- 26 Dec 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
CMS Pre-requisites
- Updated on 26 Dec 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Refer to Environment Setup for detailed steps on setting up the required infrastructure for CMS and Probe installation.
Network Requirements (VM/Kubernetes)
All nodes (on both VM and Kubernetes environments) should have high-speed internet access to the below URL list:
- From LFR to the Artifactory URL: https://artifacts.virsec.work/ui/
- From CMS (VSP Controller component) to the URLs:
- Reversing Labs: ticloud-cdn-api.reversinglabs.com, https://ticloud-aws1-api.reversinglabs.com
- (Optional) Virus Total: https://www.virustotal.com/
- VSP Licenses: https://flex1298.compliance.flexnetoperations.com/
VM
The pre-requisites for CMS Installation on VM are:
- 8 CPU Cores
- 64 GB RAM
- 250 GB Disk Space
- Docker-compose version 1.29+
- Docker version – 18.x+
- OpenSSL (Version 2.8 and Above)
- 200 GB in /var partition
Firewall Rules
Establish the below firewall rules for seamless communication among the VSP components:
Firewall rules for Version 3.0 and Above:
Source | Destination | Source Port | Destination Port | Protocol |
---|---|---|---|---|
VSP Probe (Deployed on customer workload) | CMS | Any | 443, 9093 (On-Prem CMS), 9194 (SaaS CMS) | TCP |
VSP Probe (Deployed on customer workload) | Remote vRule Engine (Optional) | Any | 55555 | TCP |
[AWS Environment ONLY] JReports Service (CMS) | CMS (Other Services) | Any | 1129 | TCP |
[AWS Environment ONLY] cms-client service (CMS) | CMS (Other Services) | Any | 443* | HTTPS |
Firewall rules for Version 2.8 - 2.11:
Source | Destination | Source Port | Destination Port | Protocol |
---|---|---|---|---|
VSP Probe (Deployed on customer workload) | CMS | Any | 443, 9093 | TCP |
VSP Probe (Deployed on customer workload) | Remote vRule Engine (Optional) | Any | 55555 | TCP |
VSP Probe (Deployed on customer workload) | LFR | Any | 8443 | TCP |
[AWS Environment ONLY] JReports Service (CMS) | CMS (Other Services) | Any | 1129 | TCP |
[AWS Environment ONLY] cms-client service (CMS) | CMS (Other Services) | Any | 443* | HTTPS |
Firewall rules for Version 2.7:
Source | Destination | Source Port | Destination Port | Protocol |
---|---|---|---|---|
VSP Probe (Deployed on customer workload) | CMS | Any | 443, 9092 (Secure Kafka not enabled) OR 9093 (Secure Kafka enabled) | TCP |
VSP Probe (Deployed on customer workload) | Remote vRule Engine (Optional) | Any | 55555 | TCP |
VSP Probe (Deployed on customer workload) | LFR | Any | 80 | TCP |
[AWS Environment ONLY] JReports Service (CMS) | CMS (Other Services) | Any | 1129 | TCP |
[AWS Environment ONLY] cms-client service (CMS) | CMS (Other Services) | Any | 443* | HTTPS |
* Security Group must be configured to allow reachability between Internal IP and Public IP
Kubernetes
(Not supported yet on VSP 3.0)
The pre-requisites for CMS Installation on Kubernetes are:
- Master and Worker Nodes must be in Ready state
- For Kubernetes Management Node:
- kubectl (Version: 1.19+) must be available to control the Kubernetes Cluster
- docker (Version: 1.13+) must be available (Not required if CI/CD phases are executed from customer’s existing CI/CD machines)
- Operating System: Any Linux System
- For Kubernetes Worker Node CMS Services Pod:
- Disc space: Min 28 GB in /var partition
- Internet connectivity is required for the installation of some dependencies if Alpine/Debian installers are utilized
- Minimum Specification
- Single Node – 64 GB (Recommended); 32 GB (Minimum)
- Multiple Nodes – 32 GB (Recommended); 16 GB (Minimum)
- Remote vRule (if applicable) – 4 GB (Minimum)
Firewall Rules
Establish the below firewall rules for seamless communication among the VSP components:
Version 2.8 and Above:
Client | Server | Client Port | Server Port | Protocol |
---|---|---|---|---|
VSP Probe (Deployed on customer workload) | LFR | Any | 8443 | TCP |
K8 Management Node | Certificate Generator | Any | 59090 | TCP |
VSP Probe (Deployed on customer workload) | CMS | Any | 443, 9093 | TCP |
VSP Probe (Deployed on customer workload) | Remote vRule Engine (Optional) | Any | 55555 | TCP |
Version 2.7:
Client | Server | Client Port | Server Port | Protocol |
---|---|---|---|---|
VSP Probe (Deployed on customer workload) | CMS | Any | 443, | TCP |
VSP Probe (Deployed on customer workload) | Remote vRule Engine (Optional) | Any | 55555 | TCP |
Component Specifications
Table below lists the minimum configuration requirements for VSP CMS Components
Component | Minimum Configuration | Operating System |
---|---|---|
LFR Pod | CPU: 1 CPU RAM: 1 GB | Debian 10 |
Kafka Pod | CPU: 2 CPUs RAM: 4 GB | Alpine Linux |
CMS Services Pod with CMS services and Ngnix Container | CPU: 8 CPUs RAM: 16 GB | Alpine Linux |
Redis Container | CPU: 1 CPU RAM: 2 GB | Alpine Linux |
MongoDB Container | CPU: 2 CPUs RAM: 8 GB | Alpine Linux |