GigaVUE Cloud Suite for AWS
GigaVUE Cloud Suite for AWS delivers a cloud-based visibility and analytics solution that eliminates network blind spots as you move workloads to the cloud, significantly reducing security and non-compliance risks and helps remediate performance issues.
GigaVUE Cloud Suite for AWS helps you obtain a unified view of all data in motion anywhere on your hybrid, single or multi-cloud network. Easily acquire data from any source, automatically optimize it and send to any destination. It closes the cloud visibility gap, giving your security and monitoring tools visibility across cloud environments, from raw packets up to the application layer and with the added context of network data.
You can deploy the GigaVUE Cloud Suite for AWS by subscribing in the marketplace or by installing the individual fabric components using the Amazon Machine Images (AMI).
This section describes the requirements and prerequisites for configuring the GigaVUE Cloud Suite for AWS. Refer to the following section for details.
Recommended Instance Types for AWS
|
Product |
Instance Type | vCPU | RAM |
|---|---|---|---|
|
GigaVUE‑FM |
m4.xlarge |
4 vCPU |
16 GB |
|
GigaVUE V Series Node |
c5n.xlarge |
4 vCPU |
10.5 GB |
|
GigaVUE V Series Proxy |
t2.medium |
2 vCPU |
4 GB |
|
UCT-V |
t2.micro |
1 vCPU |
1 GB |
|
UCT-V Controller |
t2.medium |
2 vCPU |
4 GB |
Note: Additional instance types are also supported. Refer to Support, Sales, or Professional Services for deployment optimization.
GigaVUE V Series Node deployments in AWS can also be deployed in conjunction with a Network Load Balancer. Refer to the Configure an External Load Balancer topic for more information.
More detailed information and step-by-step instructions for deployment, refer to the GigaVUE Cloud Suite Deployment Guide – AWS.
Network Firewall Requirements for AWS
The following table lists the Network Firewall Requirements for GigaVUE V Series Node deployment.
|
Direction |
Type |
Protocol |
Port |
CIDR |
Purpose |
||||||||||||||||||
|
GigaVUE‑FM |
|||||||||||||||||||||||
|
Inbound |
|
TCP |
|
Administrator Subnet |
Management connection to GigaVUE‑FM |
||||||||||||||||||
|
Inbound |
Custom TCP Rule |
TCP |
5671 |
GigaVUE V Series Node IP |
Allows GigaVUE V Series Nodes to send traffic health updates to GigaVUE‑FM Allows Next Generation UCT-V to send statistics to GigaVUE-FM |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP(6) |
9900 |
GigaVUE‑FM IP |
Allows UCT-V Controller to communicate with GigaVUE‑FM |
||||||||||||||||||
|
Outbound (optional) |
Custom TCP Rule |
TCP |
8890 |
GigaVUE V Series Proxy IP |
Allows GigaVUE‑FM to communicate with V Series Proxy |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP |
8889 |
GigaVUE V Series Node IP |
Allows GigaVUE‑FM to communicate with GigaVUE V Series node |
||||||||||||||||||
|
UCT-V Controller |
|||||||||||||||||||||||
|
Inbound |
Custom TCP Rule |
TCP(6) |
9900 |
GigaVUE‑FM IP |
Allows UCT-V Controller to communicate with GigaVUE‑FM |
||||||||||||||||||
|
Inbound (This is the port used for Third Party Orchestration) |
Custom TCP Rule |
TCP(6) |
8891 |
UCT-V or Subnet IP |
Allows UCT-V Controller to communicate registration requests from UCT-V . |
||||||||||||||||||
|
Outbound (This is the port used for Third Party Orchestration) |
Custom TCP Rule |
TCP(6) |
443 |
GigaVUE‑FM IP |
Allows UCT-V Controller to communicate the registration requests to GigaVUE-FM |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP(6) |
9901 |
UCT-V Controller IP |
Allows UCT-V Controller to communicate with UCT-Vs |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP |
5671 |
GigaVUE-FM IP |
Allows UCT-V Controller to send traffic health updates to GigaVUE-FM. |
||||||||||||||||||
|
UCT-V |
|||||||||||||||||||||||
|
Inbound |
Custom TCP Rule |
TCP(6) |
9901 |
UCT-V Controller IP |
Allows UCT-Vs to communicate with UCT-V Controller |
||||||||||||||||||
|
Outbound (This is the port used for Third Party Orchestration) |
Custom TCP Rule |
TCP(6) |
8891 |
UCT-V or Subnet IP |
Allows UCT-V to communicate with UCT-V Controller for registration and Heartbeat |
||||||||||||||||||
|
Outbound |
|
|
VXLAN (default 4789) |
UCT-V or Subnet IP |
Allows UCT-Vs to (VXLAN/L2GRE) tunnel traffic to V Series nodes |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP |
11443 |
UCT-V subnet |
Allows UCT-V to securely transfer the traffic to GigaVUE V Series Node |
||||||||||||||||||
|
GigaVUE V Series V Series Proxy (optional) |
|||||||||||||||||||||||
|
Inbound |
Custom TCP Rule |
TCP |
8890 |
GigaVUE‑FM IP |
Allows GigaVUE‑FM to communicate with V Series Proxy |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP |
8889 |
GigaVUE V Series Node IP |
Allows V Series Proxy to communicate with V Series node |
||||||||||||||||||
|
GigaVUE V Series V Series Node |
|||||||||||||||||||||||
|
Inbound |
Custom TCP Rule |
TCP |
8889 |
|
Allows V Series Proxy or GigaVUE-FM to communicate with V Series node |
||||||||||||||||||
|
Inbound |
|
|
|
UCT-V or Subnet IP |
Allows UCT-Vs to (VXLAN/L2GRE) tunnel traffic to V Series nodes |
||||||||||||||||||
|
Inbound |
UDP |
UDPGRE |
4754 |
Ingress Tunnel |
Allows to UDPGRE Tunnel to communicate and tunnel traffic to V Series nodes |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP |
5671 |
GigaVUE-FM IP |
Allows GigaVUE V Series Node to send traffic health updates to GigaVUE‑FM |
||||||||||||||||||
|
Outbound |
Custom UDP Rule |
|
VXLAN (default 4789) |
Tool IP |
Allows V Series node to communicate and tunnel traffic to the Tool |
||||||||||||||||||
|
Outbound (optional) |
ICMP |
ICMP |
|
Tool IP |
Allows V Series node to health check tunnel destination traffic |
||||||||||||||||||
|
Bi-directional |
Custom TCP Rule |
TCP |
11443 |
GigaVUE V Series Node subnet |
Allows to securely transfer the traffic in between GigaVUE V Series Nodes. |
||||||||||||||||||
