Create VMware Site

Published April 5, 2023 | Last modified May 8, 2025

Objective

Important: This is a legacy workflow for deploying Customer Edge (CE) Sites and is not recommended to use. A new workflow for deploying Customer Edge (CE) Sites has been introduced and is now Generally Available (GA). It is recommended to use the new Secure Mesh Site (v2) workflow for all Customer Edge deployments. You can find this workflow here.

This document provides instructions on how to install an F5® Distributed Cloud Services single-node site or multi-node site on VMware ESXi. To learn more about sites, see F5 Distributed Cloud Site.

Using the instructions provided in this document, you can deploy a Distributed Cloud Services site by deploying a virtual machine (VM) from an Open Virtual Appliance (OVA) file containing the node as the appliance.

Prerequisites

A Distributed Cloud Services Account. If you do not have an account, see Getting Started with Console.
Secure Mesh or App Stack Site object on F5 Distributed Cloud Console.
VMware vSphere Hypervisor (ESXi) 7.0 or later. The examples in this document are based on version 7.0.0.
At least one interface with Internet reachability.
A Distributed Cloud Services VMware OVA image file. Click here to download the OVA image file.
Resources required per VM: Minimum 4 vCPUs and 16 GB RAM. 80 GB is the minimum amount required for storage. However, to deploy an F5® Distributed Cloud App Stack Site, 100 GB is the recommended minimum amount of storage. For a full listing of the resources required, see the Customer Edge Site Sizing Reference guide. All the nodes in a given CE Site should have the same resources regarding the compute, memory, and disk storage. When deploying in cloud environments, these nodes should use the same instance flavor.
Allow traffic from and to the Distributed Cloud public IP addresses to your network and allowlist related domain names. See Firewall and Proxy Server Allowlist Reference guide for the list of IP addresses and domain names.
Internet Control Message Protocol (ICMP) needs to be opened between the CE nodes on the Site Local Outside (SLO) interfaces. This is needed to ensure intra-cluster communication checks.

Important: After you deploy the CE Site, the IP address for the SLO interface cannot be changed. Also, the MAC address cannot be changed.

Create an OVF Template from an OVA File

VMware uses an OVA (Open Virtualization Appliance) file to store various files associated with a virtual machine (VM). The OVA file is stored in the Open Virtualization Format (OVF) as a TAR archive.

F5 Distributed Cloud packages its software in an OVA template file that allows you to add a pre-configured virtual machine to your vCenter Server or ESXi inventory. You can use vApp properties of the OVA template to configure the site and specify the data (site name, site token, location, etc.) required to register the site on the F5 Distributed Cloud Console.

Create an OVF Template Using vSphere Client

To use the VMware vSphere Client to create an OVA template, upload to the vSphere Client the OVA file that you downloaded from F5 Distributed Cloud Services.

Step 1: Login to the vSphere Client.

Figure: Hosts and Clusters

Step 2: Deploy the OVF Template.

Right-click Data Center and click Deploy OVF Template.

Figure: Deploy an OVF template

On the Select an OVF template page, click Local file to upload the F5 Distributed Cloud VMware OVA image file that you downloaded. Then click NEXT.

Figure: Select an OVF template page

On the Select a name and folder page, enter a unique Virtual machine name and select a folder to store the OVF template. Then click NEXT.

Figure: Select a name and folder page

On the Select a compute resource page, select a host to run the template.

Figure: Select a compute resource page

On the Review details page, verify the template details and click NEXT.

Figure: Review details page

On the Select storage page, select where you want to store the files for the deployed template and then click NEXT.

Figure: Select storage page

On the Select networks page, for the Source Network named OUTSIDE, select a Destination Network. The Destination Network must have an internet connection. Then click NEXT.

Figure: Select networks page

On the Customize template page, keep the default values for all deployment properties and click NEXT.

Figure: Customize template page

On the Ready to complete page, review your template information and then click FINISH.

Figure: Ready to complete page

Step 3: Convert VM to Template.

