VPC and Subnets |
Virtual Private Cloud (VPC) is created and configured with dedicated subnets for Crosswork interfaces (Management and Data)
and Crosswork Data Gateway (Management, Data, and Device) interfaces.
Direct IP connectivity is required between all subnets.
|
Endpoints |
An endpoint is created in your VPC with the following parameters:
-
Service name: EC2 service for the region (availability zone) where you are deploying.
-
Private DNS names: Enabled
-
Endpoint type: Interface
-
Under Subnets, specify the management subnet that you intend to use for the installation. If you are using different management subnets
for the Crosswork VM and the Crosswork Data Gateway VM, ensure that you specify both the management subnets so that the endpoint has access to both the subnets.
Important
|
The interface subnet should not conflict with the Network Load Balancer (NLB).
|
For information on how to configure the endpoints, refer to the AWS documentation.
|
IAM role |
A role is created in Identity and Access Management (IAM) with relevant permission policies. An IAM role is an identity that
has specific permissions with credentials that are valid for short durations. Roles can be assumed by entities that you trust.
Note
|
-
The minimum permissions required for a Crosswork role are ec2:DescribeNetworkInterfaces, ec2:AssignPrivateIpAddresses and ec2:UnassignPrivateIpAddresses.
-
The trust policy for your role must have the "Action": "sts:AssumeRole" condition.
|
|
Key pairs |
Key pairs (private keys used to log into the VMs) are created and configured. |
Placement Groups
|
A placement group of Cluster strategy is created.
In a cluster placement group, instances are logically grouped in a single availability zone that benefit from low network latency and
high network throughput.
This requirement is required only for launching the Crosswork cluster instances.
|
IP addresses |
Crosswork cluster: When using single NIC, you require one IP address (IPv4 or IPv6) for each node being deployed (Hybrid or Worker) and one additional IP address to be used as the Virtual IP (VIP) address.
When using dual NICs (one for the Management network and one for the Data network), you require a management and data IP address
(IPv4 or IPv6) for each node being deployed (Hybrid or Worker) and two additional IP addresses to be used as the management and data Virtual IP (VIP) address.
For example, in the case of a 3 VM cluster with a single NIC, you need 4 IP addresses, and in the case of a 3 VM cluster with dual NIC, you need 8 IP addresses (4 for management network and 4 for data network).
Crosswork Data Gateway: IP addresses for Management Traffic and Data Traffic only. IP address for Device Access Traffic is assigned during Crosswork
Data Gateway pool creation as explained in the Section: Create a Crosswork Data Gateway Pool in the Cisco Crosswork Network Controller 6.0 Administration Guide.
-
The IP addresses must be able to reach the gateway address for the network where Cisco Crosswork Data Gateway will be installed, or the installation fails.
-
At this time, your IP allocation is permanent and cannot be changed without redeployment. For more information, contact the
Cisco Customer Experience team.
|
Security group |
A security group must be created and configured to specify which ports or traffic are allowed.
|
Instance type |
The resource profile for your instance deployment. The AWS Instance type should be selected to conform with the VM resource
and network requirements listed in Plan Your Deployment.
|
CloudFormation (CF) template |
The CF template (.yaml) files for the Crosswork components that must be uploaded during the installation. For more information,
see Extract CF Template Image.
|
Route53DomainName
|
Domain name configured for Route53 DNS hosted zone.
|
User data |
The VM-specific parameters script that must be specified during the manual installation procedure.
|
Hosted Zone ID
|
The Hosted Zone ID must be provided with the domain name (Route53DomainName).
The Network Load Balancer (NLB) deployments require a predefined Route53 hosted zone.
|