CMS Pre-requisites
- 21 Jan 2025
- 2 Minutes to read
- Print
- DarkLight
- PDF
CMS Pre-requisites
- Updated on 21 Jan 2025
- 2 Minutes to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback!
About this Article
This article provides the required pre-requisites VSP CMS on both VM and Kubernetes based environments. It covers the system requirements, firewall rules and the external URLs that need high-speed internet access.
Refer to Environment Setup for detailed steps on setting up the required infrastructure for CMS and Probe installation.
Network Requirements (VM/Kubernetes)
All nodes (on both VM and Kubernetes environments) should have high-speed internet access to the below URL list:
From LFR to the Artifactory URL: https://artifacts.virsec.work/ui/
From CMS (VSP Controller component) to the URLs:
Reversing Labs: ticloud-cdn-api.reversinglabs.com, https://ticloud-aws1-api.reversinglabs.com
(Optional) Virus Total: https://www.virustotal.com/
VSP Licenses: https://flex1298.compliance.flexnetoperations.com/
VM
The pre-requisites for CMS Installation on VM are:
8 CPU Cores
64 GB RAM
250 GB Disk Space
Docker-compose version 1.29+
Docker version – 18.x+
OpenSSL (Version 2.8 and Above)
200 GB in /var partition
NOTE
Ensure that the CMS VM is in sync with the NTP server
Firewall Rules
Establish the below firewall rules for seamless communication among the VSP components:
Firewall rules for Version 3.0 and Above:
Source | Destination | Source Port | Destination Port | Protocol |
|---|---|---|---|---|
VSP Probe (Deployed on customer workload) | CMS | Any | 443, 9093 (On-Prem CMS), 9194 (SaaS CMS) | TCP |
VSP Probe (Deployed on customer workload) | Remote vRule Engine (Optional) | Any | 55555 | TCP |
[AWS Environment ONLY] JReports Service (CMS) | CMS (Other Services) | Any | 1129 | TCP |
[AWS Environment ONLY] cms-client service (CMS) | CMS (Other Services) | Any | 443* | HTTPS |
Firewall rules for Version 2.8 - 2.11:
Source | Destination | Source Port | Destination Port | Protocol |
|---|---|---|---|---|
VSP Probe (Deployed on customer workload) | CMS | Any | 443, 9093 | TCP |
VSP Probe (Deployed on customer workload) | Remote vRule Engine (Optional) | Any | 55555 | TCP |
VSP Probe (Deployed on customer workload) | LFR | Any | 8443 | TCP |
[AWS Environment ONLY] JReports Service (CMS) | CMS (Other Services) | Any | 1129 | TCP |
[AWS Environment ONLY] cms-client service (CMS) | CMS (Other Services) | Any | 443* | HTTPS |
Firewall rules for Version 2.7:
Source | Destination | Source Port | Destination Port | Protocol |
|---|---|---|---|---|
VSP Probe (Deployed on customer workload) | CMS | Any | 443, 9092 (Secure Kafka not enabled) OR 9093 (Secure Kafka enabled) | TCP |
VSP Probe (Deployed on customer workload) | Remote vRule Engine (Optional) | Any | 55555 | TCP |
VSP Probe (Deployed on customer workload) | LFR | Any | 80 | TCP |
[AWS Environment ONLY] JReports Service (CMS) | CMS (Other Services) | Any | 1129 | TCP |
[AWS Environment ONLY] cms-client service (CMS) | CMS (Other Services) | Any | 443* | HTTPS |
* Security Group must be configured to allow reachability between Internal IP and Public IP
Kubernetes
(Not supported yet on VSP 3.0)
The pre-requisites for CMS Installation on Kubernetes are:
Master and Worker Nodes must be in Ready state
For Kubernetes Management Node:
kubectl (Version: 1.19+) must be available to control the Kubernetes Cluster
docker (Version: 1.13+) must be available (Not required if CI/CD phases are executed from customer’s existing CI/CD machines)
Operating System: Any Linux System
For Kubernetes Worker Node CMS Services Pod:
Disc space: Min 28 GB in /var partition
Internet connectivity is required for the installation of some dependencies if Alpine/Debian installers are utilized
Minimum Specification
Single Node – 64 GB (Recommended); 32 GB (Minimum)
Multiple Nodes – 32 GB (Recommended); 16 GB (Minimum)
Remote vRule (if applicable) – 4 GB (Minimum)
Firewall Rules
Establish the below firewall rules for seamless communication among the VSP components:
Version 2.8 and Above:
Client | Server | Client Port | Server Port | Protocol |
|---|---|---|---|---|
VSP Probe (Deployed on customer workload) | LFR | Any | 8443 | TCP |
K8 Management Node | Certificate Generator | Any | 59090 | TCP |
VSP Probe (Deployed on customer workload) | CMS | Any | 443, 9093 | TCP |
VSP Probe (Deployed on customer workload) | Remote vRule Engine (Optional) | Any | 55555 | TCP |
Version 2.7:
Client | Server | Client Port | Server Port | Protocol |
|---|---|---|---|---|
VSP Probe (Deployed on customer workload) | CMS | Any | 443, | TCP |
VSP Probe (Deployed on customer workload) | Remote vRule Engine (Optional) | Any | 55555 | TCP |
Component Specifications
Table below lists the minimum configuration requirements for VSP CMS Components
Component | Minimum Configuration | Operating System |
|---|---|---|
LFR Pod | CPU: 1 CPU | Debian 10 |
Kafka Pod | CPU: 2 CPUs | Alpine Linux |
CMS Services Pod with CMS services and Ngnix Container | CPU: 8 CPUs | Alpine Linux |
Redis Container | CPU: 1 CPU | Alpine Linux |
MongoDB Container | CPU: 2 CPUs | Alpine Linux |
Was this article helpful?