Getting Started with NETSCOUT Application Performance Management for Amazon Web Services - 733-1612 Rev. A
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Getting Started with NETSCOUT Application
Performance Management for Amazon Web Services
733-1612 Rev. A
Contents
NETSCOUT SYSTEMS, INC.
Westford, MA 01886
Telephone: 978.614.4000
Fax: 978.614.4004
Web: http://www.netscout.com
Use of this product is subject to the End User License Agreement available at http://www.netscout.com/legal/
terms-and-conditions/or which accompanies the product at the time of shipment or, if applicable, the legal
agreement executed by and between NETSCOUT SYSTEMS, INC., and the purchaser of this product
(“Agreement”).
Government Use and Notice of Restricted Rights: In U.S. government ("Government") contracts or
subcontracts, Customer will provide that the Products and Documentation, including any technical data
(collectively "Materials"), sold or delivered pursuant to this Agreement for Government use are commercial
as defined in Federal Acquisition Regulation ("FAR") 2.101 and any supplement and further is provided with
RESTRICTED RIGHTS. All Materials were fully developed at private expense. Use, duplication, release,
modification, transfer, or disclosure ("Use") of the Materials is restricted by the terms of this Agreement and
further restricted in accordance with FAR 52.227-14 for civilian Government agency purposes and 252.227-
7015 of the Defense Federal Acquisition Regulations Supplement ("DFARS") for military Government agency
purposes, or the similar acquisition regulations of other applicable Government organizations, as applicable
and amended. The Use of Materials is restricted by the terms of this Agreement, and, in accordance with
DFARS Section 227.7202 and FAR Section 12.212, is further restricted in accordance with the terms of
NETSCOUT's commercial End User License Agreement. All other Use is prohibited, except as described
herein.
This Product may contain third-party technology. NETSCOUT may license such third-party technology and
documentation ("Third-Party Materials") for use with the Product only. In the event the Product contains
Third-Party Materials, or in the event you have the option to use the Product in conjunction with Third-Party
Materials (as identified by NETSCOUT in the applicable Documentation), then such third-party materials are
provided or accessible subject to the applicable third-party terms and conditions contained in the “Read Me”
or “About” file located on the Application CD for this Product. To the extent the Product includes Third-Party
Materials licensed to NETSCOUT by third parties, those third parties are third-party beneficiaries of, and may
enforce, the applicable provisions of such third-party terms and conditions.
Open-Source Software Acknowledgment: This product may incorporate open-source components that are
governed by the GNU General Public License ("GPL") or licenses that are compatible with the GPL license
("GPL Compatible License"). In accordance with the terms of the GPL or the applicable GPL Compatible
License, NETSCOUT will make available a complete, machine-readable copy of the source code components
of this product covered by the GPL or applicable GPL Compatible License, if any, upon receipt of a written
request. Please identify the product and send a request to:
NETSCOUT SYSTEMS, INC.
GPL Source Code Request
310 Littleton Road
Westford, MA 01886
Attn: Legal Department
ii
Trademark and copyright notices:
© 2020 NETSCOUT SYSTEMS, INC. All rights reserved. NETSCOUT, the NETSCOUT logo, Guardians of the
Connected World, InfiniStream, nGenius, nGeniusONE, Psytechnics, Simena, and Sniffer are registered
trademarks; ASI, Fox Replay, Hyperlock, the Psytechnics logo, and TestStream are trademarks; and
MasterCare and ServiceONE are a service mark of NETSCOUT SYSTEMS, INC. and/or its affiliates in the United
States and/or other countries (“NETSCOUT”).
All other brands and product names and registered and unregistered trademarks are the sole property of
their respective owners. Dell, the DELL logo, and PowerEdge are trademarks of Dell Inc.
Microsoft, Windows, Windows Server, and MS-DOS are either trademarks or registered trademarks of
Microsoft Corporation in the United States and/or other countries.
Red Hat and Enterprise Linux are registered trademarks of Red Hat, Inc. in the United States and other
countries.
VMware and vSphere are registered trademarks or trademarks (the “Marks”) of VMware, Inc. in the United
States and/or other jurisdictions.
Citrix and XenServer are trademarks of Citrix Systems, Inc. and/or more of its subsidiaries, and may be
registered in the United States Patent and Trademark Office and in other countries.
Sun and Solaris are trademarks of Sun Microsystems, Inc. or its subsidiaries in the United States and other
countries.
NETSCOUT SYSTEMS, INC. disclaims any proprietary interest in trademarks and trade names other than its
own.
NETSCOUT reserves the right, at its sole discretion, to make changes at any time in its technical information,
specifications, service, and support programs.
Getting Started with NETSCOUT Application Performance Management for Amazon Web Services
733-1612 Rev. A
Copyright 2021 NETSCOUT SYSTEMS, INC. All rights reserved.
iii
Contacting NETSCOUT SYSTEMS, INC.
Customer Support
The best way to contact Customer Support is to submit a Support Request:
https://my.netscout.com/mcp/Pages/Landing.aspx
Telephone: In the US, call 888-357-7667; outside the US, call
001 978-614-4000. Phone support hours are 8 a.m. to 8 p.m. Eastern Standard Time (EST).
E-mail: awssupport@netscout.com
When you contact Customer Support, the following information can be helpful in
diagnosing and solving problems:
— Type of network platform
— Software, operating system, and kernel versions
— EC2 instance type, AWS Region, and AWS Availability Zone
— License type (BYOL or PAYG), license number, and your organization’s name
— The text of any error messages
— Supporting screen images, logs, and error files, as appropriate
— A detailed description of the problem
Sales
Call 800-357-7666 for the sales office nearest your location.
