Workload Security Agent Requirements

11/12/2024 Contributors

You must install an Agent in order to acquire information from your data collectors. Before you install the Agent, you should ensure that your environment meets operating system, CPU, memory, and disk space requirements.

Component	Linux Requirement
Operating system	A computer running a licensed version of one of the following: * CentOS 8 Stream (64-bit), CentOS 9 Stream, SELinux * OpenSUSE Leap 15.3 through 15.5 (64-bit) * Oracle Linux 8.6 - 8.8, 9.1 through 9.4 (64-bit) * Red Hat Enterprise Linux 8.6 through 8.8, 9.1 through 9.4 (64-bit), SELinux * Rocky 9.2 - 9.4 (64-bit), SELinux * SUSE Linux Enterprise Server 15 SP3 through 15 SP5 (64-bit) * Ubuntu 20.04 LTS, 22.04 LTS, and 24,04 LTS (64-bit) * Debian 10 and 11 (64-bit) * AlmaLinux 9.3 and 9,4 (64-bit) This computer should be running no other application-level software. A dedicated server is recommended.
Commands	'unzip' is required for installation. Additionally, the 'sudo su –' command is required for installation, running scripts, and uninstall.
CPU	4 CPU cores
Memory	16 GB RAM
Available disk space	Disk space should be allocated in this manner: /opt/netapp 36 GB (minimum 35 GB free space after filesystem creation) Note: It is recommended to allocate a little extra disk space to allow for the creation of the filesystem. Ensure that there is at least 35 GB free space in the filesystem. If /opt is a mounted folder from a NAS storage, make sure that local users have access to this folder. Agent or Data collector may fail to install if local users do not have permission to this folder. see the troubleshooting section for more details.
Network	100 Mbps to 1 Gbps Ethernet connection, static IP address, IP connectivity to all devices, and a required port to the Workload Security instance (80 or 443).

Component

Linux Requirement

Operating system

A computer running a licensed version of one of the following:

* CentOS 8 Stream (64-bit), CentOS 9 Stream, SELinux
* OpenSUSE Leap 15.3 through 15.5 (64-bit)
* Oracle Linux 8.6 - 8.8, 9.1 through 9.4 (64-bit)
* Red Hat Enterprise Linux 8.6 through 8.8, 9.1 through 9.4 (64-bit), SELinux
* Rocky 9.2 - 9.4 (64-bit), SELinux
* SUSE Linux Enterprise Server 15 SP3 through 15 SP5 (64-bit)
* Ubuntu 20.04 LTS, 22.04 LTS, and 24,04 LTS (64-bit)
* Debian 10 and 11 (64-bit)
* AlmaLinux 9.3 and 9,4 (64-bit)

This computer should be running no other application-level software. A dedicated server is recommended.

Commands

'unzip' is required for installation. Additionally, the 'sudo su –' command is required for installation, running scripts, and uninstall.

CPU

4 CPU cores

Memory

16 GB RAM

Available disk space

Disk space should be allocated in this manner:
/opt/netapp 36 GB (minimum 35 GB free space after filesystem creation)

Note: It is recommended to allocate a little extra disk space to allow for the creation of the filesystem. Ensure that there is at least 35 GB free space in the filesystem.

If /opt is a mounted folder from a NAS storage, make sure that local users have access to this folder. Agent or Data collector may fail to install if local users do not have permission to this folder. see the troubleshooting section for more details.

Network

100 Mbps to 1 Gbps Ethernet connection, static IP address, IP connectivity to all devices, and a required port to the Workload Security instance (80 or 443).

Please note: The Workload Security agent can be installed in the same machine as a Data Infrastructure Insights acquisition unit and/or agent. However, it is a best practice to install these in separate machines. In the event that these are installed on the same machine, please allocate disk space as shown below:

Available disk space

50-55 GB
For Linux, disk space should be allocated in this manner:
/opt/netapp 25-30 GB
/var/log/netapp 25 GB

Additional recommendations

It is strongly recommended to synchronize the time on both the ONTAP system and the Agent machine using Network Time Protocol (NTP) or Simple Network Time Protocol (SNTP).

