WHITE PAPER January 2019 RASPBERRY PI 3B+ AND VMWARE PULSE 1.1 Versin 0.1
Table f Cntents Executive Summary... 1 Business Case... 1 Slutin Overview... 1 Intrductin... 2 Purpse... 2 Audience... 2 Slutin Cnfiguratin... 3 Slutin Architecture... 3 Assumptins... 4 Pre-Requisites... 4 Sftware Requirements... 4 Netwrk Requirements... 4 Slutin Validatin... 5 Onbard... 5 Creating a Technician User... 5 Creating a Sidelad Staging Package... 5 Dwnlading a Sidelad Staging Package... 6 Cpying a Sidelad Staging Package... 6 Installing the Sidelad Staging Package... 6 Onbarding the Raspberry Pi... 7 Mnitr... 7 Publish Metrics thrugh Lita Package Manager... 7 Create Alert Definitins... 7 WHITE PAPER i
Executive Summary Business Case The Internet f Things (IT) is rapidly transfrming traditinal business mdels and peratinal prcesses t bst innvatin and grwth. An IT-ready infrastructure has unique requirements with nbarding, cnfiguring, managing, and securing cnnected devices, and as a tidal wave f IT use cases reaches yur rganizatin, yur IT and Operatinal Technlgy (OT) departments may struggle t keep up. VMware can help rganizatins achieve IT infrastructure excellence and deliver successful business utcmes that meet the needs f bth yur IT and OT rganizatins. VMware Pulse IT Center is a secure, enterprise-grade, end-t-end IT infrastructure management slutin that allws OT and IT t have cmplete cntrl ver their IT use cases, frm the edge all the way t the clud. It helps cmpanies t nbard, manage, mnitr, and secure all things and infrastructure fr IT. Raspberry Pi 3 B+ is a small and affrdable cmputer that yu can use t put the pwer f cmputing and digital making int the hands f peple all ver the wrld. It enables mre peple t harness the pwer f cmputing and digital technlgies fr wrk, t slve prblems that matter t them, and t express themselves creatively. Raspberry Pi is cmmnly used in a wide variety f Internet f Things prjects and applicatins. This Slutin Paper is intended t validate that VMware Pulse IT Center can be used t nbard, manage, mnitr and secure ne r a fleet f Raspberry Pi devices. Slutin Overview This reference architecture is a shwcase f using VMware Pulse IT Center t effectively and efficiently nbard, manage, mnitr and secure a Raspberry Pi. - We demnstrate the architecture f the deplyment. - We successfully nbard a Raspberry Pi as a managed Edge System. - We mnitr the health f a Raspberry Pi by cllecting system metrics. WHITE PAPER 1
Intrductin Purpse This reference architecture utlines the supprtability f a Raspberry Pi as a managed Edge System n VMware Pulse IT Center. Audience This reference architecture is intended fr IT and OT administratrs and IT Architects invlved in planning and managing Internet f Things Infrastructure, Applicatins and Services. WHITE PAPER 2
Slutin Cnfiguratin Slutin Architecture Fr this slutin, we have a Raspberry Pi 3B+ cnnected via WiFi r Ethernet t yur internal netwrk. Frm there it cnnects t VMware Pulse IT Center which is either installed n-premises r hsted in the clud. In this case, we will be nbarding a Raspberry Pi 3B+ as a Managed Edge System/Gateway. Raspberry Pi 3 VMware Pulse WHITE PAPER 3
Assumptins Yu have access t a Raspberry Pi 3B+ running Raspbian Jessie/Stretch. Yu have access t a VMware Pulse IT Center versin 1.1 envirnment n the clud r set-up in yur On-Prem envirnment. The Raspberry Pi has a WiFi r LAN cnnectin and the ability t reach ut t internet. Yu have a basic understanding f navigating thrugh Linux Cmmand Line Interface. Yu have access t the Raspberry Pi via SSH r SCP. Yu have a Technician User created n VMware Pulse. Pre-Requisites Sftware Requirements Sftware/Applicatins/Framewrks Value OS Distr Raspbian Stretch Pythn Versin 2.7.9-2.7.15 Snap Versin (if Applicable) 2.32.6 OpenSSL Versin 1.1.1 LibC 2.19 LibCrypt Yes Rt Access Yes Cmplete File Structure Access t Rt/Sud Yes Netwrk Requirements Surce Destinatin Prt RPi 3B+ EMQTT Brker 8883 RPi 3B+ Lifecycle Management Server 443 RPi 3B+ Lifecycle Management Server 2001 RPi 3B+ Pulse API Server 443 WHITE PAPER 4
Slutin Validatin Onbard Creating a Technician User In VMware Pulse IT Center v1.1, designated technician user(s) created in the Pulse Cnsle can initiate multiple gateway registratins. T create a Technician user: Lgin t the Pulse cnsle as sysadmin/pulse admin. Navigate t the Admin tab and create a user using the fllwing steps: Click Create Admin Enter the details in the Create User dialg bx and click Save. By default, the rle will be Alert Admin. Fllw these steps t change the rle t that f a technician: Click Edit icn crrespnding t the user created in the previus step. In the Update Rle dialg bx, frm the Rle Name drp-dwn menu, select Technician and click Save. Lgin t the cnsle using the user credentials f the technician and change the passwrd. Read and accept the EULA. If yu d nt accept the EULA, yu cannt carry ut enrllments. Once accepted, the accunt is activated. Yu will be lgged ut f the cnsle withut further access t the Pulse cnsle thrugh this technician user. The credentials f the technician user are used by API s Enrllment Service t generate enrllment users fr the enrllment f the gateway. Creating a Sidelad Staging Package Create a Prfile Cmpnent with the Rt CA Cert fr Raspberry Pi t trust the VMware Pulse servers. Frm the Lifecycle management cnsle, navigate t Devices > Staging & Prvisining > Cmpnents > Prfiles. Ensure that yu are under the intended rganizatin grup. Click the Add