Education and Training
Education and training resources including course listings, product certification, webinars,
and case studies are available at:
http://www.netscout.com/education/overview/
iv
Contents
Introducing NETSCOUT Smart Data Solutions for
Hybrid Cloud Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Solution Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Detailed Deployment Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
System Requirements – Amazon Web Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Skills and Specialized Knowledge Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Licensing Models – BYOL and PAYG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
About BYOL Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
About Pricing and Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Deployment Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Obtaining BYOL Licensing Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Launching NETSCOUT Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Assign a Public IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Template Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Security Group Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Instance Type Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Connecting to Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Deploying vSTREAM Agent from Virtual nGeniusONE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
AWS Traffic Acquisition –
Ingress Routing and Traffic Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Configuring AWS VPC Traffic Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Virtual nGeniusONE Deployment Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Operational Guidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Maintaining Visibility on System Health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Using the Server Health Summary in nGeniusONE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Using the Instrumentation Health Summary in nGeniusONE . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Using the Notification Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Snapshot and Backup Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Backing Up nGeniusONE and vSTREAM Virtual Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Backing Up vSTREAM Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Snapshot Examples by Target RPO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Routine Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Security Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Disaster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Disaster Recovery: Key Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Sample Disaster Recovery Plans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Availability Zone Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Region Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Activating MasterCare Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
v
vi
Getting Started with Application Performance
Management for AWS
This document describes how to get started using nGeniusONE®44 Service Assurance platform
with Amazon Web Services (AWS). See the following sections for details:
• "Introducing NETSCOUT Smart Data Solutions for Hybrid Cloud Monitoring" on page 8
• "System Requirements – Amazon Web Services" on page 11
• "Deployment Summary" on page 15
• "Obtaining BYOL Licensing Information" on page 16
• "Launching NETSCOUT Templates" on page 16
• "Deploying vSTREAM Agent from Virtual nGeniusONE" on page 31
• "AWS Traffic Acquisition – Ingress Routing and Traffic Mirroring" on page 31
• "Virtual nGeniusONE Deployment Notes" on page 39
• "Operational Guidance" on page 40
• "Security Notes" on page 44
• "Disaster Recovery" on page 45
Additional Resources
NETSCOUT® Systems strongly recommends that you read this document in its entirety, as well as
the most recent versions of the following additional documentation available online at
My.NETSCOUT:
• vSTREAM Installation Guide
• Virtual nGeniusONE Installation Guide
• Agent Administrator Guide for CDM/ASI
• nGeniusONE documentation and Online Help
Note: For the most current and comprehensive information, visit the NETSCOUT Technical Support
knowledge base at the following URL: https://my.netscout.com/pages/mcplanding.aspx. This site
contains related documents, tips, FAQs, and suggested workarounds. You can also download
updated copies of product documentation from this site.
7
Introducing NETSCOUT Smart Data Solutions for
Hybrid Cloud Monitoring
NETSCOUT smart data solutions provide end-to-end visibility on application workloads and their
dependencies on compute, network, and storage infrastructure in hybrid cloud environments.
nGeniusONE provides application performance management for AWS and allows you to:
• Migrate application workloads to AWS cloud with confidence.
• Assure the performance of the application in AWS cloud and hybrid environments.
• Deliver a consistent and high quality user experience before, during and after cloud
migration.
Figure 1 illustrates a sample hybrid deployment with a physical nGeniusONE server operating as
a Distributed Global Manager in the data center. The nGeniusONE server manages a Virtual
nGeniusONE server deployed in the public cloud together with its associated vSTREAM Agents and
vSTREAM virtual appliances, minimizing public cloud throughput charges.
Figure 1 Application Performance Management for AWS
8 Introducing NETSCOUT Smart Data Solutions for
Solution Components
The NETSCOUT Application Performance Management solution consists of the Virtual
nGeniusONE console, vSTREAM virtual appliances, and vSTREAM agents, working together to
deliver an overarching view into the performance of all infrastructure and application components
across geographically dispersed data centers and cloud (Figure 2).
Figure 2 Detailed View of NETSCOUT Components
The table below summarizes the role of each of these components:
vSTREAM Agent
• Installers for Linux and Windows bundled with Virtual nGeniusONE AMI.
• Install vSTREAM agent on same AMI as target monitored applications in the cloud.
• The data source for AWS cloud visibility in the NETSCOUT Application Performance
Management solution for AWS:
• Reports on key performance indicators
• Provides access to packet-level data by forwarding packets to vSTREAM.
• Optimized for ASI visibility with minimal footprint.
• Manage with Virtual nGeniusONE.
vSTREAM Virtual Appliance
• Deploy as a virtual appliance in AWS EC2 using NETSCOUT’s configurable Cloud
Formation Templates and ready-made AMI.
• Scalable provisioning depending on Instance Type selected during deployment.
• Receives traffic forwarded from multiple vSTREAMs for full ASI analysis and packet
decodes.
• Manage and visualize received data with vSTREAM.
Virtual nGeniusONE
• Delivers overarching view into the performance of all infrastructure and application
components associated with delivering IP-based services.
• Deploys as a virtual appliance using NETSCOUT’s configurable Cloud Formation
Template and ready-made AMI.
• Provides seamless management of vSTREAM agent, vSTREAM virtual appliance, and
InfiniStream appliances.
• Integrate with Distributed Global Manager in data center (for example, over
Amazon's Direct Connect service) for end-to-end visibility.
9
Detailed Deployment Architecture
Figure 3 illustrates a sample of a multi-VPC, load-balanced deployment, including an auto-scaling
application with multi-AZ databases. Note the following:
• nGeniusONE and vSTREAM virtual appliances reside in a separate VPC from the monitored
Application deployment. Although this example shows both VPCs in the same AWS Region,
they can also be in separate regions. Management traffic is shown in blue in the figure.
• NETSCOUT’s CloudFormation templates in the AWS Marketplace are used to perform the
deployment of nGeniusONE and vSTREAM virtual appliance instances.
• vSTREAM Agents are installed on each Web, Application, and Database server targeted for
monitoring. Monitored traffic is forwarded to vSTREAM virtual appliances in GRE/UDP
tunnels shown in green in the figure below.
You can either install vSTREAM Agents manually using the instructions in "Deploying
vSTREAM Agent from Virtual nGeniusONE" on page 31 or you can use the
NETSCOUT-provided Ansible Playbook (vstream_agent_playbook.yml) to automate
deployment of vSTREAM Agent software to multiple hosts with a single command. Refer to
“Installing vSTREAM as an Agent Using Ansible Playbook,” in the vSTREAM Installation Guide
for details on using the NETSCOUT Ansible Playbook.
• NETSCOUT recommends that you use a unique identifier of the monitored Web,
Application, and Database servers as the serial number (nsprobeid) for the corresponding
vSTREAM Agent used to monitor its traffic. This makes it easier to associate a vSTREAM
Agent data source with its monitored server in nGeniusONE. Refer to the vSTREAM
Installation Guide for details on configuring serial numbers for vSTREAM data sources.
vSTREAM Agent
Figure 3 Detailed Deployment Diagram
10 Introducing NETSCOUT Smart Data Solutions forSystem Requirements – Amazon Web Services
Table 1 summarizes the necessary requirements to deploy the NETSCOUT Smart Data solution for
AWS:
Table 1 Deployment Requirements
Component Description
Amazon Web Services Account You must have an active Amazon Web Services account with access to the EC2
Management Console to deploy in an AWS environment.
