Virtualization
Hypervisor Version |
Storage Requirements |
Virtual Processor Requirements |
Virtual Memory Requirements |
|---|---|---|---|
VMware ESXi 7.0+ |
32GB Disk |
4 vCPUs |
4GB |
Firewall
For proper operation, Crawler must communicate with cloud hosted Backend services from eth0 interface. The following exceptions must be made on the customer firewall(s) to ensure that the Crawler can reach these destinations.
FQDN |
Required for Crawler Operation |
Direct/Proxy |
Description |
|---|---|---|---|
loupe-m.nyansa.com:443 (loupe-m.eu.nyansa.com for EU) |
Yes |
Direct |
Receives incoming messages from ENI Crawlers. |
loupe-v.nyansa.com:443 |
Yes |
Direct |
OpenVPN server for Crawler VPN connections |
loupe-h.nyansa.com:443 |
Yes |
Direct |
HTTP Proxy server. |
config.nyansa.com:443 (config.eu.nyansa.com for EU) |
Yes |
Direct |
ENI config server for handing out configurations to ENI Crawlers. |
52.25.152.121:443 |
Yes |
Direct |
Static IP for loupe-v3.nyansa.com. Used for customers who do not support dynamic IPs on their Firewall. |
34.210.220.2:443 |
Yes |
Direct |
Static IP for loupe-h2.nyansa.com. Used for customers who do not support dynamic IPs on their Firewall. |
52.35.46.106:443 |
Yes |
Direct |
Static IP for loupe-m2.nyansa.com. Used for customers who do not support dynamic IPs on their Firewall. |
loupe-v3.nyansa.com:443 |
Yes |
Direct |
Required for customers who do not support dynamic IPs on their Firewall (52.25.152.121:443). |
loupe-m2.nyansa.com:443 |
Yes |
Direct |
Required for customers who do not support dynamic IPs on their Firewall (52.35.46.106:443). |
loupe-h2.nyansa.com:443 |
Yes |
Direct |
Required for customers who do not support dynamic IPs on their Firewall (34.210.220.2:443). |
DNS Server
EI Crawler automatically gathers information about IoT clients and workloads when ingesting flow data via SPAN port. For all discovered endpoints, EI maintains a list of network parameters including MAC, IP, Hostname and more.
EI Crawler attempts to derive Description and Hostname of the client utilizing captured DHCP and DNS exchanges. If the endpoint is using DHCP, crawler inspects DHCP exchange messages and extract option 12 which specifies hostname of the endpoint. If the endpoint has a static IP assigned, crawler attempts to perform reverse DNS lookup from the management eth0 interface with the DNS server configured during crawler’s deployment. FQDN is then used to populate description and derive hostname of the endpoint. If both methods are unsuccessful, EI uses MAC address of the endpoint for the description and no hostname.
Since not having human readable description and hostname would pose challenges to the admins identifying and monitoring endpoints, it is highly recommended to create forward and reverse DNS entries for Static endpoints.
DVS Portgroups Configuration
The EI Crawler's Eth0 interface serves as a management interface, facilitating communication with the Backend SaaS-based Portal and enabling the upload of collected data. For this purpose, create a new Management or utilize an existing DVS port group, ensuring it is configured with the VLAN Type: VLAN (Access).
The Eth1 interface of the EI Crawler functions as a SPAN port, designed to ingest data via the Distributed Virtual Switch (DVS) Port Mirroring Session set up in vCenter. It is recommended to establish a dedicated DVS port group for this, configured with the VLAN Type: VLAN (Access).
For instructions on configuring Distributed Port Groups, please consult the VMware vSphere documentation.
Portal Access
Deploying and operating the VECO Telemetry requires access to the cloud-hosted Edge Intelligence UI Portal at https://my-domain-name.nyansa.com/, where 'my-domain-name' is a unique domain assigned to each customer upon account provisioning.
Each customer is allocated an administrator account of their choice. Instructions for setting up the password for this account are directly emailed to the address provided by the customer.
If you have not received an email from 'Voyance Support' containing password reset instructions, please coordinate with your account team to have an Admin account created for you.
