GigaVUE Cloud Suite for AWS
GigaVUE Cloud Suite for AWS delivers a cloud-based visibility and analytics solution that eliminates network blind spots as you move workloads to the cloud, significantly reducing security and non-compliance risks and helps remediate performance issues.
GigaVUE Cloud Suite for AWS helps you obtain a unified view of all data in motion anywhere on your hybrid, single or multi-cloud network. Easily acquire data from any source, automatically optimize it and send to any destination. It closes the cloud visibility gap, giving your security and monitoring tools visibility across cloud environments, from raw packets up to the application layer and with the added context of network data.
You can deploy the GigaVUE Cloud Suite for AWS by subscribing in the marketplace or by installing the individual fabric components using the Amazon Machine Images (AMI).
This section describes the requirements and prerequisites for configuring the GigaVUE Cloud Suite for AWS. Refer to the following section for details.
Recommended Instance Types for AWS
Product |
Instance Type | vCPU | RAM |
---|---|---|---|
GigaVUE‑FM |
m4.xlarge |
4 vCPU |
16 GB |
GigaVUE V Series Node |
c5n.xlarge |
4 vCPU |
10.5 GB |
GigaVUE V Series Proxy |
t2.medium |
2 vCPU |
4 GB |
UCT-V |
t2.micro |
1 vCPU |
1 GB |
UCT-V Controller |
t2.medium |
2 vCPU |
4 GB |
Note: Additional instance types are also supported. Refer to Support, Sales, or Professional Services for deployment optimization.
GigaVUE V Series Node deployments in AWS can also be deployed in conjunction with a Network Load Balancer. Refer to the Configure an External Load Balancer topic for more information.
More detailed information and step-by-step instructions for deployment, refer to the GigaVUE Cloud Suite Deployment Guide – AWS.
Network Firewall Requirements for AWS
The following table lists the Network Firewall / Security Group requirements for GigaVUE Cloud Suite.
Note: When using dual stack network, the below mentioned ports must be opened for both IPv4 and IPv6.
Direction |
Protocol |
Port |
CIDR |
Purpose |
||||||||||||
GigaVUE‑FM |
||||||||||||||||
Inbound |
TCP |
443 |
Administrator Subnet |
Allows GigaVUE-FM to create Management connection. |
||||||||||||
Inbound |
TCP |
22 |
Administrator Subnet |
Allows CLI access for user-initiated management and diagnostics. |
||||||||||||
Inbound (This is the port used for Third Party Orchestration) |
TCP |
443 |
UCT-V Controller IP |
Allows GigaVUE-FM to receive registration requests from UCT-V Controller. |
||||||||||||
Inbound (This is the port used for Third Party Orchestration) |
TCP |
443 |
GigaVUE V Series Node IP |
Allows GigaVUE-FM to receive registration requests from GigaVUE V Series Node, when GigaVUE V Series Proxy is not used. |
||||||||||||
Inbound (This is the port used for Third Party Orchestration) |
TCP |
443 |
GigaVUE V Series Proxy IP |
Allows GigaVUE-FM to receive registration requests from GigaVUE V Series Proxy. |
||||||||||||
Inbound |
TCP |
5671 |
GigaVUE V Series Node IP |
Allows GigaVUE‑FM to receive traffic health updates from GigaVUE V Series Nodes. |
||||||||||||
Inbound |
TCP |
5671 |
UCT-V or Subnet IP |
Allows GigaVUE‑FM to receive statistics from Next Generation UCT-V. |
||||||||||||
Inbound |
UDP |
2056 |
GigaVUE V Series Node IP |
Allows GigaVUE‑FM to receive Application Intelligence and Application Visualization reports from GigaVUE V Series Node. |
||||||||||||
Outbound |
TCP |
9900 |
GigaVUE‑FM IP |
Allows GigaVUE‑FM to communicate control plane and data plane traffic with UCT-V Controller |
||||||||||||
Outbound (optional) |
TCP |
8890 |
GigaVUE V Series Proxy IP |
Allows GigaVUE‑FM to communicate control plane and data plane traffic to GigaVUE V Series Proxy |
||||||||||||
Outbound |
TCP |
8889 |
GigaVUE V Series Node IP |
Allows GigaVUE‑FM to communicate control plane and data plane traffic to GigaVUE V Series Node |
||||||||||||
Outbound |
TCP |
443 |
GigaVUE-FM IP Address |
Allows GigaVUE‑FM to reach the Public Cloud Platform APIs. |
||||||||||||
Outbound |
TCP |
8443 |
UCT-C Controller IP Address |
Allows GigaVUE‑FM to communicate with UCT-C Controller |
||||||||||||
UCT-V Controller |
||||||||||||||||
Inbound |
TCP |
9900 |
GigaVUE‑FM IP |
Allows UCT-V Controller to communicate with GigaVUE‑FM |
||||||||||||
Inbound (This is the port used for Third Party Orchestration) |
TCP |
8891 |
UCT-V or Subnet IP |
Allows UCT-V Controller to receive the registration requests from UCT-V. |
||||||||||||
Inbound |
TCP |
22 |
Administrator Subnet |
Allows CLI access for user-initiated management and diagnostics, specifically when using third party orchestration. |
||||||||||||
Outbound (This is the port used for Third Party Orchestration) |
TCP |
443 |
GigaVUE‑FM IP |
Allows UCT-V Controller to send the registration requests to GigaVUE-FM |
