GigaVUE-FM connects to the VPC through the EC2 API endpoint. HTTPS is the default protocol which GigaVUE-FM uses to communicate with the EC2 API. For more information about the endpoint and the protocol used, refer to AWS service endpoints.
GigaVUE-FM provides you the flexibility to connect to multiple VPCs. You can choose the VPC ID and launch the GigaVUE Cloud Suite for AWS components in the desired VPCs.
Note: To configure the monitoring domain and launch the fabric components in AWS, you must be a user with fm_super_admin role or a user with write access to the Physical Device Infrastructure Management category.
To create a Monitoring Domain:
- From the left navigation pane, click Inventory > AWS > Monitoring Domain.
- On the Monitoring Domain page, click the New button. The Monitoring Domain Configuration page appears.
- Enter or select the appropriate information as shown in the following table.
Action Use V Series 2 Select Yes to configure V Series 2 node.
An alias used to identify the monitoring domain.
Authentication type for the connection. You can select one of the following:
Basic Credentials EC2 Instance Role
If Basic Credentials is selected, you must enter the Access Key and Secret Access keys.
AWS region for the monitoring domain. For example, EU (London).
Select the AWS account
Select the VPCs to monitor
Traffic Acquisition Method
Select a tapping method. The available options are:
G-vTAP: If you select G-vTAP as the tapping method, you must configure the G-vTAP Controller to communicate to the G-vTAP Agents from GigaVUE-FM. You can also configure the G-vTAP Controller and G-vTAP Agents using your own orchestrator. Refer to Configure GigaVUE Fabric Components in AWS for detailed information. VPC Traffic Mirroring: If you select the VPC Traffic Mirroring option, the mirrored traffic from your workloads is directed directly to the GigaVUE V Series nodes, and you need not configure the G-vTAP agents and G-vTAP Controllers.
For more information on VPC Peering, refer to VPC peering connections in the AWS Documentation. Peering is required to send mirrored traffic from other VPCs into a centralized GigaVUE V Series deployment.
You can choose to use an external load balancer for VPC Traffic Mirroring. Select Yes to use load balancer. Refer to Configure an External Load Balancer for detailed information.
- G-vTAP Controller configuration is not applicable for VPC Traffic Mirroring.
- For VPC Traffic Mirroring option, additional permissions are required. Refer to the GigaVUE Cloud Suite for AWS Quick Start Guide for details.
- After deploying the Monitoring Session, a traffic mirror session is created in your AWS VPC consisting of a session, a filter, sources, and targets. For more details, refer to Traffic Mirroring in AWS Documentation.
Tunnel: If you use select Tunnel as the tapping method, you can use the tunnel as a source leader in a bidirectional clock relationship (formerly master) option in the monitoring session, where the traffic is directly tunneled to the GigaVUE V Series nodes without deploying G-vTAP Agents and G-vTAP Controllers. The user is responsible for creating this tunnel feed and pointing it to the GigaVUE V Series node(s).
Secure Mirror Traffic
Check box to establish secure tunnel between G-vTAP Agents and GigaVUE V Series nodes for traffic across VPCs.
Use Proxy Server
Select Yes to add a proxy server. Proxy server enables communication from GigaVUE-FM to the Internet, if GigaVUE-FM is deployed in a private network. On selecting a Proxy Server, enter the following information:
- Click Save. The AWS Fabric Launch Configuration page appears.