Configure GigaVUE Fabric Components in GCP

This section provides step-by-step information on how to register GigaVUE fabric components using Google Cloud Platform (GCP) or a configuration file.

Minimum Requirements

The following table lists the minimum requirements for deploying the fabric components:

Fabric Component Machine type
GigaVUE V Series Node
  • c2-standard-4 for 2 interfaces
  • c2-standard-8 for 3 interfaces
GigaVUE V Series Proxy e2-micro
G-vTAP Controller e2-micro

Keep in mind the following when deploying the fabric components using GCP:

  • Ensure that the Traffic Acquisition Tunnel MTU is set to the default value of 1450. To edit the Traffic Acquisition Tunnel MTU, select the monitoring domain and click on the Edit Monitoring Domain option. Enter the Traffic Acquisition Tunnel MTU value and click Save.
  • For successful registration of fabric components, firewall rules must be configured to open ports 443 and 8891. Refer to Use VPC firewall rules topic in GCP documentation for more detailed information on how to configure firewall rules.
  • When you deploy the fabric components using third party orchestration, you cannot delete the monitoring domain without unregistering the registered fabric components.
  • You can also create a monitoring domain under Third Party Orchestration and provide the monitoring domain name and the connection name as groupName and subGroupName in the registration data. Refer to Create Monitoring Domain for more detailed information on how to create monitoring domain under third party orchestration.
  • User and Password provided in the registration data must be configured in the User Management page. Refer to Configure Role-Based Access for Third Party Orchestration for more detailed information. Enter the UserName and Password created in the Add Users Section.
  • When launching an instance, if you wish to access the instance using a private key, you will have add the key to the ssh key. The default password is gigamon.
  • You can also upload custom certificates to GigaVUE V Series Nodes, , GigaVUE V Series Proxy, and G-vTAP Controller using your own cloud platform when deploying the fabric components. Refer to Install Custom Certificate for more detailed information.

In your GCP, you can configure the following GigaVUE fabric components:

Configure G-vTAP Controller in GCP

You can configure more than one G-vTAP Controller in a monitoring domain.

To register G-vTAP Controller in GCP, use any one of the following methods:

Register G-vTAP Controller during Instance Launch

In your GCP, to launch the G-vTAP Controller and to register G-vTAP Controller using custom metadata, follow the steps given below:

  1. On the VM instances page of Google Cloud Platform, click Create instances . For detailed information, refer to Create and Start instance topic in GCP Documentation.

  2. Under the Metadata tab, enter the key as user-data and in the value field enter the below mentioned text in the following format and deploy the instance. The G-vTAP Controller uses this Custom Metadata to generate config file (/etc/gigamon-cloud.conf) used to register with GigaVUE-FM.

    Field

    User Data

    User data without custom certificate

    Copy
    #cloud-config
     write_files:
     - path: /etc/gigamon-cloud.conf
       owner: root:root
       permissions: '0644'
       content: |
         Registration:
            groupName: <Monitoring Domain Name>
            subGroupName: <Connection Name>
            user: <Username>
            password: <Password>
            remoteIP: <IP address of the GigaVUE-FM>
            remotePort: 443

    User data with custom certificate

    Copy
    #cloud-config
     write_files:
     - path: /etc/cntlr-cert.conf
       owner: root:root
       permissions: "0644"
       content: |
          -----BEGIN CERTIFICATE-----
          <certificate content>
          -----END CERTIFICATE-----
     - path: /etc/cntlr-key.conf
       owner: root:root
       permissions: "400"
       content: |
          -----BEGIN PRIVATE KEY-----
          <private key content>
          -----END PRIVATE KEY-----
     - path: /etc/gigamon-cloud.conf
       owner: root:root
       permissions: '0644'
       content: |
         Registration:
             groupName: <Monitoring Domain Name>
             subGroupName: <Connection Name>
             user: <Username>
             password: <Password>
             remoteIP: <IP address of the GigaVUE-FM>
             remotePort: 443