Amazon Web Services The Amazon Web Services account used to deploy NETSCOUT Smart Data
Permissions solutions must have appropriate permissions granted. The simplest way to do
this is to grant the AdministratorAccess policy. However, if granting
administrator access is not acceptable in your environment, assign the
following policies to the account used to deploy NETSCOUT components:
• Assign the built-in AmazonEC2FullAccess policy.
• Create a custom policy with a permission for Full access to the
CloudFormation service and assign it.
It’s easiest to grant these permissions in the AWS Organizations visual editor.
Note that granting these permissions complies with the “principle of least
privilege” – these are the minimum permissions required to deploy the
solution.
Refer to "Security Notes" on page 44 for more information on best practices for
the security of NETSCOUT Smart Data solutions.
Static Private IP Address & Bring Your Own License (BYOL) Deployments
License Information If you are deploying NETSCOUT Smart Data solutions using the BYOL model,
you will need a static private IP address for Virtual nGeniusONE. You use this IP
address to complete the product registration procedure and obtain the Serial
Number and Password to be entered in the CloudFormation templates and
deploy the BYOL AMIs from the AWS Marketplace. Refer to "Obtaining BYOL
Licensing Information" on page 16 for details.
Note: A static IP address is only needed for BYOL deployments. If you are
deploying using the Pay As You Go model (PAYG), you do not need a static IP
address.
Existing AWS VPC An existing AWS VPC with subnets for both Management and Monitoring.
Route Tables/Security Groups Appropriate Route Tables and Security Groups for communication between
nGeniusONE and vSTREAMs.
NTP Server Access Access to an NTP Server for accurate timestamps in NETSCOUT analysis.
NETSCOUT recommends using Amazon Time Sync Services. Note that NTP is
enabled by default.
Access to Marketplace Images You must have access to the NETSCOUT Application Performance Management
AMI images in the AWS Marketplace in the AWS region you are using.
SSH Key Pair You must have a key pair for SSH access to deployed AMIs. You can create or
import the key pair in AWS using these instructions.
Note: SSH key pairs are created in AWS:
• Public keys are in AWS, are not confidential and are protected at the
account level.
• Private keys are stored by the user and are their responsibility to protect.
11Skills and Specialized Knowledge Recommendations
Table 2 summarizes recommended skills and specialized knowledge for deployment of the
NETSCOUT Smart Data solution for AWS:
Table 2 Skills and Specialized Knowledge Recommendations
AWS Component Description
AWS Core Services • Understanding of EC2 Core services, including Marketplace.
• Understanding of EC2 backup, snapshot, and restore processes.
• High level understanding of AWS networking services, including VPCs,
Subnets, Route Tables, Elastic/Public IP addresses, and Security Group.
AWS CloudFormation • Able to launch a Stack from a predefined CloudFormation Template.
• Optional – Understanding of YAML.
AWS IAM • Able to attach AWS Managed IAM Policies to an IAM User running the
deployment, either directly or via a Group.
Tools for AWS • Able to write scripts for regular maintenance of the EC2. There are multiple
tools for scripting available, including AWS Command Line Tools and AWS
SDKs. You can see a list of all supported Tools for Amazon Web Services
here.
Licensing Models – BYOL and PAYG
NETSCOUT Smart Data solutions are available in the AWS Marketplace as both BYOL (Bring Your
Own License) and PAYG (Pay As You Go) deployments for both Commercial and GovCloud
environments:
• BYOL – In the BYOL model, you purchase an instance license for Virtual nGeniusONE from
NETSCOUT systems in addition to sufficient vCPU license blocks to cover managed
vSTREAMs. This is the same model as solutions purchased directly from NETSCOUT
systems. Refer to "About BYOL Licenses" on page 13 for details on BYOL licenses.
• PAYG – In the PAYG model, you pay AWS for usage of Virtual nGeniusONE on either an
annual or hourly basis. Virtual nGeniusONE deployments using the PAYG model can
manage vSTREAMs up to a specific vCPU limit specified by the selected CFT (8 in this
release).
Note: If you require additional vSTREAM vCPUs, you can extend the Virtual nGeniusONE
PAYG deployment’s capacity by applying additional BYOL vCPU block licenses.
Table 3 summarizes the available CFT templates for both BYOL and PAYG deployments:
Table 3 Available CFT Templates by License Type
Deployment
Type Description Available CFT Templates
Bring Your • Purchase vNG1 license from NETSCOUT • Virtual nGeniusONE and vSTREAM
Own License based on static IP address. Install using • vSTREAM Only
license utility. • Virtual nGeniusONE Only
• Purchase 8-vCPU block licenses to cover all
managed vSTREAM instances. Extend as
necessary with additional vSTREAM licenses.
Refer to "About BYOL Licenses" on page 13
for details.
12 System Requirements – Amazon Web ServicesTable 3 Available CFT Templates by License Type
Deployment
Type Description Available CFT Templates
Pay As You Go • Select a PAYG CFT template authorized to • Virtual nGeniusONE and vSTREAM (8 vCPU)
manage a specific number of vSTREAM • Virtual nGeniusONE Only (8 vCPU)
vCPUs on either an annual or hourly basis.
• Add vSTREAMs up to the specified vCPU
limit.
• In the rare case you require additional
vCPUs, purchase and apply additional BYOL
vSTREAM vCPU licenses.
About BYOL Licenses
This section describes licensing for deployments using the BYOL CFT templates:
• BYOL Virtual nGeniusONE provides support for fifty Type 1 monitoring interfaces.
• BYOL Virtual nGeniusONE must be licensed for the quantity of vSTREAM vCPUs you want
to manage in blocks of 8. This is summarized in Table 4:
Table 4 vSTREAM vCPU Licenses in nGeniusONE (BYOL)
License Type Description
vCPU Licenses NETSCOUT uses licenses to control the maximum number of vCPUs
provisioned across all vSTREAM instances managed by nGeniusONE.
You purchase and apply vSTREAM vCPU licenses in blocks of eight.
Keep in mind the following:
• vCPU blocks can be subdivided. For example, an 8-vCPU block
license could be shared by two separate vSTREAM instances, each
of which was assigned four vCPUs.
• Once a pool of vCPU licenses is exhausted, no more vSTREAM
instances can be added to the server.
