Configure GigaVUE Fabric Components in GigaVUE-FM

After configuring the Monitoring Domain, you will be navigated to the AWS Fabric Launch Configuration page.

In the AWS Fabric Launch Configuration page, you can configure the following fabric components:

In the AWS Fabric Launch Configuration page, enter or select the required information as described in the following table.

Fields

Description

Centralized VPC

Alias of the centralized VPC in which the UCT-V Controllers, V Series Proxies and the GigaVUE V Series Nodes are launched.

EBS Volume Type

The Elastic Block Store (EBS) volume that you can attach to the fabric components. The available options are:

■   gp2 (General Purpose SSD)
■   io1 (Provisioned IOPS SSD)
■   Standard (Magnetic)

Enable Encryption

Select Yes to enable encryption or select No to disable encryption.

On selecting Yes to enable encryption, a KMS Key field appears. Enter the KMS key for the encryption.

SSH Key Pair

The SSH key pair for the GigaVUE fabric nodes. For more information on Key Pairs, refer to Key Pair.

Management Subnet

The subnet that is used for communication between the controllers and the nodes, as well as to communicate with GigaVUE-FM.

This is a required field.

Security Groups

The security group created for the GigaVUE fabric nodes. For more information on security groups, refer to Security Group

Enable Custom Certificates

Enable this option to validate the custom certificate during SSL Communication. GigaVUE-FM validates the Custom certificate with the trust store. If the certificate is not available in Trust Store, communication does not happen, and an handshake error occurs.

Note:  If the certificate expires after the successful deployment of the fabric components, then the fabric components moves to failed state.

Certificate

Select the custom certificate from the drop-down menu. You can also upload the custom certificate for GigaVUE V Series Nodes, GigaVUE V Series Proxy, and UCT-V Controllers. For more detailed information, refer to Install Custom Certificate.

Prefer IPv6

Enables IPv6 to deploy all the Fabric Controllers, and the tunnel between hypervisor to V Series node using IPv6 address. If the IPv6 address is unavailable, it uses an IPv4 address. This functionality is supported only in OVS Mirroring.

Configure UCT-V Controller

A UCT-V Controller manages multiple UCT-Vs and orchestrates the flow of mirrored traffic to GigaVUE V Series Nodes. While configuring the UCT-V Controllers, you can also specify the tunnel type to be used for carrying the mirrored traffic from the UCT-Vs to the GigaVUE V Series Nodes.

  • UCT-V Controller configuration is not applicable for VPC Traffic Mirroring selected as the traffic acquisition method.
  • A UCT-V Controller can only manage UCT-Vs of the same version.

Select Yes for the Configure a UCT-V Controller field.

Enter or select the required information in the UCT-V Controller section as described in the following table.

Fields

Description

Controller Version

The UCT-V Controller version. If there are multiple versions of UCT-Vs deployed in the EC2 instances, then you must configure multiple versions of UCT-V Controllers that matches the version numbers of the UCT-Vs.

Note:  If there is a version mismatch between UCT-V Controllers and UCT-Vs, GigaVUE-FM cannot detect the agents in the instances.

Click Add to add multiple versions of UCT-V Controllers: Under Controller Versions, click Add.

a. From the Version drop-down list, select a UCT-V Controller image that matches with the version number of UCT-Vs installed in the instances.
b. From the Instance Type drop-down list, select a size for the UCT-V Controller.
c. In Number of Instances, specify the number of UCT-V Controllers to launch. The minimum number you can specify is 1.

Agent Tunnel Type

The type of tunnel used for sending the traffic from UCT-Vs to GigaVUE V Series Nodes. The options are GRE or VXLAN tunnels. If any Windows agents co-exist with Linux agents, VXLAN must be selected.

Agent Tunnel CA

The Certificate Authority (CA) that should be used in the UCT-V Controller for connecting the tunnel.

IP Address Type

The IP address type. Select one of the following:

■   Select Private if you want to assign an IP address that is not reachable over Internet. You can use private IP address for communication between the UCT-V Controller and GigaVUE-FM.
■   Select Public if you want the IP address to be assigned from Amazon’s pool of public IP address. The public IP address gets changed every time the instance is stopped and restarted.
■   Select Elastic if you want a static public IP address for your instance. Ensure to have the available elastic IP address in your VPC.

Note:  The elastic IP address does not change when you stop or start the instance.

Additional Subnet(s)

(Optional) If there are UCT-Vs on subnets that are not IP routable from the management subnet, additional subnets must be specified so that the UCT-V Controller can communicate with all the UCT-Vs.

Click Add to specify additional subnets, if needed. Also, make sure that you specify a list of security groups for each additional subnet.

