The design depicts deploying GigaVUE Cloud suite fabric components and Threat Insight sensor in a centralized VPC where the target VMs to be monitored reside. This design presumes monitoring of all traffic on target VMs. These target VMs will have GvTAP agents installed before forwarding it to the V Series node . However, you can choose to leverage VPC mirroring functionality supported by GigaVUE Cloud Suite to acquire the traffic from target VMs. In this GVD, we shall focus on deploying the Application Filtering Intelligence with dedup function on AWS. Additionally, based on deployment requirements, traffic received by V Series node can be further optimized using combination of application and map rules filtering before directing it to Threat Insight sensor over a VXLAN tunnel.

A typical Gigamon AWS deployment with Threat Insight sensor consists of the following components: 

• GigaVUE-FM(Fabric Manager): It provides an unified interface to deploy, configure, and manage the Gigamon visibility solution.
• G-vTAP Agent version 1.8-2: This is a lightweight agent for acquiring traffic on the EC2 targets. These agents can monitor traffic over single or multiple vNICs.
• G-vTAP Controller version 1.8-2: It is the control plane proxy between GigaVUE-FM and G-vTAP agents.
• GigaVUE-V Series Node version 2.4.0 (aka V Series 2.0): This is the traffic aggregator for the EC2 targets that support VPC mirroring. It supports various filtering and traffic optimization techniques to sanitize the traffic before forwarding it to the tools.
• Threat Insight Sensor: Guided-SaaS NDR to triage and investigate threats.

To learn more about this solution, read complete details on the Gigamon Community: Gaining-Pervasive-Visibility-into-AWS-environment-with-GigaVUE-Cloud-Suite-integration-with-Threat-Insight-Sensor-5-14