Cloud Network Access Rules

For US-based Workload Security environments:

Protocol	Port	Source	Destination	Description
TCP	443	Workload Security Agent	<site_name>.cs01.cloudinsights.netapp.com <site_name>.c01.cloudinsights.netapp.com <site_name>.c02.cloudinsights.netapp.com	Access to Data Infrastructure Insights
TCP	443	Workload Security Agent	gateway.c01.cloudinsights.netapp.com agentlogin.cs01.cloudinsights.netapp.com	Access to authentication services

Protocol

Port

Source

Destination

Description

TCP

443

Workload Security Agent

<site_name>.cs01.cloudinsights.netapp.com
<site_name>.c01.cloudinsights.netapp.com
<site_name>.c02.cloudinsights.netapp.com

Access to Data Infrastructure Insights

TCP

443

Workload Security Agent

gateway.c01.cloudinsights.netapp.com
agentlogin.cs01.cloudinsights.netapp.com

Access to authentication services

For Europe-based Workload Security environments:

Protocol	Port	Source	Destination	Description
TCP	443	Workload Security Agent	<site_name>.cs01-eu-1.cloudinsights.netapp.com <site_name>.c01-eu-1.cloudinsights.netapp.com <site_name>.c02-eu-1.cloudinsights.netapp.com	Access to Data Infrastructure Insights
TCP	443	Workload Security Agent	gateway.c01.cloudinsights.netapp.com agentlogin.cs01-eu-1.cloudinsights.netapp.com	Access to authentication services

Protocol

Port

Source

Destination

Description

TCP

443

Workload Security Agent

<site_name>.cs01-eu-1.cloudinsights.netapp.com
<site_name>.c01-eu-1.cloudinsights.netapp.com
<site_name>.c02-eu-1.cloudinsights.netapp.com

Access to Data Infrastructure Insights

TCP

443

Workload Security Agent

gateway.c01.cloudinsights.netapp.com
agentlogin.cs01-eu-1.cloudinsights.netapp.com

Access to authentication services

For APAC-based Workload Security environments:

Protocol	Port	Source	Destination	Description
TCP	443	Workload Security Agent	<site_name>.cs01-ap-1.cloudinsights.netapp.com <site_name>.c01-ap-1.cloudinsights.netapp.com <site_name>.c02-ap-1.cloudinsights.netapp.com	Access to Data Infrastructure Insights
TCP	443	Workload Security Agent	gateway.c01.cloudinsights.netapp.com agentlogin.cs01-ap-1.cloudinsights.netapp.com	Access to authentication services

Protocol

Port

Source

Destination

Description

TCP

443

Workload Security Agent

<site_name>.cs01-ap-1.cloudinsights.netapp.com
<site_name>.c01-ap-1.cloudinsights.netapp.com
<site_name>.c02-ap-1.cloudinsights.netapp.com

Access to Data Infrastructure Insights

TCP

443

Workload Security Agent

gateway.c01.cloudinsights.netapp.com
agentlogin.cs01-ap-1.cloudinsights.netapp.com

Access to authentication services

In-network rules

Protocol	Port	Source	Destination	Description
TCP	389(LDAP) 636 (LDAPs / start-tls)	Workload Security Agent	LDAP Server URL	Connect to LDAP
TCP	443	Workload Security Agent	Cluster or SVM Management IP Address (depending on SVM collector configuration)	API communication with ONTAP
TCP	35000 - 55000	SVM data LIF IP Addresses	Workload Security Agent	Communication from ONTAP to the Workload Security Agent for Fpolicy events. These ports must be opened towards the Workload Security Agent in order for ONTAP to send events to it, including any firewall on the Workload Security Agent itself (if present). NOTE that you do not need to reserve all of these ports, but the ports you reserve for this must be within this range. It is recommended to start by reserving ~100 ports, and increasing if necessary.
TCP	7	Workload Security Agent	SVM data LIF IP Addresses	Echo from Agent to SVM Data LIFs
SSH	22	Workload Security Agent	Cluster management	Needed for CIFS/SMB user blocking.

Protocol

Port

Source

Destination

Description

TCP

389(LDAP)
636 (LDAPs / start-tls)

Workload Security Agent

LDAP Server URL

Connect to LDAP

TCP

443

Workload Security Agent

Cluster or SVM Management IP Address (depending on SVM collector configuration)

API communication with ONTAP

TCP

35000 - 55000

SVM data LIF IP Addresses

Workload Security Agent

Communication from ONTAP to the Workload Security Agent for Fpolicy events. These ports must be opened towards the Workload Security Agent in order for ONTAP to send events to it, including any firewall on the Workload Security Agent itself (if present).

NOTE that you do not need to reserve all of these ports, but the ports you reserve for this must be within this range. It is recommended to start by reserving ~100 ports, and increasing if necessary.

TCP

Workload Security Agent

SVM data LIF IP Addresses

Echo from Agent to SVM Data LIFs

SSH

Workload Security Agent

Cluster management

Needed for CIFS/SMB user blocking.

System Sizing

See the Event Rate Checker documentation for information about sizing.

Workload Security Agent Requirements

Creating your file...

Additional recommendations

Cloud Network Access Rules

In-network rules

System Sizing