• The pool of vSTREAM licenses is shared among all vSTREAM 6.2.1+
instances managed by nGeniusONE, regardless of whether they
are installed as an agent, container, or virtual appliance.
• The license pool for vSTREAM 6.2.1+ devices is completely
separate from the vCPU license pool for legacy vSCOUT and
vSTREAM-EMB devices released prior to 6.2.1.
nGeniusONE will display an error message if you try to add a vSTREAM
whose assigned vCPUs would exceed the licensed capacity.
Type 1 Interface Licenses Each 8-vCPU block license in use on the nGeniusONE server counts as
one Type 1 interface against the nGeniusONE Server’s total capacity
(50, by default, for a standalone server).
The Type 1 interface is debited from the local nGeniusONE server
when the first vCPU in the block is consumed by a vSTREAM added to
that nGeniusONE server. A second Type 1 interface is not debited until
the initial 8-vCPU block is fully consumed and a vSTREAM is added to
nGeniusONE that begins using a second 8-vCPU block.
Note: The PAYG Virtual nGeniusONE includes five Type-1 licenses,
which is more than sufficient for the single 8-vCPU vSTREAM block
license included in this release.
13About Pricing and Costs
The NETSCOUT site on the AWS Marketplace provides helpful tools that let you estimate the costs
of using NETSCOUT Smart Data solutions with different configuration choices. After navigating to
the NETSCOUT site on the AWS Marketplace, click on the Pricing tab and fill out the fields to
estimate your costs. Keep in mind that yoIur usage and costs may vary from the estimate
depending on actual usage.
Figure 4 Estimating Costs for NETSCOUT Application Performance Management Solutions
In addition, Support is included as part of the pricing on the page referenced above.
14 System Requirements – Amazon Web ServicesDeployment Summary
Deploying NETSCOUT Smart Data solutions consists of the following major steps:
1 If you are using one of the BYOL templates, work with your NETSCOUT Sales Representative
to obtain the necessary licensing information for both Virtual nGeniusONE and vSTREAM.
You will need to have a static private IP address for Virtual nGeniusONE in order to obtain
the Serial Number and Password from the NETSCOUT registration site to enter in the
CloudFormation Templates as part of the deployment for both products.
2 Install NETSCOUT Smart Data solution components in the following order:
a Virtual nGeniusONE and vSTREAM Virtual Appliance (the components deploy
together using the same CloudFormation Template).
b vSTREAM Virtual Appliance. Depending on the number of vSTREAM agents from
which you expect to forward traffic (and the quantity of traffic each agent will send),
you may want to install multiple vSTREAM virtual appliances.
Note: There is a separate BYOL CFT for a vSTREAM virtual appliance-only installation.
You can deploy additional vSTREAM virtual appliances either by using the vSTREAM
virtual appliance-only template or by cloning the vSTREAM virtual appliance
deployed in Step a using the combined Virtual nGeniusONE/vSTREAM Virtual
Appliance deployment.
Note: A PAYG Virtual nGeniusONE can manage vSTREAMs deployed using the BYOL
template so long as the total number of managed vSTREAM vCPUs does not exceed
the maximum authorized by the Virtual nGeniusONE PAYG CFT (8 in this release).
c vSTREAM Agent. The installers for vSTREAM Agent are bundled with the Virtual
nGeniusONE AMI. You can copy them to a target AMI from Virtual nGeniusONE and
install them using the standard installation procedure described in "Deploying
vSTREAM Agent from Virtual nGeniusONE" on page 31.
3 Optional: If you want to connect to deployed instances over the public internet (instead of
a VPN, for example), assign a public IP address to Virtual nGeniusONE.
4 Ensure that both vSTREAM virtual appliance and vSTREAM agent instances are
communicating properly with nGeniusONE:
• When you deploy vSTREAM virtual appliance in AWS, you enter the private IP address
of the managing Virtual nGeniusONE server in the CloudFormation template. This
lets vSTREAM virtual appliance add itself to nGeniusONE automatically immediately
upon boot up.
• When you install vSTREAM agent on a target AMI, you can either configure the private
IP address of the managing Virtual nGeniusONE server prior to installation or add the
vSTREAM agent manually after installation (both approaches are described in the
vSTREAM Installation Guide).
If for some reason an instance is not communicating properly with Virtual nGeniusONE, log
in to the command line of the vSTREAM, run the Agent Configuration utility, and make sure
that the Virtual nGeniusONE private IP address is specified under [4] Change Config Server
Address.
155 Configure Traffic Forwarding from vSTREAM agent sources to vSTREAM virtual appliance
destinations using Device Configuration in Virtual nGeniusONE. Refer to the vSTREAM
Installation Guide and the Virtual nGeniusONE online help for details.
Note: vSTREAM agents provide the data gathering engine for the NETSCOUT
Smart Data solution. However, in their default configuration, they do not provide
all of the functionality that vSTREAM virtual appliances do. Unless you’ve enabled
a packet store on your vSTREAM agents, you may want to forward traffic from
vSTREAM agent sources to vSTREAM virtual appliances for in-depth packet-level
analysis.
Obtaining BYOL Licensing Information
Use the following procedure to obtain the Serial Numbers and Passwords from the NETSCOUT
registration site to enter in the BYOL CloudFormation Templates as part of the deployment for
both Virtual nGeniusONE and vSTREAM.
Note: This procedure only applies to BYOL deployments; PAYG deployments are authorized
directly through the Marketplace.
1 When you purchase Virtual nGeniusONE or vSTREAM from NETSCOUT, you receive a
registration form that includes a registration key. Locate this form.
2 Open a web browser and navigate to https://my.netscout.com/mcp/Pages/default.aspx.
3 Navigate to Licensing & Downloads and follow the instructions there to enter your
registration key. You will also enter an IP address:
• If you are licensing Virtual nGeniusONE, you enter the static, private IP address to be
used for Virtual nGeniusONE in the AWS public cloud.
• If you are licensing vSTREAM, you enter the IP address of its managing Virtual
nGeniusONE server.
4 When you complete the registration procedure, you receive both a serial number and a
password (license key). Print the screen that contains this information. You will enter these
values in the CloudFormation templates when you deploy the Virtual nGeniusONE and
vSTREAM AMIs.
Launching NETSCOUT Templates
This section describes how to deploy the NETSCOUT Smart Data solution using the
CloudFormation templates and AMIs available in the NETSCOUT site on the AWS Marketplace:
Note: Do not install or configure Virtual nGeniusONE or vSTREAM as the root user.
