Create Monitoring Domain

Before configuring, you must establish a connection between GigaVUE‑FM and your Azure environment. A Monitoring Domain in GigaVUE‑FM allows you to define and manage this connection. Once established, GigaVUE‑FM can deploy and manage UCT-V Controllers, GigaVUE V Series Proxy, and GigaVUE V Series Nodes within your specified VNets and Resource Groups.

GigaVUE‑FM connects to Azure using either an Application ID and Client Secret (Service Principal) or the Managed Service Identity (MSI) authentication method.

To create an Azure monitoring domain in GigaVUE‑FM,

  1. Go to Inventory > VIRTUAL > Azure

  2. Select Monitoring Domain.

    The Monitoring Domain page appears.

  3. In the Monitoring Domain page, select New.

    The Azure Monitoring Domain Configuration wizard appears.

  4. Enter or select the appropriate information for the Monitoring Domain:

    • Monitoring Domain: An alias used to identify the monitoring domain.

    • Traffic Acquisition Method: Select one of the following Tapping methods:

      • UCT-V: If you select UCT-V as the tapping method, the traffic is acquired from the UCT-Vs installed on your standard VMs in the Resource Group or in the Scale Sets. Then, the acquired traffic is forwarded to the GigaVUE V Series nodes. You must configure the UCT-V Controller to monitor the UCT-Vs.

      • vTAP: If you select vTAP as the tapping method, traffic tapping is performed by the Azure platform and sent to the GigaVUE V Series Node. GigaVUE‑FM creates the necessary configurations in Azure to enable this.

      • Customer Orchestrated Source: If you select Customer Orchestrated Source as the tapping method, you can select the tunnel as a source where the traffic is directly tunneled to GigaVUE V Series nodes without deploying UCT-Vs or UCT-V Controllers.

        Note:  Select the Traffic Acquisition Method as Customer Orchestrated Source if you wish to use Application Metadata Exporter (AMX) application.

      • Inline: If you select this option, you can directly capture the inline traffic from the instances.

    • Traffic Acquisition Tunnel MTU: The Maximum Transmission Unit (MTU) is the maximum size of each packet that the tunnel endpoint can carry from the UCT-V to the GigaVUE V Series node.

      The default value is 1450.

      • When using IPv4 tunnels, the maximum MTU value is 1450. Ensure that the UCT-V tunnel MTU is 50 bytes less than the UCT-V destination interface MTU size.

      • When using IPv6 tunnels, the maximum MTU value is 1430. Ensure that the UCT-V tunnel MTU is 70 bytes less than the UCT-V destination interface MTU size.

    • Use FM to Launch Fabric: Select Yes to Configure GigaVUE Fabric Components in GigaVUE‑FM or select No to Configure GigaVUE Fabric Components in Azure.

    • Enable IPv6 Preference: Enable this option to create IPv6 tunnels between UCT-V and the GigaVUE V Series Nodes. This option appears only when Use FM to Launch Fabric is disabled and Traffic Acquisition Method is UCT-V.

    • Connections:

      • A Monitoring Domain can have multiple connections, however only one connection can have Managed Service Identity as the Credential.
      • The connections in a monitoring domain can be a combination of multiple Application ID with Client Secret (Service Principal) accounts, or one Managed Service Identity and multiple Application ID with Client Secret (Service Principal) accounts.
      • Each connection can have only one Subscription ID.

    • Name: An alias used to identify the connection.

    • Credential: Select an Azure credential. For details, refer to Create Azure Credentials.

    • Subscription ID: A unique alphanumeric string that identifies your Azure subscription.

    • Region: Azure region for the monitoring domain. For example, West India.

    • Resource Groups: Select the Resource Groups of the corresponding VMs to monitor.

      Note:  This field is only available if you select UCT-V as the Traffic Acquisition Method.

  5. Select Save.

    The Azure Fabric Launch Configuration wizard appears.

Notes:
■   Ensure that all V Series Nodes within a single Monitoring Domain are running the same version. Mixing different versions in the same Monitoring Domain may lead to inconsistencies when configuring Monitoring Session traffic elements.
■   Similarly, when upgrading a V Series Node, ensure that the GigaVUE‑FM version is the same or higher than the V Series Node version.
■   You can only view and delete the existing configuration for GigaVUE V Series Node 1. You cannot perform any other actions on the existing configuration for GigaVUE V Series Node 1 as the features are deprecated from GigaVUE-FM.

Check Permissions while Creating a Monitoring Domain

Note:  The Check Permissions feature is not available when the Traffic Acquisition Method is vTAP.

To check the permissions while creating a monitoring domain, follow these steps:

  1. Go to Inventory > VIRTUAL > Azure.
  2. Select Monitoring Domain. The Monitoring Domain page appears.
  3. Select New. The Monitoring Domain Configuration page appears.
  4. Enter the details as mentioned in the Create Monitoring Domain section.
  5. Select Check Permission. The Check Permissions widget opens.
  6. Select the connection for which you wish to check the required permissions and then click Next.
  7. Select the Permission Status tab to view the missing permissions. The PERMISSIONS tab lists the permissions required to run GigaVUE Cloud Suite for Azure.
  8. Make sure to include all the permissions with Access Status as 'Denied' in the IAM policy.

The IAM POLICY tab lists the sample policy containing the required permissions for deploying the GigaVUE Cloud Suite for Azure. You must update the Azure IAM policy with the missing permissions that are highlighted in the JSON. To recheck the IAM policy, go to the PERMISSIONS tab and selectthe Recheck button.

You can use the Copy button to copy the permissions to the clipboard. Also, you can use the Download button to download the permission in JSON format.

Note:  After updating the IAM Policy, it takes around 5 minutes for the changes to reflect on the Check Permissions screen.