skyboxsecurity.com

© 2017 Skybox Security, Inc. All rights reserved.

Skybox Certified Sales Engineer (SCSE)

Pre-work

Version 1.2

Last updated January 2019

Written for Skybox version 9.0.6xx

SCSE Pre-work

skyboxsecurity.com

© 2018 Skybox Security, Inc. All rights reserved.

Introduction This guide is primarily intended for Skybox Security partners attending the Skybox Certified Sales

Engineer (SCSE) 2-day training course. This guide will outline the process of getting Skybox pre-installed

before attending class.

Installing the Skybox View Server before attending the course will save a lot of time in the classroom,

and expose you to the process and options available for installing Skybox. Attending the SCSE course

without Skybox installed will impact your learning experience over the 2 days.

Laptop requirements You will need to bring a laptop of high enough specification to run the Skybox Server and Manager

components. The Collector is not required. To complete the labs and to be able to demonstrate Skybox

to a customer on your laptop, the minimum requirements are:

Most notably, RAM and disk space will affect the performance of the Skybox Server. It is preferable to

have 12GB+ of RAM and a solid-state disk drive.

The Skybox Manager is a combination of Java and HTML clients, and the Java portion must run on

Windows. Therefore, if you have a Mac or Linux based laptop you will need to have a Windows VM also

up and running, or have a dual-boot laptop.

You must also have administrator level privileges on your machine and be able to install software or ‘Run as administrator’.

If you do not have a laptop that meets these requirements, or have any other trouble getting your

environment set up please contact your local Skybox team for further guidance.

Item Minimum

Operating System Windows 7/8/10 (64-bit)

CPU Intel i3 or equivalent

RAM 8GB

Disk 100GB

SCSE Pre-work

skyboxsecurity.com

© 2018 Skybox Security, Inc. All rights reserved.

Getting a license Once you are at the stage of downloading the license from the partner portal, you can refer to this

diagram if you are unsure where to download it from. You only need a DEMO license for the SCSE

course.

SCSE Pre-work

skyboxsecurity.com

© 2018 Skybox Security, Inc. All rights reserved.

Installation Options There are 2 main options available when installing the Skybox Server:

• Running natively in Windows as a Service (easier)

• As a Virtual Appliance in VMWare

Both options will work equally well for the SCSE course and being able to perform a technical

demonstration of the Skybox solution.

To understand the required components, note the following basic architecture of Skybox:

For the SCSE course and being able to perform a basic Skybox technical demo using the demo model,

the Collector component is not required. We only need to install/run the Server and Manager.

Click the link below for the installation guide, depending on your preference:

• Running natively in Windows as a Service

• As a Virtual Appliance in VMWare

SCSE Pre-work

skyboxsecurity.com

© 2018 Skybox Security, Inc. All rights reserved.

Running natively in Windows as a service This section of the guide will step through the process of installing the Skybox View Server natively in

Windows as a service.

Installation At a high level, installing a demo environment on Windows comprises of the following steps:

1. Register as a partner 2. Download components from the partner portal 3. Run the installer 4. Apply the license 5. Load and validate the demo model

Register as a partner If your company is not currently registered with Skybox as a partner, send an email with details about

your company to partners@skyboxsecurity.com and a member of the channel team will contact you

within 48 hours to start the process.

If your company is registered as a partner with Skybox but you don’t have an account, you can apply

using your company email address here.

Once you are registered as a partner and have an account, log into the partner portal at

https://partners.skyboxsecurity.com/

Download components from the partner portal For a Windows demo environment, you need to install all Skybox components on your machine which

are packaged in a single .exe installation file. Completing the installation will require a valid DEMO

license which can be downloaded from the portal (requires log in).

Note: Installing and running the Skybox server requires Administrator privileges

The .exe installer can be downloaded from here.

SCSE Pre-work

skyboxsecurity.com

© 2018 Skybox Security, Inc. All rights reserved.

Run the installer 1. Run the installation file as administrator (SkyboxInstaller-<version#>-<build#>.exe)

2. Follow the directions in the wizard, using the default options

3. Once Skybox is installed, launch the Skybox Manager and log in with the credentials:

Username: skyboxview

Password: skyboxview

Server: https://localhost:8443

4. You should be prompted to add a license

Troubleshooting tips If you do not get the license prompt, that means the Skybox service is not up and running yet. Check to

see if Skybox has installed correctly as a service.

SCSE Pre-work

skyboxsecurity.com

© 2018 Skybox Security, Inc. All rights reserved.

