Skip to main content

VMware ESXi Conductor Deployment Guide

This guide walks a network engineer through deploying a VMware ESXi virtual machine as a standalone SSR Conductor. When you have completed the steps in this deployment, the conductor VM will be running SSR 7.1.4-3r2, configured with an authority name, conductor address, and shared services that allow branch routers to onboard and begin forwarding traffic.

Guide Topics

StepTopicDescription
1Create the VMware VMCreate and configure a VMware ESXi VM to host the conductor
2Install SSR 7.1.4-3r2 and Initialize the ConductorBoot the ISO, install SSR, and configure the conductor role
3Configure the ConductorSet the authority name, conductor address, tenant, and internet service
Appendix — Conductor ConfigurationComplete VMware conductor PCLI configuration reference

Network Topology

The diagram below shows the logical network this guide builds.

graph TD Internet((Internet)) subgraph ESXi["VMware ESXi Host"] ConductorVM["SSR Conductor VM (conductor1) 1x VMXNet3 NIC 192.168.100.10/24"] end subgraph MgmtNet["Management Network (192.168.100.0/24)"] Gateway["Management Gateway 192.168.100.1"] end subgraph Branch["Branch Office"] Router["SSR130 Router (branch1) WAN: DHCP (ge-0-0)"] LAN["LAN Devices 192.168.1.0/24 Tenant: corp (ge-0-3 — 192.168.1.1)"] end ISP(["ISP WAN"]) Internet <-->|"Internet"| ISP ISP <-->|"DHCP"| Router Router <-->|"Internet Breakout (service: Internet-Traffic)"| Internet LAN <-->|"LAN"| Router Router <-->|"Management over Forwarding (WAN) Port 930 / 4505 / 4506"| Gateway ConductorVM <-->|"Management"| Gateway

Roles

DeviceTypeRole
ConductorVMware ESXi VMStandalone SSR Conductor — centralized management and provisioning

Network Design Reference

The following IP addressing and naming scheme is used consistently throughout this guide. Substitute your own values when configuring your network.

ParameterExample ValueDescription
Authority NameAuthority128Organizational authority name
Conductor NameConductorConductor system name
Conductor Node Namenode0Conductor node name
Conductor Management IP192.168.100.10Static IP on the VMware management network
Conductor Subnet Mask/24Management network prefix
Conductor Gateway192.168.100.1Management network gateway
DNS Server8.8.8.8DNS used during initialization
Tenant NamecorpLAN-side user tenant
Service NameInternet-TrafficInternet breakout service
Service Address0.0.0.0/0All internet-bound traffic

Prerequisites

Before beginning, ensure the following are available:

  • VMware ESXi 7.0 or later — administrative access to an ESXi host.
  • Juniper software access credentials — Artifactory username and password for software downloads and token provisioning.
  • SSR 7.1.4-3r2 Universal ISO — downloaded from software.128technology.com using your Juniper software access credentials.
  • Management network — a VMware portgroup providing internet access for software downloads, with a static IP assignment available for the conductor VM.
  • Static IP assignment for the conductor — the IP address assigned to the conductor must be reachable from each branch router's WAN interface (directly or via routing). This guide uses 192.168.100.10.

Software Version Requirements

This guide uses SSR 7.1.4-3r2 on the conductor.

note

The router software version must be lower than or equal to the conductor software version.