Register G-vTAP Controller after Instance Launch

To register G-vTAP Controller after launching a Virtual Machine using a configuration file, follow the steps given below:

  1. Log in to the G-vTAP Controller.
  2. Create a local configuration file (/etc/gigamon-cloud.conf) and enter the following user data:
     
    Copy
    Registration:
        groupName: <Monitoring Domain Name>
        subGroupName: <Connection Name>
        user: <Username>
        password: <Password>
        remoteIP: <IP address of the GigaVUE-FM>
        remotePort: 443
  3. Restart the G-vTAP Controller service.
    $ sudo service gvtap-cntlr restart
  • Note:  User and Password must be configured in the User Management page. Refer to Configure Role-Based Access for Third Party Orchestrationfor Third Party Orchestration for more detailed information. Enter the UserName and Password created in the Add Users Section.

  • The deployed G-vTAP Controller registers with the GigaVUE-FM. After successful registration the G-vTAP Controller sends heartbeat messages to GigaVUE-FM every 30 seconds. If one heartbeat is missing ,the fabric node status appears as 'Unhealthy'. If more than five heartbeats fail to reach GigaVUE-FM, GigaVUE‑FM tries to reach the G-vTAP Controller and if that fails as well then GigaVUE‑FM unregisters the G-vTAP Controller and it will be removed from GigaVUE‑FM.

    The G-vTAP Controller deployed in GCP appears on the Third Party Orchestration Monitoring Domain page of GigaVUE-FM.

    Configure G-vTAP Agent in GCP

    Note:  Deployment of GigaVUE fabric components through a third-party orchestrator is supported on Linux and Windows platforms.

    Note:  You can configure more than one G-vTAP Controller for a G-vTAP Agent, so that if one G-vTAP Controller goes down, the G-vTAP Agent registration will happen through another Controller that is active.

    When using a windows G-vTAP Agent follow the steps given below installing the Windows G-vTAP Agent:

    1. Deploy Windows server in GCP. Refer to Create a Windows Server VM instance in Compute Engine topic in Google documentation for step by step instructions.
    2. After creating the windows server, follow the instruction in the Connect to the VM instance by using RDP section of Set up Chrome Remote Desktop for Windows on Compute Engine topic in the GCP documentation.
    3. Download G-vTAP Agent build in your desktop and copy it to RDP session.
    4. Turn off the Windows Firewall Defender. Then, install the Windows Agent refer to Windows G-vTAP Agent Installation for step-by-step instructions on how to install Windows Agent.

    To register G-vTAP Agent in GCP, use any one of the following methods.

    Register G-vTAP Agent during Instance Launch

    G-vTAP Agent should be registered via the registered G-vTAP Controller and communicates through PORT 8891.

    Note:  Registering G-vTAP Agent during Virtual Machine Launch is not applicable for Windows Agents. You can register your Windows Agents after launching the Virtual machine, using a configuration file.

    In your GCP, to launch the instance and register the G-vTAP Agent using Custom Metadata, follow the steps given below:

    1. On the VM instances page of Google Cloud Platform, click Create instances . For detailed information, refer to Create and Start instance topic in GCP Documentation.
    2. Under the Metadata tab, enter the key as user-data and in the value field enter the below mentioned text in the following format and deploy the instance. The G-vTAP Agent uses this Custom Metadata to generate config file (/etc/gigamon-cloud.conf) used to register with GigaVUE-FM.
      Copy
      #cloud-config
       write_files:
       - path: /etc/gigamon-cloud.conf
         owner: root:root
         permissions: '0644'
         content: |
           Registration:
               groupName: <Monitoring Domain Name>
               subGroupName: <Connection Name>
               user: <Username>
               password: <Password>
               remoteIP: <IP address of the G-vTAP Controller 1>, <IP address of the G-vTAP Controller 2>
               remotePort: 8891

    Register G-vTAP Agent after Instance Launch

    To register G-vTAP Agent after launching a Virtual Machine using a configuration file, follow the steps given below:

    1. Install the G-vTAP Agent in the Linux or Windows platform. For detailed instructions, refer to Linux G-vTAP Agent Installation and Windows G-vTAP Agent Installation.