You should see the Skybox Server status as ‘Running’. The Skybox Collector can be disabled and set to

Manual as it is not required for demo purposes.

If you still can’t connect to the Skybox Server, restart your machine and be patient. Resource constraints

may mean the Server takes longer to start (this only happens the first time you install while it builds it’s

databases). The status of the Skybox Server can also be seen in the taskbar:

SCSE Pre-work

skyboxsecurity.com

© 2018 Skybox Security, Inc. All rights reserved.

Apply the license The license file is in an .xml format. Browse to the license location and apply the license, and you should

get confirmation that the license was applied successfully.

Load and validate the demo model Once the license is installed successfully you should be logged into the “Firewall Assurance” module. You

now need to load a model that you can work against.

Skybox ships with a “Live Demo” model that can be loaded into the system. This model has multiple

vendor firewalls, routers and load balancers, and plenty of data already imported to provide the ability

to demonstrate any of the modules and learn about the features and functionality Skybox provides.

Click the “Load Demo Model” button on the splash screen (this will take a few minutes)

SCSE Pre-work

skyboxsecurity.com

© 2018 Skybox Security, Inc. All rights reserved.

You should now see many firewalls loaded into the system.

Congratulations! You’re ready to start the SCSE course!😊

SCSE Pre-work

skyboxsecurity.com

© 2018 Skybox Security, Inc. All rights reserved.

As a Virtual Appliance in VMWare This section of the guide will step through how to set up the Skybox View server in VMWare

Workstation. VMWare Player is also a suitable option, and other hypervisors will work (e.g. Oracle

Virtualbox) but are not specifically covered by this guide. This guide also assumes you already have

VMWare installed.

Installation At a high level, installing a demo environment on VMWare comprises of the following steps:

1. Have VMWare Workstation (or equivalent) installed 2. Register as a partner 3. Download components from the partner portal 4. Deploy and install the VM 5. Configure network settings 6. Apply the license 7. Load and validate the demo model

Register as a partner If your company is not currently registered with Skybox as a partner, send an email with details about

your company to partners@skyboxsecurity.com and a member of the channel team will contact you

within 48 hours to start the process.

If your company is registered as a partner with Skybox but you don’t have an account, you can apply

using your company email address here.

Once you are registered as a partner and have an account, log into the partner portal at

https://partners.skyboxsecurity.com/

Download components from the partner portal For a VMWare demo environment you will need to create a new VM using the .iso downloaded from the

Skybox website. Completing the installation will require a valid DEMO license which can be downloaded

from the portal (requires log in).

The latest .iso file can be downloaded from here. We recommend using the latest version available.

SCSE Pre-work

skyboxsecurity.com

© 2018 Skybox Security, Inc. All rights reserved.

Creating a new virtual machine Once you have downloaded the .iso, you can create a new VM. Open VMWare and go to File > New

Virtual Machine

Keep the default configuration as ‘Typical’.

SCSE Pre-work

skyboxsecurity.com

© 2018 Skybox Security, Inc. All rights reserved.

Select the .iso file you downloaded as the installer disc image. Your version may differ and be more

recent than the one shown below.

Select ‘Other 64-bit’ as the guest operating system.

SCSE Pre-work

skyboxsecurity.com

© 2018 Skybox Security, Inc. All rights reserved.

Choose a suitable name and location for the VM.

Offer at least 100GB for the disk and select to store it as a single file.

Note: The final size of the Skybox VM will be much less than 100GB!

SCSE Pre-work

skyboxsecurity.com

© 2018 Skybox Security, Inc. All rights reserved.

At the final stage before finishing, select ‘Customize Hardware…’ to increase the amount of memory and

CPU for Skybox, and set up the adapter. At a minimum Skybox can run on 1 CPU and 4GB of RAM, but 2

CPU and 8GB is preferred. Configure network settings to suit your environment.

Finish deploying the VM and switch it on. Have the console open when doing this and be ready to start

the Skybox appliance installation.

SCSE Pre-work

skyboxsecurity.com

© 2018 Skybox Security, Inc. All rights reserved.

Once the Skybox VM starts, via the console select ‘Skybox Appliance Installation’ from the boot menu.

This will kick off the installation process which will take around 20 minutes (depending on resources

available).

Once the installation is complete you will be given a prompt to log in. Enter the credentials:

Username: root

Password: skyboxview

SCSE Pre-work

skyboxsecurity.com

© 2018 Skybox Security, Inc. All rights reserved.