1 Search the Amazon Marketplace for NETSCOUT.
The Amazon MarketPlace shows the entry for the NETSCOUT Application Management
Solution for AWS.
2 Click the button for the NETSCOUT Application Management Solution
for AWS.
3 Accept the Terms and Conditions for the NETSCOUT Application Management Solution
for AWS.
4 Click the Continue to Configuration button.
5 Select the type of deployment you want to perform by choosing from the following
Fulfillment Options/CloudFormation templates (Figure 5):
16 Obtaining BYOL Licensing Information• NETSCOUT Application Performance Management Solution for AWS (BYOL)
(installs both Virtual nGeniusONE and vSTREAM virtual appliance)
• NETSCOUT vSTREAM for AWS (BYOL)
• NETSCOUT Virtual nGeniusONE for AWS (BYOL)
• NETSCOUT Application Performance Management for AWS (PAYG)
(installs both Virtual nGeniusONE and vSTREAM virtual appliance)
• NETSCOUT Virtual nGeniusONE for AWS (PAYG)
Figure 5 Selecting the CloudFormation Template for the Deployment
6 Use the Software Version dropdown to select the version of the selected CFT to deploy.
7 Use the Region dropdown to specify the Availability Zone where the software should be
deployed.
8 Click Continue to Launch to continue.
9 Review the configuration details in the Launch page and click Launch when ready to
continue.
17The Create stack wizard appears with the Select Template screen prepopulated with the
selected CloudFormation template. For example, Figure 6 shows the Create stack wizard
prepopulated with the Virtual nGeniusONE and vSTREAM BYOL CloudFormation
template.
Figure 6 Create Stack Wizard with CFT for Virtual nGeniusONE and vSTREAM Selected
10 Click Next to continue.
11 The Specify Details screen appears. Supply a Stack name and fill out the Parameters for
the CloudFormation template using the information in "Template Parameters" on page 21.
Figure 7 shows an example of the combined Virtual nGeniusONE/vSTREAM CFT.
Note: You configure different parameters depending on the selected template.
"Template Parameters" on page 21 describes all of the available parameters.
18 Launching NETSCOUT TemplatesFigure 7 Supplying Values for the CloudFormation Template
12 When you have finished configuring the CloudFormation parameters, click Next to
continue.
13 The Options page appears, allowing you to configure the standard CloudFormation Stack
settings listed below. These are all optional; none are required. Use the links below to learn
more about these AWS options.
• Tags (key-value pairs)
• Permissions
• Rollback Triggers
• Advanced
When you have finished setting Options, click Next to continue.
14 The Create Stack Wizard displays a summary of the settings for the new stack. Review the
settings and use the Previous button to correct if necessary. When you are satisfied with
your settings, click Create stack to launch the new instance(s).
19The Stack Wizard begins to create the requested resources (Figure 8) and eventually
launches the instance.
Figure 8 Stack Creation in Progress
15 After a few minutes, you can see the instance(s) in the EC2 Management Console’s
Instances list. (Figure 9).
Figure 9 Newly Created Instances
20 Launching NETSCOUT TemplatesAssign a Public IP Address
By default, the NETSCOUT CFT templates do not assign a public IP address to deployed instances.
If you want to be able to connect to Virtual nGeniusONE and/or vSTREAM virtual appliances from
the public internet, make sure you allocate an elastic IP address to the instance after deployment.
Note: A public IP is automatically assigned by AWS if the subnet to
which you are adding Virtual nGeniusONE has the Enable
auto-assign public IPv4 address option enabled.
Once you’ve assigned a public IP address to an instance, you can connect to it from the Internet.
Open a web browser and connect to the public IP address for the Virtual nGeniusONE server and
see that its associated vSTREAM virtual appliance virtual appliance was automatically added in
Device Configuration and is available for analysis (Figure 9). For example:
https://:8443/console/
Note: Security Group settings for Virtual nGeniusONE require that
you use HTTPS instead of HTTP.
The default credentials for Virtual nGeniusONE are administrator/netscout1.
Figure 10 Virtual nGeniusONE Deployed in AWS with vSTREAM Virtual Appliance Automatically Added
Refer to "Connecting to Instances" on page 30 for information on opening an SSH connection to
the operating system of the new instances.
Template Parameters
Table 5 lists and describes the parameters you must supply as part of the deployment of the
NETSCOUT Smart Data solution CloudFormation templates. The table lists the parameters from
the combined Virtual nGeniusONE and vSTREAM virtual appliance template. If you are using one
of the templates for an individual Virtual nGeniusONE or vSTREAM virtual appliance, the
parameters you supply will be a subset of those in Table 5. Similarly, certain parameters only apply
to the BYOL or PAYG templates; these are called out in the table as such.
Table 5 Configuration Parameters for CloudFormation Templates
Parameter Description
Stack name Provide a unique name for this stack.
General Configuration
21Table 5 Configuration Parameters for CloudFormation Templates
Parameter Description
AvailabilityZone Select an AWS Availability Zone to be used for the deployment from
the dropdown list. The list includes the Availability Zones accessible
from your account
KeyName Select an existing keypair from the dropdown to be used for access to
the instance(s). You can review your existing keypairs in Network &
Security > Key Pairs from the EC2 Dashboard.
Virtual nGeniusONE Configuration
vnG1InstanceType Choose an Instance Type for the Virtual nGeniusONE deployment
from the dropdown list.
Each Instance Type provides a different combination of computing
resources (CPU, memory, storage, and networking). You can select
from the following Instance Types for Virtual nGeniusONE:
• m5.2xlarge
• m5.4xlarge
• m5.8xlarge
Refer to "Choosing an Instance Type for Virtual nGeniusONE" on
page 29 for guidance on selecting an Instance Type appropriate for
your needs.
NOTE: Instance Types are priced differently in the AWS Public Cloud
based on the amount of resources provisioned. Refer to
https://aws.amazon.com/ec2/instance-types for details.
vnG1ServerIP Supply a static, private IP address in an existing subnet belonging to
the target VPC.
Note: For BYOL deployments, this should match the IP address you
used to register Virtual nGeniusONE on the NETSCOUT MasterCare
Portal.
Note: The CloudFormation template only supports IPv4 addresses in
this release. Contact NETSCOUT for assistance if you require IPV6
support.
vnG1dbONEVolumeSize Specify the size of the Virtual nGeniusONE database in GB. The default
value is 1000 MB (1GB).
vnG1dbONEVolumeEncrypt Use the dropdown to specify whether the Virtual nGeniusONE storage
database (dbONE) should be encrypted. By default, it is not.