    2. Log in to the G-vTAP Agent.
    3. Create a local configuration file and enter the following user data.
      • /etc/gigamon-cloud.conf is the local configuration file in Linux platform.
      • C:\ProgramData\gvtap-agent\gigamon-cloud.conf is the local configuration file in Windows platform.

      Copy
      Registration:
          groupName: <Monitoring Domain Name>
          subGroupName: <Connection Name>
          user: <Username>
          password: <Password>
          remoteIP: <IP address of the G-vTAP Controller 1>, <IP address of the G-vTAP Controller 2>
          remotePort: 8891

      Note:   User and Password must be configured in the User Management page. Refer to Configure Role-Based Access for Third Party Orchestrationfor Third Party Orchestration for more detailed information. Enter the UserName and Password created in the Add Users Section.

    4. Restart the G-vTAP Agent service.
      • Linux platform:
        $ sudo service gvtap-agent restart
      • Windows platform: Restart from the Task Manager.

    The deployed G-vTAP Agent registers with the GigaVUE-FM through the G-vTAP Controller. After successful registration the G-vTAP Agent sends heartbeat messages to GigaVUE-FM every 30 seconds. If one heartbeat is missing, G-vTAP Agent status appears as 'Unhealthy'. If more than five heartbeats fail to reach GigaVUE-FM, GigaVUE‑FM tries to reach the G-vTAP Agent and if that fails as well then GigaVUE‑FM unregisters the G-vTAP Agent and it will be removed from GigaVUE‑FM.

    Configure GigaVUE V Series Nodes and V Series Proxy in GCP

    Note:  It is not mandatory to register GigaVUE V Series Nodes via V Series proxy however, if there is a large number of nodes connected to GigaVUE-FM or if the user does not wish to reveal the IP addresses of the nodes, then you can register your nodes using GigaVUE V Series Proxy. In this case, GigaVUE-FM communicates with GigaVUE V Series Proxy to manage the GigaVUE V Series Nodes.

    To register GigaVUE V Series Node and GigaVUE V Series Proxy in GCP, use any one of the following methods.

    Register GigaVUE V Series Node and GigaVUE V Series Proxy during Instance Launch

    1. On the VM instances page of Google Cloud Platform, click Create instances . For detailed information, refer to Create and Start instance topic in GCP Documentation.

    2. Under the Metadata tab, enter the key as user-data and in the value field enter the below mentioned text in the following format and deploy the instance. The G-vTAP Agent uses this Custom Metadata to generate config file (/etc/gigamon-cloud.conf) used to register with GigaVUE-FM.

      Field

      User Data

      User data without custom certificate

      Copy
      #cloud-config
       write_files:
       - path: /etc/gigamon-cloud.conf
         owner: root:root
         permissions: '0644'
         content: |
           Registration:
              groupName: <Monitoring Domain Name>
              subGroupName: <Connection Name>
              user: <Username>
              password: <Password>
              remoteIP: <IP address of the GigaVUE-FM> or <IP address of the Proxy>
              remotePort: 443

