Workload Security Agent Requirements
You must install an Agent in order to acquire information from your data collectors. Before you install the Agent, you should ensure that your environment meets operating system, CPU, memory, and disk space requirements.
|
Storage Workload Security is not available in Cloud Insights Federal Edition. |
Component | Linux Requirement |
---|---|
Operating system |
A computer running a licensed version of one of the following: |
Commands |
'unzip' is required for installation. Additionally, the 'sudo su –' command is required for installation, running scripts, and uninstall. |
CPU |
4 CPU cores |
Memory |
16 GB RAM |
Available disk space |
Disk space should be allocated in this manner: |
Network |
100 Mbps to 1 Gbps Ethernet connection, static IP address, IP connectivity to all devices, and a required port to the Workload Security instance (80 or 443). |
Please note: The Workload Security agent can be installed in the same machine as a Cloud Insights acquisition unit and/or agent. However, it is a best practice to install these in separate machines. In the event that these are installed on the same machine, please allocate disk space as shown below:
Available disk space |
50-55 GB |
Additional recommendations
-
It is strongly recommended to synchronize the time on both the ONTAP system and the Agent machine using Network Time Protocol (NTP) or Simple Network Time Protocol (SNTP).
Cloud Network Access Rules
For US-based Workload Security environments:
Protocol | Port | Destination | Direction | Description |
---|---|---|---|---|
TCP |
443 |
<site_name>.cs01.cloudinsights.netapp.com |
Outbound |
Access to Cloud Insights |
TCP |
443 |
gateway.c01.cloudinsights.netapp.com |
Outbound |
Access to authentication services |
For Europe-based Workload Security environments:
Protocol | Port | Destination | Direction | Description |
---|---|---|---|---|
TCP |
443 |
<site_name>.cs01-eu-1.cloudinsights.netapp.com |
Outbound |
Access to Cloud Insights |
TCP |
443 |
gateway.c01.cloudinsights.netapp.com |
Outbound |
Access to authentication services |
For APAC-based Workload Security environments:
Protocol | Port | Destination | Direction | Description |
---|---|---|---|---|
TCP |
443 |
<site_name>.cs01-ap-1.cloudinsights.netapp.com |
Outbound |
Access to Cloud Insights |
TCP |
443 |
gateway.c01.cloudinsights.netapp.com |
Outbound |
Access to authentication services |
In-network rules
Note that when adding csuser, that user requires SSH access to the ONTAP management LIF.
Protocol | Port | Destination | Direction | Description |
---|---|---|---|---|
TCP |
389(LDAP) |
LDAP Server URL |
Outbound |
Connect to LDAP |
TCP |
443 |
Cluster or SVM Management IP Address (depending on SVM collector configuration) |
Outbound |
API communication with ONTAP |
TCP |
35000 - 55000 |
SVM data LIF IP Addresses |
Inbound |
Communication with ONTAP for Fpolicy events |
TCP |
7 |
SVM data LIF IP Addresses |
Outbound |
Uni-directional between ONTAP and Workload Security. Agent pings the SVM Lifs. |
SSH |
22 |
Cluster management |
Outbound |
Needed for CIFS/SMB user blocking. |
System Sizing
See the Event Rate Checker documentation for information about sizing.