Re-type the existing password then choose a new one.

Note: the password must be at least 14 characters and be sufficiently complex

By default, the network interface is configured to receive the IP address from a DHCP server. If you

configured your VM network to support DHCP, it should already have an IP address configured for the

Appliance.

To determine if you have received an IP address, type the following command: ifconfig

Note: ens32 is the device name given by VMWare automatically. It may be different

for your installation

SCSE Pre-work

skyboxsecurity.com

© 2018 Skybox Security, Inc. All rights reserved.

If you don’t have DHCP set up, you will need to set an IP address manually. You can do this by running

the command set_appliance_network, which will launch the network configuration tool.

From here you can change the interface to a Static IP and set the address.

Run the ifconfig command again to check the IP was set correctly.

SCSE Pre-work

skyboxsecurity.com

© 2018 Skybox Security, Inc. All rights reserved.

If you are running an older version of Skybox that does not have the set_appliance_network command,

or for some other reason it doesn’t work, you can also set the interface manually.

Type vi /etc/sysconfig/network-scripts/ifcfg-ens32 (where ens32 refers to your device name). Copy the

following lines to the file, replacing the objects between % with your desired settings:

TYPE=Ethernet

BOOTPROTO=static

NAME=%devicename%

DEVICE=%devicename%

ONBOOT=yes

IPADDR=%ipaddr%

NETMASK=%netmask%

For example:

TYPE=Ethernet

BOOTPROTO=static

NAME=ens32

DEVICE=ens32

ONBOOT=yes

IPADDR=192.168.1.5

NETMASK=255.255.255.0

Save and exit the file. Restart the networking with service network restart. You should see a success

message.

SCSE Pre-work

skyboxsecurity.com

© 2018 Skybox Security, Inc. All rights reserved.

To test connectivity, open a browser window to https://%ipaddr%:444, accept the self-signed certificate

and you should see the web admin console.

Install the Skybox Manager Now the Skybox Server is up and running, you will need to install the client. You can download the client

directly from your virtual appliance. Log into the web administration console using these credentials:

Username: skyboxview

Password: skyboxview

You will be prompted to change the password. Once changed browse to the ‘Support’ tab to download

the Skybox Manager:

SCSE Pre-work

skyboxsecurity.com

© 2018 Skybox Security, Inc. All rights reserved.

Run the installation file as administrator (SkyboxManager-<version#>-<build#>.exe). Follow the

directions in the wizard, using the default options. Once installed, launch the Skybox Manager and log in

with the credentials:

Username: skyboxview

Password: skyboxview

Server: https://%ipaddr%:8443

You should be prompted to add a license.

The license file is in an .xml format. Browse to the license location and apply the license, and you should

get confirmation that the license was applied successfully.

SCSE Pre-work

skyboxsecurity.com

© 2018 Skybox Security, Inc. All rights reserved.

Load and validate the demo model Once the license is installed successfully you should be logged into the “Firewall Assurance” module. You

now need to load a model that you can work against.

Skybox ships with a “Live Demo” model that can be loaded into the system. This model has multiple

vendor firewalls, routers and load balancers, and plenty of data already imported to provide the ability

to demonstrate any of the modules and learn about the features and functionality Skybox provides.

Click the “Load Demo Model” button on the splash screen (this will take a few minutes)

You should now see many firewalls loaded into the system.

Congratulations! You’re ready to start the SCSE course!😊

SCSE Pre-work

skyboxsecurity.com

© 2018 Skybox Security, Inc. All rights reserved.

Tips for your lab environment There are some default settings worth changing to make your life easier. Open the Skybox Manager and

make sure:

• Under Tools > Options > Manager Options > Risks Configuration the ‘Risk Value Style’ is set

to ‘Score (0-100)’

• Under Tools > Options > Manager Options > Access Analyzer ‘Display all blocking rules’ is

checked

• Under Tools > Options > Server Options > Change Manager Settings > under ‘Optimization

Settings’ the ‘Contained Within’ radio button is checked

• You have run analysis (in Operational Console > Task Sequences there are 2 task sequences

already created for initialising both FA and VC. Right click and launch one after the other.)

You may also want to remove the timeout for the client. This property is not stored in the GUI, but in the

server config file at /opt/skyboxview/server/conf/sb_server.properties (VMWare installation) or

C:/Skybox/server/conf/sb_server.properties (Windows). Change the value of ‘client_session_timeout’ to

‘-1’ as per below (requires server restart):