header-image2401×1354 198 KB

What is Proxmox?

Proxmox is an Open Source Virtual Envrironment (VE), similar to VMWare’s ESXi/vSphere or Microsoft Hyper-V, that allows you to run Virtual Machines on a single system. The benefit is that it uses less resources, so it can be installed on less powerful machines, rather than needing server hardware. This blog will not go into the details or additional benefits of Proxmox. However, if you are looking for a Virtual environment that you can run on an older, unused computer you might already have, I would recommend checking it out.

Why use Proxmox for IDN development?

As mentioned above, Proxmox in an Open Source Virtual Environment, so it will allow you to do the standard things that any other VE would do. Here are some of the ways that I have used Proxmox with both IIQ and IDN that would be beneficial to others:

• Easily spin up VMs for Source and Target systems.
• Snapshot base and intermediate states of the VMs so you can revert to a previous snapshot if you end up in an incorrect state.
• Create a Template image that you can use to spin up VMs faster for your development sandbox. I have a base template that is pre-configured with my SSH Key and the tools I commonly use. This allows me to do a full clone of the template when I want to spin up a new machine.
• For IDN specifically, I can spin up several “datacenters” to connect to IDN as separate Virtual Appliance Clusters.

What do we need before we start?

Before you begin, you should have the following:

• Proxmox Server 7.4+ running and configured (may work with older versions, but only tested with Proxmox 7.4.3) Proxmox Virtual Environment
• IDN Tenant
• IDN VA Software downloaded.
  • Standard VA Package
  • Ambassador VA Package
• SSH access to the Proxmox host, and a user who can run the qm commands (root was used for this since it is a sandbox environment.)

Let’s get deploying!

Prepare the files

1. On your local machine, create a staging folder on your machine. We’ll use ~/staging for this blog.

2. On your local machine, download the VA file to the staging folder
   This will be one of the following:

   • Regular VA package va-latest.zip for standard installations
   • Ambassador VA package vavm.7z for Ambassador installations

3. From your local machine, unzip the above file in the staging folder

4. On your local machine, navigate into the folder you just unzipped. You should see 1 .vmdk file in the va-latest folder, or 2 .vmdk files in the vmva folder.

5. From your local machine, copy these files over to a known location on the Proxmox Server using the terminal. We’ll use /tmp/upload folder which we created previously.
   You can use the following command:
   scp sailpoint-va*.vmdk root@<PROXMOX_HOST>:/tmp/upload

Import .vmdk disk to Proxmox VM

To create the VM and import the .vmdk file, you will need to access the Proxmox Web UI on your local machine, as well as SSH into the Proxmox server and run commands in the terminal. How to connect to both is outside of the scope of this article.

Follow these steps to import the .vmdk:

1. From the Web UI, create a new VM using the “Create VM” Button and follow through the tabs, configuring the items mentioned for each tab as you go.

   • General Tab: provide VM ID and VM Name
   • OS Tab: Select “Do not use any media” and “Other” for Guest OS Type
   • System: Leave everything by default
   • Disks: Remove any default disks (we don’t need anything since we’ll be importing)
   • CPU: 1
   • Memory: 8192 mb
   • Network: Set to your environment
     NOTE: Do NOT start the VM at this time.
     
     

     Screenshot 2023-07-26 at 9.52.09 AM733×519 26.4 KB

2. SSH into the Proxmox host from a terminal window. The following commands will be run from this SSH session on the Proxmox Server.

3. Navigate to the folder that the .vmdk file(s) has been copied to on the Proxmox Server (/tmp/upload in this example). If it is not uploaded yet, upload the files now.

   cd /tmp/upload/

4. Next you need to convert and import the .vmdk disk to the newly created VM. Make sure you set the VM_ID to the one used to create the VM in the UI and replace the storage location (local-lvm in the example) with your storage volume.
   For the Regular VA package, the command would be:

   qm importdisk <VM_ID> sailpoint-va-disk1.vmdk local-lvm --format raw

   For Ambassador VA package, it would use the main .vmdk file, so the command would be:

   qm importdisk <VM_ID> sailpoint-va_session-disk1.vmdk local-lvm --format raw

   NOTE: If you are using Ambassador VA package, and you get a file not found, check to see that all .vmdk files were uploaded correctly.

