Prerequisites
To enable the flow of traffic between the components and the monitoring tools, you must create the following requirements:
| Resource Group |
| Virtual Network |
| Subnets for VNet |
| Network Interfaces (NICs) for VMs |
| Network Security Groups |
| Virtual Network Peering |
| Access control (IAM) |
| Default Login Credentials |
| Recommended Instance Types |
Resource Group
The resource group is a container that holds all the resources for a solution.
To create a resource group in Azure, refer to Create a resource group topic in the Azure Documentation.
Virtual Network
Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks.
You can only configure the GigaVUE fabric components in a Centralized VNet only. In case of a shared VNet, you must select a VNet as your Centralized VNet for GigaVUE fabric configuration.
To create a virtual network in Azure, refer to Create a virtual network topic in the Azure Documentation.
Subnets for VNet
The following table lists the two recommended subnets that your VNet must have to configure the GigaVUE Cloud components in Azure.
You can add subnets when creating a VNet or add subnets on an existing VNet. Refer to Add a subnet topic in the Azure Documentation for detailed information.
|
Subnet |
Description |
||||||
|
Management Subnet |
Subnet that the GigaVUE-FM uses to communicate with the GigaVUE V Series Nodes and Proxy. |
||||||
|
Data Subnet |
A data subnet can accept incoming mirrored traffic from agents to the GigaVUE V Series Nodes or be used to egress traffic to a tool from the GigaVUE V Series Nodes. There can be multiple data subnets.
Note: If you are using a single subnet, then the Management subnet will also be used as a Data Subnet. |
||||||
|
Tool Subnet |
A tool subnet can accept egress traffic to a tool from the GigaVUE V Series Nodes. There can be only one tool subnet.
|
Network Interfaces (NICs) for VMs
When using UCT-V as the traffic acquisition method, for the UCT-Vs to mirror the traffic from the VMs, you must configure one or more Network Interfaces (NICs) on the VMs.
| Single NIC—If there is only one interface configured on the VM with the UCT-V, the UCT-V sends the mirrored traffic out using the same interface. |
| Multiple NICs—If there are two or more interfaces configured on the VM with the UCT-V, the UCT-V monitors any number of interfaces but has an option to send the mirrored traffic out using any one of the interfaces or using a separate, non-monitored interface. |
Network Security Groups
A network security group defines the virtual firewall rules for your VM to control inbound and outbound traffic. When you launch GigaVUE-FM, GigaVUE V Series Proxy, GigaVUE V Series Nodes, and UCT-V Controllers in your VNet, you add rules that control the inbound traffic to VMs, and a separate set of rules that control the outbound traffic.
To create a network security group and add in Azure, refer to Create a network security group topic in the Azure Documentation.
It is recommended to create a separate security group for each component using the rules and port numbers.
In your Azure portal, select a network security group from the list. In the Settings section select the Inbound and Outbound security rules to the following rules.
Following are the Network Firewall Requirements.
The following table lists the Network Firewall Requirements for GigaVUE V Series Node deployment.
|
Direction |
Type |
Protocol |
Port |
CIDR |
Purpose |
||||||||||||||||||
|
GigaVUE‑FM |
|||||||||||||||||||||||
|
Inbound |
|
TCP |
|
Administrator Subnet |
Management connection to GigaVUE‑FM |
||||||||||||||||||
|
Inbound |
Custom TCP Rule |
TCP |
5671 |
GigaVUE V Series Node IP |
Allows GigaVUE V Series Nodes to send traffic health updates to GigaVUE‑FM Allows Next Generation UCT-V to send statistics to GigaVUE-FM |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP(6) |
9900 |
GigaVUE‑FM IP |
Allows UCT-V Controller to communicate with GigaVUE‑FM |
||||||||||||||||||
|
Outbound (optional) |
Custom TCP Rule |
TCP |
8890 |
GigaVUE V Series Proxy IP |
Allows GigaVUE‑FM to communicate with V Series Proxy |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP |
8889 |
GigaVUE V Series Node IP |
Allows GigaVUE‑FM to communicate with GigaVUE V Series node |
||||||||||||||||||
|
UCT-V Controller |
|||||||||||||||||||||||
|
Inbound |
Custom TCP Rule |
TCP(6) |
9900 |
GigaVUE‑FM IP |
