Example: deploying Virtual Engines for MSSP customers

An example of configuring Master Engines and Virtual Engines in an MSSP environment.

Company A is an MSSP (Managed Security Services Provider). Customer 1 and Customer 2 are customers of Company A. The customers each want one Virtual Engine with two Physical Interfaces. The administrators at Company A decide to use their existing Secure SD-WAN appliance as a Master Engine to host Virtual Engines for Customer 1 and Customer 2. Separate administrative Domains have already been configured for each customer. The engine already has a license that allows the creation of Virtual Resources.

The administrators at Company A:

  1. Create a Master Engine element in the Shared Domain.
  2. Create one Virtual Resource element for each customer’s Virtual Engine and select the appropriate Domain for each Virtual Resource:
    Table 1. Virtual resources details
    Virtual resource name Domain
    Customer 1 Virtual Resource Customer 1 Domain
    Customer 2 Virtual Resource Customer 2 Domain
  3. Create the following Physical Interfaces on the Master Engine:
    Table 2. Physical interfaces details
    Interface ID Description
    0 Physical Interface for the Master Engine’s own traffic
    1 Physical Interface for hosted Virtual Engine traffic
  4. Add an IPv4 address for each Master Engine node to Physical Interface 0.
  5. Add the following VLAN Interfaces to Physical Interface 1 and select the appropriate Virtual Resource for each VLAN Interface:
    Table 3. VLAN interfaces details
    Interface ID Virtual resource Description
    VLAN 1.1 Customer 1 Virtual Resource VLAN Interface for the first Physical Interface on the Virtual Engine for Customer 1
    VLAN 1.2 Customer 1 Virtual Resource VLAN Interface for the second Physical Interface on the Virtual Engine for Customer 1
    VLAN 1.3 Customer 2 Virtual Resource VLAN Interface for the first Physical Interface on the Virtual Engine for Customer
    VLAN 1.4 Customer 2 Virtual Resource VLAN Interface for the second Physical Interface on the Virtual Engine for Customer 2
  6. Create a Virtual Engine element for each customer and select the appropriate Virtual Resource for each Virtual Engine:
    Table 4. Virtual engine details
    Virtual engine Virtual resource
    Customer 1 Virtual Engine Customer 1 Virtual Resource
    Customer 2 Virtual Engine Customer 2 Virtual Resource
  7. Add IP addresses to the Physical Interfaces on the Virtual Engines.
  8. Refresh the policy on the Master Engine.
  9. Refresh the policy on the Virtual Engines.