Skip to main content
Cloud Insights

Workload Security Agent Requirements

Contributors netapp-alavoie

You must install an Agent in order to acquire information from your data collectors. Before you install the Agent, you should ensure that your environment meets operating system, CPU, memory, and disk space requirements.

Note Storage Workload Security is not available in Cloud Insights Federal Edition.
Component Linux Requirement

Operating system

A computer running a licensed version of one of the following:

Red Hat Enterprise Linux 7.x, 8.x 64-bit, SELinux
CentOS 7.x 64-bit, SELinux
CentOS 8 Stream, SELinux
Ubuntu 20 through 22 64-bit
Rocky 8.x 64-bit, Rocky 9.x 64-bit, SELinux
SUSE Linux Enterprise Server 15 SP3, SUSE Linux Enterprise Server 15 SP4, SELinux on SUSE 15 SP3

This computer should be running no other application-level software. A dedicated server is recommended.

Commands

'unzip' is required for installation. Additionally, the 'sudo su –' command is required for installation, running scripts, and uninstall.

CPU

4 CPU cores

Memory

16 GB RAM

Available disk space

Disk space should be allocated in this manner:
/opt/netapp 35 GB (minimum)

If /opt is a mounted folder from a NAS storage, make sure that local users have access to this folder. Agent or Data collector may fail to install if local users do not have permission to this folder. see the troubleshooting section for more details.

Network

100 Mbps to 1 Gbps Ethernet connection, static IP address, IP connectivity to all devices, and a required port to the Workload Security instance (80 or 443).

Please note: The Workload Security agent can be installed in the same machine as a Cloud Insights acquisition unit and/or agent. However, it is a best practice to install these in separate machines. In the event that these are installed on the same machine, please allocate disk space as shown below:

Available disk space

50-55 GB
For Linux, disk space should be allocated in this manner:
/opt/netapp 25-30 GB
/var/log/netapp 25 GB

Additional recommendations

  • It is strongly recommended to synchronize the time on both the ONTAP system and the Agent machine using Network Time Protocol (NTP) or Simple Network Time Protocol (SNTP).

Cloud Network Access Rules

For US-based Workload Security environments:

Protocol Port Destination Direction Description

TCP

443

<site_name>.cs01.cloudinsights.netapp.com
<site_name>.c01.cloudinsights.netapp.com
<site_name>.c02.cloudinsights.netapp.com

Outbound

Access to Cloud Insights

TCP

443

gateway.c01.cloudinsights.netapp.com
agentlogin.cs01.cloudinsights.netapp.com

Outbound

Access to authentication services

For Europe-based Workload Security environments:

Protocol Port Destination Direction Description

TCP

443

<site_name>.cs01-eu-1.cloudinsights.netapp.com
<site_name>.c01-eu-1.cloudinsights.netapp.com
<site_name>.c02-eu-1.cloudinsights.netapp.com

Outbound

Access to Cloud Insights

TCP

443

gateway.c01.cloudinsights.netapp.com
agentlogin.cs01-eu-1.cloudinsights.netapp.com

Outbound

Access to authentication services

For APAC-based Workload Security environments:

Protocol Port Destination Direction Description

TCP

443

<site_name>.cs01-ap-1.cloudinsights.netapp.com
<site_name>.c01-ap-1.cloudinsights.netapp.com
<site_name>.c02-ap-1.cloudinsights.netapp.com

Outbound

Access to Cloud Insights

TCP

443

gateway.c01.cloudinsights.netapp.com
agentlogin.cs01-ap-1.cloudinsights.netapp.com

Outbound

Access to authentication services

In-network rules

Note that when adding csuser, that user requires SSH access to the ONTAP management LIF.

Protocol Port Destination Direction Description

TCP

389(LDAP)
636 (LDAPs / start-tls)

LDAP Server URL

Outbound

Connect to LDAP

TCP

443

Cluster or SVM Management IP Address (depending on SVM collector configuration)

Outbound

API communication with ONTAP

TCP

35000 - 55000

SVM data LIF IP Addresses

Inbound

Communication with ONTAP for Fpolicy events

TCP

7

SVM data LIF IP Addresses

Outbound

Uni-directional between ONTAP and Workload Security. Agent pings the SVM Lifs.

SSH

22

Cluster management

Outbound

Needed for CIFS/SMB user blocking.

System Sizing

See the Event Rate Checker documentation for information about sizing.