FAQs - Secure Communication between GigaVUE Fabric Components

This section addresses frequently asked questions about Secure Communication between GigaVUE Fabric Components and GigaVUE-FM. Refer to Secure Communication between GigaVUE Fabric Components section for more details.

  1. Is there a change in the upgrade process for GigaVUE-FM and GigaVUE V Series Node?

    No. The upgrade process remains unchanged across all supported upgrade paths. You can upgrade your nodes without any additional steps. The upgrade results in the automatic deployment of the appropriate certificates based on the node versions

    GigaVUE-FM

    GigaVUE V Series Nodes

    Custom Certificates

    Selected (Y/N)

    Actual Node Certificate

    6.10

    6.10

    Y

    GigaVUE-FM PKI Signed Certificate

    6.10

    6.9 or earlier

    Y

    Custom Certificate

    6.10

    6.9 or earlier

    N

    Self-Signed Certificate

  2. What is the new authentication type used between GigaVUE-FM and the GigaVUE Fabric Components? Is backward compatibility supported?

    Backward compatibility is supported, ensuring that fabric components running on version 6.9 or earlier remain compatible with GigaVUE-FM 6.10. The following authentication types are supported across different versions:

    GigaVUE-FM

    GigaVUE Fabric Components

    Authentication

    6.10

    6.10

    Tokens + mTLS Authentication (Secure Communication)

    6.10

    6.9 or earlier

    User Name and Password

  3. What are the new ports that must be added to the security groups?

    The following table lists the port numbers that must be opened for the respective fabric components:

    Component

    Port

    GigaVUE-FM

    9600

    GigaVUE V Series Node

    80, 8892

    GigaVUE V Series Proxy

    8300, 80, 8892

    UCT-V Controller

    8300, 80

    UCT-V

    8301, 8892, 9902

    For more details, refer to Prerequisites for AWS.

  4. Is the registration process different for deploying the fabric components using Third-Party Orchestration?

    Yes. Beginning with version 6.10, you must use tokens in the gigamon-cloud.conf file instead of the username and password. To generate the token in GigaVUE-FM, go to Settings > Authentication > User Management > Token. For more details, refer to Configure Tokens.

    Example Registration Data for UCT-V:

    Copy 
    #cloud-config
     write_files:
     - path: /etc/gigamon-cloud.conf
       owner: root:root
       permissions: '0644'
       content: |
         Registration:
            groupName: <Monitoring Domain Name>
            subGroupName: <Connection Name>
            token: <Token>
            remoteIP: <IP address of the UCT-V Controller 1, <IP address of the UCT-V Controller 2>
            sourceIP: <IP address of UCT-V> (Optional Field)

  5. Are there any changes to the UCT-V manual installation and upgrade process?

    Starting from version 6.10, you must add tokens during manual installation and upgrades.

    • Create a configuration file named gigamon-cloud.conf with the token and place it in the /tmp directory during UCT-V installation

    • After installing UCT-V, you can add the configuration file in the /etc directory.

    Important! Without this token, UCT-V cannot register with GigaVUE-FM.

  6. Can I use my PKI infrastructure to issue certificates for the Fabric Components?

    Direct integration of your PKI with GigaVUE-FM is not supported. However, you can provide your Intermediate Certificate Authority (CA) to sign the node certificate.

  7. What happens to the existing custom certificates introduced in the 6.3 release?

    The custom certificate feature is not supported for the fabric components with version 6.10 or higher, even if a custom certificate is selected in the Monitoring Domain. However, this feature remains available for older versions.

    • When upgrading from version 6.9 or earlier with custom certificates upgrades to version 6.10, the system automatically generates and deploys certificates signed by GigaVUE‑FM.

    • If deploying version 6.9 or earlier components from a 6.10 GigaVUE‑FM, custom certificates are still applied.

  8. How to issue certificates after upgrading the fabric components to 6.10?

    When the upgrade process begins, GigaVUE-FM transmits the certificate specifications to the new fabric components using the launch script. The fabric components utilize these specifications to generate their own certificates.

  9. Is secure communication supported in FMHA deployment?

    Yes, it is supported. However, you must follow a few manual steps before upgrading the fabric components to 6.10. For details, refer to Configure Secure Communication between Fabric Components in FMHA.

Note:  This step is essential if you are using cloud deployments in FMHA mode and would like to deploy or upgrade the fabric components to version 6.10 or later.