Configure GigaVUE Fabric Components in AWS using Third Party Orchestration - Integrated Mode

You can use your own AWS orchestration system to deploy GigaVUE fabric components and use GigaVUE-FM to configure the advanced features supported by these nodes. These nodes register themselves with GigaVUE-FM using the information provided by creating the Registration files on each component (/etc/gigamon-cloud.conf) . Once the nodes are registered with GigaVUE-FM, you can configure monitoring sessions and related services in GigaVUE-FM. Health status of the registered nodes are determined by the heartbeat messages sent from the respective nodes.

You can also upload custom certificates to GigaVUE V Series Nodes, GigaVUE V Series Proxy, and UCT-V Controller using your own cloud platform when deploying the fabric components. Refer to Install Custom Certificate for more detailed information.

Recommended Instance Type

The following table lists the recommended instance type for deploying the fabric components:

Fabric Component Machine type
GigaVUE V Series Node c5n.xlarge
UCT-V Controller t2.medium

Keep in mind the following when deploying the fabric components using third party orchestration in integrated mode:

  • When you deploy the fabric components using third party orchestration, you cannot delete the monitoring domain without unregistering the registered fabric components.
  • When using VPC mirroring as the traffic acquisition method, you must add a key and value when deploying the respective fabric components in the AWS orchestrator. The key must be GigamonNode and the value can be anything but it must not contain numbers or special characters.
  • GigaVUE V Series Node must have a minimum of two Networks Interfaces (NIC) attached to it, a management NIC and a data NIC. You can add both these interfaces when deploying the GigaVUE V Series Node in AWS. Refer to Launch an instance using the Launch Instance Wizard topic in Amazon EC2 Documentation for more detailed information on how to add network interfaces when launching an instance.

In your AWS EC2, you can configure the following GigaVUE fabric components:

Configure GigaVUE V Series Nodes and V Series Proxy in AWS

To configure GigaVUE V Series Nodes and Proxy in AWS platform:

  1. Before configuring GigaVUE fabric components through AWS, you must create a monitoring domain in GigaVUE-FM. Refer to Create a Monitoring Domain for detailed instructions.

  2. In the Monitoring Domain Configuration page, select No for the Use FM to Launch Fabric field as you are going to configure the fabric components in AWS Orchestrator.
  3. In your AWS environment, you can deploy GigaVUE V Series Nodes or V Series proxy using the following methods: 

Register GigaVUE V Series Nodes or Proxy using User Data

To register GigaVUE V Series Nodes or proxy using the user data in AWS GUI:

  1. On the Instances page of AWS EC2, click Launch instances. The Launch Instance wizard appears. For detailed information, refer to Launch an instance using the Launch Instance Wizard topic in Amazon EC2 Documentation.
  2. On the Step 3: Configure Instance Details tab, enter the User data as text in the following format and deploy the instance. The GigaVUE V Series Nodes or V Series proxy uses this user data to generate config file (/etc/gigamon-cloud.conf) used to register with GigaVUE-FM. You can also install custom certificates to GigaVUE V Series Node or Proxy, refer to the below table for details:

    Field

    User Data

    User data without custom certificate

    Copy
    #cloud-config
     write_files:
     - path: /etc/gigamon-cloud.conf
       owner: root:root
       permissions: '0644'
       content: |
         Registration:
            groupName: <Monitoring Domain Name>
            subGroupName: <VPC Name>
            user: <Username>
            password: <Password>
            remoteIP: <IP address of the GigaVUE-FM> or <IP address of the Proxy>
            remotePort: 443

    User data with custom certificate

    Copy
    #cloud-config
     write_files:
     - path: /etc/cntlr-cert.conf
       owner: root:root
       permissions: "0644"
       content: |
          -----BEGIN CERTIFICATE-----
          <certificate content>
          -----END CERTIFICATE-----
     - path: /etc/cntlr-key.conf
       owner: root:root
       permissions: "400"
       content: |
          -----BEGIN PRIVATE KEY-----
          <private key content>
          -----END PRIVATE KEY-----
     - path: /etc/gigamon-cloud.conf
       owner: root:root
       permissions: '0644'
       content: |
         Registration:
             groupName: <Monitoring Domain Name>
             subGroupName: <VPC Name>
             user: <Username>
             password: <Password>
             remoteIP: <IP address of the GigaVUE-FM> or <IP address of the Proxy>
             remotePort: 443

    Note:  The minimum value for the authentication key encryption length provided during the key generation is 2048.

    • You can register your GigaVUE V Series Node directly with GigaVUE‑FM or you can use GigaVUE V Series Proxy to register your GigaVUE V Series Node with GigaVUE‑FM. If you wish to register GigaVUE V Series Node directly, enter the remotePort value as 443 or if you wish to deploy GigaVUE V Series Node using V Series proxy then, enter the remotePort value as 8891.
    • User and Password must be configured in the User Management page. Refer to Configure Role-Based Access for Third Party Orchestration for more detailed information. Enter the UserName and Password created in the Add Users Section.
  3. You can navigate to Instances > Actions > Instance Settings > Edit user data and edit the user data.