22 Launching NETSCOUT TemplatesTable 5 Configuration Parameters for CloudFormation Templates
Parameter Description
vSTREAM Configuration
vSTREAMInstanceType Choose an Instance Type for the vSTREAM virtual appliance
deployment from the dropdown list.
Each Instance Type provides a different combination of computing
resources (CPU, memory, storage, and networking). You can select
from the following Instance Types for vSTREAM virtual appliance:
• m5.2xlarge (BYOL and PAYG)
• m5.4xlarge (BYOL only; this instance type uses 16 vCPUs and
exceeds the PAYG Virtual nGeniusONE’s maximum capacity for
vSTREAM vCPUs of 8 in this release).
• m5.8xlarge (BYOL only; this instance type uses 32 vCPUs and
exceeds the PAYG Virtual nGeniusONE’s maximum capacity for
vSTREAM vCPUs of 8 in this release)
Refer to "Choosing an Instance Type for vSTREAM Virtual Appliance"
on page 29 for guidance on selecting an Instance Type appropriate for
your needs.
NOTE: Instance Types are priced differently in the AWS Public Cloud
based on the amount of resources provisioned. Refer to
https://aws.amazon.com/ec2/instance-types for details.
vSTREAMVolumeSize Specify the size of the vSTREAM virtual appliance storage volume.
Acceptable values range from 100-16,000 GB (16TB). The default is 100
GB.
The size of your storage volume corresponds directly to your ability to
store packet and ASI data on the monitoring vSTREAM virtual
appliance agent. Contact your Sales Representative for assistance in
choosing a volume size that balances expenses with your need to
preserve data based on expected traffic types and load.
vSTREAMVolumeEncrypt Use the dropdown to specify whether the vSTREAM virtual appliance
storage volume should be encrypted. By default, it is not.
Network
VpcId Use the dropdown to select an existing VPC for the deployment. If you
are deploying Virtual nGeniusONE and vSTREAM virtual appliance
together, both AMIs will be deployed in the same VPC.
If you have many VPCs associated with your account, you can type an
entry in the field to narrow the results to matching IDs or name tag
values.
MgmtSubnet Use the dropdown list to select an existing subnet for Management
traffic between Virtual nGeniusONE and managed vSTREAM devices.
The dropdown lists the subnets already provisioned for your account.
If you are deploying Virtual nGeniusONE and vSTREAM virtual
appliance together, the subnet selected here is used for the
Management port on both instances.
Note that the Capture and Management subnets must both be in
the same AWS Availability Zone (the Availability Zone selected for
the Virtual nGeniusONE deployment, above).
If you have many subnets associated with your account, you can type
an entry in the field to narrow the results to matching IDs or name tag
values.
23Table 5 Configuration Parameters for CloudFormation Templates
Parameter Description
CaptureSubnet Use the dropdown lists to select an existing subnet for the vSTREAM
virtual appliance monitoring interface. The dropdown lists the subnets
already provisioned for your account.
You can either select the same subnet you are using for Management
traffic or choose a different one. Note that the Capture and
Management subnets must both be in the same AWS Availability
Zone (the Availability Zone selected for the Virtual nGeniusONE
deployment, above).
In general, it’s a good practice to keep management traffic separate
from the capture subnet. This way, you aren’t adding additional traffic
to the monitored subnet and you also have a means of contacting a
managed vSTREAM if its capture subnet goes down.
If you have many subnets associated with your account, you can type
an entry in the field to narrow the results to matching IDs or name tag
values.
AccessLocation Use this field to limit the range of IP addresses from which the
deployed instance(s) will accept SSH connections. This field is
mandatory. However, if you want to allow SSH connections from any
location, you can enter a value of 0.0.0.0/0.
If you are deploying Virtual nGeniusONE and vSTREAM virtual
appliance together, the range specified here is used for SSH
connections to the Management port on both instances.
You can edit the Security Group settings later on to change the IP
addresses for which access is allowed. Refer to Working with Security
Groups in the AWS documentation for details.
Security Groups
Use these fields to assign Virtual nGeniusONE and vSTREAM interfaces to AWS Security Groups.
• If you leave these options set to CREATE (the default), the template automatically assigns the corresponding
interface to a Security Group with the necessary permissions and open ports to allow communications with
other NETSCOUT Smart Data solutions. Ports are opened in accordance with the principle of least privilege –
only the ports required for successful communications are opened.
• You can also supply the name of an existing Security Group. If you use an existing Security Group, you must
open the necessary ports manually using the information in "Security Group Details" on page 25.
Refer to "Security Group Details" on page 25 for details on which ports are opened for which Security Groups.
vnG1MgmtSecurityGroupID Use this field to assign the Virtual nGeniusONE’s Mgmt interface (eth0)
to a Security Group.
Refer to "About the Virtual nGeniusONE Mgmt Security Group" on
page 26 for details on the ports opened for this group.
vSTREAMMgmtSecurityGroupID Use this field to assign the vSTREAM virtual appliance’s Mgmt interface
(eth0) to a Security Group.
Refer to "About the vSTREAM Mgmt Security Group" on page 26 for
details on the ports opened for this group.
vSTREAMMonSecurityGroupID Use this field to assign the vSTREAM virtual appliance’s monitoring
interface (eth1) to a Security Group.
Refer to "About the vSTREAM Mon Security Group" on page 27 for
details on the ports opened for this group.
24 Launching NETSCOUT TemplatesTable 5 Configuration Parameters for CloudFormation Templates
Parameter Description
vSTREAMAgentSecurityGroupID Use this field to create a Security Group for use with vSTREAM Agent
interfaces.
Because vSTREAM Agents are installed on a third-party virtual
machine targeted for monitoring, this group is a container to which
you can assign desired interfaces on virtual machines with vSTREAM
Agent installed. Interfaces in this group will be able to perform
necessary communications with other interfaces in the Virtual
nGeniusONE and vSTREAM Security Groups.
Refer to "About the vSTREAM Agent Security Group" on page 28 for
details on the ports opened for this group.
License – BYOL Deployments Only
vSTREAMSerialNumber For BYOL deployments, supply the Serial Number and Password you
received from the MasterCare Portal when you registered your
vSTREAMPassword software in "Obtaining BYOL Licensing Information" on page 16.
vnG1 SerialNumber For BYOL deployments, supply the Serial Number and Password you
received from the MasterCare Portal when you registered your
vnG1Password software in "Obtaining BYOL Licensing Information" on page 16.