5. Wait until the command completes executing and you see a new command prompt. Sometimes the command appears to be hung at 100%, even though it is still processing. Do not kill the command otherwise you may have to start from the beginning. During testing, it only took 1-3 minutes to run.

6. Once qm importdisk is finished, you need to rescan disks in order to see the newly imported disk in the Hardware section of your VM. Execute the following command:

   qm rescan

7. Go back to the Proxmox Web UI on your local machine for the remaining steps.

8. Navigate to the VM you created earlier, but do not start it. Select the Hardware Menu. You should see the hardware list in the right pane, with a hard disk labeled “unused”
   

   

   Screenshot 2023-07-26 at 10.09.00 AM1202×519 58.9 KB

9. Double click on the unused hard disk to get the add disk pop-up. Check that the hard disk type is something other than IDE for performance. Sata, SCSI, or VirtIO are good options. For testing, SATA was used.

10. Make sure that the Hard Drive is in the Boot Order list. Select the Options Menu, then Boot Order and click the edit button. In the window, enable the hard drive by checking the box, and move it to the top of the list if it is not already.

11. The VM should now be ready. Start the VM. You can double click on it to open up a VNC window to the VM to interact with it.
    

    

    Screenshot 2023-07-26 at 10.10.06 AM1094×463 58 KB

12. Once the VM reaches the Sailpoint login prompt, you can continue with Creating the Virtual Appliance to connect the VA to your IDN Tenant.

Alternate Approaches

When using the Standard VA Package, you can also import that using another approach to import the OVF files directly into Proxmox which is easier. This will not works with the Ambassador VA Package, as the files are stored in a different format.

If you are planning to connect to a Partner or Client IDN Tenant using the Standard VA Package, follow these steps:

1. On your local machine, download the Regular VA package va-latest.zip file to the staging folder.

2. From your local machine, copy the Standard VA Package zip file to the Proxmox Server using the terminal.

   scp va-latest.zip root@<PROXMOX_HOST>:/tmp/upload/

3. SSH into the Proxmox host from a terminal window. The following commands will be run from this SSH session on the Proxmox Server.

4. Unzip the file

   unzip /tmp/upload/va-latest.zip

5. Navigate into the new directory

   cd /tmp/upload/va-latest/

6. Run the command to import the ovf file as a Virtual Machine, giving it a new, unused VM_ID, and replace the storage location (local-lvm in the example) with your storage volume.

   qm importovf <VM_ID> sailpoint-va.ovf local-lvm

7. Wait until the command completes executing and you see a new command prompt. Sometimes the command appears to be hung at 100%, even though it is still processing. Do not kill the command otherwise you may have to start from the beginning. During testing, it only took 1-3 minutes to run.

8. The VM should now be ready. Go to the Proxmox Web UI from your local machine and Start the VM.

9. Once the VM reaches the Sailpoint login prompt, you can continue with Creating the Virtual Appliance to connect the VA to your IDN Tenant.

Conclusion

Proxmox is another tool that a developer can use to develop, test and learn with the IDN (and IIQ) products. This article offers 2 approaches to loading the IDN VA into it, depending on which type of package you need to use. Since the focus of this is for the Ambassadors, the primary approach provides is the most universal, working with both the Ambassador VA Package and the Standard VA Package. The alternate approach is currently limited to just the Standard VA Package, but is included because it is fewer steps overall to get to a working IDN VA.

this is awesome, thanks for this!

just dropping here for easy reference (the dropbox link above for the ambassador VA image doesn’t work): https://developer.sailpoint.com/discuss/t/identity-security-cloud-development-tenants/11153

Proxmox 8.3 adds the ability to import VMs from OVA files!

Per this post, we can now use the standard VA images, rather than using a devrel-specific image.

To get the OVA, you’ll want grab the vSphere VA package.

You’ll need to configure an Import source in Proxmox if you haven’t already done so. To do this, go to Datacenter > Storage and either Edit an exiting entry or add a new one, selecting Import as a Content option for this entry. Once that’s done, navigate to that Storage location, click the Import tab, and upload your OVA. Select your newly-uploaded OVA and then click Import.

One note to add when using the new images, specifically in our DevRel/Ambassador tenants, is that when using the va-bootstrap set-passphrase command, you also want to pass in -t demo:

va-bootstrap -t demo set-passphrase

This is a great follow up. I am just now picking this project back up and saw the same post, but had not had a chance to try it yet, as I am rebuilding my Proxmox server.