Locate the VM you created in the previous steps and go to Menu > VMs and Templates.
Right-click on rhel-9.2023.29-20231212012955-single-nic and click Template > Convert to template.

Figure: Convert to template

Click YES to confirm the conversion.

Figure: Confirm Convert message

Create an OVF Template Using the VMware OVF Tool

The VMware Open Virtualization Format (OVF) Tool is a command-line utility that lets you import and export OVF packages to and from VMware products.

To download the OVF Tool and view the VMware documentation, go to https://developer.vmware.com/web/tool/4.4.0/ovf/.

Use the following OVF tool import commands to create an OVA template using the F5 Distributed Cloud Site image file.

$ ovftool --acceptAllEulas --allowAllExtraConfig --importAsTemplate \
--name=rhel-9.2023.29-20231212012955-single-nic \
--datastore=<datastore_name> \
--net:"OUTSIDE=<network_name>" \
--vmFolder=<folder_name> \
rhel-9.2023.29-20231212012955-single-nic.ova \
vi://<username>
<password>@<vCenter_IP>/<datacenter>/host/<host_IP>/

Output:
Opening OVA source: rhel-9.2023.29-20231212012955-single-nic.ova
The manifest validates.
Opening VI target:
vi://user%40domain@10.21.X.X:443/datacenter/host/10.21.X.X/
Warning:
 - Line 149: Unable to parse 'enableMPTSupport' for attribute 'key' on element 'Config'.
Deploying to VI:
vi://user%40domain@10.21.X.X:443/datacenter/host/10.21.X.X/
Transfer Completed
Completed successfully.

Copied!

The following table provides information about the parameters above.

Name	Description
datastore_name	Name of the data store/storage on the ESXi host
network_name	Name of the network adapter on the ESXi host with internet connectivity
folder_name	VM and template folder on vSphere
username	Username of the vSphere client
password	Password of the vSphere client user
vCenter_IP	IP address of the vSphere client
datacenter	Name of the data center configured on the vCenter server
host_IP	IP address of the ESXi hosts connected on the vCenter server

Figure: vSphere Client

Deploy a Site

Deploy a Site Using vSphere Client

To create a site from vSphere, use the OVF template created on the previous step.

Step 1: Locate the OVF template and create a new VM.

Figure: VMs and Templates

Locate the new OVF template. Right-click on the template and then click New VM from This Template.

Figure: New VM from This Template

Step 2: Configure the VM.

On the Select a name and folder page, enter a Virtual machine name for the VM and select the folder where you want to deploy the VM. Then click NEXT.

Figure: Select a name and folder page

Step 3: Select the ESXi compute resource.

On the Select a compute resource page, select the ESXi host target where you want to deploy the VM and click NEXT.

Figure: Select a compute resource page

Step 4: Select storage.

On the Select storage page, configure storage for the VM configuration and disk files and then click NEXT.

Figure: Select storage page

Step 5: Configure clone options.

On the Select clone options page, select the following options:

Customize this virtual machine’s hardware
Power on virtual machine after creation.

Then click NEXT.

Figure: Configure clone options page

Step 6: Configure hardware.

On the Customize hardware page, select the Virtual Hardware tab and configure the following minimum configurations:
- CPU: 4
- Memory (RAM): 16 GB
- Hard disk: 40 GB
To configure an AppStack site, select the Network adapter with Internet access. Be sure to use only one Network adapter.

Figure: Customize hardware

You can configure a SecureMesh site with two Network adapters, where:
- eth0 is dedicated for SLO (Site Local Outside) network with Internet access.
- eth1 is SLI (Site Local Inside) network with local network access. (Optional)
To add an additional network adapter, click ADD NEW DEVICE and then click Network Adapter.

Figure: Add New Device

Select the network adapter without Internet access as the SLI network for the new Network Adapter.

Figure: Add Network Adapter

Click NEXT.

Step 7: Customize vApp properties.

