IvantivTM_Setup.md

Ivanti Virtual Traffic Manager (VTM) Docker Setup

This guide outlines the steps to set up the Ivanti Virtual Traffic Manager (VTM) using Docker.

Prerequisites

Before you begin, ensure you have the following:

• A system with Docker installed.
• Docker Hub credentials (if required).

Step 1: Log in to Docker Hub

If you haven't already logged in to Docker Hub, do so by running the following command:

docker login

Enter your Docker Hub username and password when prompted.

Step 2: Pull the VTM Docker Image

Pull the Ivanti VTM Docker image from Docker Hub:

docker pull pulsesecure/vtm:22.6R1

Step 3: Deploy the VTM Docker Container

To deploy the VTM Docker container with access to the host machine's networking, run the following command:

docker run --name=my_vtm_container \
   -e ZEUS_EULA=accept \
   -e ZEUS_PASS=YourChosenPassword \
   --privileged \
   --init \
   -p 0.0.0.0:9090:9090 \
   -t \
   -d \
   pulsesecure/vtm:22.6R1

Replace YourChosenPassword with a secure password for the VTM admin interface.

Explanation of Parameters

• --name=my_vtm_container: Assigns a name to the container (my_vtm_container).
• -e ZEUS_EULA=accept: Accepts the Pulse Secure EULA.
• -e ZEUS_PASS=YourChosenPassword: Sets the admin password for VTM.
• --privileged: Grants extended privileges to the container.
• --init: Ensures proper init system to handle zombie processes.
• -p 0.0.0.0:9090:9090: Binds port 9090 on all interfaces to the container’s port 9090.
• -t: Allocates a pseudo-TTY.
• -d: Runs the container in detached mode.
• pulsesecure/vtm:22.6R1: Specifies the Docker image to use.

Step 4: Verify the Container is Running

Check if the container is running:

docker ps

You should see an entry for my_vtm_container with status "Up."

Step 5: Access the VTM Admin Interface

Once the container is running, access the VTM Admin interface via your browser:

http://<your-docker-host-ip>:9090

Log in with the username admin and the password you set with ZEUS_PASS.

Step 6: Configure Nginx as a Reverse Proxy (Optional)

If you want to set up Nginx as a reverse proxy to the VTM, follow these steps:

6.1 Create an Nginx Configuration File

Create a new Nginx configuration file for the VTM:

sudo nano /etc/nginx/sites-available/vtm

6.2 Add the Following Configuration

server {
    listen 80;

    access_log /var/log/nginx/vtm_access.log kv;
    error_log /var/log/nginx/vtm_error.log;

    location / {
        proxy_pass http://localhost:9090;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        client_max_body_size 100M;

        proxy_redirect off;
        proxy_buffering off;

        # WebSocket support (comment out if you don't need it)
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

6.3 Enable the Site

Enable the Nginx site by creating a symbolic link:

sudo ln -s /etc/nginx/sites-available/vtm /etc/nginx/sites-enabled/

6.4 Test and Reload Nginx

Test the Nginx configuration for syntax errors:

sudo nginx -t

If the test is successful, reload Nginx to apply the changes:

sudo systemctl reload nginx

Now, your VTM should be accessible via HTTP on port 80 through Nginx.

Step 7: Log in as a New Admin User (Optional)

If you've created a new admin user programmatically or via the UI, you can log in with the following credentials:

• Username: newadmin (or your chosen username)
• Password: newadmin1234 (or your chosen password)

Conclusion

You have successfully set up the Ivanti Virtual Traffic Manager using Docker.