Windows UCT-V Installation

Windows UCT-V allows you to select the network interfaces by subnet/CIDR and modify the corresponding monitoring permissions in the configuration file. This options helps you get granular control over the monitored and mirrored traffic.

Refer to the following sections for the Windows UCT-V installation:

Windows Network Firewall Requirements

If your environment uses network firewall rules or security groups, you must open specific ports for the virtual machine. For details, refer to Network Firewall Requirement for GigaVUE Cloud Suite.

Notes:
■   After installing UCT-V, ensure the following TCP ports are configured:
o   Port 8301 (Inbound)
o   Port 8300 (Outbound)
■   You can configure the ports using the following PowerShell commands. Make sure to run PowerShell as Administrator:
1.   New-NetFirewallRule -DisplayName "GigaVUE UCT-V (http01_challenge_port)" -Group "Virtual Tap" -Direction "Inbound" -Program "C:\Program Files (x86)\Uctv\step.exe" -LocalPort "8301" -Protocol "TCP" -Action
2. New-NetFirewallRule -DisplayName "GigaVUE UCT-V (pki_ra_port)" -Group "Virtual Tap" -Direction "Outbound" -Program "C:\Program Files (x86)\Uctv\uctvd.exe" -LocalPort "8300" -Protocol "TCP" -Action Allow

Install Windows UCT-Vs

Rules and Notes:

  • VXLAN is the only tunnel type supported for Windows UCT-V.

  • Loopback Interface is not supported for Windows UCT-V.

  • Before registering Windows UCT-V, generate a token and place it in the C:\ProgramData\uctv\gigamon-cloud.conf configuration file. Refer to Configure TokensConfigure TokensConfigure TokensConfigure Tokens.

You can install the UCT-Vs with MSI package using one of the following options:

■   Install Windows UCT-Vs using Installation Script
■   Install Windows UCT-Vs using Manual Configuration
The Windows UCT-V MSI is a self-contained package that includes all necessary dependencies. However, during set up, it automatically installs the following components:
■  Visual C++ Redistributable 2019 (x86)
■  Npcap (v1.81 OEM)

Before installing the Windows Agent, ensure that Npcap is not already present on the system. If an existing version of Npcap is present, uninstall it manually to avoid conflicts and ensure compatibility with the version bundled in the UCT-V.

Refer to the following sections for more detailed information and instructions.

Install Windows UCT-Vs using Installation Script

  1. Download the Windows UCT-V6.11.00 MSI package from the Gigamon Customer Portal. For assistance, contact Contact Technical Support.
  2. Install the downloaded MSI package as Administrator.
    The UCT-V service starts automatically.
  1. Use the command below to perform pre-check, adapter setup, adapter restore, and configuration functionalities.

    uctv-wizard

    Refer to the table below to know more about uctv-wizard command usage options and functionalities:

    Options

    Use Command

    Description

    pre-check

    uctv-wizard pre-check

    Checks the network adapter properties and firewall requirements. It notifies the user if the network adapter's send buffer size is smaller than the required size for the Windows UCT-V and if any firewall rules need to be added.

    Note:  We recommend to Increase the send buffer size of network adapters to 128 MB during the UCT-V installation to optimize performance and minimize traffic disruption.

    adapter-setup

    uctv-wizard adapter-setup

    Checks the compatible network adapters, increases the send buffer size and restarts the service. Before changing the buffer size, the existing configuration is saved as a backup.

    You can choose between the following:

    If you wish to skip the prompts for changing the buffer size of compatible network adapters, enter the option as y.
    Enter N if you wish to set it up manually. For details, refer to Windows UCT-V Installation.

    adapter-restore

    uctv-wizard adapter-restore

    Using this command, you can restore the backup copy of the network adapter buffer size configuration saved in the in the uctv-wizard adapter-setup step.

    Note:  You need to manually restart the network adapters for changes to take effect immediately.

    You can choose between the following:

    If you wish to skip the prompts for restoring the buffer size of the compatible network adapters, enter the option as y.
    Enter N if you wish to restore it manually. For details, refer to Windows UCT-V Installation.

    configure

    uctv-wizard configure

    First, it checks for any existing configured file in the tmp directory (file named gigamon-cloud.conf in the C:\Users\<username>\AppData\Local location). If available, UCT-V will use that configuration.

    If unavailable, UCT-V automatically adds the interface configuration in uctv.conf file, excluding the loopback (lo) interface, with all permissions enabled (source ingress, source egress, and destination).