Make sure the IP address you used to obtain the Serial Number and
Password is the same as the one specified for the Virtual nGeniusONE
IP address in the template, above.
Security Group Details
As described in Table 5, the NETSCOUT CFT templates provide the options of creating AWS Security
Groups for Virtual nGeniusONE, vSTREAM virtual appliance, and vSTREAM Agent interfaces. This
section describes the ports opened by each of these Security Groups.
The default settings for NETSCOUT Security Groups ensure that the necessary communications
between NETSCOUT components in these different groups can take place successfully (for
example, interfaces in the vSTREAM Monitoring Security Group can receive traffic forwarded from
interfaces in the vSTREAM Agent Security Group).
If you did not create Security Groups as part of the CFT templates, you can also use the information
in these sections to open the necessary ports for NETSCOUT communications in your own Security
Groups:
• "About the Virtual nGeniusONE Mgmt Security Group" on page 26
• "About the vSTREAM Mgmt Security Group" on page 26
• "About the vSTREAM Mon Security Group" on page 27
• "About the vSTREAM Agent Security Group" on page 28
Table 6 lists the default Security Groups created by the NETSCOUT CFT templates. Following the
table, Figure 9 illustrates sample creation of these groups.
Table 6 NETSCOUT Smart Data Solutions Security Groups
Name Group Name Instance Interface
sg-vnG1-mgmt vnG1MgmtSecurityGroup Virtual nGeniusONE eth0 eth0
sg-vSTREAM-mgmt vStreamMgmtSecurityGroup vSTREAM Virtual Appliance eth0
Mgmt Port
25Table 6 NETSCOUT Smart Data Solutions Security Groups
Name Group Name Instance Interface
sg-vSTREAM-mon vStreamMonSecurityGroup vSTREAM Virtual Appliance eth1
Monitoring Port
sg-vSTREAM Agent vStreamAgentSecurityGroup vSTREAM Agents User assigned
Figure 11 NETSCOUT Security Groups
About the Virtual nGeniusONE Mgmt Security Group
The Virtual nGeniusONE Security Group allows packets and selected ports from interfaces in the
sg-vSTREAM-mgmt and sg-vSTREAM Agent groups as summarized in Table 7.
Table 7 Traffic Allowed by Virtual nGeniusONE Mgmt Security Group
Description Protocol Port Range
HTTP from interfaces in vSTREAM Mgmt and vSTREAM Agent TCP 8080
Security Groups.
HTTPS from interfaces in vSTREAM Mgmt and vSTREAM Agent TCP 8443
Security Groups.
SSH, as configured by AccessLocation parameter in CTP Template SSH 22
NETSCOUT SNMP Traps from interfaces in vSTREAM Mgmt and UDP 395
vSTREAM Agent Security Groups.
TFTP, remote upgrades from interfaces in vSTREAM Mgmt Security UDP 69
Group.
All ICMP-IPv4 (PING) from interfaces in vSTREAM Mgmt and vSTREAM All N/A
Agent Security Groups.
About the vSTREAM Mgmt Security Group
The vSTREAM Mgmt Security Group allows packets and selected ports from interfaces in the
sg-vnG1-mgmt and sg-vSTREAM Agent groups as summarized in Table 8.
Table 8 Traffic Allowed by vSTREAM Mgmt Security Group
Description Protocol Port Range
HTTP from interfaces in Virtual nGeniusONE Mgmt Security Group. TCP 8080
HTTPS from interfaces in Virtual nGeniusONE Mgmt Security Groups. TCP 8443
SSH, as configured by AccessLocation parameter in CTP Template TCP 22
26 Launching NETSCOUT TemplatesTable 8 Traffic Allowed by vSTREAM Mgmt Security Group
Description Protocol Port Range
All ICMP-IPv4 (PING) from interfaces in vSTREAM Mgmt and vSTREAM All N/A
Agent Security Groups.
About the vSTREAM Mon Security Group
The vSTREAM Mon Security Group accepts GRE and UDP from interfaces in the vSTREAM Agent
Security Group, allowing monitoring interfaces to accept traffic tunneled from vSTREAM Agents, as
summarized in Table 9.
Table 9 Traffic Allowed by vSTREAM Mon Security Group
Description Protocol Port Range
GRE from interfaces in vSTREAM Agent Security Group. GRE (47) All
UDP from interfaces in vSTREAM Agent Security Group. UDP 50100
Note: If you are using VPC Traffic Mirroring on VXLAN as part of your forwarding
solution, the traffic mirror target must have UDP Port 4789 open in order to receive
traffic.
27About the vSTREAM Agent Security Group
The vSTREAM Agent Security Group allows packets and selected ports from interfaces in the
sg-vnG1-mgmt and sg-vSTREAM-mgmt groups as summarized in Table 10.
Note: Because vSTREAM Agents are installed on third-party virtual machines targeted for
monitoring (for example, a web server), you must assign vSTREAM Agent interfaces manually to
the vSTREAM Agent Security Group (or open the ports listed in Table 10 for whatever group the
vSTREAM Agent’s interface already belongs to).
Table 10 Traffic Allowed by vSTREAM Agent Security Group
Description Protocol Port Range
HTTP from interfaces in Virtual nGeniusONE Mgmt Security Group. TCP 8080
HTTPS from interfaces in Virtual nGeniusONE Mgmt Security Groups. TCP 8443
SSH, as configured by AccessLocation parameter in CTP Template TCP 22
All ICMP-IPv4 (PING) from interfaces in Virtual nGeniusONE Mgmt All N/A
and vSTREAM Mgmt Security Groups.
Instance Type Recommendations
The CloudFormation templates for the NETSCOUT Application Performance Management solution
let you select an Instance Type for both the Virtual nGeniusONE and vSTREAM virtual appliance
virtual machines. Each Instance Type provides a different combination of computing resources
(CPU, memory, storage, and networking; refer to Table 11) and is priced differently based on the
amount of resources provisioned.
Refer to the sections below for guidance on selecting an Instance Type for both Virtual
nGeniusONE and vSTREAM virtual appliance:
• "Choosing an Instance Type for Virtual nGeniusONE" on page 29
• "Choosing an Instance Type for vSTREAM Virtual Appliance" on page 29
Note: I Refer to https://aws.amazon.com/ec2/instance-types for details on instance types.