||||||||||||
Outbound |
TCP |
9901 |
UCT-V Controller IP |
Allows UCT-V Controller to communicate with UCT-Vs. |
||||||||||||
Outbound |
TCP |
5671 |
GigaVUE-FM IP |
Allows UCT-V Controller to send traffic health updates to GigaVUE‑FM. |
||||||||||||
UCT-V |
||||||||||||||||
Inbound |
TCP |
9901 |
UCT-V Controller IP |
Allows UCT-V to receive stateful communication from UCT-V Controller |
||||||||||||
Outbound (This is the port used for Third Party Orchestration) |
TCP |
8891 |
UCT-V or Subnet IP |
Allows UCT-V to communicate with UCT-V Controller for registration and Heartbeat |
||||||||||||
Outbound |
|
VXLAN (default 4789) |
UCT-V or Subnet IP |
Allows UCT-V to (VXLAN/L2GRE) tunnel traffic to V Series nodes |
||||||||||||
Outbound |
TCP |
11443 |
UCT-V subnet |
Allows UCT-V to securely transfer the traffic to GigaVUE V Series Node |
||||||||||||
Outbound |
TCP |
9900 |
UCT-V Controller IP |
Allows UCT-V to send traffic health updates to UCT-V Controller. |
||||||||||||
GigaVUE V Series Proxy (optional) |
||||||||||||||||
Inbound |
TCP |
8890 |
GigaVUE‑FM IP |
Allows GigaVUE‑FM to communicate with GigaVUE V Series Proxy |
||||||||||||
Inbound (This is the port used for Third Party Orchestration) |
TCP |
8891 |
GigaVUE V Series Node IP |
Allows GigaVUE V Series Proxy to receive registration requests and heartbeat messages from GigaVUE V Series Node. |
||||||||||||
Inbound |
TCP |
22 |
Administrator Subnet |
Allows CLI access for user-initiated management and diagnostics, specifically when using third party orchestration. |
||||||||||||
Outbound |
TCP |
443 |
GigaVUE-FM IP |
Allows GigaVUE V Series Proxy to communicate the registration requests to GigaVUE-FM |
||||||||||||
Outbound |
TCP |
8889 |
GigaVUE V Series Node IP |
Allows GigaVUE V Series Proxy to communicate with GigaVUE V Series Node |
||||||||||||
GigaVUE V Series Node |
||||||||||||||||
Inbound |
TCP |
8889 |
GigaVUE-FM IP |
Allows GigaVUE V Series Node to communicate with GigaVUE-FM |
||||||||||||
Inbound |
TCP |
8889 |
GigaVUE V Series Proxy IP |
Allows GigaVUE V Series Node to communicate with GigaVUE V Series Proxy. |
||||||||||||
Inbound |
|
|
UCT-V or Subnet IP |
Allows GigaVUE V Series Node to (VXLAN/L2GRE) tunnel traffic to UCT-V. |
||||||||||||
Inbound |
UDPGRE |
4754 |
Ingress Tunnel |
Allows GigaVUE V Series Node to communicate and tunnel traffic from UDPGRE Tunnel |
||||||||||||
Inbound |
TCP |
22 |
Administrator Subnet |
Allows CLI access for user initiated management and diagnostics, specifically when using third party orchestration. |
||||||||||||
Outbound |
TCP |
5671 |
GigaVUE-FM IP |
Allows GigaVUE V Series Node to send traffic health updates to GigaVUE‑FM |
||||||||||||
Outbound |
|
VXLAN (default 4789) |
Tool IP |
Allows GigaVUE V Series Node to communicate and tunnel traffic to the tool |
||||||||||||
Outbound |
UDP |
2056 |
GigaVUE-FM IP |
Allows GigaVUE V Series Node to send Application Intelligence, Application Visualization reports to GigaVUE-FM |
||||||||||||
Outbound |
UDP |
2055 |
Tool IP |
Allows GigaVUE V Series Node to send NetFlow traffic to external tool. |
||||||||||||
Outbound |
UDP |
514 |
Tool IP |
Allows GigaVUE V Series Node to send Application Metadata Intelligence log messages to external tool. |
||||||||||||
Outbound (optional) |
ICMP |
|
Tool IP |
Allows GigaVUE V Series Node to send health check tunnel destination traffic |
||||||||||||
Outbound (This is the port used for Third Party Orchestration) |
TCP |
8891 |
GigaVUE V Series Proxy IP |
Allows GigaVUE V Series Node to send registration requests and heartbeat messages to GigaVUE V Series Proxy when GigaVUE V Series Proxy is used. |
||||||||||||
Outbound (This is the port used for Third Party Orchestration) |
TCP |
443 |
GigaVUE-FM IP Address |
Allows GigaVUE V Series Node to send registration requests and heartbeat messages to GigaVUE-FM when GigaVUE V Series Proxy is not used. |
||||||||||||
Bidirectional |
TCP |
11443 |
GigaVUE V Series Node subnet |
Allows to securely transfer the traffic in between GigaVUE V Series Nodes. |
||||||||||||
Universal Cloud Tap - Container deployed inside Kubernetes worker node |
||||||||||||||||
Outbound |
TCP |
42042 |
Any IP address |
Allows UCT-C to send statistics to UCT-C Controller. |
||||||||||||
UCT-C Controller deployed inside Kubernetes worker node |
||||||||||||||||
Inbound |
TCP |
8443 (configurable) |
Any IP address |
Allows UCT-C Controller to communicate with GigaVUE-FM |
||||||||||||
Outbound |
TCP |
5671 |
Any IP address |
Allows UCT-C controller to send statistics to GigaVUE-FM. |
||||||||||||
Outbound |
TCP |
VXLAN (default 4789) |
Any IP address |
Allows UCT-C Controller to communicate and tunnel traffic to the tool |
||||||||||||
Outbound |
TCP |
443 |
Any IP address |
Allows UCT-C Controller to communicate with GigaVUE-FM |