Prerequisites for an Igneous Virtual Machine
Overview
Whether used for data visibility with Igneous DataDiscover or for backup/archive services with Igneous DataProtect, an Igneous virtual machine is deployed into the local virtual infrastructure using a file downloaded from the cloud.igneous.io portal. This VM will connect to your source systems, to the Igneous Cloud Management service in AWS, as well as your preferred destination for backup and archive data (if you are using DataProtect).
This guide will tell you everything needed to deploy, configure, and begin using your Igneous service.
Downloading the virtual machine
Using the link that was provided in the registration email you received, log in to the Igneous download portal, where you’ll see a Download link to obtain the Igneous DataProtect virtual machine package for your environment. Click the link to save the igneous-vm.ova file locally.
Virtual infrastructure requirements
The Igneous virtual machine will need to be deployed on a VMware host cluster that meets the following minimum conditions:
Minimum Virtual Machine Requirements | |
---|---|
Host Version | vSphere 6.0 or higher |
Compute capacity | 16 vCPU |
Memory capacity | 64GB |
Storage | 100GB |
Assigning addresses for the Igneous instance
The following parameters will need to be provided at startup:
- IP address
- Subnet mask
- Default gateway address
- DNS server address(es)
If any or all of these IP connectivity settings will be provided via DHCP lease, some or all of the above parameters can be skipped.
Network access requirements
Internal network access
If your network has an internal firewall between your Igneous instance and your workstation, Igneous will need the following whitelisted on your internal firewall:
- Port 4900
Outbound network access
Your Igneous instance will need to maintain a connection to a few locations in order for the service to function. If your environment has a firewall that will block outbound network access for the Igneous instance, there are two options available:
- Add the addresses below to your firewall whitelist
- Configure a proxy during the Igneous VM deployment process
The Igneous instance will need full HTTPS/443 outbound access to:
- cloud.igneous.io/52.89.237.163
- plume.iggy.bz/52.89.237.163
- The specific end point of your cloud instance (provided by Igneous)
- The AWS S3 US-West-2 IP ranges
Some environments may include security scanning of encrypted SSL traffic. This practice typically involves a network appliance performing Man In The Middle (MITM) SSL decryption by dynamically signing SSL certificates and presenting it to the Igneous VM, effectively proxying SSL communications between the VM and the Igneous destinations. We currently do not support trusting custom Certificate Authority thus unable to communicate with Igneous endpoints effectively through the appliance. It would be necessary to implement an SSL whitelist bypass to these 4 targets by hostname.
Network Access to your Cloud (DataProtect Customers only)
If you are writing data to somewhere outside of your network, you may need to whitelist the IP range for that storage service and region.
To obtain cloud vendor specific IP ranges please visit these sites -
- Amazon Web Service
- Azure
- Azure US Government
- Azure Germany
- Azure China
Note : The “AzureCloud” tag provides the IP ranges for that entire cloud (Public, USGov, Germany, China) and is also broken out by region within that cloud. - Google Cloud Platform
Source System Access
The Igneous virtual machine will need full access to all unstructured data under management, i.e., to all files on all added NAS systems. NAS systems can be imported into your Igneous service at anytime after deployment of the VM.
Enabling this access will require specific configuration steps for each of these system types:
Source system type | Credentials required |
---|---|
Dell EMC Isilon | Temporary root access |
NetApp FAS | Temporary root access |
Pure Flashblade | API access token |
Qumulo | Temporary root access |
Other NFS Sources | Hostname with (rw) access to Igneous IPs |
Target System Access (DataProtect only)
DataProtect writes backup and archive data directly to any public-cloud platform and tier, as well as any S3 or NFS endpoint. These targets can be configured in the UI at cloud.igneous.io at anytime after deployment of the VM.
To begin backing up or archive data, at least one storage target will need to have been configured with the following settings:
Provider | Access Requirement | Supported Tiers |
---|---|---|
Amazon Web Services S3 | Access Key ID and Secret Access Key from an active AWS account | All tiers |
Google Cloud Platform | JSON key file generated from the GCP service account console | All tiers |
Microsoft Azure | Account name and Secret Key from a Microsoft Azure user | All tiers |
Wasabi | Endpoint URL, region, access key, and secret key | N/A |
Other S3 | Endpoint address, access key, and secret key | N/A |
NFS targets | Host address and desired path | N/A |