Create a Monitoring Domain

GigaVUE-FM connects to the AWS Platform through the public API endpoint. HTTPS is the default protocol which GigaVUE-FM uses to communicate with the API. For more information about the endpoint and the protocol used, refer to AWS service endpoints.

GigaVUE-FM provides you the flexibility to monitor multiple VPCs. You can choose the VPC ID and launch the GigaVUE fabric components in the desired VPCs.

Note: To configure the Monitoring Domain and launch the fabric components in AWS, you must be a user with fm_super_admin role or a user with write access to the Infrastructure Management category. Refer to Role Based Access Control for more detailed information.

Prerequisites:

Before configuring creating a Monitoring Domain in GigaVUE-FM, you must first complete one of the following actions, depending on your deployment option.

Deployment Options	Reference Topics
Deploying GigaVUE Fabric Components using GigaVUE-FM	Create AWS Credentials
Deploying GigaVUE Fabric Components using AWS - Third Party Orchestration	Configure Role-Based Access for Third Party Orchestration

To create a Monitoring Domain:

Go to Inventory > VIRTUAL > AWS , and then click Monitoring Domain.
On the Monitoring Domain page, click the New button. The Monitoring Domain Configuration page appears.
Click Check Permissions and validate whether you have the required permissions.

Enter or select the appropriate information as shown in the following table.

Field

Action

Monitoring Domain

An alias used to identify the monitoring domain.

Traffic Acquisition Method

Select a tapping method. The available options are:

■

UCT-V: UCT-Vs are deployed on your VMs to acquire the traffic and forward the acquired traffic to the GigaVUE V Series Nodes. If you select UCT-V as the tapping method, you must configure the UCT-V Controller to communicate to the UCT-Vs from GigaVUE-FM.
You can also configure the UCT-V Controller and UCT-Vs from your own orchestrator. Refer to Configure GigaVUE Fabric Components in AWS using Third Party Orchestration - Integrated Mode for detailed information.

■

VPC Traffic Mirroring: If you select the VPC Traffic Mirroring option, the mirrored traffic from your workloads is directed directly to the GigaVUE V Series nodes, and you need not configure the UCT-Vs and UCT-V Controllers.
For more information on VPC Peering, refer to VPC peering connections in the AWS Documentation. Peering is required to send mirrored traffic from other VPCs into a centralized GigaVUE V Series deployment.
You can choose to use an external load balancer for VPC Traffic Mirroring. Select Yes to use load balancer. Refer to Configure AWS Elastic Load Balancing for detailed information.
UCT-V Controller configuration is not applicable for VPC Traffic Mirroring.VPC mirroring does not support cross-account solutions without a load balancer.For VPC Traffic Mirroring option, additional permissions are required. Refer to the Permissions and Privileges (AWS) topic for details. After deploying the Monitoring Session, a traffic mirror session is created in your AWS VPC consisting of a session, a filter, sources, and targets. For more details, refer to Traffic Mirroring in AWS Documentation.

■

Customer Orchestrated Source: If you use select Customer Orchestrated Source as the tapping method, you can use the Customer Orchestrated Source as a source option in the monitoring session, where the traffic is directly tunneled to the GigaVUE V Series nodes without deploying UCT-Vs and UCT-V Controllers. The user is responsible for creating this tunnel feed and pointing it to the GigaVUE V Series Node(s).

Note: When using Application Metadata Exporter (AMX) application, select the Traffic Acquisition Method as Customer Orchestrated Source.

Traffic Acquisition Tunnel MTU

The Maximum Transmission Unit (MTU) is the maximum size of each packet that the tunnel endpoint can carry from the UCT-V to the GigaVUE V Series node.

The default value is 8951.

When using IPv4 tunnels, the maximum MTU value is 8951. The UCT-V tunnel MTU should be 50 bytes less than the agent's destination interface MTU size.

When using IPv6 tunnels, the maximum MTU value is 8931. The UCT-V tunnel MTU should be 70 bytes less than the agent's destination interface MTU size.

Use FM to Launch Fabric

Select Yes Configure GigaVUE Fabric Components in GigaVUE-FM to or select No to Configure GigaVUE Fabric Components in AWS using Third Party Orchestration - Integrated Mode.

Enable IPv6 Preference

(This appears only when Use FM to Launch Fabric is disabled and Traffic Acquisition Method is UCT-V)

Enable this option to create IPv6 tunnels between UCT-V and the GigaVUE V Series Nodes.

Connections

Note: You can add multiple connections in a Monitoring Domain. Refer to Create AWS Credentials for more information on adding multiple AWS Basic Credentials.

Name

An alias used to identify the connection.

Credential

Select an AWS credential. For detailed information, refer to Create AWS Credentials.

Region

AWS region for the monitoring domain. For example, US West.

Accounts

Select the AWS accounts

VPCs

Select the VPCs to monitor

Click Save.

The newly created Monitoring Domain appears in the list view of the Monitoring Domain page.

To edit a Monitoring Domain, select the deployed Monitoring Domain and click Actions. From the drop-down list, select Edit, the Monitoring Domain Configuration page appears.

Check Permissions while Creating a Monitoring Domain

To check the permissions while creating a Monitoring domain, follow the steps given below:

Go to Inventory > VIRTUAL > AWS, and then click Monitoring Domain. The Monitoring Domain page appears.
Click New. The Monitoring Domain Configuration page appears.
Enter the details as mentioned in the Create a Monitoring Domain section.
Click the Check Permission button. The Check Permissions widget opens.
Select the connection for which you wish to check the required permissions and then click Next.
Click on the Permission Status to view the missing permissions.
The ACCOUNTS tab lists the accounts and the permissions status. Review the accounts that has an error in the permission status.
The PERMISSIONS tab lists the permissions required to run GigaVUE Cloud Suite for AWS. Make sure to include all the permissions with Access Status as 'Denied' in the IAM policy.
The IAM POLICY tab lists the sample policy containing the required permissions for deploying the GigaVUE Cloud Suite for AWS. You must update the AWS IAM policy with the missing permissions that are highlighted in the JSON. To recheck the IAM policy, go to the PERMISSIONS tab and click the Recheck button.

When you click Copy or Download, the entire JSON will be copied or downloaded.

Note: After updating the IAM Policy, it takes around 5 minutes for the changes to reflect on the Check Permissions screen.

You can view the permission status reports in the Monitoring Domain page. Permission status reports consist of previously run Check permissions reports. They are auto purged once every 30 days. You can change the purge interval from the Advanced Settings page. Refer to Configure AWS Settingsfor more detailed information.

To view permission status report, in the Monitoring Domain page, click Actions > View Permission Status Report. To view or delete individual reports, select the report and click Actions button.

What to do Next:

Based on your chosen deployment option, perform any of the following actions:

Use FM to Launch Fabric is enabled: You are navigated to the AWS Fabric Launch Configuration page. Refer to Configure GigaVUE Fabric Components in GigaVUE-FM for more detailed information on how to deploy GigaVUE Fabric Components using GigaVUE-FM.
Use FM to Launch Fabric is disabled: You must deploy GigaVUE Fabric Components using AWS. Refer to Configure GigaVUE Fabric Components in AWS using Third Party Orchestration - Integrated Mode Configure GigaVUE Fabric Components in AWS using Third Party Orchestration - Integrated Modefor more detailed information on how to deploy GigaVUE Fabric Components using AWS.