Configure and Deploy GigaVUE Fabric Components in GigaVUE-FM

After configuring the Monitoring Domain, you will be navigated to the AWS Fabric Launch Configuration page.

In the AWS Fabric Launch Configuration page, you can configure the following fabric components:

In the AWS Fabric Launch Configuration page, enter or select the required information as described in the following table.

Fields

Description

Centralized VPC

Alias of the centralized VPC in which the G-vTAP Controllers, V Series Proxies and the GigaVUE V Series Nodes are launched.

EBS Volume Type

The Elastic Block Store (EBS) volume that you can attach to the fabric components. The available options are:

■   gp2 (General Purpose SSD)
■   io1 (Provisioned IOPS SSD)
■   Standard (Magnetic)

Enable Encryption

Select Yes to enable encryption or select No to disable encryption.

On selecting Yes to enable encryption, a KMS Key field appears. Enter the KMS key for the encryption.

SSH Key Pair

The SSH key pair for the GigaVUE fabric nodes. For more information on Key Pairs, refer toKey Pair .

Management Subnet

The subnet that is used for communication between the controllers and the nodes, as well as to communicate with GigaVUE-FM.

This is a required field.

Security Groups

The security group created for the GigaVUE fabric nodes. For more information on security groups, refer to Security Group

Enable Custom Certificates

Enable this option to validate the custom certificate during SSL Communication. GigaVUE-FM validates the Custom certificate with the trust store. If the certificate is not available in Trust Store, communication does not happen, and an handshake error occurs.

Note:  If the certificate expires after the successful deployment of the fabric components, then the fabric components moves to failed state.

Certificate

Select the custom certificate from the drop-down menu. You can also upload the custom certificate for GigaVUE V Series Nodes, GigaVUE V Series Proxy, and G-vTAP Controllers. For more detailed information, refer to Install Custom Certificate.

Configure G-vTAP Controller

A G-vTAP Controller manages multiple G-vTAP Agents and orchestrates the flow of mirrored traffic to GigaVUE V Series Nodes. While configuring the G-vTAP Controllers, you can also specify the tunnel type to be used for carrying the mirrored traffic from the G-vTAP Agents to the GigaVUE V Series Nodes.

  • G-vTAP Controller configuration is not applicable for VPC Traffic Mirroring and Customer Orchestrated source as the traffic acquisition method.
  • A G-vTAP Controller can only manage G-vTAP Agents of the same version.

Select Yes for the Configure a G-vTAP Controller field.

Enter or select the required information in the G-vTAP Controller section as described in the following table.

Fields

Description

Controller Version

The G-vTAP Controller version. If there are multiple versions of G-vTAP Agents deployed in the EC2 instances, then you must configure multiple versions of G-vTAP Controllers that matches the version numbers of the G-vTAP Agents.

Note:  If there is a version mismatch between G-vTAP Controllers and G-vTAP Agents, GigaVUE-FM cannot detect the agents in the instances.

Click Add to add multiple versions of G-vTAP Controllers: Under Controller Versions, click Add.

a. From the Version drop-down list, select a G-vTAP Controller image that matches with the version number of G-vTAP Agents installed in the instances.
b. From the Instance Type drop-down list, select a size for the G-vTAP Controller.
c. In Number of Instances, specify the number of G-vTAP Controllers to launch. The minimum number you can specify is 1.

Agent Tunnel Type

The type of tunnel used for sending the traffic from G-vTAP Agents to GigaVUE V Series Nodes. The options are GRE or VXLAN tunnels. If any Windows agents co-exist with Linux agents, VXLAN must be selected.

IP Address Type

The IP address type. Select one of the following:

■   Select Private if you want to assign an IP address that is not reachable over Internet. You can use private IP address for communication between the G-vTAP Controller and GigaVUE-FM.
■   Select Public if you want the IP address to be assigned from Amazon’s pool of public IP address. The public IP address gets changed every time the instance is stopped and restarted.
■   Select Elastic if you want a static public IP address for your instance. Ensure to have the available elastic IP address in your VPC.

Note:  The elastic IP address does not change when you stop or start the instance.

Additional Subnet(s)

(Optional) If there are G-vTAP Agents on subnets that are not IP routable from the management subnet, additional subnets must be specified so that the G-vTAP Controller can communicate with all the G-vTAP Agents.

Click Add to specify additional subnets, if needed. Also, make sure that you specify a list of security groups for each additional subnet.

Tag(s)

(Optional) The key name and value that helps to identify the G-vTAP Controller instances in your AWS environment. For example, you might have G-vTAP Controllers deployed in a VPC. To identify the G-vTAP Controllers you can provide a name that is easy to identify such as us-west-2-gvtap-controllers.

