Create a Monitoring Domain
GigaVUE-FM connects to the VPC through the EC2 API endpoint. HTTPS is the default protocol which GigaVUE-FM uses to communicate with the EC2 API. For more information about the endpoint and the protocol used, refer to AWS service endpoints.
GigaVUE-FM provides you the flexibility to connect to multiple VPCs. You can choose the VPC ID and launch the GigaVUE Cloud Suite for AWS components in the desired VPCs.
Note: To configure the monitoring domain and launch the fabric components in AWS, you must be a user with fm_super_admin role or a user with write access to the Physical Device Infrastructure Management category.
To create a Monitoring Domain:
- From the left navigation pane, click Inventory > AWS > Monitoring Domain.
- On the Monitoring Domain page, click the New button. The Monitoring Domain Configuration page appears.
- Enter or select the appropriate information as shown in the following table.
Field
Action Use V Series 2 Select Yes to configure V Series 2 node. Monitoring Domain
An alias used to identify the monitoring domain.
Authentication Type
Authentication type for the connection. You can select one of the following:
Basic Credentials EC2 Instance Role If Basic Credentials is selected, you must enter the Access Key and Secret Access keys.
Region Name
AWS region for the monitoring domain. For example, EU (London).
Account
Select the AWS account
VPC
Select the VPCs to monitor
Traffic Acquisition Method
Select a tapping method. The available options are:
G-vTAP: If you select G-vTAP as the tapping method, you must configure the G-vTAP Controller to communicate to the G-vTAP Agents from GigaVUE-FM. VPC Traffic Mirroring: If you select the VPC Traffic Mirroring option, the mirrored traffic from your workloads is directed directly to the GigaVUE V Series nodes, and you need not configure the G-vTAP agents and G-vTAP Controllers.
For more information on VPC Peering, refer to VPC peering connections in the AWS Documentation. Peering is required to send mirrored traffic from other VPCs into a centralized GigaVUE V Series deployment.- G-vTAP Controller configuration is not applicable for VPC Traffic Mirroring.
- For VPC Traffic Mirroring option, additional permissions are required. Refer to the GigaVUE Cloud Suite for AWS Quick Start Guide for details.
- After deploying the Monitoring Session, a traffic mirror session is created in your AWS VPC consisting of a session, a filter, sources, and targets. For more details, refer to Traffic Mirroring in AWS Documentation.
Tunnel: If you use select Tunnel as the tapping method, you can use the tunnel as a source leader in a bidirectional clock relationship (formerly master) option in the monitoring session, where the traffic is directly tunneled to the GigaVUE V Series nodes without deploying G-vTAP Agents and G-vTAP Controllers. The user is responsible for creating this tunnel feed and pointing it to the GigaVUE V Series node(s). Secure Mirror Traffic
Check box to establish secure tunnel between G-vTAP Agents and GigaVUE V Series nodes for traffic across VPCs.
Use Proxy Server
Select Yes to add a proxy server. Proxy server enables communication from GigaVUE-FM to the Internet, if GigaVUE-FM is deployed in a private network. On selecting a Proxy Server, enter the following information:
- Proxy Server—Select a list of proxy servers already configured in GigaVUE-FM. For more information on adding the proxy servers before configuring the AWS connection, refer to Configure Proxy Server
- Add Proxy Server—Add a new Proxy Server. For more information, refer to Configure Proxy Server.
- Click Save. The AWS Fabric Launch Configuration page appears.
