CMS Pre-requisites
- 12 Apr 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
CMS Pre-requisites
- Updated on 12 Apr 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
About this Article
This article provides the required pre-requisites VSP CMS on both VM and Kubernetes based environments. It covers the system requirements, firewall rules and the external URLs that need high-speed internet access.
Refer to Environment Setup for detailed steps on setting up the required infrastructure for CMS and Probe installation.
Refer to Environment Setup for detailed steps on setting up the required infrastructure for CMS and Probe installation.
Network Requirements (VM/Kubernetes)
All nodes (on both VM and Kubernetes environments) should have high-speed internet access to the below URL list:
- From LFR to the Artifactory URL: https://artifacts.virsec.work/ui/
- From CMS (VSP Controller component) to the URLs:
- Reversing Labs: ticloud-cdn-api.reversinglabs.com, https://ticloud-aws1-api.reversinglabs.com
- (Optional) Virus Total: https://www.virustotal.com/
- VSP Licenses: https://flex1298.compliance.flexnetoperations.com/
VM
The pre-requisites for CMS Installation on VM are:
- 8 CPU Cores
- 64 GB RAM
- 250 GB Disk Space
- Docker-compose version 1.29+
- Docker version – 18.x+
- OpenSSL (Version 2.8 and Above)
- 200 GB in /var partition
NOTE
Ensure that the CMS VM is in sync with the NTP server
Firewall Rules
Establish the below firewall rules for seamless communication among the VSP components:
Firewall rules for Version 3.0 and Above:
Source | Destination | Source Port | Destination Port | Protocol |
|---|---|---|---|---|
VSP Probe (Deployed on customer workload) | CMS | Any | 443, 9093 (On-Prem CMS), 9194 (SaaS CMS) | TCP |
VSP Probe (Deployed on customer workload) | Remote vRule Engine (Optional) | Any | 55555 | TCP |
[AWS Environment ONLY] JReports Service (CMS) | CMS (Other Services) | Any | 1129 | TCP |
[AWS Environment ONLY] cms-client service (CMS) | CMS (Other Services) | Any | 443* | HTTPS |
Firewall rules for Version 2.8 - 2.11:
Source | Destination | Source Port | Destination Port | Protocol |
|---|---|---|---|---|
VSP Probe (Deployed on customer workload) | CMS | Any | 443, 9093 | TCP |
VSP Probe (Deployed on customer workload) | Remote vRule Engine (Optional) | Any | 55555 | TCP |
VSP Probe (Deployed on customer workload) | LFR | Any | 8443 | TCP |
[AWS Environment ONLY] JReports Service (CMS) | CMS (Other Services) | Any | 1129 | TCP |
[AWS Environment ONLY] cms-client service (CMS) | CMS (Other Services) | Any | 443* | HTTPS |
Firewall rules for Version 2.7:
Source | Destination | Source Port | Destination Port | Protocol |
|---|---|---|---|---|
VSP Probe (Deployed on customer workload) | CMS | Any | 443, 9092 (Secure Kafka not enabled) OR 9093 (Secure Kafka enabled) | TCP |
VSP Probe (Deployed on customer workload) | Remote vRule Engine (Optional) | Any | 55555 | TCP |
VSP Probe (Deployed on customer workload) | LFR | Any | 80 | TCP |
[AWS Environment ONLY] JReports Service (CMS) | CMS (Other Services) | Any | 1129 | TCP |
[AWS Environment ONLY] cms-client service (CMS) | CMS (Other Services) | Any | 443* | HTTPS |
* Security Group must be configured to allow reachability between Internal IP and Public IP
Kubernetes
(Not supported yet on VSP 3.0)
The pre-requisites for CMS Installation on Kubernetes are:
- Master and Worker Nodes must be in Ready state
- For Kubernetes Management Node:
- kubectl (Version: 1.19+) must be available to control the Kubernetes Cluster
- docker (Version: 1.13+) must be available (Not required if CI/CD phases are executed from customer’s existing CI/CD machines)
- Operating System: Any Linux System
- For Kubernetes Worker Node CMS Services Pod:
- Disc space: Min 28 GB in /var partition
- Internet connectivity is required for the installation of some dependencies if Alpine/Debian installers are utilized
- Minimum Specification
- Single Node – 64 GB (Recommended); 32 GB (Minimum)
- Multiple Nodes – 32 GB (Recommended); 16 GB (Minimum)
- Remote vRule (if applicable) – 4 GB (Minimum)
Firewall Rules
Establish the below firewall rules for seamless communication among the VSP components:
Version 2.8 and Above:
Client | Server | Client Port | Server Port | Protocol |
|---|---|---|---|---|
VSP Probe (Deployed on customer workload) | LFR | Any | 8443 | TCP |
K8 Management Node | Certificate Generator | Any | 59090 | TCP |
VSP Probe (Deployed on customer workload) | CMS | Any | 443, 9093 | TCP |
VSP Probe (Deployed on customer workload) | Remote vRule Engine (Optional) | Any | 55555 | TCP |
Version 2.7:
Client | Server | Client Port | Server Port | Protocol |
|---|---|---|---|---|
VSP Probe (Deployed on customer workload) | CMS | Any | 443, | TCP |
VSP Probe (Deployed on customer workload) | Remote vRule Engine (Optional) | Any | 55555 | TCP |
Component Specifications
Table below lists the minimum configuration requirements for VSP CMS Components
| Component | Minimum Configuration | Operating System |
|---|---|---|
| LFR Pod | CPU: 1 CPU RAM: 1 GB | Debian 10 |
| Kafka Pod | CPU: 2 CPUs RAM: 4 GB | Alpine Linux |
| CMS Services Pod with CMS services and Ngnix Container | CPU: 8 CPUs RAM: 16 GB | Alpine Linux |
| Redis Container | CPU: 1 CPU RAM: 2 GB | Alpine Linux |
| MongoDB Container | CPU: 2 CPUs RAM: 8 GB | Alpine Linux |
Was this article helpful?