Register GigaVUE V Series Node or Proxy using a configuration file

To register GigaVUE V Series Node or Proxy using a configuration file:

  1. Log in to the GigaVUE V Series Node or Proxy.
  2. Edit the local configuration file (/etc/gigamon-cloud.conf) and enter the following user data. You can also install custom certificates to GigaVUE V Series Node or Proxy, refer to the below table for details:
    Copy
    Registration:
        groupName: <Monitoring Domain Name>
        subGroupName: <VPC Name>
        user: <Username>
        password: <Password>
        remoteIP: <IP address of the GigaVUE-FM>
        remotePort: 443

    Note:  If you wish to register GigaVUE V Series Node using GigaVUE V Series Proxy then, enter the remotePort value as 8891.

  3. Restart theGigaVUE V Seriesproxy service. 
    • V Series node:
      $ sudo service vseries-node restart
    • V Series proxy:
      $ sudo service vps restart

The deployed GigaVUE V Series node or proxy registers with the GigaVUE-FM. After successful registration theGigaVUE V Series node or proxy sends heartbeat messages to GigaVUE-FM every 30 seconds. If one heartbeat is missing ,the fabric components status appears as 'Unhealthy'. If more than five heartbeats fail to reach GigaVUE-FM, GigaVUE‑FM tries to reach the GigaVUE V Series node or proxy and if that fails as well then GigaVUE‑FM unregisters the GigaVUE V Series node or proxy and it will be removed from GigaVUE‑FM.

Configure UCT-V Controller in AWS

You can configure more than one UCT-V Controller in a monitoring domain.

To configure UCT-V Controller in AWS platform:

  1. Before configuring GigaVUE fabric components through AWS, you must create a monitoring domain in GigaVUE-FM. While creating the monitoring domain, select UCT-V as the Traffic Acquisition Method. Refer to Create a Monitoring Domain for detailed instructions.
  2. In the Monitoring Domain Configuration page, select No for the Use FM to Launch Fabric field as you are going to configure the fabric components in AWS Orchestrator.
  3. In your AWS environment, launch the UCT-V Controller AMI instance using any of the following methods:

    Register UCT-V Controller using User Data

    To register UCT-V Controller using the user data in AWS GUI:

    1. On the Instances page of AWS EC2, click Launch instances. The Launch Instance wizard appears. For detailed information, refer to Launch an instance using the Launch Instance Wizard topic in Amazon EC2 Documentation.
    2. On the Step 3: Configure Instance Details tab, enter the User data as text in the following format and deploy the instance. The UCT-V Controller uses this user data to generate config file (/etc/gigamon-cloud.conf) used to register with GigaVUE-FM. You can also install custom certificates to UCT-V Controller, refer to the below table for details:

      Field

      User Data

      User data without custom certificate

      Copy
      #cloud-config
       write_files:
       - path: /etc/gigamon-cloud.conf
         owner: root:root
         permissions: '0644'
         content: |
           Registration:
              groupName: <Monitoring Domain Name>
              subGroupName: <VPC Name>
              user: <Username>
              password: <Password>
              remoteIP: <IP address of the GigaVUE-FM>
              sourceIP: <IP address of UCT-V Controller> (Optional Field)
              remotePort: 443

      User data with custom certificate

      Copy
      #cloud-config
       write_files:
       - path: /etc/cntlr-cert.conf
         owner: root:root
         permissions: "0644"
         content: |
            -----BEGIN CERTIFICATE-----
            <certificate content>
            -----END CERTIFICATE-----
       - path: /etc/cntlr-key.conf
         owner: root:root
         permissions: "400"
         content: |
            -----BEGIN PRIVATE KEY-----
            <private key content>
            -----END PRIVATE KEY-----
       - path: /etc/gigamon-cloud.conf
         owner: root:root
         permissions: '0644'
         content: |
           Registration:
               groupName: <Monitoring Domain Name>
               subGroupName: <VPC Name>
               user: <Username>
               password: <Password>
               remoteIP: <IP address of the GigaVUE-FM>
               sourceIP: <IP address of UCT-V Controller> (Optional Field)
               remotePort: 443

      Note:  The minimum value for the authentication key encryption length provided during the key generation is 2048.

    3. You can navigate to Instances > Actions > Instance Settings > Edit user data and edit the user data.

    The UCT-V Controller deployed in AWS EC2 appears on the Monitoring Domain page of GigaVUE-FM.

