5nine Cloud Security for SDNv2 Prerequisites

Topic

This article covers the prerequisites for 5nine Cloud Security (SDNv2).

 

Environment

  • 5nine Cloud Security (SDNv2).

 

Prerequisites

Generic Requirements

  • All networks/connections in the environment should be set up and be stable
  • All servers, hosts, and clusters (and all applicable systems) that are involved in the installation must be fully set up and be stable. Windows updates/patches should be done prior to the installation, if applicable. Ensure that there are no issues related to those updates.
  • SQL data source should be available, accessible and set up. If the TCP port is different than default one (1433) then the connection string must be specified in format: sql-server\instance, port.
  • Virtual Router and all hosts where the AV Agent will be deployed must be in a state where they can be rebooted after installing 5nine Cloud Security SDNv2.

 

Supported Operating Systems (64-bit)

Management Server: Windows 10, Server 2012 R2, Server 2016

Virtual Router: Windows Server 2012 R2, 2016

Hyper-V Host: Windows Server 2016

 

Software Prerequisites 

  • .NET Framework 4.5. or higher
  • MS SQL Server
  • MS PowerShell
  • Hyper-V Module for PowerShell should be installed. It can be installed from GUI with Add Roles and Features Wizard (can be launched from Server Manager). The component path is as follows: Features -> Remote Server Administration Tools -> Role Administration Tools -> Hyper-V Management Tools -> Hyper-V Module for Windows PowerShell. It can also be installed with following PS command: Install-WindowsFeature -Name Hyper-V-PowerShell
  • Visual C++ Redistributable for Visual Studio 2012 x86 needs to be installed on prior to Management Server installation, found at this link.

 

Port Requirements

Management Server

Inbound from Hyper-V hosts: TCP 8939, 8534, 8131 (if using Kaspersky AV)

Inbound from Virtual Router: TCP 8790, 8939, 8183

Inbound from Management Console: TCP 8789

Outbound to SQL Server: TCP 1433 (default)

Outbound to Internet: TCP 80 (Snort IDS / AV updates)

Outbound to DHCP Server: UDP 80 (if applicable)

Outbound to Syslog/Splunk Server: UDP 514 (if applicable)

Outbound to additional Management Services: TCP 8790 (if applicable)

Outbound to Hyper-V hosts: TCP 8533

Outbound to Virtual Router: TCP 8788

 

Hyper-V Hosts

Inbound from Management Server: TCP 8533

Outbound to Management Server: TCP 8534, 8183 (if using Kaspersky AV)

Outbound to Internet: TCP 80 (if using Bitdefender or ThreatTrack AV)

 

Virtual Router

Inbound from Management Server: TCP 8788

Outbound to Management Server: (8790, 8183)

 

Management Console

Outbound to Management Server: TCP 8788

 

Service Account Permissions

Management Service Account

 

Network Controller Connection Account

  • The account for the Network Controller connection must be a member of the Network Controller Clients and Network Controller Management Active Directory groups.

 

Router Service Account

  • Router Service user should have local administrator’s privileges. This requirement is usually met when the user is a member of local administrators group on the Hyper-V host or Administrators group in Active directory in the case of domain environment.
  • Logon as a service privilege (https://technet.microsoft.com/enus/library/dn221981(v=ws.11).aspx)

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.