Install the On-Premises Controller

1. Download the qcow file, contact your Palo Alto Networks Partner for assistance if needed.
2. Bring up the VM using the downloaded qcow file.
3. Log in to the VM using ubuntu/ubuntu.

   The ubuntu/ubuntu credential is a default username for the Palo Alto Networks–provided qcow image. You must change the password immediately after first login before proceeding further.
4. Format the disk space by executing the following command.

   The following command repartitions /dev/vda, it will destroy all existing data on the disk. Execute this command only on a freshly deployed controller VM intended for Prisma SD-WAN installation. Before running, verify the correct device name by executing lsblk. On ESXi guests, the disk may appear as /dev/sda; substitute accordingly.

   lsblk
   printf 'd\n\nn\n\n\n\nN\nw' | sudo fdisk /dev/vda

5. Keep your management IP address handy and ensure it's not configured with DHCP.
6. Access the Prisma SD-WAN Controller Installation user interface by using the URL https://<public IP of VM>:9443/installer.

7. Click Get Started.
8. Select a predefined configuration Template for the deployment and provide Server IP addresses for all nodes.

   The template configuration such as the number of sites, CPU models, and servers are pre-populated on selecting the template. Choose from the following templates:

   • Demo small- single node setup for 10 sites
   • Demo Large- multinode setup for 500 sites
   • Multinode small- 3 node non-HA deployment for 100 sites
   • Multinode HA large- 9 HA deployment for 1000 sites

   If you want to set up HA, use a load balancer for high availability deployment. The HA setup requires 9 nodes—3 Application nodes, 3 Statistics nodes, and 3 Operator nodes. Refer to Minimum Hardware Requirements for per-node CPU, memory, and storage specifications.

9. Click Next.
10. Provide Backup Configuration.

    Add Backup Schedule Time, Backup Retention Days, and Backup Schedule.

    Schedule a daily backup and set retention to a minimum of 30 days. Valid retention range is 1–365 days. Do not set retention to 0, as this disables backup retention and leaves no recovery point. Each backup consumes space under /mnt_ebs/backup_config; ensure sufficient disk capacity before proceeding. When the backup location fills up, the oldest backups are automatically overwritten.

11. Click Next.
12. Setup Tenant by providing the Tenant Name, Tenant Domain, NTP Server IP address, and optionally Use Tenant Domain for southbound connection.

    Tenant domain for southbound connection is an optional field, if you provide the Tenant Domain for southbound connection when setting up the tenant, the given domain name is used. If you select to use the southbound domain, enter the domain name and IP address.

13. Click Next.
14. Verify the information you specified and then Install the controller.

    The installation will take approximately 60 minutes. You can view the progress of the installation on the user interface.

    You will be notified that the installation is complete and the services are running after the installation is complete.

15. Download the login credentials for the Administrator console and the Operator console. Click the links to access the Administrator console or Operator console.
16. The installation is verified automatically as part of the installation verification steps, however, you can verify the installation by running the CLI command controller_verify.

    Check the Overall Controller Health

    Check the controller health by executing the following commands:

    controller_verify
    ✓ auth-manager is available and healthy
    ✓ boreas-stats is available and healthy
    ✓ element-manager is available and healthy
    ✓ events-manager-1 is available and healthy
    ✓ events-manager-2 is available and healthy
    ✓ nginx is available and healthy
    ✓ notification-manager is available and healthy
    ✓ redis-1 is available and healthy
    ✓ script-manager is available and healthy
    ✓ sdwan-apps-manager is available and healthy
    ✓ stats-collector is available and healthy
    ✓ stats-manager is available and healthy
    ✓ stats-processor is available and healthy
    ✓ ui-manager is available and healthy
    ✓ kafka-1 is available and healthy
    ✓ mongo-1 is available and healthy
    ✓ remote-access-manager is available and healthy
    Verification Successful

    Check the Pods Status

    Check if the pods are in running state.

    ubuntu@ubuntu:~$ kubectl get pods -n prismasdwan
    NAME                             READY  STATUS  RESTARTS  AGE 
    auth-manager-674d79649f-h8xrg     9/9   Running  0        42m 
    element-manager-78b6478dbb-66gwg  1/1   Running  0        42m 
    events-manager-1-5ff67c5f4b-7txd7 1/1   Running  0        42m 
    events-manager-2-84f9c5d846-8bjmk 3/3   Running  0        42m 
    nginx-9bdf9f4cb-f8xjz             1/1   Running  0        42m 
    stats-manager-564748f748-g6gvk    5/5   Running  0        41m 
    ui-manager-675bfd5fd9-hjjs6       2/2   Running  0        41m