To add a tag,

a. Click Add tag.
b. In the Key field, enter the key. For example, enter Name.
c. In the Value field, enter the key value. For example, us-west-2-gvtap-controllers.

Configure GigaVUE V Series Proxy

Select Yes for the Configure a GigaVUE V Series Proxy field. GigaVUE V Series Proxy is optional for the GigaVUE Cloud Suite for AWS.

Enter or select the appropriate information as described in the following table for GigaVUE V Series Proxy Configuration.

Fields

Description

Version

GigaVUE V Series Proxy version.

Instance Type

Instance type for the GigaVUE V Series Proxy. The recommended minimum instance type is t2.micro.

You can review and modify the number of instances for the nitro-based instance types in the Configure AWS Settings page.

Number of Instances

Number of GigaVUE V Series Proxy to deploy in the monitoring domain.

Set Management Subnet

Use the toggle button to select a management subnet.

  • Yes to use the management subnet that you selected previously.
  • No to use another management subnet.

Set Security Groups

Toggle option to Yes to set the security group that is created for the GigaVUE V Series Proxy. Refer to Security Group for more details.

IP Address Type

Select one of the following IP address types:

■  Select Private if you want to assign an IP address that is not reachable over Internet. You can use private IP address for communication between the GigaVUE V Series Proxy and GigaVUE-FM instances in the same network.
■  Select Public if you want the IP address to be assigned from Amazon’s pool of public IP address. The public IP address gets changed every time the instance is stopped and restarted.
■  Select Elastic if you want a static IP address for your instance. Ensure to have the available elastic IP address in your VPC.

The elastic IP address does not change when you stop or start the instance.

Additional Subnets

(Optional) If there are GigaVUE V Series Nodes on subnets that are not IP routable from the management subnet, additional subnets must be specified so that the GigaVUE V Series Proxy can communicate with all the GigaVUE V Series Nodes.

Click Add to specify additional subnets, if needed. Also, make sure that you specify a list of security groups for each additional subnet.

Tags

(Optional) The key name and value that helps to identify the GigaVUE V Series Proxy instances in your AWS environment.

Configure GigaVUE V Series Node



Enter or select appropriate information as described in the following table for GigaVUE V Series Node Configuration.

Fields

Description

Version

GigaVUE V Series Node version.

Instance Type

The instance type for the GigaVUE V Series Node. The default instance type is nitro-based t3a.xlarge. The recommended instance type is c5n.xlarge for 4 vCPU and c5n.2xlarge for 8vcpu.

You can review and modify the number of instances for the nitro-based instance types in the Configure AWS Settings page.

Note:  The GigaVUE V Series 2 Node does not support non-nitro-based instance types.

Volume Size

The size of the storage disk. The default volume size is 8. The recommended volume size is 80.

Note:   When using Application Metadata Exporter, the minimum recommended Volume Size is 80GB.

IP Address Type

Select one of the following IP address types:

■  Select Private if you want to assign an IP address that is not reachable over Internet. You can use private IP address for communication between the GigaVUE V Series Controller and GigaVUE-FM instances in the same network.
■  Select Elastic if you want a static IP address for your instance. Ensure to have the available elastic IP address in your VPC.

The elastic IP address does not change when you stop or start the instance.

Min Number of Instances

The minimum number of GigaVUE V Series Nodes that must be deployed in the monitoring domain.

The minimum number of instances must be 1. When 0 is entered, no GigaVUE V Series Node is launched.

Note:  If the minimum number of instances is set as ‘0’, then the nodes will be launched when a monitoring session is deployed if GigaVUE-FM discovers some targets to monitor.

Max Number of Instances

The maximum number of GigaVUE V Series Nodes that can be deployed in the monitoring domain.

Data Subnets

The subnet that receives the mirrored GRE or VXLAN tunnel traffic from the G-vTAP Agents.

Note:  Using the Tool Subnet checkbox you can indicate the subnets to be used by theGigaVUE V Series to egress the aggregated/manipulated traffic to the tools.

Tags

(Optional) The key name and value that helps to identify the GigaVUE V Series Node instances in your AWS environment. For example, you might have GigaVUE V Series Node deployed in many regions. To distinguish these GigaVUE V Series Node based on the regions, you can provide a name that is easy to identify such as us-west-2-vseries. To add a tag:

  1. Click Add tag.
  2. In the Key field, enter the key. For example, enter Name.
  3. In the Value field, enter the key value. For example, us-west-2-vseries.

Click Save to save the AWS Fabric Launch Configuration.

To view the fabric launch configuration specification of a fabric node, click on a fabric node or proxy, and a quick view of the Fabric Launch Configuration appears on the Monitoring Domain page.