skyboxsecurity.com
© 2017 Skybox Security, Inc. All rights reserved.
Skybox Certified Sales Engineer (SCSE)
Pre-work
Version 1.2
Last updated January 2019
Written for Skybox version 9.0.6xx
SCSE Pre-work
skyboxsecurity.com
© 2018 Skybox Security, Inc. All rights reserved.
Introduction This guide is primarily intended for Skybox Security partners attending the Skybox Certified Sales
Engineer (SCSE) 2-day training course. This guide will outline the process of getting Skybox pre-installed
before attending class.
Installing the Skybox View Server before attending the course will save a lot of time in the classroom,
and expose you to the process and options available for installing Skybox. Attending the SCSE course
without Skybox installed will impact your learning experience over the 2 days.
Laptop requirements You will need to bring a laptop of high enough specification to run the Skybox Server and Manager
components. The Collector is not required. To complete the labs and to be able to demonstrate Skybox
to a customer on your laptop, the minimum requirements are:
Most notably, RAM and disk space will affect the performance of the Skybox Server. It is preferable to
have 12GB+ of RAM and a solid-state disk drive.
The Skybox Manager is a combination of Java and HTML clients, and the Java portion must run on
Windows. Therefore, if you have a Mac or Linux based laptop you will need to have a Windows VM also
up and running, or have a dual-boot laptop.
You must also have administrator level privileges on your machine and be able to install software or ‘Run as administrator’.
If you do not have a laptop that meets these requirements, or have any other trouble getting your
environment set up please contact your local Skybox team for further guidance.
Item Minimum
Operating System Windows 7/8/10 (64-bit)
CPU Intel i3 or equivalent
RAM 8GB
Disk 100GB
SCSE Pre-work
skyboxsecurity.com
© 2018 Skybox Security, Inc. All rights reserved.
Getting a license Once you are at the stage of downloading the license from the partner portal, you can refer to this
diagram if you are unsure where to download it from. You only need a DEMO license for the SCSE
course.
SCSE Pre-work
skyboxsecurity.com
© 2018 Skybox Security, Inc. All rights reserved.
Installation Options There are 2 main options available when installing the Skybox Server:
• Running natively in Windows as a Service (easier)
• As a Virtual Appliance in VMWare
Both options will work equally well for the SCSE course and being able to perform a technical
demonstration of the Skybox solution.
To understand the required components, note the following basic architecture of Skybox:
For the SCSE course and being able to perform a basic Skybox technical demo using the demo model,
the Collector component is not required. We only need to install/run the Server and Manager.
Click the link below for the installation guide, depending on your preference:
• Running natively in Windows as a Service
• As a Virtual Appliance in VMWare
SCSE Pre-work
skyboxsecurity.com
© 2018 Skybox Security, Inc. All rights reserved.
Running natively in Windows as a service This section of the guide will step through the process of installing the Skybox View Server natively in
Windows as a service.
Installation At a high level, installing a demo environment on Windows comprises of the following steps:
1. Register as a partner 2. Download components from the partner portal 3. Run the installer 4. Apply the license 5. Load and validate the demo model
Register as a partner If your company is not currently registered with Skybox as a partner, send an email with details about
your company to [email protected] and a member of the channel team will contact you
within 48 hours to start the process.
If your company is registered as a partner with Skybox but you don’t have an account, you can apply
using your company email address here.
Once you are registered as a partner and have an account, log into the partner portal at
https://partners.skyboxsecurity.com/
Download components from the partner portal For a Windows demo environment, you need to install all Skybox components on your machine which
are packaged in a single .exe installation file. Completing the installation will require a valid DEMO
license which can be downloaded from the portal (requires log in).
Note: Installing and running the Skybox server requires Administrator privileges
The .exe installer can be downloaded from here.
SCSE Pre-work
skyboxsecurity.com
© 2018 Skybox Security, Inc. All rights reserved.
Run the installer 1. Run the installation file as administrator (SkyboxInstaller-<version#>-<build#>.exe)
2. Follow the directions in the wizard, using the default options
3. Once Skybox is installed, launch the Skybox Manager and log in with the credentials:
Username: skyboxview
Password: skyboxview
Server: https://localhost:8443
4. You should be prompted to add a license
Troubleshooting tips If you do not get the license prompt, that means the Skybox service is not up and running yet. Check to
see if Skybox has installed correctly as a service.
SCSE Pre-work
skyboxsecurity.com
© 2018 Skybox Security, Inc. All rights reserved.
