Create and add firewall rules to your newly created virtual machine. These firewall rules should match the firewall rules associated with your upgraded virtual machine.
Step 1: Create an IP Group
In the Firewall screen, each entry in the table represents a single firewall rule; however, each firewall rule can contain several IP addresses or just a single IP address.
You can combine related IP addresses into a single IP Group. For example, if you want to block traffic from three separate IP address, you do not have to create three separate firewall rules. Instead, you can combine the three separate IP addresses into a single, configurable IP Group. Then, when you create a firewall rule, you can pick the newly created IP Group as your Source or Destination IP addresses.
In the Armor Management Portal (AMP), on the left-side navigation, click Security.
Click Firewall.
If you have virtual machines in various data centers, then in the top drop-down menu, select the desired data center.
Click IP Groups.
Click Actions, and then click New Group.
In IP Group Name, enter a descriptive name.
In Add Members To Group, enter a member, and then click the plus icon.
Click Apply.
Step 2: Create a Service Group
In the Firewall screen, each entry in the table represents a single firewall rule; however, each firewall rule can contain several protocols (and ports).
You can combine related protocols (and ports) into a Service Group. For example, if you want to create a firewall rule to block three types of traffic, you do not have to create three separate firewall rules. Instead, you can combine the three types of traffic (protocols and ports) into a single, configurable Service Group. Then, when you create a firewall rule, you can pick the newly created Service Group.
In the Armor Management Portal (AMP), on the left-side navigation, click Security.
Click Firewall.
If you have virtual machines in various data centers, then in the top drop-down menu, select the desired data center.
Click Service Groups.
Click Actions, and then click New Group.
In Service Group Name, enter a descriptive name.
In Add Members To Group, enter the service or sub-protocol, and then click the plus ( + ) icon.
Click Apply.
Complete list of supported services and sub-protocol
Supported services or sub-protocols | List | Notes | Example |
---|
Services | TCP UDP ORACLE_TNS FTP SUN_RPC_TCP SUN_RPC_UDP MS_RPC_TCP MS_RPC_UDP NBNS_BROADCAST NBDG_BROADCAST L2_OTHERS L3_OTHERS
| | TCP/80 udp/40 Tcp/80 udP/40
|
Additional services | AARP AH ARP ATALK ATMFATE ATMMPOA BPQ CUST DEC DIAG DNA_DL DNA_RC DNA_RT ESP FR_ARP GRE IEEE_802_1Q IGMP IPCOMP IPV4 IPV6 IPV6FRAG IPV6ICMP IPV6NONXT IPV6OPTS IPV6ROUTE IPX L2TP LAT LLC LOOP NETBEUI PPP PPP_DISC PPP_SES RARP RAW_FR RSVP SCA SCTP TEB X25
| | |
Sub-protocols | echo-reply destination-unreachable source-quench redirect echo-request router-advertisement router-solicitation time-exceeded parameter-problem timestamp-request timestamp-reply address-mask-request address-mask-reply network-unreachable host-unreachable protocol-unreachable port-unreachable fragmentation-needed source-routing-failed destination-network-unknown destination-host-unknown source-host-isolated destination-network-prohibited destination-host-prohibited network-unreachable-tos host-unreachable-tos communication-prohibited redirect-network redirect-host redirect-tos-network redirect-tos-host ttl-zero-transit ttl-zero-reassembly pointer-to-error options-missing bad-length
| You can use these sub-protocols to communicate an error message to a user who attempts to access your site. Do not enter a port number. You must enter icmp, followed by the specific sub-protocol. You must enter the sub-protocol in lower-case letters.
| |
Step 3: Create a firewall rule
Step 3: Create a firewall rule
In the Armor Management Portal (AMP), on the left-side navigation, click Security.
Click Firewall.
If you have virtual machines in various data centers, then in the top menu, click the corresponding data center.
Click Actions, and then click New Rule.
In Name, enter a descriptive name.
In Action, select Allow to allow specified traffic to access your virtual machine or Block to block specified traffic.
Under Service, enter and select the name of the desired Service Group.
Under Source, enter and select the name of the desired IP Group.
Under Destinations, in the field, enter and select the name of the desired IP Group.
Click Save Rule.
After you create a rule, Armor recommends that you place the rule in the correct order.
To reorder a rule:
Under Rule, in the numbered fields, enter a number to move the rule to a different position.
If you have more than 25 rules, the additional rules will be placed in a secondary section within the Firewall screen. To reorder and move these additional rules into a higher position, enter a number under the Order column, and then press Enter on your keyboard.
In the top menu that appears, click Save.
If you are not familiar with ordering rules, contact Armor Support to help you properly order your firewall rules. It is extremely important to order rules in order to receive desired traffic.
To learn how to send a support ticket, see Support Tickets.
To disable a rule:
Locate and hover over the desired rule.
Click the vertical ellipses.
Click Disable Rule.
Click Disable Rule again.
In the top menu that appears, click Save.
Step 4: Add add-on products to the new virtual machines
Based on your upgraded virtual machine, update your newly created virtual machine with the same add-on features.
Review Armor Marketplace document to view a list of available add-on products.
Step 5: Remove add-on features from the upgraded virtual machine
In a later step, you will power off your upgraded virtual machine. As a result, you must remove any add-on features from you upgraded virtual machine.
Step 6: Contact Armor to update the IP address configuration
Contact Armor Support via a support ticket to update your IP addresses.
Internally, Armor Support will release the IP addresses assigned to your upgraded virtual machine. Then, these IP addresses will be reserved for your account so that you can add these IP addresses to your new virtual machine.
Step 7: Assign an IP addresses to the new virtual machine
In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure.
Click IP Addresses.
If you have virtual machines in various data centers, then in the top menu, click the corresponding data center.
Click Public.
Click the plus ( + ) icon.
Review the information under Environment and Quantity, and then click Add IP Addresses.
Locate and hover over the newly created public IP address.
Click the vertical ellipses.
Click Assign to VM.
In Virtual Machine, select the desired virtual machine.
In IP Address, select an available private IP address.
Click Create NAT.
Step 8: Power off the upgraded virtual machine
In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure.
Click Virtual Machines.
Locate and select the desired virtual machine.
Next to Instance State, click the vertical ellipses.
Select Power Off, and then confirm.
Step 9: Verify all connectivity and test add-on features for the new virtual machine
Step 10: Delete the upgraded virtual machine
There are two ways to delete a virtual machine. You can delete a virtual machine immediately or at the end of your billing cycle.
You can only delete virtual machines that are offline (Power Off).
If you delete a virtual machine before the end of the billing cycle, you will still be charged for the full amount; however, in the next invoice, you will receive a credit to offset the cost.
Additionally, any add-on products or add-on subscriptions associated with the deleted virtual machine must be canceled separately.
In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure.
Click Virtual Machines.
Locate and hover over the desired virtual machine.
Click the vertical ellipses.
Click Power Off.
Click Power Off again.
Hover over the virtual machine, and then click the vertical ellipses.
Click Delete.
Click Delete VM.