Expedition v2 recommended VM sizing on ESXi?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Expedition v2 recommended VM sizing on ESXi?

L2 Linker
  • Summary:  I want to spin up Expedition v2 with enough resources to migrate 125+ lsys off of Juniper ScreenOS and JunOS, and also have the ability to use Expedition to "Normalize/Optimize/Eliminate" duplicate objects, unused rules, merge nearly duplicate rules in Panorama, or any other benefits it may offer, so I want to make sure I have enough resources on the new VM.  I already have a dozen HA Pairs administered through Panorama, and these new migrations will mostly be to a large chassis (PA-5450) that is replacing 5 Juniper HA Pairs on the interior of our network.  I think I read somewhere a suggestion of 8 CPUs, 16GB RAM, and 500GB of Storage for Expedition - does that seem like a good recommendation if it is easier to ask once than expand multiple times in the future?  Do I need that much storage?  Less/More?  I don't really plan to keep all of the projects on Expedition forever, and once I get a script that does most of what I need a lot of these will be "Wash, Rinse, Repeat" - including using shared objects, but with so many migrations to do I will need to have multiple projects in storage at a time.

The TL;DR:

  • I've read througn a LOT of readme, quick start, config PDFs, etc, but...  so far no definitive specs for what I should install on that are explicitly stated to be for v2.  I am further hampered by the fact that we don't have a Docker expert on the team, so we don't know what we don't know.
  • I ended up being the lone survivor of a Firewall support team, our documentation on using Expedition usage isn't the best, and I currently have Expedition v1 running with 1 CPU, 2GB RAM, and 40GB of storage, on Ubuntu 16.x LTS.  I now have a team that has joined me, soon to be 6 strong, but none of us currently have experience with either version of Expedition.
  • I have over 130 juniper lsys to migrate to PanOS NGFW on Panorama, and I feel like I'm better off learning the new v2 than dealing with v1 and then having to learn v2 later.
  • I was originally told by management to just use the current VM to install v2, but I'm thinking I'd be better off spinning up a new VM with reasonable specs and once I get v2 working kill the old VM.  Considering the Ubuntu version and the VM specs I can probably sell this concept if I have a solid configuration recommendation.
1 accepted solution

Accepted Solutions

L4 Transporter

Hello @Eric_Troldahl,

I appreciate you reaching out and providing such a comprehensive explanation of your present circumstances and objectives.

I concur with your suggestion that the optimal course of action would be to establish a new, up-to-date OS environment for Expedition2.

You have the option to install the docker engine on a variety of platforms. You can find the relevant information here: https://docs.docker.com/engine/install/

Expedition2 has multi-user support, enabling you to create a singular environment for your entire team. Alternatively, you could install Expedition2 locally for each team member. However, I would advise against having multiple users working on the same project simultaneously due to potential issues with concurrency.

As for resource requirements, you could use those defined for Expedition1 as a starting point (refer to the document here: https://live.paloaltonetworks.com/t5/expedition-articles/expedition-documentation/ta-p/215619?attach...). Since Expedition2 operates over containers, you have the flexibility to increase the allocated resources based on the size of your project and the number of concurrent users/automations.

Please take a moment to review the manual attached to the shared Google drive folder and feel free to share your insights to enhance it.

I believe I've addressed all of your queries, but should you have any further questions or suggestions, don't hesitate to email us at fwmigrate@paloaltonetworks.com.

 

Best regards,

 

David

 

 

 

 

 

View solution in original post

1 REPLY 1

L4 Transporter

Hello @Eric_Troldahl,

I appreciate you reaching out and providing such a comprehensive explanation of your present circumstances and objectives.

I concur with your suggestion that the optimal course of action would be to establish a new, up-to-date OS environment for Expedition2.

You have the option to install the docker engine on a variety of platforms. You can find the relevant information here: https://docs.docker.com/engine/install/

Expedition2 has multi-user support, enabling you to create a singular environment for your entire team. Alternatively, you could install Expedition2 locally for each team member. However, I would advise against having multiple users working on the same project simultaneously due to potential issues with concurrency.

As for resource requirements, you could use those defined for Expedition1 as a starting point (refer to the document here: https://live.paloaltonetworks.com/t5/expedition-articles/expedition-documentation/ta-p/215619?attach...). Since Expedition2 operates over containers, you have the flexibility to increase the allocated resources based on the size of your project and the number of concurrent users/automations.

Please take a moment to review the manual attached to the shared Google drive folder and feel free to share your insights to enhance it.

I believe I've addressed all of your queries, but should you have any further questions or suggestions, don't hesitate to email us at fwmigrate@paloaltonetworks.com.

 

Best regards,

 

David

 

 

 

 

 

  • 1 accepted solution
  • 1694 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!