Prfile buttn > Select Linux. In the General sectin, enter a name and select Bth as the prfile scpe. Click Credentials in the left pane. Click Cnfigure and uplad the Rt Certificates f the servers EMQTT Brker, Pulse API, Lifecycle Management Server (AirWatch Cmpnent). If the Rt Certificates are different, create separate prfiles fr the same. Click Save and yu will see that the prfile yu created is listed n the Prfiles page. Similarly, yu can create mre prfiles using the Intermediate and Identity Certificates f the afrementined servers. Create Files/Actins Cmpnents Cntaining Lita Registratin Packages Frm the device management cnsle, navigate t Devices > Staging & Prvisining > Cmpnents > Files/Actins. Click Add Files/Actins > Select Linux. In the Files sectin, click the Add Files buttn and uplad the Lita User Package files required fr registratin f the gateways: itcc_mqtt.py WHITE PAPER 5
general_edge_system.py Click Save. Create the Staging Package Prvide the dwnlad path n the gateway fr all the Lita user package files as /pt/lita-packages/ and click Save. When yu create the staging package, the right agent must be added. T check what the agent t use, run this cmmand uname -a n the gateway. Frm the device management cnsle, navigate t Devices > Staging & Prvisining > Staging. Click Add Staging > Select Linux. In the General sectin, cmplete the fllwing: Enter a name and descriptin fr the staging package. Select the intended rganizatin grup fr this staging package. Select an apprpriate Pulse agent versin fr the agent. In the Manifest sectin, click Add. Frm Actins t Perfrm, select Install Prfile. In the textbx crrespnding t Prfile, type/select the certificate prfiles. Select Install Files/Actins. Fr Files/Actins, select the previusly created Files/Actins that cntains Lita user packages files. Frm Actins t Perfrm, select Install Files/Actins. Select any previusly created Files/Actins that must be installed as a prerequisite and Click Save. The staging package that was created is listed n the staging page. Dwnlading a Sidelad Staging Package Frm the device management cnsle, navigate t Devices > Staging & Prvisining > Staging. Duble-click the sidelad staging buttn n the right side f the intended sidelad package. Ensure that the crrect rganizatin grup is displayed and that the universal flag is nt selected. Enter a passphrase fr the sidelad package. Click Dwnlad. A sidelad staging package file called SideLadStaging_<string based n package name, versin, rganizatin grup>.tar.gz is dwnladed. Cpying a Sidelad Staging Package On the edge system gateway, cpy the sidelad staging package file t the file system such as the /tmp/ directry ver SSH r by using a USB drive. Installing the Sidelad Staging Package Extract the sidelad staging package int the /tmp/ directry. Fr example, $ tar xvzf SideLadStaging_iceclientx86dem_xyz.tar.gz -C /tmp/ Ensure that the Pulse Agent installer under /tmp/agent has execute permissins. WHITE PAPER 6
Fr example, $ chmd +x /tmp/agent/ice-client-linux-x86_64-0.1.1018.sh Execute the Pulse Agent installer present under /tmp/agent/ with rt privileges. Fr example, $ sud /tmp/agent/ice-client-linuxx86_64-0.1.1018.sh Onbarding the Raspberry Pi Execute the itcc utility. Fr example, $ sud /pt/ice-client/itcc Enter the user ID and passwrd f the technician when prmpted. After yu run the script, n successful registratin, nbarding credentials are generated alng with the name f the edge system and the UUID. After successful installatin and registratin, the IT edge system is listed in the Pulse Cnsle. Mnitr Publish Metrics thrugh Lita Package Manager We mnitr the health f a Raspberry Pi by cllecting system metrics. Dwnlad the itcc_mqtt_edge_system_stats.py file frm the Lita Page n GitHub. Cpy the file ver t this path n the gateway: /usr/lib/lita/packages. Run the cmmand chmd +x itcc_mqtt_edge_system_stats.py t allw executin. On the gateway, use CLI and run this cmmand t get the SHA1 checksum: $ sha1sum itcc_mqtt_edge_system_stats.py Run this cmmand t lad the file n t the Lita Package Manager: /usr/lib/lita/packages/litad/litapkg.sh lad -r itcc_mqtt_edge_system_stats <checksum> Please nte that the -r is t make sure that it lads after rebt. Once dne, tail the /var/lg/lita/lita.lg file t cnfirm that the system stats are being sent t Pulse. Wait fr a few minutes and check n the Pulse Cnsle t view the metrics graphs. Yu can als d the afrementined steps as part f Prduct Prvisining thrugh Pulse. Create Alert Definitins Navigate t the Alert Definitins tab and cmplete the fllwing steps: Click the Add New buttn at the tp right f the page t add alerts. Enter the metadata fr the alert definitin and click Next. Select the symptms t trigger an alert. Click Create Symptm t create a new symptm. Enter the metadata fr the alert definitin and click Next. Specify the recmmendatins t remedy the situatin f the alerts in this categry. Review and Save the alert. WHITE PAPER 7
VMware, Inc. 3401 Hillview Avenue Pal Alt CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.cm Cpyright 2018 VMware, Inc. All rights reserved. This prduct is prtected by U.S. and internatinal cpyright and intellectual prperty laws. VMware prducts are cvered by ne r mre patents listed at http://www.vmware.cm/g/patents. VMware is a registered trademark r trademark f VMware, Inc. and its subsidiaries in the United States and ther jurisdictins. All ther marks and names mentined herein may be trademarks f their respective cmpanies. 8