You should see the Skybox Server status as ‘Running’. The Skybox Collector can be disabled and set to
Manual as it is not required for demo purposes.
If you still can’t connect to the Skybox Server, restart your machine and be patient. Resource constraints
may mean the Server takes longer to start (this only happens the first time you install while it builds it’s
databases). The status of the Skybox Server can also be seen in the taskbar:
SCSE Pre-work
skyboxsecurity.com
© 2018 Skybox Security, Inc. All rights reserved.
Apply the license The license file is in an .xml format. Browse to the license location and apply the license, and you should
get confirmation that the license was applied successfully.
Load and validate the demo model Once the license is installed successfully you should be logged into the “Firewall Assurance” module. You
now need to load a model that you can work against.
Skybox ships with a “Live Demo” model that can be loaded into the system. This model has multiple
vendor firewalls, routers and load balancers, and plenty of data already imported to provide the ability
to demonstrate any of the modules and learn about the features and functionality Skybox provides.
Click the “Load Demo Model” button on the splash screen (this will take a few minutes)
SCSE Pre-work
skyboxsecurity.com
© 2018 Skybox Security, Inc. All rights reserved.
You should now see many firewalls loaded into the system.
Congratulations! You’re ready to start the SCSE course!😊
SCSE Pre-work
skyboxsecurity.com
© 2018 Skybox Security, Inc. All rights reserved.
As a Virtual Appliance in VMWare This section of the guide will step through how to set up the Skybox View server in VMWare
Workstation. VMWare Player is also a suitable option, and other hypervisors will work (e.g. Oracle
Virtualbox) but are not specifically covered by this guide. This guide also assumes you already have
VMWare installed.
Installation At a high level, installing a demo environment on VMWare comprises of the following steps:
1. Have VMWare Workstation (or equivalent) installed 2. Register as a partner 3. Download components from the partner portal 4. Deploy and install the VM 5. Configure network settings 6. Apply the license 7. Load and validate the demo model
Register as a partner If your company is not currently registered with Skybox as a partner, send an email with details about
your company to [email protected] and a member of the channel team will contact you
within 48 hours to start the process.
If your company is registered as a partner with Skybox but you don’t have an account, you can apply
using your company email address here.
Once you are registered as a partner and have an account, log into the partner portal at
https://partners.skyboxsecurity.com/
Download components from the partner portal For a VMWare demo environment you will need to create a new VM using the .iso downloaded from the
Skybox website. Completing the installation will require a valid DEMO license which can be downloaded
from the portal (requires log in).
The latest .iso file can be downloaded from here. We recommend using the latest version available.
SCSE Pre-work
skyboxsecurity.com
© 2018 Skybox Security, Inc. All rights reserved.
Creating a new virtual machine Once you have downloaded the .iso, you can create a new VM. Open VMWare and go to File > New
Virtual Machine
Keep the default configuration as ‘Typical’.
SCSE Pre-work
skyboxsecurity.com
© 2018 Skybox Security, Inc. All rights reserved.
Select the .iso file you downloaded as the installer disc image. Your version may differ and be more
recent than the one shown below.
Select ‘Other 64-bit’ as the guest operating system.
SCSE Pre-work
skyboxsecurity.com
© 2018 Skybox Security, Inc. All rights reserved.
Choose a suitable name and location for the VM.
Offer at least 100GB for the disk and select to store it as a single file.
Note: The final size of the Skybox VM will be much less than 100GB!
SCSE Pre-work
skyboxsecurity.com
© 2018 Skybox Security, Inc. All rights reserved.
At the final stage before finishing, select ‘Customize Hardware…’ to increase the amount of memory and
CPU for Skybox, and set up the adapter. At a minimum Skybox can run on 1 CPU and 4GB of RAM, but 2
CPU and 8GB is preferred. Configure network settings to suit your environment.
Finish deploying the VM and switch it on. Have the console open when doing this and be ready to start
the Skybox appliance installation.
SCSE Pre-work
skyboxsecurity.com
© 2018 Skybox Security, Inc. All rights reserved.
Once the Skybox VM starts, via the console select ‘Skybox Appliance Installation’ from the boot menu.
This will kick off the installation process which will take around 20 minutes (depending on resources
available).
Once the installation is complete you will be given a prompt to log in. Enter the credentials:
Username: root
Password: skyboxview
SCSE Pre-work
skyboxsecurity.com
© 2018 Skybox Security, Inc. All rights reserved.