      User data with custom certificate

      Copy
      #cloud-config
       write_files:
       - path: /etc/cntlr-cert.conf
         owner: root:root
         permissions: "0644"
         content: |
            -----BEGIN CERTIFICATE-----
            <certificate content>
            -----END CERTIFICATE-----
       - path: /etc/cntlr-key.conf
         owner: root:root
         permissions: "400"
         content: |
            -----BEGIN PRIVATE KEY-----
            <private key content>
            -----END PRIVATE KEY-----
       - path: /etc/gigamon-cloud.conf
         owner: root:root
         permissions: '0644'
         content: |
           Registration:
               groupName: <Monitoring Domain Name>
               subGroupName: <Connection Name>
               user: <Username>
               password: <Password>
               remoteIP: <IP address of the GigaVUE-FM> or <IP address of the Proxy>
               remotePort: 443
      • You can register your GigaVUE V Series Nodes directly with GigaVUE‑FM or you can use V Series proxy to register your GigaVUE V Series Nodes with GigaVUE‑FM. If you wish to register GigaVUE V Series Nodes directly, enter the remotePort value as 443 and the remoteIP as <IP address of the GigaVUE‑FM> or if you wish to deploy GigaVUE V Series Nodes using V Series proxy then, enter the remotePort value as 8891 and remoteIP as <IP address of the Proxy>.
      • User and Password must be configured in the User Management page. Refer to Configure Role-Based Access for Third Party Orchestrationfor Third Party Orchestration for more detailed information. Enter the UserName and Password created in the Add Users Section.

    Register GigaVUE V Series Node and GigaVUE V SeriesProxy after Instance Launch

    To register GigaVUE V Series Node and GigaVUE V Series Proxy after launching the virtual machine using a configuration file, follow the steps given below:

    1. Log in to the GigaVUE V Series Node or Proxy.
    2. Create a local configuration file (/etc/gigamon-cloud.conf) and enter the following user data.
      Copy
      Registration:
          groupName: <Monitoring Domain Name>
          subGroupName: <Connection Name>
          user: <Username>
          password: <Password>
          remoteIP: <IP address of the GigaVUE-FM> or <IP address of the Proxy>
          remotePort: 443
      • You can register your GigaVUE V Series Nodes directly with GigaVUE‑FM or you can use V Series proxy to register your GigaVUE V Series Nodes with GigaVUE‑FM. If you wish to register GigaVUE V Series Nodes directly, enter the remotePort value as 443 and the remoteIP as <IP address of the GigaVUE‑FM> or if you wish to deploy GigaVUE V Series Nodes using V Series proxy then, enter the remotePort value as 8891 and remoteIP as <IP address of the Proxy>.
      • User and Password must be configured in the User Management page. Refer to Configure Role-Based Access for Third Party Orchestrationfor Third Party Orchestration for more detailed information. Enter the UserName and Password created in the Add Users Section.
    3. Restart the GigaVUE V Series node or proxy service. 
      • V Series node:
        $ sudo service vseries-node restart
      • V Series proxy:
        $ sudo service vps restart

    The deployed GigaVUE V Series proxy registers with the GigaVUE-FM. After successful registration theGigaVUE V Series proxy sends heartbeat messages to GigaVUE-FM every 30 seconds. If one heartbeat is missing, the fabric node status appears as 'Unhealthy'. If more than five heartbeats fail to reach GigaVUE-FM, GigaVUE‑FM tries to reach the GigaVUE V Series proxy and if that fails as well then GigaVUE‑FM unregisters theGigaVUE V Series proxy and it will be removed from GigaVUE‑FM.

    Note:  When the GigaVUE V Series Node is stopped or terminated from the GCP, it does not send any unregistration request and GigaVUE-FM will unregister the V Series Node soon after.

    Keep in mind the following when upgrading the GigaVUE-FM to 6.1.00 (when using third party orchestration to deploy fabric components):

    When upgrading GigaVUE-FM to any version higher than 6.0.00 and if the GigaVUE V Series Nodes version deployed in that GigaVUE-FM are lower than or equal to 6.0.00, then for the seamless flow of traffic, GigaVUE-FM automatically creates Users and Roles in GigaVUE-FM with the required permission. The username would be orchestration and the password would be orchestration123A! for the user created in GigaVUE-FM. Ensure that there is no existing user in GigaVUE-FM, with the username orchestration.

    It is recommended to change the password in the Users page, once the upgrade is complete. Refer to Configure Role-Based Access for Third Party Orchestration for detailed steps on how to change password in the user page.