Tag(s)

(Optional) The key name and value that helps to identify the UCT-V Controller instances in your AWS environment. For example, you might have UCT-V Controllers deployed in a VPC. To identify the UCT-V Controllers you can provide a name that is easy to identify such as us-west-2-uctv-controllers.

To add a tag,

a. Click Add tag.
b. In the Key field, enter the key. For example, enter Name.
c. In the Value field, enter the key value. For example, us-west-2-uctv-controllers.

Configure GigaVUE V Series Proxy

Select Yes for the Configure a GigaVUE V Series Proxy field. GigaVUE V Series Proxy is optional for the GigaVUE Cloud Suite for AWS.

Enter or select the appropriate information as described in the following table for GigaVUE V Series Proxy Configuration.

Fields

Description

Version

GigaVUE V Series Proxy version.

Instance Type

Instance type for the GigaVUE V Series Proxy. The recommended minimum instance type is t2.micro.

You can review and modify the number of instances for the nitro-based instance types in the Configure AWS Settings page.

Number of Instances

Number of GigaVUE V Series Proxy to deploy in the monitoring domain.

Set Management Subnet

Use the toggle button to select a management subnet.

  • Yes to use the management subnet that you selected previously.
  • No to use another management subnet.

Set Security Groups

Toggle option to Yes to set the security group that is created for the GigaVUE V Series Proxy. Refer to Security Group for more details.

IP Address Type

Select one of the following IP address types:

■  Select Private if you want to assign an IP address that is not reachable over Internet. You can use private IP address for communication between the GigaVUE V Series Proxy and GigaVUE-FM instances in the same network.
■  Select Public if you want the IP address to be assigned from Amazon’s pool of public IP address. The public IP address gets changed every time the instance is stopped and restarted.
■  Select Elastic if you want a static IP address for your instance. Ensure to have the available elastic IP address in your VPC.

The elastic IP address does not change when you stop or start the instance.

Additional Subnets

(Optional) If there are GigaVUE V Series Nodes on subnets that are not IP routable from the management subnet, additional subnets must be specified so that the GigaVUE V Series Proxy can communicate with all the GigaVUE V Series Nodes.

Click Add to specify additional subnets, if needed. Also, make sure that you specify a list of security groups for each additional subnet.

Tags

(Optional) The key name and value that helps to identify the GigaVUE V Series Proxy instances in your AWS environment.

Configure GigaVUE V Series Node



Enter or select appropriate information as described in the following table for GigaVUE V Series Node Configuration.

Fields

Description

Version

GigaVUE V Series Node version.

Instance Type

The instance type for the GigaVUE V Series Node. The default instance type is nitro-based t3a.xlarge. The recommended instance type is c5n.xlarge for 4 vCPU and c5n.2xlarge for 8vcpu.

You can review and modify the number of instances for the nitro-based instance types in the Configure AWS Settings page.

Volume Size

The size of the storage disk. The default volume size is 8. The recommended volume size is 80.

Note:   When using Application Metadata Exporter, the minimum recommended Volume Size is 80GB.

IP Address Type

Select one of the following IP address types:

■  Select Private if you want to assign an IP address that is not reachable over Internet. You can use private IP address for communication between the GigaVUE V Series Controller and GigaVUE-FM instances in the same network.
■  Select Elastic if you want a static IP address for your instance. Ensure to have the available elastic IP address in your VPC.

The elastic IP address does not change when you stop or start the instance.

Min Number of Instances

The minimum number of GigaVUE V Series Nodes that must be deployed in the monitoring domain.

The minimum number of instances must be 1. When 0 is entered, no GigaVUE V Series Node is launched.

Note:  If the minimum number of instances is set as ‘0’, then the nodes will be launched when a monitoring session is deployed if GigaVUE-FM discovers some targets to monitor.

Max Number of Instances

The maximum number of GigaVUE V Series Nodes that can be deployed in the monitoring domain.

Data Subnets

The subnet that receives the mirrored GRE or VXLAN tunnel traffic from the UCT-Vs.

Note:  Using the Tool Subnet checkbox you can indicate the subnets to be used by theGigaVUE V Series to egress the aggregated/manipulated traffic to the tools.

Tags

(Optional) The key name and value that helps to identify the GigaVUE V Series Node instances in your AWS environment. For example, you might have GigaVUE V Series Node deployed in many regions. To distinguish these GigaVUE V Series Node based on the regions, you can provide a name that is easy to identify such as us-west-2-vseries. To add a tag:

  1. Click Add tag.
  2. In the Key field, enter the key. For example, enter Name.
  3. In the Value field, enter the key value. For example, us-west-2-vseries.

Click Save to save the AWS Fabric Launch Configuration.

To view the fabric launch configuration specification of a fabric node, click on a fabric node or proxy, and a quick view of the Fabric Launch Configuration appears on the Monitoring Domain page.