Configure Secure Tunnel
This section provides step-by-step instructions on how to configure secure tunnels for GigaVUE Cloud Suite for Nutanix.
Prerequisites
While creating Secure Tunnel, you must provide the following details:
SSH key pair |
CA certificate |
Notes
Protocol version IPv4 and IPv6 are supported. |
If you wish to use IPv6 tunnels, your GigaVUE‑FM and the fabric components version must be 6.6.00 or above. For UCT-V agents with version lower than 6.6.00, if secure tunnel is enabled in the monitoring session, secure mirror traffic will be transmitted over IPv4, regardless of IPv6 preference. |
Configure Secure Tunnel from GigaVUE V Series Node 1 to GigaVUE V Series Node 2
You can create secure tunnel in the following ways:
Between GigaVUE V Series Node 1 to GigaVUE V Series Node 2 |
From GigaVUE V Series Node 1 to multiple GigaVUE V Series nodes. |
You must have the following details before you start the configuration of secure tunnel from GigaVUE V Series Node 1 to GigaVUE V Series Node 2:
IP address of the tunnel destination endpoint (GigaVUE V Series Node 2). |
SSH key pair (pem file). |
To configure secure tunnel from GigaVUE V Series Node 1 to GigaVUE V Series Node 2, refer to the following steps:
S. No |
Task |
Refer to | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1. |
Upload a Certificate Authority (CA) Certificate |
You must upload a Custom Certificate to UCT-V Controller for establishing a connection between the GigaVUE V Series Node. To upload the CA using GigaVUE-FM follow the steps given below:
For more information, refer to the section Adding Certificate Authority |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
2. |
Upload a SSL Key |
You must add a SSL key to GigaVUE V Series node. To add SSL Key, follow the steps in the section SSL DecryptSSL Decrypt |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
3 |
Create a secure tunnel between UCT-V and GigaVUE V Series Node 1. |
You should enable the secure tunnel feature to establish a connection between the UCT-Vand GigaVUE V Series node 1. To enable the secure tunnel feature follow these steps:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
4. |
Select the added SSL Key while creating a monitoring domain. |
Select the added SSL Key while creating a monitoring domain and configuring the fabric components in GigaVUE‑FM in GigaVUE V Series Node 1. You must select the added SSL Key in GigaVUE V Series Node 1. To select the SSL key, follow the steps in the section Configure GigaVUE Fabric Components in GigaVUE-FM |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
5. |
Select the added CA certificate while creating the monitoring domain |
You should select the added Certificate Authority (CA) in UCT-V Controller. To select the CA certificate, follow the steps in the section Configure GigaVUE Fabric Components in GigaVUE-FM
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
6 |
Create an Egress tunnel from GigaVUE V Series Node 1 with tunnel type as TLS-PCAPNG while creating the monitoring session. |
You must create a tunnel for traffic to flow out from GigaVUE V Series Node 1 with tunnel type as TLS-PCAPNG while creating the monitoring session. Refer to Create Ingress and Egress Tunnel for more detailed information on how to create tunnels. To create the egress tunnel, follow these steps:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
7. |
Select the added SSL Key while creating a monitoring domain and configuring the fabric components in GigaVUE‑FM in GigaVUE V Series Node 2 |
You must select the added SSL Key in GigaVUE V Series Node 2. To select the SSL key, follow the steps in the section Configure GigaVUE Fabric Components in GigaVUE-FM |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
8 |
Create an ingress tunnel in the GigaVUE V Series Node 2 with tunnel type as TLS-PCAPNG while creating the monitoring session for GigaVUE Node 2. |
You must create a ingress tunnel for traffic to flow in from GigaVUE V Series Node 1 with tunnel type as TLS-PCAPNG while creating the monitoring session.
To create the ingress tunnel, follow these steps:
|