Prerequisites for Application Metadata Exporter

Prerequisites for AWS

Prerequisites to follow when creating a monitoring domain and deploying a GigaVUE V Series Node in AWS:

  • Select Traffic Acquisition Method as Customer Orchestrated Source. For details, refer to Create a Monitoring Domain.
  • Select Instance type with three or more NICs. For details on deploying a GigaVUE V Series Node, refer to Configure GigaVUE Fabric Components in GigaVUE-FM.
  • When the Traffic Acquisition Method is selected as Customer Orchestrated Source, the Volume Size field appears on the AWS Fabric Launch Configuration page. Enter the Volume Size as 80GB.

Prerequisites for Azure

Prerequisites to follow when creating a monitoring domain and deploying GigaVUE V Series node in Azure:

  • Select Traffic Acquisition Method as Customer Orchestrated Source. For details, refer to Create Monitoring Domain .
  • Select Size with three or more NICs. For details on deploying a GigaVUE V Series Node, refer to .
  • When the Traffic Acquisition Method is selected as Customer Orchestrated Source, the Disk Size field appears on the Azure Fabric Launch Configuration page. Enter the Disk Size as 80GB.

Prerequisites for VMware

Prerequisites to follow when creating a monitoring domain and deploying GigaVUE V Series Node in VMware:

Prerequisites for Export of GigaVUE Enriched Metadata for Cloud Workloads

This section provides the detailed steps to perform in each platform for exporting the enriched metadata from cloud workloads.

AWS:

The following section describes how to set up IAM roles with the least privileges for exporting GigaVUE Enriched Metadata for Cloud Workloads:

  1. Create two IAM roles.
    • First one is for AMX instance that gets launched to let it access assume role (sts) service. (AMXEC2Role)
    • Second one is with ec2ReadOnlyAccess permission. (AMXToAssumeRole)

  2. Map the instance role to an assume role that has AmazonEC2ReadOnlyAccess permissions.

    1. Copy ARN name of the AMXEC2Role.
    2. Click AMXToAssumeRole > Trust Relationships > Edit Trust Policy.
    3. Click Add a principal.
    4. Select IAM role as Principal Type. Paste the copied AMXEC2Role ARN. This is the critical step of mapping two IAM roles.
    5. Click Add principal > Update Policy.

  3. Add the arn of AMXToAssumeRole in AMX ingestion configuration options.

    1. Copy ARN and add as aws_assume_role_arn in the AWS ingestion configuration.
    2. If aws_assume_role_arn is configured, you do not need to provide token and keys.
  4. (optional) Create an SQS queue. For details, refer to Create a queue using the Amazon SQS console in AWS documentation.
  5. (optional) Create an EventBridge Rule. In the Select Target field, select the SQS queue created in the previous step. For details, refer to Creating rules that react to events in Amazon EventBridge in AWS documentation.
  6. (optional) Add SQS URL in AMX ingestion configuration options.

    Copy the url and add as aws_sqs_url in AWS ingestion configuration.

Azure:

Perform the following steps to configure in Azure for exporting enriched metadata from Azure workloads:

  1. Create a Storage Account under the Resource Group. For details, refer to Create an Azure storage account in Azure documentation.
  2. Create a Storage Queue under the Storage Account. For details, refer to Quickstart: Create a queue and add a message with the Azure portal in Azure Documentation.
  3. Under the Storage Account > Access Control (IAM). Select “Storage Queue Data Contributor” and select your ID to add the IAM role. For details, refer to Assign Azure roles using the Azure portal.
  4. (Optional) Create an Event subscription. For details, refer to Create an event subscription section in Azure documentation.
  5. In the Storage queue, switch the Authentication method to Access key.

The following section describes how to set up IAM permissions in Azure for exporting GigaVUE Enriched Metadata for Cloud Workloads:

Register an application and assign a role to the application with the following set of minimum IAM permissions. For details, refer to Register an application with Microsoft Entra ID and create a service principal and Assign a role to the application in the Azure documentation.

Minimum IAM permission required:

Microsoft.Network/virtualNetworks/read
Microsoft.Network/publicIPAddresses/read
Microsoft.Network/networkSecurityGroups/read
Microsoft.Compute/virtualMachineScaleSets/read
Microsoft.Compute/virtualMachines/read
Microsoft.Compute/images/read
Microsoft.Network/networkInterfaces/read
Microsoft.Resources/subscriptions/read
Microsoft.Resources/subscriptions/resourceGroups/read

VMware:

The following are the prerequisites:

  • URL - The URL of VMware vCenter.
  • Username - Username of the VMware vCenter
  • Password - vCenter password used to connect to the vCenter
  • Self Signed Certificate
    • True - When self signed certificate = true, use the default certificate.
    • False - When self signed certificate = false, use a PKI certificate. For details, refer to Replace the Default Certificate with a Custom Certificate Using the vSphere Client section in VMware documentation.

      Note:  The default CA trust store is supported based on the Ubuntu version 22.04.4. You cannot update the default trust store to include internal CA certificates.

  • Ensure that the VM tools are installed on the ESXi hosts that are being monitored to fetch the properties of the virtual machines.
  • The minimum role required for exporting GigaVUE Enriched Metadata from VMware is Read Only Role. For details, refer to vCenter Server System Roles section in VMware documentation.