Table 11 Summary of Instance Types for NETSCOUT Smart Data Solutions
Dedicated EBS Network
Instance Type vCPUs Memory Storage Bandwidth (Mbps) Performance
m5.2xlarge 8 32 GB EBS-only Up to 4,750 Up to 10 Gbps
m5.4xlarge 16 64 GB EBS-only 4,750 Up to 10 Gbps
m5.8xlarge 32 128 GB EBS-only 6,800 10 Gbps
28 Launching NETSCOUT TemplatesChoosing an Instance Type for Virtual nGeniusONE
Table 12 provides guidance on selecting an instance type for Virtual nGeniusONE.
Table 12 Instance Type Recommendations per Managed Interfaces and System Load
ASI Flows/
5-Minute Concurrent
Instance Type vCPUs Memory Managed Interfaces Polling Reports Users
m5.2xlarge 8 32 GB 20 Type 1 interfaces/ 1 million 50 10
Recommended for
general-purpose
deployments.
m5.4xlarge 16 64 GB 40 Type 1 interfaces1 1.5 million 50 10
Recommended for high
usage environments.
m5.8xlarge 32 128 GB 50 Type 1 interfaces1 2 million 50 10
Recommended for highest
usage environments.
1. To support the full allotment of 50 Type 1 interfaces included with a full license, provision Virtual nGeniusONE with a minimum of
48 GB of RAM (64 GB recommended) and 24 vCPUs.
Choosing an Instance Type for vSTREAM Virtual Appliance
Table 13 provides guidance on selecting an instance type for vSTREAM.
Table 13 System Requirements per vSTREAM
System Monitoring
Scenario vCPUs Memory Drive Storage Drive Interfaces
m5.2xlarge 8 32 GB 50 GB 100 GB – 16 TB Up to four vNICs
Recommended for general-purpose
Configure the Note: NETSCOUT
deployments. recommends choosing
volume size to
balance your one of the .4xlarge or
m5.4xlarge (BYOL Only) 16 64 GB 50 GB
packet retention .8xlarge Instance Types
Recommended if the Subscriber
for any vSTREAM virtual
Table is enabled for integration with needs with costs.
appliance provisioned
nGenius Business Intelligence or Larger drives cost with 4 vNICs.
when using the URL discovery more but keep
option. packets longer.
m5.8xlarge 32 128 GB 50 GB
Recommended for deployments
with multiple packet forwarding
destinations and/or Omnis adaptors;
refer to the vSTREAM Installation
Guide for details.
Note that only the m5.2xlarge instance type is available for PAYG vSTREAM deployments. This is
because the m5.4xlarge and m5.8xlarge instance types use more vCPUs than the PAYG Virtual
nGeniusONE’s maximum capacity for vSTREAM vCPUs in this release (8).
29Connecting to Instances
Connect to the operating system of NETSCOUT instances using the key pair you selected as part
of the CloudFormation template as follows:
1 Click the Services dropdown in the AWS Management Console and select
Compute > EC2.
2 Click the Instances entry in the left column.
3 Make sure the desired instance is selected.
4 Click the Connect button (Figure 12).
Figure 12 Connecting to the vSTREAM Instance
5 The Connect To Your Instance window provides guidance on using SSH to connect to the
instance remotely, either using the Linux ssh command or a Windows client, such as
PuTTY. Keep in mind the following:
• You will need access to your private key file. The Connect To Your Instance window
reminds you of the name of the private key file you associated with the instance.
• Your private key file must not be publicly viewable for SSH to work. You can use
chmod 400 to make your private key file not publicly viewable.
• The Connect To Your instance window shows you the IP address you should use to
connect to your instance along with the correct SSH syntax. For example, in Figure
13, we can use the following SSH command to log in to the default centos account
provided with NETSCOUT AMIs:
$ ssh -i "vstream-keys.pem" centos@34.203.23.249
Figure 13 The Connect To Your Instance Window
6 Click Close on the Connect To Your Instance window.
30 Launching NETSCOUT Templates7 Open a terminal window and use the ssh command to connect to the NETSCOUT instance:
$ ssh -i "" centos@
Deploying vSTREAM Agent from Virtual nGeniusONE
The installation files for the vSTREAM agent are bundled with the Virtual nGeniusONE image and
stored under /opt/vSTREAM_Agent once the instance has been deployed. There are separate
installers depending on the target environment.
Refer to the vSTREAM Installation Guide on My.NETSCOUT for details on selecting the correct
installer for your target environment and performing the installation. The general procedure is as
follows:
1 Connect to the Virtual nGeniusONE instance using the instructions in the previous section.
Note: NETSCOUT recommends that you do not use root access to copy the vSTREAM Agent
installer from /opt/vSTREAM_Agent – you can do it as the centos user provided with the
AWS instance.
2 Copy the installer for your operating system to the target instance.
3 If you are installing in Linux, you can preconfigure the address of the managing Virtual
nGeniusONE server in a /tmp/nsagent_config.cfg configuration file. The values stored in
this file are read in during installation and allow the newly installed vSTREAM agent to add
itself to Virtual nGeniusONE automatically. Refer to the vSTREAM Installation Guide for
details on how to do this.
Note: If you are installing in Windows, the installation wizard prompts you to
supply the IP address of the managing Virtual nGeniusONE server.
4 Run the installer.
5 When installation is complete, open the Agent Configuration Utility (localconsole) and
ensure that [4] Change Config Server Address is set to the address of the managing
Virtual nGeniusONE server.
AWS Traffic Acquisition –
Ingress Routing and Traffic Mirroring
In addition to forwarding packets from vSTREAM Agents to vSTREAM virtual appliances, AWS
provides additional tools that help NETSCOUT Smart Data solutions provide visibility on
cloud-based traffic:
• Amazon VPC ingress routing lets you define routing rules at the Internet Gateway (IGW)
and Virtual Private Gateway (VGW) to redirect ingress traffic to third-party appliances
before it reaches the final destination. Traffic coming in or out of a VPC can be redirected
to security or packet-shaping virtual applications, which in turn can be monitored through
VPC traffic mirroring with vSTREAM for advanced service performance and security
assurance.
• Amazon VPC traffic mirroring allows you to acquire packet data from multiple application
workloads in an Amazon VPC and mirror it to a vSTREAM instance’s monitor port.
Figure 14 shows an example of using AWS VPC Ingress Routing together with Amazon VPC Traffic
Mirroring to acquire traffic that traverses VPC boundaries and route it to vSTREAM appliances for
real-time analysis for service and security assurance.
31You can also read
