Phase 2: kvm-01 EVE-NG Deployment
Phase 2: kvm-01 EVE-NG Deployment
Approach
EVE-NG CE as a VM on kvm-01 for topologies that exceed the workstation’s capacity. This instance handles FMCv (28GB), ISE (16GB), NX-OSv 9000 (8GB each), and full security stacks.
VM Specifications
| Parameter | Value |
|---|---|
vCPU |
8 (kvm-01 has 8C/16T Xeon D-2146NT) |
RAM |
60GB (after existing VM commitments) |
Disk |
500GB qcow2 (thin-provisioned — heavy images need space) |
Network |
Bridged to br-mgmt (10.50.1.150/24) |
Cloud0 |
Additional bridge for lab-to-production integration |
CPU Mode |
|
OS |
Ubuntu 22.04 LTS (EVE-NG CE requirement) |
Installation Steps
-
SSH to kvm-01, verify available RAM
-
Enable nested KVM if not already (
/sys/module/kvm_intel/parameters/nested) -
Transfer EVE-NG CE ISO to kvm-01 storage
-
Create KVM VM with
virt-install -
Install EVE-NG CE
-
Add DNS A record:
eve-ng-01.inside.domusdigitalis.dev→ 10.50.1.150 (BIND) -
Issue TLS certificate from Vault PKI for HTTPS
-
Install Wazuh agent for SIEM monitoring
-
Test with FTDv or ISE boot (validates nested KVM handles heavy images)
Integration with Existing Infrastructure
| Service | Integration |
|---|---|
DNS |
A record in BIND zone |
TLS |
Vault PKI cert for HTTPS UI |
SIEM |
Wazuh agent monitoring |
Backup |
Borg backup of EVE-NG configs and exported labs |
NTP |
Points to VyOS VIP or bind-01 |
Verification Checklist
-
Web UI at
eve-ng-01.inside.domusdigitalis.dev -
FTDv boots successfully (nested KVM stress test)
-
No performance degradation on existing kvm-01 VMs
-
DNS resolves correctly
-
TLS cert valid and trusted
-
Wazuh agent reporting