Prerequisites for an Igneous Virtual Machine
  • Updated on 23 Jul 2020
  • 3 minutes to read
  • Contributors
  • Print
  • Share
  • Dark
    Light

Prerequisites for an Igneous Virtual Machine

  • Print
  • Share
  • Dark
    Light

Overview

Whether used for data visibility with Igneous DataDiscover or for backup/archive services with Igneous DataProtect, an Igneous virtual machine is deployed into the local virtual infrastructure using a file downloaded from the cloud.igneous.io portal. This VM will connect to your source systems, to the Igneous Cloud Management service in AWS, as well as your preferred destination for backup and archive data (if you are using DataProtect).

This guide will tell you everything needed to deploy, configure, and begin using your Igneous service.

Downloading the virtual machine

Using the link that was provided in the registration email you received, log in to the Igneous download portal, where you’ll see a Download link to obtain the Igneous DataProtect virtual machine package for your environment. Click the link to save the igneous-vm.ova file locally.
02-downloadvm

Virtual infrastructure requirements

The Igneous virtual machine will need to be deployed on a VMware host cluster that meets the following minimum conditions:

Minimum Virtual Machine Requirements
Host Version vSphere 6.0 or higher
Compute capacity 16 vCPU
Memory capacity 64GB
Storage 100GB

Assigning addresses for the Igneous instance

The following parameters will need to be provided at startup:

  • IP address
  • Subnet mask
  • Default gateway address
  • DNS server address(es)

If any or all of these IP connectivity settings will be provided via DHCP lease, some or all of the above parameters can be skipped.

Network access requirements

Internal network access

If your network has an internal firewall between your Igneous instance and your workstation, Igneous will need the following whitelisted on your internal firewall:

  • Port 4900

Outbound network access

Your Igneous instance will need to maintain a connection to a few locations in order for the service to function. If your environment has a firewall that will block outbound network access for the Igneous instance, there are two options available:

  1. Add the addresses below to your firewall whitelist
  2. Configure a proxy during the Igneous VM deployment process

The Igneous instance will need full HTTPS/443 outbound access to:

  • cloud.igneous.io/52.89.237.163
  • plume.iggy.bz/52.89.237.163
  • The specific end point of your cloud instance (provided by Igneous)
  • The AWS S3 US-West-2 IP ranges

Some environments may include security scanning of encrypted SSL traffic. This practice typically involves a network appliance performing Man In The Middle (MITM) SSL decryption by dynamically signing SSL certificates and presenting it to the Igneous VM, effectively proxying SSL communications between the VM and the Igneous destinations. We currently do not support trusting custom Certificate Authority thus unable to communicate with Igneous endpoints effectively through the appliance. It would be necessary to implement an SSL whitelist bypass to these 4 targets by hostname.

Network Access to your Cloud (DataProtect Customers only)

If you are writing data to somewhere outside of your network, you may need to whitelist the IP range for that storage service and region.

To obtain cloud vendor specific IP ranges please visit these sites -

Source System Access

The Igneous virtual machine will need full access to all unstructured data under management, i.e., to all files on all added NAS systems. NAS systems can be imported into your Igneous service at anytime after deployment of the VM.

Enabling this access will require specific configuration steps for each of these system types:

Source system type Credentials required
Dell EMC Isilon Temporary root access
NetApp FAS Temporary root access
Pure Flashblade API access token
Qumulo Temporary root access
Other NFS Sources Hostname with (rw) access to Igneous IPs

Target System Access (DataProtect only)

DataProtect writes backup and archive data directly to any public-cloud platform and tier, as well as any S3 or NFS endpoint. These targets can be configured in the UI at cloud.igneous.io at anytime after deployment of the VM.

To begin backing up or archive data, at least one storage target will need to have been configured with the following settings:

Provider Access Requirement Supported Tiers
Amazon Web Services S3 Access Key ID and Secret Access Key from an active AWS account All tiers
Google Cloud Platform JSON key file generated from the GCP service account console All tiers
Microsoft Azure Account name and Secret Key from a Microsoft Azure user All tiers
Wasabi Endpoint URL, region, access key, and secret key N/A
Other S3 Endpoint address, access key, and secret key N/A
NFS targets Host address and desired path N/A
Was this article helpful?