Allows UCT-V Controller to communicate with GigaVUE‑FM |
||||||||||||||||||
|
Inbound (This is the port used for Third Party Orchestration) |
Custom TCP Rule |
TCP(6) |
8891 |
UCT-V or Subnet IP |
Allows UCT-V Controller to communicate registration requests from UCT-V . |
||||||||||||||||||
|
Outbound (This is the port used for Third Party Orchestration) |
Custom TCP Rule |
TCP(6) |
443 |
GigaVUE‑FM IP |
Allows UCT-V Controller to communicate the registration requests to GigaVUE-FM |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP(6) |
9901 |
UCT-V Controller IP |
Allows UCT-V Controller to communicate with UCT-Vs |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP |
5671 |
GigaVUE-FM IP |
Allows UCT-V Controller to send traffic health updates to GigaVUE-FM. |
||||||||||||||||||
|
UCT-V |
|||||||||||||||||||||||
|
Inbound |
Custom TCP Rule |
TCP(6) |
9901 |
UCT-V Controller IP |
Allows UCT-Vs to communicate with UCT-V Controller |
||||||||||||||||||
|
Outbound (This is the port used for Third Party Orchestration) |
Custom TCP Rule |
TCP(6) |
8891 |
UCT-V or Subnet IP |
Allows UCT-V to communicate with UCT-V Controller for registration and Heartbeat |
||||||||||||||||||
|
Outbound |
|
|
VXLAN (default 4789) |
UCT-V or Subnet IP |
Allows UCT-Vs to (VXLAN/L2GRE) tunnel traffic to V Series nodes |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP |
11443 |
UCT-V subnet |
Allows UCT-V to securely transfer the traffic to GigaVUE V Series Node |
||||||||||||||||||
|
GigaVUE V Series V Series Proxy (optional) |
|||||||||||||||||||||||
|
Inbound |
Custom TCP Rule |
TCP |
8890 |
GigaVUE‑FM IP |
Allows GigaVUE‑FM to communicate with V Series Proxy |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP |
8889 |
GigaVUE V Series Node IP |
Allows V Series Proxy to communicate with V Series node |
||||||||||||||||||
|
GigaVUE V Series V Series Node |
|||||||||||||||||||||||
|
Inbound |
Custom TCP Rule |
TCP |
8889 |
|
Allows V Series Proxy or GigaVUE-FM to communicate with V Series node |
||||||||||||||||||
|
Inbound |
|
|
|
UCT-V or Subnet IP |
Allows UCT-Vs to (VXLAN/L2GRE) tunnel traffic to V Series nodes |
||||||||||||||||||
|
Inbound |
UDP |
UDPGRE |
4754 |
Ingress Tunnel |
Allows to UDPGRE Tunnel to communicate and tunnel traffic to V Series nodes |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP |
5671 |
GigaVUE-FM IP |
Allows GigaVUE V Series Node to send traffic health updates to GigaVUE‑FM |
||||||||||||||||||
|
Outbound |
Custom UDP Rule |
|
VXLAN (default 4789) |
Tool IP |
Allows V Series node to communicate and tunnel traffic to the Tool |
||||||||||||||||||
|
Outbound (optional) |
ICMP |
ICMP |
|
Tool IP |
Allows V Series node to health check tunnel destination traffic |
||||||||||||||||||
|
Bi-directional |
Custom TCP Rule |
TCP |
11443 |
GigaVUE V Series Node subnet |
Allows to securely transfer the traffic in between GigaVUE V Series Nodes. |
||||||||||||||||||
Virtual Network Peering
Virtual network peering enables you to seamlessly connect two or more Virtual Networks in Azure. Virtual Network Peering is only applicable when multiple Virtual Networks are used in a design. Refer to Virtual Network Peering topic in Azure documentation for more details.
Access control (IAM)
You must have full resource access to the control the GigaVUE cloud components. Refer to Check access for a user topic in the Azure documentation for more details.
Default Login Credentials
You can login to the GigaVUE V Series Node, GigaVUE V Series Proxy, and UCT-V Controller by using the default credentials.
|
Product |
Login credentials |
|
GigaVUE V Series Node |
You can login to the GigaVUE V Series Node by using ssh. The default username and password is not configured. |
|
GigaVUE V Series proxy |
You can login to the GigaVUE V Series Node by using ssh. The default username and password is not configured. |
|
UCT-V Controller |
You can login to the GigaVUE V Series Node by using ssh. The default username and password is not configured. |
Recommended Instance Types
Note: Additional instance types are also supported. Refer to Support, Sales, or Professional Services for deployment optimization.
|
Product |
Instance Type | vCPU | RAM |
|---|---|---|---|
|
GigaVUE V Series Node |
Standard_D4s_v4 |
4 vCPU |
16 GB |
|
Standard_D8S_V4 |
8 vCPU |
32 GB |
|
|
GigaVUE V Series Proxy |
Standard_B1s |
1 vCPU |
1 GB |
|
UCT-V Controller |
Standard_B1s |
1 vCPU |
1 GB |
