FAQs - Secure Communication between GigaVUE Fabric Components

This section addresses frequently asked questions about Secure Communication between GigaVUE Fabric Components and GigaVUE-FM. Refer to Secure Communication between GigaVUE Fabric Components section for more details.

1. Is there a change in the upgrade process for GigaVUE-FM and GigaVUE V Series Node?

   There are no modifications to the behavior across any of the upgrade paths. You may proceed with upgrades without the necessity for any additional steps. Upon upgrading the nodes, the corresponding certificates will be deployed in accordance with the respective node versions.

   GigaVUE-FM	GigaVUE V Series Nodes	Custom Certificates Selected (Y/N)	Actual Node Certificate
   6.10	6.10	Y	GigaVUE-FM PKI Signed Certificate
   6.10	6.9 or earlier	Y	Custom Certificate
   6.10	6.9 or earlier	N	Self Signed Certificate

2. What is the new authentication type used between GigaVUE-FM and the GigaVUE Fabric Components? Is backward compatibility supported?

   Backward compatibility is supported, ensuring that fabric components running on version 6.9 or earlier remain compatible with GigaVUE-FM 6.10. The following authentication types are supported across different versions.

   GigaVUE-FM	GigaVUE Fabric Components	Authentication
   6.10	6.10	Tokens + mTLS Authentication (Secure Communication)
   6.10	6.9 or earlier	User Name and Password

3. What are the new ports that must be added to the security groups?

   The following table lists the ports numbers that needs to be opened for the respective fabric components.

   Component	Port
   GigaVUE-FM	9600
   GigaVUE V Series Node	80
   GigaVUE V Series Proxy	8300, 80
   UCT-V Controller	8300, 80
   UCT-V	8301, 8892, 9902 For more details, refer to Prerequisites for AWS.

4. Are there any changes to the registration process for deploying the fabric components using Third Party Orchestration?

   Starting from version 6.10, you must place tokens in the gigamon-cloud.conf file instead of username and password. To generate the token in GigaVUE-FM, go to Settings > Authentication > User Management > Token. Refer to Configure Tokens for Third Party Orchestration for more details.

   Example Registration Data for UCT-V:

   Copy

   #cloud-config
    write_files:
    - path: /etc/gigamon-cloud.conf
      owner: root:root
      permissions: '0644'
      content: |
        Registration:
           groupName: <Monitoring Domain Name>
           subGroupName: <Connection Name>
           token: <Token>
           remoteIP: <IP address of the UCT-V Controller 1, <IP address of the UCT-V Controller 2>
           sourceIP: <IP address of UCT-V> (Optional Field)

5. Are there any changes to the UCT-V manual installation and upgrade process?

   Starting from version 6.10, you must add tokens during manual installation and upgrades. You must create a configuration file named gigamon-cloud.conf with the token and place it in the /tmp directory during UCT-V installation or after installing UCT-V you can add the configuration file in the /etc directory.

   Note:  UCT-V will not be added to GigaVUE-FM without this token.

6. Can you use your own PKI infrastructure to issue certificates for the Fabric Components?

   Integrating your Public Key Infrastructure (PKI) with GigaVUE-FM is not feasible. However, you can provide your Intermediate Certificate Authority (CA) to sign the node certificate.

7. What happens to the existing custom certificates introduced in the 6.3 release?

   ■

   The custom certificate feature is not supported for the fabric components with version 6.10 or higher, even if a custom certificate is selected in the Monitoring Domain. However, this feature remains available for older versions.

   ■

   When a fabric component with version 6.9 or earlier with custom certificates upgrades to version 6.10, new fabric components will be launched with certificates signed by the GigaVUE‑FM, and custom certificates will no longer be used in fabric components with version 6.10 or above versions.

   ■

   When GigaVUE-FM is running on version 6.10 and deploying fabric components with version 6.9 or earlier, selecting a custom certificate ensures that the fabric components are deployed with the specified custom certificates.

8. How to issue certificates after upgrading the fabric components to 6.10?

   When the upgrade process begins, GigaVUE-FM will transmit the certificate specifications to the new fabric components using the launch script. The fabric components will then utilize these specifications to generate its own certificate.

9. Is secure communication supported in FMHA deployment?

   Yes, it is supported. However, you must follow a few manual steps before upgrading the fabric components to 6.10. Refer to Configure Secure Communication between Fabric Components in FMHA for more details.

Note:  This step is essential exclusively if you are using cloud deployments in FMHA mode and need to deploy or upgrade the fabric components to version 6.10 or later.