Install a New Standalone NEN

Note

This procedure describes how to perform a new NEN standalone installation where you have not previously installed the NEN as a service on a PCE data node or you have not installed the NEN 2.1.0 standalone service on your own host.

For the steps to upgrade standalone NEN 2.1.0 to standalone NEN 2.3.x or later, see Upgrade Standalone NEN 2.1.0 to Standalone NEN 2.3.x or Later.

To install a NEN as a standalone NEN:

Note

For standalone NEN hardware requirements, see CPU, Memory, and Storage Requirements.

Download the NEN software from the Illumio Support portal.

Run the following command to install the NEN RPM on the host:

sudo yum install -y <path_to_Illumio_NEN_rpm>/illumio-nen-<release_number>
-<build_number>.x86_64.rpm

Configure the NEN runtime environment settings using one of the following options:
- Option 1: Perform an interactive installation
  Run the setup command to launch an interactive installation and answer the prompts to configure the NEN runtime environment. (This method creates the NEN runtime environment file and saves it in the correct NEN directory.)
```
sudo /opt/illumio-nen/illumio-nen-env setup
```
- Option 2: Modify the template runtime environment file
  Copy a template of the NEN runtime environment file to the required location and then modify that file.
  1. Copy from:
    /opt/illumio-nen/illumio/config/templates
  2. Paste to:
    /etc/illumio-nen/runtime_env.yml
  3. Update the file with the host FQDNs and service discovery certificate information.
    Important
    A standalone NEN cannot communicate with the PCE by using a self-signed service discovery certificate. The NEN requires an X.509 public certificate in PEM format for TLS communication with the PCE.
    # Configuration generated <timestamp> install_root: “/opt/illumio-nen” runtime_data_root: “/var/lib/illumio-nen/runtime” persistent_data_root: “/var/lib/illumio-nen/data” ephemeral_data_root: “/var/lib/illumio-nen/tmp” log_dir: “/var/log/illumio-nen” private_key_cache_dir: “/var/lib/illumio-nen/keys” nen_fqdn: <example.com> service_discovery_fqdn: <example.com> cluster_type: snc0 service_discovery_private_key: “/var/lib/illumio-nen/cert/server.key” service_discovery_certificate: “/var/lib/illumio-nen/cert/server.crt” service_discovery_encryption_key: <key>
    Where:
    nen_fqdn is the hostname of the node where the NEN is installed.
    service_discovery_fqdn is the hostname of the NEN FQDN.
    service_discovery_private_key is the directory path of the RSA private key file.
    service_discovery_certificate is the directory path of the certificate file.
    service_discovery_encryption_key is a 16 byte hexadecimal base-64 encoded value
    When adding the encryption key to the template runtime environment file, you create your own value. However, if you are using the interactive NEN installation, the NEN CTL setup command automatically creates this value in the file.
Start the NEN and set the runlevel to 5. The option -svw shows the status of the start operation.
```
sudo -u ilo-nen /opt/illumio-nen/illumio-nen-ctl start --runlevel 5 -svw
```

NEXT STEPS

Activate the NEN with a pairing key from the PCE. See Obtain Pairing Key and Activate the NEN.
To enable the NEN to integrate with a load balancer, see Enable Load Balancer Support.
(Optional) To configure the NEN as an HA pair, perform the steps in Configure HA Support for the NEN.

Obtain a Pairing Key and Activate the NEN

When the NEN is installed as part of a NEN HA pair, you only pair the NEN primary node with the PCE.

Log into the PCE web console.
From the left navigation menu, choose Servers & Endpoints > Workloads.
Click Add > Pair Workload with Pairing Profile.
Select any existing pairing profile from the “Pick a Pairing Profile” drop-down menu.
Copy the pairing Key value (alphanumeric).

sudo -u ilo-nen /opt/illumio-nen/illumio-nen-ctl activate 
<pairing_key_value> 
--host <pce-address>:<pce-port>

Enable load balancer support

After installing the NEN RPM and activating it with the PCE, enable load balancer support by running the following command on the NEN node:

Note

If the NEN is configured as an HA pair, run this command on the primary node.

sudo -u ilo-nen /opt/illumio-nen/illumio-nen-ctl slb-enable

Move a NEN from one PCE to another PCE

You can move a NEN from one PCE to another PCE in the same supercluster. When a NEN is moved in this way, associated Server Load Balancers maintain policy for managed virtual servers. After the PCE database is restored, the moved NEN remains connected to the new PCE. The command for moving a NEN is:

sudo -u ilo-nen /opt/illumio-nen/illumio-nen-ctl pce-host-update 
<pce-host-addr>:<port>

Illumio Core 25.2.10 Install, Configure, Upgrade

Install a New Standalone NEN

Note

Note

Important

Obtain a Pairing Key and Activate the NEN

Enable load balancer support

Note

Move a NEN from one PCE to another PCE

Search results