Re-type the existing password then choose a new one.
Note: the password must be at least 14 characters and be sufficiently complex
By default, the network interface is configured to receive the IP address from a DHCP server. If you
configured your VM network to support DHCP, it should already have an IP address configured for the
Appliance.
To determine if you have received an IP address, type the following command: ifconfig
Note: ens32 is the device name given by VMWare automatically. It may be different
for your installation
SCSE Pre-work
skyboxsecurity.com
© 2018 Skybox Security, Inc. All rights reserved.
If you don’t have DHCP set up, you will need to set an IP address manually. You can do this by running
the command set_appliance_network, which will launch the network configuration tool.
From here you can change the interface to a Static IP and set the address.
Run the ifconfig command again to check the IP was set correctly.
SCSE Pre-work
skyboxsecurity.com
© 2018 Skybox Security, Inc. All rights reserved.
If you are running an older version of Skybox that does not have the set_appliance_network command,
or for some other reason it doesn’t work, you can also set the interface manually.
Type vi /etc/sysconfig/network-scripts/ifcfg-ens32 (where ens32 refers to your device name). Copy the
following lines to the file, replacing the objects between % with your desired settings:
TYPE=Ethernet
BOOTPROTO=static
NAME=%devicename%
DEVICE=%devicename%
ONBOOT=yes
IPADDR=%ipaddr%
NETMASK=%netmask%
For example:
TYPE=Ethernet
BOOTPROTO=static
NAME=ens32
DEVICE=ens32
ONBOOT=yes
IPADDR=192.168.1.5
NETMASK=255.255.255.0
Save and exit the file. Restart the networking with service network restart. You should see a success
message.
SCSE Pre-work
skyboxsecurity.com
© 2018 Skybox Security, Inc. All rights reserved.
To test connectivity, open a browser window to https://%ipaddr%:444, accept the self-signed certificate
and you should see the web admin console.
Install the Skybox Manager Now the Skybox Server is up and running, you will need to install the client. You can download the client
directly from your virtual appliance. Log into the web administration console using these credentials:
Username: skyboxview
Password: skyboxview
You will be prompted to change the password. Once changed browse to the ‘Support’ tab to download
the Skybox Manager:
SCSE Pre-work
skyboxsecurity.com
© 2018 Skybox Security, Inc. All rights reserved.
Run the installation file as administrator (SkyboxManager-<version#>-<build#>.exe). Follow the
directions in the wizard, using the default options. Once installed, launch the Skybox Manager and log in
with the credentials:
Username: skyboxview
Password: skyboxview
Server: https://%ipaddr%:8443
You should be prompted to add a license.
The license file is in an .xml format. Browse to the license location and apply the license, and you should
get confirmation that the license was applied successfully.
SCSE Pre-work
skyboxsecurity.com
© 2018 Skybox Security, Inc. All rights reserved.
Load and validate the demo model Once the license is installed successfully you should be logged into the “Firewall Assurance” module. You
now need to load a model that you can work against.
Skybox ships with a “Live Demo” model that can be loaded into the system. This model has multiple
vendor firewalls, routers and load balancers, and plenty of data already imported to provide the ability
to demonstrate any of the modules and learn about the features and functionality Skybox provides.
Click the “Load Demo Model” button on the splash screen (this will take a few minutes)
You should now see many firewalls loaded into the system.
Congratulations! You’re ready to start the SCSE course!😊
SCSE Pre-work
skyboxsecurity.com
© 2018 Skybox Security, Inc. All rights reserved.
Tips for your lab environment There are some default settings worth changing to make your life easier. Open the Skybox Manager and
make sure:
• Under Tools > Options > Manager Options > Risks Configuration the ‘Risk Value Style’ is set
to ‘Score (0-100)’
• Under Tools > Options > Manager Options > Access Analyzer ‘Display all blocking rules’ is
checked
• Under Tools > Options > Server Options > Change Manager Settings > under ‘Optimization
Settings’ the ‘Contained Within’ radio button is checked
• You have run analysis (in Operational Console > Task Sequences there are 2 task sequences
already created for initialising both FA and VC. Right click and launch one after the other.)
You may also want to remove the timeout for the client. This property is not stored in the GUI, but in the
server config file at /opt/skyboxview/server/conf/sb_server.properties (VMWare installation) or
C:/Skybox/server/conf/sb_server.properties (Windows). Change the value of ‘client_session_timeout’ to
‘-1’ as per below (requires server restart):