    Register UCT-V Controller using a configuration file

    To register UCT-V Controller using a configuration file:

    1. Log in to the UCT-V Controller.
    2. Edit the local configuration file (/etc/gigamon-cloud.conf) and enter the following user data. You can also install custom certificates to UCT-V Controller, refer to the below table for details:
      Copy
      Registration:
          groupName: <Monitoring Domain Name>
          subGroupName: <VPC Name>
          user: <Username>
          password: <Password>
          remoteIP: <IP address of the GigaVUE-FM>
          sourceIP: <IP address of UCT-V Controller> (Optional Field)
          remotePort: 443
    3. Restart the UCT-V Controller service.
      $ sudo service uctv-cntlr restart

    Assign Static IP address for UCT-V Controller

    By default, the UCT-V Controller gets assigned an IP address using DHCP. If you wish to assign a static IP address, follow the steps below:

    1. Navigate to /etc/netplan/ directory.
    2. Create a new .yaml file. (Other than the default 50-cloud-init.yaml file)
    3. Update the file as shown in the following sample:
      Copy
      network:
              version: 2
              renderer: networkd
              ethernets:
                      ens3:
                              addresses:
                                      - <IP address>
                              gateway: <IP address>
                      ens4:
                              addresses:
                                      - <IP address>
                              gateway: <IP address>
                      ens5:
                              addresses:
                                      - <IP address>
                              gateway: <IP address>
    4. Save the file.
    5. Restart theUCT-V Controller service.
      $ sudo service uctv-cntlr restart

The deployed UCT-V Controller registers with the GigaVUE-FM. After successful registration the UCT-V Controller sends heartbeat messages to GigaVUE-FM every 30 seconds. If one heartbeat is missing ,the fabric components status appears as 'Unhealthy'. If more than five heartbeats fail to reach GigaVUE-FM, GigaVUE‑FM tries to reach the UCT-V Controller and if that fails as well then GigaVUE‑FM unregisters the UCT-V Controller and it will be removed from GigaVUE‑FM.

Configure UCT-V in AWS

UCT-V should be registered via the registered UCT-V Controller and communicates through PORT 8891.

Note:  Deployment of UCT-Vs through a third-party orchestrator is supported on Linux and Windows platforms. Refer to Linux UCT-V Installation and Windows UCT-V Installation for detailed information.

To register UCT-V using a configuration file:

  1. Install the UCT-V in the Linux or Windows platform. For detailed instructions, refer to Linux UCT-V Installation and Windows UCT-V Installation.

  2. Log in to the UCT-V.
  3. Create a local configuration file and enter the following user data.
    • /etc/gigamon-cloud.conf is the local configuration file in Linux platform.
    • C:\ProgramData\uctv\gigamon-cloud.conf is the local configuration file in Windows platform.
    Copy
    Registration:
        groupName: <Monitoring Domain Name>
        subGroupName: <VPC Name>
        user: <Username>
        password: <Password>
        remoteIP: <IP address of the UCT-V Controller 1>,
        <IP address of the UCT-V Controller 2>
        sourceIP: <IP address of UCT-V> (Optional Field)
        remotePort: 8891
    • If you are using multiple interface in UCT-V and UCT-V Controller is not connected to the primary interface, then add the following to the above registration data:
      localInterface:<Interface to which UCT-V Controller is connected>
    • User and Password must be configured in the User Management page. Refer to Configure Role-Based Access for Third Party Orchestration for more detailed information. Enter the UserName and Password created in the Add Users Section.
  4. Restart the UCT-V service.
    • Linux platform:
      $ sudo service uctv restart
    • Windows platform: Restart from the Task Manager.

Note:  You can configure more than one UCT-V Controller for a UCT-V, so that if one UCT-V Controller goes down, the UCT-V registration will happen through another Controller that is active.

The deployed UCT-V registers with the GigaVUE-FM through the UCT-V Controller. After successful registration the UCT-V sends heartbeat messages to GigaVUE-FM every 30 seconds. If one heartbeat is missing, UCT-V status appears as 'Unhealthy'. If more than five heartbeats fail to reach GigaVUE-FM, GigaVUE‑FM tries to reach the UCT-V and if that fails as well then GigaVUE‑FM unregisters the UCT-V and it will be removed from GigaVUE‑FM.

Keep in mind the following when upgrading the GigaVUE-FM to 6.1.00 or higher version (when using third party orchestration to deploy fabric components):

When upgrading GigaVUE-FM to any version higher than 6.0.00 and if the GigaVUE V Series Nodes version deployed in that GigaVUE-FM is lower than or equal to 6.0.00, then for the seamless flow of traffic, GigaVUE-FM automatically creates Users and Roles in GigaVUE-FM with the required permission. The username would be orchestration, and the password would be orchestration123A! for the user created in GigaVUE-FM. Ensure there is no existing user in GigaVUE-FM, with the username orchestration.

Once the upgrade is complete, it is recommended that the password be changed on the Users page. Refer to Configure Role-Based Access for Third Party Orchestration for detailed steps on how to change password in the user page.