Prerequisites

Refer to the following topics for details:

AWS Security Credentials

To establish the initial connection between GigaVUE-FM and AWS, you will require the security credentials for AWS. These credentials are necessary to verify your identity and determine whether you have authorization to access the resources you are requesting. AWS employs these security credentials to authenticate and authorize your requests.

You need one of the following security credentials:

  • Identity and Access Management (IAM) role— If GigaVUE-FM is running within AWS, it is recommended to use an IAM role. By using an IAM role, you can securely make API requests from the instances. Create an IAM role and ensure that the permissions and policies listed in Permissions and Privileges are associated to the role and also ensure that you are using Customer Managed Policies or Inline Policies.
  • Access Keys—If GigaVUE-FM is configured in the enterprise data center, then you must use the access keys or basic credentials to connect to the VPC. Basic credentials allow full access to all the resources in your AWS account. An access key consists of an access key ID and a secret access key. For detailed instructions on creating access keys, refer to the AWS documentation on Managing Access Keys for Your AWS Account.

    Note:  To obtain the IAM role or access keys, contact your AWS administrator.

You cannot launch the GigaVUE-FM instance from the EC2 dashboard without having one of these security credentials. If you are launching the GigaVUE-FM instance from the AWS Marketplace, you need to have only the IAM roles.

IMPORTANT:

  • It is recommended to deploy the GigaVUE-FM on the AWS to manage AWS workload.
  • If the GigaVUE-FM is deployed outside of the AWS, then the GigaVUE-FM encrypts and stores the access key and the secret key in its database.
  • Always attach an IAM role to the instance running GigaVUE-FM in AWS to connect it to your AWS account.

Amazon VPC

You must have a Amazon Virtual Private Cloud (VPC) to launch GigaVUE components into your virtual network.

Note:  To create a VPC, refer to Create a VPC topic in the AWS Documentation.

Your VPC must have the following elements to configure the GigaVUE Cloud Suite for AWS components:

Subnet for VPC

Security Group

When you launch GigaVUE‑FM, GigaVUE V Series Proxies, GigaVUE V Series Nodes, and G-vTAP Controllers in your project, a security group can be utilized to define virtual firewall rules for your instance, which in turn regulates inbound and outbound traffic. You can add rules to manage inbound traffic to instances, and a distinct set of rules to control outbound traffic.

It is recommended to create a separate security group for each component using the rules and port numbers listed in the following table.

The following table lists the Network Firewall Requirements for GigaVUE V Series V Series 2 Node deployment.

Direction

Type

Protocol

Port

CIDR

Purpose

GigaVUE‑FM

Inbound

HTTPS
SSH

TCP

443
22

Administrator Subnet

Management connection to GigaVUE‑FM

Inbound

Custom TCP Rule

TCP

5671

V Series 2 Node IP

Allows GigaVUE V Series 2 Nodes to send traffic health updates to GigaVUE‑FM

Outbound

Custom TCP Rule

TCP(6)

9900

GigaVUE‑FM IP

Allows G-vTAP Controller to communicate with GigaVUE‑FM

Outbound (optional)

Custom TCP Rule

TCP

8890

V Series Proxy IP

Allows GigaVUE‑FM to communicate with V Series Proxy

Outbound

Custom TCP Rule

TCP

8889

V Series 2 Node IP

Allows GigaVUE‑FM to communicate with GigaVUE V Series node

G-vTAP Controller

Inbound

Custom TCP Rule

TCP(6)

9900

GigaVUE‑FM IP

Allows G-vTAP Controller to communicate with GigaVUE‑FM

Inbound

(This is the port used for Third Party Orchestration)

Custom TCP Rule

TCP(6)

8891

G-vTAP Agent or Subnet IP

Allows G-vTAP Controller to communicate the registration requests from G-vTAP Agent.

Outbound

(This is the port used for Third Party Orchestration)

Custom TCP Rule

TCP(6)

443

GigaVUE‑FM IP

Allows G-vTAP Controller to communicate the registration requests to GigaVUE-FM

Outbound

Custom TCP Rule

TCP(6)

9901

G-vTAP Controller IP

Allows G-vTAP Controller to communicate with G-vTAP Agents

G-vTAP Agent

Inbound

Custom TCP Rule

TCP(6)

9901

G-vTAP Controller IP

Allows G-vTAP Agents to communicate with G-vTAP Controller

Outbound

(This is the port used for Third Party Orchestration)

Custom TCP Rule

TCP(6)

8891

G-vTAP Agent or Subnet IP

Allows G-vTAP Agent to communicate with G-vTAP Controller for registration and Heartbeat

Outbound

UDP
IP
UDP (VXLAN)
IP Protocol (L2GRE)

VXLAN (default 4789)

G-vTAP Agent or Subnet IP

Allows G-vTAP Agents to (VXLAN/L2GRE) tunnel traffic to V Series nodes

GigaVUE V Series V Series Proxy (optional)

Inbound

Custom TCP Rule

TCP

8890

GigaVUE‑FM IP

Allows GigaVUE‑FM  to communicate with V Series Proxy

Outbound

Custom TCP Rule

TCP

8889

V Series 2 node IP

Allows V Series Proxy to communicate with V Series node

GigaVUE V Series V Series 2 Node

Inbound

Custom TCP Rule

TCP

8889

GigaVUE-FM IP
V Series Proxy IP

Allows V Series Proxy or GigaVUE-FM to communicate with V Series node

Inbound

UDP
IP
UDP (VXLAN)
IP Protocol (L2GRE)
VXLAN (default 4789)
L2GRE

G-vTAP Agent or Subnet IP

Allows G-vTAP Agents to (VXLAN/L2GRE) tunnel traffic to V Series nodes

Inbound

UDP

UDPGRE

4754

Ingress Tunnel

Allows to UDPGRE Tunnel to communicate and tunnel traffic to V Series nodes

Outbound

Custom TCP Rule

TCP

5671

GigaVUE-FM IP

Allows GigaVUE V Series Node to send traffic health updates to GigaVUE‑FM

Outbound

Custom UDP Rule

UDP (VXLAN)
IP Protocol (L2GRE)

VXLAN (default 4789)

Tool IP

Allows V Series node to communicate and tunnel traffic to the Tool

Outbound (optional)

ICMP

ICMP

echo request
echo reply

Tool IP

Allows V Series node to health check tunnel destination traffic

Key Pair

A key pair consists of a public key and a private key. When you define the specifications for the G-vTAP Controllers, GigaVUE V Series nodes, and GigaVUE V Series Proxy in your VPC, you must create a key pair and specify the name of this key pair.

To create a key pair, refer to Create a key pair using Amazon EC2 topic in the AWS Documentation.

Default Login Credentials

You can login to the GigaVUE V Series Node, GigaVUE V Series proxy, and G-vTAP Controller by using the default credentials.

Product

Login credentials

GigaVUE V Series Node

You can login to the GigaVUE V Series Node by using ssh. The default username and password is:

Username: gigamon

Password: Use the SSH key.

GigaVUE V Series proxy

You can login to the GigaVUE V Series proxy by using ssh. The default username and password is:

Username: gigamon

Password: Use the SSH key.

G-VTAP Controller

You can login to the GigaVUE V Series proxy by using ssh. The default username and password is:

Username: ubuntu

Password: Use the SSH key.