CyberSnap Pre-Requisites
To ensure the correct operation of CyberSnap, certain pre-requisites must be set up before installation.
Hardware and Software
CyberSnap Server | – Windows 2019/2022 – One server with 16 GB Ram, 4 CPUs, disk size of 250 GB. – The latest VMware VM tools need to be installed on the server. – The correct time zone should be set. |
Proxy server requirements for the CyberSnap ECE service | Windows 2022 The VMware SCSI Paravirtual controller must be used for virtual machine setup Add three additional VMware SCSI Paravirtual controllers, bringing the total number of SCSI Paravirtual controllers attached to the proxy server to four One server with 16 GB RAM, 4 CPUs, disk size 250 GB The latest VMware VM tools need to be installed on the server The correct time zone should be set |
Supported Virtual Environment | – VMware vCenter version 7 or above. – VMware ESXi version 7 or above. |
Windows Credentials | – The Cybersnap service should be configured to use the default Local System Account. |
VMWare Credentials | – Dedicated VMware account that has full right in VMware vCenter. |
NetApp Credentials | – Dedicated NetApp account that has full right in NetApp. |
Networking | – Server must have a single NIC and assign a static IP. |
Supported Browser | – Google Chrome, Microsoft Edge, and Mozilla Firefox. |
UAC | – Our best practice is to disable Users Access Control if possible. |
Firewall Setup
If your company enforces strict rules requiring all network segments to be configured with a firewall, the following ports will need to be enabled:
Source | Destination | Port | Type | Notes |
CyberSnap | VMware VCenter | 443 | TCP | VMware default port |
CyberSnap | ESXi(s) | 443 | TCP | ESXi default port |
CyberSnap | NetApp | 443 | TCP | NetApp default port |
CyberSnap | CyberSnap Proxy | 5000 | TCP | CyberSnap Proxy default port |
All the ports listed are default ones. If you have customized your setup with different ports, you will need to define firewall rules for those specific ports.
NetApp ONTAP
To access CyberSnap capabilities, specific NetApp pre-requisites must be fulfilled:
-
- Applied the FlexClone license.
-
- NFS volumes, create a new export policy or update the existing NetApp ONTAP Export Policy to include all specified VMware ESXi hosts in the CyberSnap Policy.
-
- Ensure that an initiator group (igroup) is created for each ESXI host or cluster. This step is necessary for establishing connections between the ESXi hosts and the NetApp LUNs. (iSCSI/FC only).
-
- Note: if INFRA scanning will be performed only using specific ESXi hosts, configure an igroup for each of those specific ESXi hosts.
-
- Ensure that an initiator group (igroup) is created for each ESXI host or cluster. This step is necessary for establishing connections between the ESXi hosts and the NetApp LUNs. (iSCSI/FC only).
-
- Set up snapshot policies on volumes that will be configured in CyberSnap.
AD Service Account
CyberSnap does not require any dedicated Windows account.
Upon successful setup, a CyberSnap service will be created on the CyberSnap server, and the local system account will be configured for this service.
If your company policy restricts the use of the local system account, you will need to create a service account with local administrator privileges on the CyberSnap server and specify this account for the CyberSnap service.
This service account can be either local or domain-based, depending on your company’s rules.
VMware vCenter DRS
In a VMware vSphere environment, when working with clusters, you may have configured DRS (Distributed
Resource Scheduler), which focuses on load balancing by automatically migrating VMs between hosts to
optimize performance and resource usage.
Because CyberSnap scans datastores attached to dedicated VMware hosts, it is important to understand that
migrating a CyberSnap server to a different host may cause a loss of connection to the datastore, resulting
in the scan being unable to complete.
To avoid this situation, you must create VM Override rules that disable DRS for the CyberSnap virtual
machine. This will enable CyberSnap to stay connected to the dedicated data storage throughout the
scanning process.
VMware vCenter Resource Pool
As part of the best practices, we suggest creating a dedicated Resource Pool for Infra policy types. By
implementing Resource Pools, you can limit the resources available to CyberSnap in the VMware vSphere
environment while simultaneously allowing your production environment to utilize the maximum available
resources.
Since Cyber Policy types works with VMDK disk files and this approach does not introduce additional impact
to your VMware environment, except for the load on the CyberSnap server during scanning, we require
configuring the Cyber Policy to the ‘Target ESX’ host in the policy settings and selecting the same VMware
host where the Cyber Proxy server is located. If VMware DRS is enabled, ensure that VM Override rules
disable DRS for the CyberSnap virtual machine.
To accommodate varying numbers of virtual machines with different RAM and CPU configurations, we
suggest setting the following parameters for the CyberSnap Resource Pool:
Memory
Reservations: 20% of the total RAM limit
Limits: 50% of the total RAM
CPU
Reservation: 20% of the MAX Limit
Limits: 50% of the MAX Limit
Be aware that not all versions of VMware vSphere support Resource Pool feature, here is brief overview of
versions:
– vSphere Essentials: Does not include the ability to create Resource Pools.
– vSphere Essentials Plus: Includes the ability to create Resource Pools, along with features like
vMotion and High Availability.
– vSphere Standard and above (including vSphere Enterprise and Enterprise Plus): Also allow you to
create Resource Pools and include additional features like Distributed Resource Scheduling (DRS),
Storage DRS, and more.
In cases where you cannot use the Resource Pool feature due to license limitations, you will still be able to
select hosts from VMware vCenter. We recommend upgrading your license to a level that supports the
Resource Pool feature, as this will enable CyberSnap scans to run on a larger scale, with more servers
simultaneously.
Regardless of whether you configure a Resource Pool in your environment or not, the virtual machine
Overrides rule that disables DRS for the CyberSnap virtual machine must be configured if VMware DRS is
enabled.
5.If you require further assistance, please feel free to submit a support ticket here.
CyberSnap Pre-Requisites
Download