Prepare a production environment for Netflow -------------------------------------------------- :bdg:`Netflow Management` Overview ............... This guide is an overview of all the action items that need to be completed by system administrators before implementation of a successful deployment. Environment setup .................. The following action items need to be completed by system administrators before the implementation starts: .. tabularcolumns:: |p{1cm}|p{3.5cm}|p{8cm}|p{2.5cm}| +----+--------------------------+--------------------------------------------------------------------------------------------------------+-------------+ | ID | Action | Description | Criticality | +====+==========================+========================================================================================================+=============+ | 1 | Hardware specifications | The hardware/VM specifications have to meet the requirements defined by VOSS | Critical | +----+--------------------------+--------------------------------------------------------------------------------------------------------+-------------+ | 2 | Software specifications | VOSS Dashboard server is delivered as an OVA which includes an operating system. | Critical | | | | If this is a VM deployment, | | | | | the following should be available in customer’s VM datastore: | | | | | | | | | | * Latest OVAs. | | | | | (Available at `VOSS Customer Portal `_. Log in and select DOWNLOADS.) | | +----+--------------------------+--------------------------------------------------------------------------------------------------------+-------------+ | 3 | Firewall rules | All the required traffic rules are applied to customer environment based | Critical | | | | on the firewall matrix provided by VOSS deployment Team. | | +----+--------------------------+--------------------------------------------------------------------------------------------------------+-------------+ | 4 | Internet access | Internet access is enabled for the DS9 during implementation. | Critical | | | | Once the implementation is over, internet access is no longer required. | | +----+--------------------------+--------------------------------------------------------------------------------------------------------+-------------+ | 5 | Round trip times (RTT) | RTT time between the DS9 and Dashboard Server is not more than 100msec. | Critical | +----+--------------------------+--------------------------------------------------------------------------------------------------------+-------------+ | 6 | Netflow configuration | Netflow sources are configured to send their Netflow data to VOSS | Critical | | | | DS9 Servers based on the suggested settings by VOSS | | +----+--------------------------+--------------------------------------------------------------------------------------------------------+-------------+ | 7 | SNMP configuration | Netflow sources are configured with SNMP v1 or 2c or v3. | Critical | +----+--------------------------+--------------------------------------------------------------------------------------------------------+-------------+ | 8 | Netflow and SNMP details | Following information is provided to VOSS deployment team: | Critical | | | | | | | | | * Device IP & Hostname and Netflow version for the Netflow source(s) | | | | | * SNMP details for Netflow source(s) | | +----+--------------------------+--------------------------------------------------------------------------------------------------------+-------------+ | 9 | Remote access | Some method of remote access is enabled for VOSS deployment team. | Critical | +----+--------------------------+--------------------------------------------------------------------------------------------------------+-------------+ | 10 | Integration to customer | Both DS9 and Dashboard Servers have access to customers data | Critical | | | environment | infrastructure for the following services: NTP, SMTP, DNS. | | | | | | | +----+--------------------------+--------------------------------------------------------------------------------------------------------+-------------+ | 11 | Authentication via | Dashboard Servers have access to customers' existing Active | Optional | | | existing customer | Directory/Identity servers to authenticate users via LDAP or SAMLv2. | | | | resources | | | +----+--------------------------+--------------------------------------------------------------------------------------------------------+-------------+ Required deployment details ............................. The following list of items needs to be provided to VOSS before the deployment: .. tabularcolumns:: |p{1cm}|p{3.5cm}|p{8cm}|p{2.5cm}| +----+--------------------------+--------------------------------------------------------------------------+-------------+ | ID | Action | Description | Criticality | +====+==========================+==========================================================================+=============+ | 1 | IP Addresses for | IP addresses & Subnetmasks & Default IP Gateway settings for all the | Critical | | | VOSS components | VOSS Host Machines (DS9, Dashboard Servers). | | | | | | | +----+--------------------------+--------------------------------------------------------------------------+-------------+ | 2 | IP Addresses for Data | IP addresses for the following services: DNS, NTP, SMTP, LDAP/SAMLv2. | Critical | | | services | | | | | | | | +----+--------------------------+--------------------------------------------------------------------------+-------------+ | 3 | Remote access details | VPN access details for VOSS Team to access the DS9 and Dashboard | Critical | | | | remotely. | | | | | | | +----+--------------------------+--------------------------------------------------------------------------+-------------+ | 4 | Primary and Secondary | Primary and secondary contact details for technical and project | Critical | | | contact details | management related items. | | | | | | | +----+--------------------------+--------------------------------------------------------------------------+-------------+ | 5 | Email authentication for | SMTP authentication details for smart host servers. | Optional | | | scheduled reports | | | | | | | | +----+--------------------------+--------------------------------------------------------------------------+-------------+ | 6 | SNMP community | SNMP community strings and protocol versions need to be provided to | Critical | | | strings, versions and | VOSS for successful SNMP queries. | | | | other details | | | +----+--------------------------+--------------------------------------------------------------------------+-------------+ | 7 | List of Netflow Sources | Provide VOSS a list of Netflow sources (routers, | Critical | | | | switches) with the following details: IP addresses, Make/Model, | | | | | Software Version, Netflow version. | | +----+--------------------------+--------------------------------------------------------------------------+-------------+ | 8 | List of IP addresses and | A CSV or Excel file that maps certain IP addresses to internal hostnames | Optional | | | Hostnames | can help VOSS Team to improve the data visualization experience by | | | | | mapping IP address fields to hostnames. | | +----+--------------------------+--------------------------------------------------------------------------+-------------+