GigaVUE Cloud Suite for AWS

GigaVUE Cloud Suite for AWS delivers a cloud-based visibility and analytics solution that eliminates network blind spots as you move workloads to the cloud, significantly reducing security and non-compliance risks and helps remediate performance issues.

GigaVUE Cloud Suite for AWS helps you obtain a unified view of all data in motion anywhere on your hybrid, single or multi-cloud network. Easily acquire data from any source, automatically optimize it and send to any destination. It closes the cloud visibility gap, giving your security and monitoring tools visibility across cloud environments, from raw packets up to the application layer and with the added context of network data.

You can deploy the GigaVUE Cloud Suite for AWS by subscribing in the marketplace or by installing the individual fabric components using the Amazon Machine Images (AMI).

This section describes the requirements and prerequisites for configuring the GigaVUE Cloud Suite for AWS. Refer to the following section for details.

Recommended Instance Types for AWS

Product

Instance Type vCPU RAM

GigaVUE‑FM

m4.xlarge

4 vCPU

16 GB

GigaVUE V Series Node

c5n.xlarge

4 vCPU

10.5 GB

GigaVUE V Series Proxy

t2.medium

2 vCPU

4 GB

UCT-V

t2.micro

1 vCPU

1 GB

UCT-V Controller

t2.medium

2 vCPU

4 GB

Note:  Additional instance types are also supported. Refer to Support,  Sales, or Professional Services for deployment optimization.

GigaVUE V Series Node deployments in AWS can also be deployed in conjunction with a Network Load Balancer. Refer to the Configure an External Load Balancer topic for more information.

More detailed information and step-by-step instructions for deployment, refer to the GigaVUE Cloud Suite Deployment Guide – AWS.

Network Firewall Requirements for AWS

The following table lists the Network Firewall / Security Group requirements for GigaVUE Cloud Suite.

Note:  When using dual stack network, the below mentioned ports must be opened for both IPv4 and IPv6.

Direction

Protocol

Port

CIDR

Purpose

GigaVUE‑FM

Inbound

TCP

443

Administrator Subnet

Allows GigaVUE-FM to create Management connection.

Inbound

TCP

22

Administrator Subnet

Allows CLI access for user-initiated management and diagnostics.

Inbound

(This is the port used for Third Party Orchestration)

TCP

443

UCT-V Controller IP

Allows GigaVUE-FM to receive registration requests from UCT-V Controller.

Inbound

(This is the port used for Third Party Orchestration)

TCP

443

GigaVUE V Series Node IP

Allows GigaVUE-FM to receive registration requests from GigaVUE V Series Node, when GigaVUE V Series Proxy is not used.

Inbound

(This is the port used for Third Party Orchestration)

TCP

443

GigaVUE V Series Proxy IP

Allows GigaVUE-FM to receive registration requests from GigaVUE V Series Proxy.

Inbound

TCP

5671

GigaVUE V Series Node IP

Allows GigaVUE‑FM to receive traffic health updates from GigaVUE V Series Nodes.

Inbound

TCP

5671

UCT-V or Subnet IP

Allows GigaVUE‑FM to receive statistics from Next Generation UCT-V.

Inbound

UDP

2056

GigaVUE V Series Node IP

Allows GigaVUE‑FM to receive Application Intelligence and Application Visualization reports from GigaVUE V Series Node.

Outbound

TCP

9900

GigaVUE‑FM IP

Allows GigaVUE‑FM to communicate control plane and data plane traffic with UCT-V Controller

Outbound (optional)

TCP

8890

GigaVUE V Series Proxy IP

Allows GigaVUE‑FM to communicate control plane and data plane traffic to GigaVUE V Series Proxy

Outbound

TCP

8889

GigaVUE V Series Node IP

Allows GigaVUE‑FM to communicate control plane and data plane traffic to GigaVUE V Series Node

Outbound

TCP

443

GigaVUE-FM IP Address

Allows GigaVUE‑FM to reach the Public Cloud Platform APIs.

Outbound

TCP

8443

UCT-C Controller IP Address

Allows GigaVUE‑FM to communicate with UCT-C Controller

UCT-V Controller

Inbound

TCP

9900

GigaVUE‑FM IP

Allows UCT-V Controller to communicate with GigaVUE‑FM

Inbound

(This is the port used for Third Party Orchestration)

TCP

8891

UCT-V or Subnet IP

Allows UCT-V Controller to receive the registration requests from UCT-V.

Inbound

TCP

22

Administrator Subnet

Allows CLI access for user-initiated management and diagnostics, specifically when using third party orchestration.

Outbound

(This is the port used for Third Party Orchestration)

TCP

443

GigaVUE‑FM IP

Allows UCT-V Controller to send the registration requests to GigaVUE-FM

Outbound

TCP

9901

UCT-V Controller IP

Allows UCT-V Controller to communicate with UCT-Vs.