    You can add the required policy for the available port if a firewall is installed.

    If you wish to skip the prompts to add the required firewall policy, enter your option as y. The console interface adds the firewall rules automatically.
    Enter N if you wish to configure manually. For details, refer to Windows UCT-V Installation.

    uninstall

    uctv-wizard uninstall

    Automatically stops the UCT-V service, removes the firewall rules, and uninstalls the UCT-V.

Notes:
■   The log messages generated from uctv-wizard are stored at /C:\ProgramData\uctv\uctv-installation.txt
■   Use the command below to know the usage descriptions for the individual operations.

uctv-wizard help

Windows UCT-V Installation Scenarios

  1. Zero Touch Installation: When using a cloud integrated script to deploy UCT-V in a virtual machine, zero interference is required as the script installs and configures everything automatically.
  2. One Touch Installation: When using a .msi package with all prerequisite packages in place, UCT-V determines that all dependencies are met. It performs auto-configuration and restarts the service.

Install Windows UCT-Vs using Manual Configuration

  1. Download the Windows UCT-V6.11.00 MSI package from the Gigamon Customer Portal. For assistance, contact Contact Technical Support.
  2. Install the downloaded MSI package as Administrator. The UCT-V service starts automatically.
  3. Modify the file C:\ProgramData\Uct-v\uctv.conf to configure and register the source and destination interfaces.

    Note:  When you have an active, successful monitoring session deployed, any changes to the UCT-V config file made after the initial setup require a UCT-V restart and an inventory refresh or sync from GigaVUE‑FM to pick up the new changes and re-initiate the traffic mirroring. GigaVUE‑FM does a periodic sync on its own every 15 minutes.


    Following are the rules to modify the UCT-V configuration file:
    • Interface is selected by matching its CIDR address with config entries.
    • For the VMs with single interface (.conf file modification is optional):
      • if neither mirror-src permissions is granted to the interface, both mirror-src-ingress and mirror-src-egress are granted to it.
      • mirror-dst is always granted implicitly to the interface.
    • For the VMs with multiple interfaces:
      • mirror-dst is granted explicitly in the config file. Only the first matched interface is selected for mirror-dst, all other matched interfaces are ignored.
      • if none interfaces is granted any mirror-src permission, all interfaces are granted mirror-src-ingress and mirror-src-egress.

    Example 1—Configuration example to monitor ingress and egress traffic at interface 192.168.1.0/24 and use the same interface to send out the mirrored packets.

    For IPv4:

    192.168.1.0/24  mirror-src-ingress mirror-src-egress mirror-dst

    For IPv6:

    2001:db8:abcd:ef01::/64 mirror-src-ingress mirror-src-egress mirror-dst

    Example 2—Configuration example to monitor ingress and egress traffic at interface 192.168.1.0/24 and use the interface 192.168.2.0/24 to send out the mirrored packets.

    For IPv4:

    192.168.1.0/24   mirror-src-ingress mirror-src-egress

    192.168.2.0/24   mirror-dst

    For IPv6:

    2001:db8:abcd:ef01::/64 mirror-src-ingress mirror-src-egress

    2001:db8:abcd:ef01::2/64 mirror-dst

  4. Save the file.
  5. Restart the Windows UCT-V using one of the following actions:
    • From the command prompt, run sc stop uctv and sc start uctv.
    • From the Windows Task Manager, restart the UCT-V.

You can verify the status of the UCT-V in the Service tab of the Windows Task Manager.

Note:  After installing UCT-V, refer to Deploy Fabric Components using Generic Mode for platform specific information to configure UCT-V using Third Party Orchestration.

Register Windows UCT-V

It is mandatory to create a cloud configuration file and add the token to authenticate the UCT-V package with GigaVUE‑FM. The token is required only for initial registration before generating the certificate. You can use the token only once and do not need to maintain. Refer below to register UCT-V in your virtual machine.

Third Party Orchestration: The third-party orchestration feature allows you to deploy UCT-V using your own orchestration system. UCT-V uses the information of user to register with GigaVUE‑FM.
UCT-V can register with GigaVUE‑FM using Third Party Orchestration in one of the following two modes:

Note:  If you have already configured gigamon-cloud.conf file in the directory (C:\Users\<username>\AppData\Local), you can directly use the uctv-wizard configure command (sudo uctv-wizard configure). This action automatically fetches the configuration file and complete the registration process.