CMS Pre-requisites
  • 24 Jun 2024
  • 2 Minutes to read
  • Dark
    Light
  • PDF

CMS Pre-requisites

  • Dark
    Light
  • PDF

Article summary

About this Article
This article provides the required pre-requisites VSP CMS on both VM and Kubernetes based environments. It covers the system requirements, firewall rules and the external URLs that need high-speed internet access.
Refer to Environment Setup for detailed steps on setting up the required infrastructure for CMS and Probe installation.


Network Requirements (VM/Kubernetes)

All nodes (on both VM and Kubernetes environments) should have high-speed internet access to the below URL list:

  1. From LFR to the Artifactory URL: https://artifacts.virsec.work/ui/
  2. From CMS (VSP Controller component) to the URLs:
    1. Reversing Labs: ticloud-cdn-api.reversinglabs.com, https://ticloud-aws1-api.reversinglabs.com
    2. (Optional) Virus Total: https://www.virustotal.com/
    3. VSP Licenses: https://flex1298.compliance.flexnetoperations.com/ 


VM

The pre-requisites for CMS Installation on VM are:

  1. 8 CPU Cores
  2. 64 GB RAM
  3. 250 GB Disk Space
  4. Docker-compose version 1.29+
  5. Docker version – 18.x+
  6. OpenSSL (Version 2.8 and Above)
  7. 200 GB in /var partition
NOTE
Ensure that the CMS VM is in sync with the NTP server


Firewall Rules

Establish the below firewall rules for seamless communication among the VSP components:

   

Firewall rules for Version 3.0 and Above:

Source
Destination
Source Port
Destination Port
Protocol
VSP Probe (Deployed on customer workload)
CMS
Any

443, 

9093 (On-Prem CMS), 

9194 (SaaS CMS)

TCP
VSP Probe (Deployed on customer workload)
Remote vRule Engine (Optional)
Any
55555
TCP
[AWS Environment ONLY] JReports Service (CMS)
CMS (Other Services)

Any

1129
TCP
[AWS Environment ONLY] cms-client service (CMS)
CMS (Other Services)

Any
443*
HTTPS

Firewall rules for Version 2.8 - 2.11:

Source
Destination
Source Port
Destination Port
Protocol
VSP Probe (Deployed on customer workload)
CMS
Any

443, 9093

TCP
VSP Probe (Deployed on customer workload)
Remote vRule Engine (Optional)
Any
55555
TCP
VSP Probe (Deployed on customer workload)
LFR

Any
8443
TCP
[AWS Environment ONLY] JReports Service (CMS)
CMS (Other Services)

Any

1129
TCP
[AWS Environment ONLY] cms-client service (CMS)
CMS (Other Services)

Any
443*
HTTPS

Firewall rules for Version 2.7:

Source
Destination
Source Port
Destination Port
Protocol
VSP Probe (Deployed on customer workload)
CMS
Any

443, 9092 (Secure Kafka not enabled) OR 9093 (Secure Kafka enabled)

TCP
VSP Probe (Deployed on customer workload)
Remote vRule Engine (Optional)
Any
55555
TCP
VSP Probe (Deployed on customer workload)
LFR

Any
80
TCP
[AWS Environment ONLY] JReports Service (CMS)
CMS (Other Services)

Any

1129
TCP
[AWS Environment ONLY] cms-client service (CMS)
CMS (Other Services)

Any
443*
HTTPS

* Security Group must be configured to allow reachability between Internal IP and Public IP


Kubernetes

(Not supported yet on VSP 3.0)

The pre-requisites for CMS Installation on Kubernetes are:

  1. Master and Worker Nodes must be in Ready state
  2. For Kubernetes Management Node:
    1. kubectl (Version: 1.19+) must be available to control the Kubernetes Cluster
    2. docker (Version: 1.13+)  must be available (Not required if CI/CD phases are executed from customer’s existing CI/CD machines)
    3. Operating System: Any Linux System
  3. For Kubernetes Worker Node CMS Services Pod:
    1. Disc space: Min 28 GB in /var partition
    2. Internet connectivity is required for the installation of some dependencies if Alpine/Debian installers are utilized
    3. Minimum Specification
      1. Single Node – 64 GB (Recommended); 32 GB (Minimum)
      2. Multiple Nodes – 32 GB (Recommended); 16 GB (Minimum)
      3. Remote vRule (if applicable) – 4 GB (Minimum)


Firewall Rules

Establish the below firewall rules for seamless communication among the VSP components:

 

Version 2.8 and Above:

Client
Server
Client Port
Server Port
Protocol
VSP Probe (Deployed on customer workload)
LFR
Any

8443

TCP
K8 Management Node
Certificate Generator
Any

59090

TCP
VSP Probe (Deployed on customer workload)
CMS
Any

443, 9093

TCP
VSP Probe (Deployed on customer workload)
Remote vRule Engine (Optional)
Any
55555
TCP

Version 2.7:

Client
Server
Client Port
Server Port
Protocol
VSP Probe (Deployed on customer workload)
CMS
Any

443,
9092 (Secure Kafka not enabled) OR
9093 (Secure Kafka enabled)

TCP
VSP Probe (Deployed on customer workload)
Remote vRule Engine (Optional)
Any
55555
TCP


Component Specifications

Table below lists the minimum configuration requirements for VSP CMS Components

ComponentMinimum ConfigurationOperating System
LFR PodCPU: 1 CPU
RAM: 1 GB
Debian 10
Kafka PodCPU: 2 CPUs
RAM: 4 GB
Alpine Linux
CMS Services Pod with CMS services and Ngnix ContainerCPU: 8 CPUs
RAM: 16 GB
Alpine Linux
Redis ContainerCPU: 1 CPU
RAM: 2 GB
Alpine Linux
MongoDB ContainerCPU: 2 CPUs
RAM: 8 GB
Alpine Linux



Was this article helpful?

What's Next