Outbound

TCP

5671

GigaVUE-FM IP

Allows UCT-V Controller to send traffic health updates to GigaVUE‑FM.

UCT-V

Inbound

TCP

9901

UCT-V Controller IP

Allows UCT-V to receive stateful communication from UCT-V Controller

Outbound

(This is the port used for Third Party Orchestration)

TCP

8891

UCT-V or Subnet IP

Allows UCT-V to communicate with UCT-V Controller for registration and Heartbeat

Outbound

UDP (VXLAN)
IP Protocol (L2GRE)

VXLAN (default 4789)

UCT-V or Subnet IP

Allows UCT-V to (VXLAN/L2GRE) tunnel traffic to V Series nodes

Outbound

TCP

11443

UCT-V subnet

Allows UCT-V to securely transfer the traffic to GigaVUE V Series Node

Outbound

TCP

9900

UCT-V Controller IP

Allows UCT-V to send traffic health updates to UCT-V Controller.

GigaVUE V Series Proxy (optional)

Inbound

TCP

8890

GigaVUE‑FM IP

Allows GigaVUE‑FM  to communicate with GigaVUE V Series Proxy

Inbound

(This is the port used for Third Party Orchestration)

TCP

8891

GigaVUE V Series Node IP

Allows GigaVUE V Series Proxy to receive registration requests and heartbeat messages from GigaVUE V Series Node.

Inbound

TCP

22

Administrator Subnet

Allows CLI access for user-initiated management and diagnostics, specifically when using third party orchestration.

Outbound

TCP

443

GigaVUE-FM IP

Allows GigaVUE V Series Proxy to communicate the registration requests to GigaVUE-FM

Outbound

TCP

8889

GigaVUE V Series Node IP

Allows GigaVUE V Series Proxy to communicate with GigaVUE V Series Node

GigaVUE V Series Node

Inbound

TCP

8889

GigaVUE-FM IP

Allows GigaVUE V Series Node to communicate with GigaVUE-FM

Inbound

TCP

8889

GigaVUE V Series Proxy IP

Allows GigaVUE V Series Node to communicate with GigaVUE V Series Proxy.

Inbound

UDP (VXLAN)
IP Protocol (L2GRE)
VXLAN (default 4789)
L2GRE

UCT-V or Subnet IP

Allows GigaVUE V Series Node to (VXLAN/L2GRE) tunnel traffic to UCT-V.

Inbound

UDPGRE

4754

Ingress Tunnel

Allows GigaVUE V Series Node to communicate and tunnel traffic from UDPGRE Tunnel

Inbound

TCP

22

Administrator Subnet

Allows CLI access for user initiated management and diagnostics, specifically when using third party orchestration.

Outbound

TCP

5671

GigaVUE-FM IP

Allows GigaVUE V Series Node to send traffic health updates to GigaVUE‑FM

Outbound

UDP (VXLAN)
IP Protocol (L2GRE)

VXLAN (default 4789)

Tool IP

Allows GigaVUE V Series Node to communicate and tunnel traffic to the tool

Outbound

UDP

2056

GigaVUE-FM IP

Allows GigaVUE V Series Node to send Application Intelligence, Application Visualization reports to GigaVUE-FM

Outbound

UDP

2055

Tool IP

Allows GigaVUE V Series Node to send NetFlow traffic to external tool.

Outbound

UDP

514

Tool IP

Allows GigaVUE V Series Node to send Application Metadata Intelligence log messages to external tool.

Outbound (optional)

ICMP

echo request
echo reply

Tool IP

Allows GigaVUE V Series Node to send health check tunnel destination traffic

Outbound

(This is the port used for Third Party Orchestration)

TCP

8891

GigaVUE V Series Proxy IP

Allows GigaVUE V Series Node to send registration requests and heartbeat messages to GigaVUE V Series Proxy when GigaVUE V Series Proxy is used.

Outbound

(This is the port used for Third Party Orchestration)

TCP

443

GigaVUE-FM IP Address

Allows GigaVUE V Series Node to send registration requests and heartbeat messages to GigaVUE-FM when GigaVUE V Series Proxy is not used.

Bidirectional

TCP

11443

GigaVUE V Series Node subnet

Allows to securely transfer the traffic in between GigaVUE V Series Nodes.

Universal Cloud Tap - Container deployed inside Kubernetes worker node

Outbound

TCP

42042

Any IP address

Allows UCT-C to send statistics to UCT-C Controller.

UCT-C Controller deployed inside Kubernetes worker node

Inbound

TCP

8443 (configurable)

Any IP address

Allows UCT-C Controller to communicate with GigaVUE-FM

Outbound

TCP

5671

Any IP address

Allows UCT-C controller to send statistics to GigaVUE-FM.

Outbound

TCP

VXLAN (default 4789)

Any IP address

Allows UCT-C Controller to communicate and tunnel traffic to the tool

Outbound

TCP

443

Any IP address

Allows UCT-C Controller to communicate with GigaVUE-FM