Skip to main content

Step 3: Configure the Conductor

This step configures the authority-level settings on the conductor: the authority name, conductor address, internet service, and corporate tenant. These objects are shared across all routers managed by this conductor.

All steps are performed from the Conductor GUI at https://192.168.100.10 unless otherwise noted.

Network Design Reference

The following IP addressing and naming scheme is used consistently throughout this guide. Substitute your own values when configuring your network.

ParameterExample ValueDescription
Authority NameAuthority128Organizational authority name
Conductor NameConductorConductor system name
Conductor Node Namenode0Conductor node name
Conductor Management IP192.168.100.10Static IP on the VMware management network
Conductor Subnet Mask/24Management network prefix
Conductor Gateway192.168.100.1Management network gateway
DNS Server8.8.8.8DNS used during initialization
Tenant NamecorpLAN-side user tenant
Service NameInternet-TrafficInternet breakout service
Service Address0.0.0.0/0All internet-bound traffic

1. Assign the Conductor's Asset ID

Take this opportunity to log into the Conductor GUI to complete the following operations. This provides validation that the installation was successful, and familiarizes you with GUI operations.

Assign the Conductor's Asset

  1. Select the Conductor from the Authority menu on the left side of the GUI.

Configuration menu

  1. Select the Configure icon.

Conductor Configuration Icon

  1. Select the node for the conductor - in this example it is node0.

Conductor Node

  1. Under Associated Asset ID select the hostname for the conductor.

Asset ID

  1. Validate and Commit the changes to the configuration.

2. Set the Authority Name

The authority represents the complete set of all SSRs managed under a single organizational entity.

  1. Return to the Authority level.
  2. Select the Authority Settings.

Authority Settings

  1. Under Basic Information, enter the new Authority name.

Basic Information

note

Use your organization's name as the authority name (for example, Authority128). The authority name cannot be changed after routers have been provisioned without re-onboarding them.

3. Set the Conductor Address

The conductor address is the IP address that managed routers use to reach this conductor. It must be reachable from each branch router's WAN interface.

  1. Under Conductor Addresses, select ADD.
  2. In the New Conductor Address window, enter the conductor public IP address, 192.168.100.10/24.

Conductor Address

  1. Click Validate and Commit. Warnings will appear, advising you of the change.

The steps during initialization setup the management IP. The conductor IP address is the public IP address to which the managed routers connect. It is not necessary to manually associate this IP address with a network interface; the interactions between the SSR software and Linux will identify and assign the IP address to the network interface.

4. Air-Gap Network - Set Offline Mode

For Air-Gap networks, setting Offline Mode to true prevents devices from attempting to access the internet for software updates.

  1. From the GUI, navigate Configuration > Authority > Router: Conductor.

  2. Scroll down to the Router System Settings tile and click it.

  3. Scroll down to Software Update Settings.

  4. Set Software Repository Offline Mode to true.

    Offline Mode

5. Create the Corporate Tenant

Tenants logically partition the network. The corp tenant represents corporate LAN users and is referenced by the LAN interface configuration on each branch router.

  1. In the Conductor GUI, select Configuration.
  2. Select Authority.
  3. Scroll to Tenants and select ADD.
  4. Enter the name corp and select SAVE.
  5. Select VALIDATE then COMMIT.
info

Tenants are authority-wide. A single corp tenant definition applies to all routers that assign it to a LAN interface.

6. Create the Internet-Traffic Service

The service configuration element defines the IP destinations that the SSR routes. This step creates a single service representing all internet-bound traffic from corporate LAN users.

  1. Log in to the Conductor GUI.
  2. Select Configuration.
  3. Select Authority from the left panel.
  4. Scroll down to Services and select ADD.
  5. Enter the name Internet-Traffic and select SAVE.
  6. On the Service screen, verify Enabled is set to true.
  7. Scroll down to Service Addresses and select ADD.
  8. Enter 0.0.0.0/0 and select SAVE.
  9. Scroll down to Access Policy and select ADD.
    • Set Source to corp.
    • Select SAVE.
  10. Select VALIDATE then COMMIT.

What Was Configured

At the end of this step your authority contains:

ObjectNameValue
AuthorityAuthority128
Conductor Address192.168.100.10/24
Software Update Settingsoffline-modetrue - this is only required for air-gap networks
TenantcorpLAN-side user population
ServiceInternet-Traffic0.0.0.0/0, access from corp

The conductor is now ready to accept branch router onboarding.