Hostname: Enter the Hostname for this device. For example, enter master-0. Ensure that host names are unique per cluster in case you install nodes for a multi-node site.
Token: A site token is required for site generation. You must generate the token prior to using it in site creation. For information, see Create a Site Token.
Admin Password: You need this password to access Site CLI using admin username. The default password is V0lterra123.
Cluster Name: Set the Cluster name to match the provisioned SecureMesh or AppStack site name in the Distributed Cloud Console.
Name for outside network interface: Enter eth0.
DHCP support for outside network interface: Enter yes. If you want to configure static IP addresses, then enter no.
Role for outside network interface: Enter public. By default, this is set to public as the is used for egress traffic using SNAT.
IP address/bitmask for network interface: This is empty by default. If you set DHCP no, then you can configure your static IP address here. For example, 10.1.1.1/24. F5 recommends that you use a static IP for a site.
Default gateway for outside network interface: This is empty by default. If you set DHCP to no, you can configure the default gateway for your network here. For example, 10.1.1.254.
Route destination (destination network) for outside network interface: This is empty by default. If you set DHCP to no, you can configure the destination here. Because this is the default gateway, you can use 0.0.0.0/0. For specific setups, you can change the default destination.
Primary DNS: This is empty by default. If you set DHCP to no, you can configure your DNS server here. For example, 8.8.8.8.
Secondary DNS server - default: This is empty by default (received using DHCP). If you set DHCP to no, you can configure your secondary DNS server here. For example: 8.8.4.4.
Registration URL: Set to ves.volterra.io by default.
Certified Hardware: Select one of the following options.
- vmware-regular-nic-voltmesh: Single NIC or two NICs, where eth0 is dedicated for the SLO network and eth1 is for the SLI network. This certified hardware is required for a SecureMesh Site. This is the default selection.
- vmware-voltstack-combo: Single NIC where eth0 is dedicated for the SLO network. This certified hardware is required for an AppStack Site.
Latitude. Enter the Latitude. You can also enter the Latitude during site registration in the Distributed Cloud Console.
Longitude. Enter the Longitude. You can also enter the Longitude during site registration in the Distributed Cloud Console.

Click NEXT.

Figure: Customize vApp properties

Step 8: Create the VM.

On the Ready to complete page, verify the configuration and click FINISH to start the VM creation process.

Figure: Ready to complete page

Important: The factory reset functionality is not supported. To update your site node, power off and then destroy it. Perform the same procedure as above to recreate a VM.

Important: After you create and register your site, you can access its local user interface (UI) to perform certain configuration and management functions. For more information, see Access Site Local User Interface. Access Site Local User Interface.

Register Site

After you install the Distributed Cloud Services Node, you must register it as a site in the Distributed Cloud Console.

Note: The USB allowlist is enabled by default. If you change a USB device, such as a keyboard after registration, the device will not function.

Perform registration per the following instructions:

Register Multi-Node Site

Step 1: Navigate to the site registration page.

Log into Console.
Click Multi-Cloud Network Connect.
Click Manage > Site Management > Registrations.

Step 2: Accept the registration requests.

Registration requests are displayed in the Pending Registrations tab.

Click Accept to accept the registration requests from the master-0, master-1, and master-2 nodes. The node names will differ.
Enter the same values for the following parameters for all the registration requests:
- In the Cluster name field, enter a name for the cluster. Ensure that all master nodes have the same name.
- In the Cluster size field, enter 3. Ensure that all master nodes have the same cluster size.
Enter all mandatory fields marked with the asterisk (*) character.
Click Save and Exit.

Step 3: Check site status and health.

It may take a few minutes for the site health and connectivity score information to update.

Click Overview > Infrastructure > Sites.
Click on your site name. The Dashboard tab appears, along with many other tabs to inspect your site.
Click the Site Status tab to verify the following:
- The Update Status field has a Successful value for the F5 OS Status section.
- The Update Status field has a Successful value for the F5 Software Status section.
- The Tunnel status and Control Plane fields under the RE Connectivity section have up values.

Note: The factory reset functionality is not supported. To update a site node, power off and then destroy it. Perform the same procedure as above to recreate a virtual machine (VM).

Register Single-Node Site