CyberSnap Pre-Requisites
To ensure the correct operation of CyberSnap, certain pre-requisites must be set up before installation.
Hardware and Software
| CyberSnap Server | – Windows 2019/2022 – One server with 16 GB Ram, 4 CPUs, disk size of 250 GB. – The latest VMware VM tools need to be installed on the server. – The correct time zone should be set. |
| Proxy server requirements for the CyberSnap ECE service | Windows 2022 The VMware SCSI Paravirtual controller must be used for virtual machine setup Add three additional VMware SCSI Paravirtual controllers, bringing the total number of SCSI Paravirtual controllers attached to the proxy server to four One server with 16 GB RAM, 4 CPUs, disk size 250 GB The latest VMware VM tools need to be installed on the server The correct time zone should be set |
| Supported Virtual Environment | – VMware vCenter version 7 or above. – VMware ESXi version 7 or above. |
| Windows Credentials | – The Cybersnap service should be configured to use the default Local System Account. |
| VMWare Credentials | – Dedicated VMware account that has full right in VMware vCenter. |
| NetApp Credentials | – Dedicated NetApp account that has full right in NetApp. |
| Networking | – Server must have a single NIC and assign a static IP. |
| Supported Browser | – Google Chrome, Microsoft Edge, and Mozilla Firefox. |
| UAC | – Our best practice is to disable Users Access Control if possible. |
Firewall Setup
If your company enforces strict rules requiring all network segments to be configured with a firewall, the following ports will need to be enabled:
| Source | Destination | Port | Type | Notes |
| CyberSnap | VMware VCenter | 443 | TCP | VMware default port |
| CyberSnap | ESXi(s) | 443 | TCP | ESXi default port |
| CyberSnap | NetApp | 443 | TCP | NetApp default port |
| CyberSnap | CyberSnap Proxy | 5000 | TCP | CyberSnap Proxy default port |
All the ports listed are default ones. If you have customized your setup with different ports, you will need to define firewall rules for those specific ports.
NetApp ONTAP
To access CyberSnap capabilities, specific NetApp pre-requisites must be fulfilled:
- Applied the FlexClone license.
- NFS volumes, create a new export policy or update the existing NetApp ONTAP Export Policy to include all specified VMware ESXi hosts in the CyberSnap Policy.
- Ensure that an initiator group (igroup) is created for each ESXI host or cluster. This step is necessary for establishing connections between the ESXi hosts and the NetApp LUNs. (iSCSI/FC only).
- Note: if INFRA scanning will be performed only using specific ESXi hosts, configure an igroup for each of those specific ESXi hosts.
- Set up snapshot policies on volumes that will be configured in CyberSnap.
AD Service Account
CyberSnap does not require any dedicated Windows account.
Upon successful setup, a CyberSnap service will be created on the CyberSnap server, and the local system account will be configured for this service.
If your company policy restricts the use of the local system account, you will need to create a service account with local administrator privileges on the CyberSnap server and specify this account for the CyberSnap service.
This service account can be either local or domain-based, depending on your company’s rules.
VMware vCenter – Resource Pool
As part of the best practices, we suggest creating a dedicated Resource Pool to which you can attach the
policies. By implementing Resource Pools, you can limit the resources available to CyberSnap in the VMware
vSphere environment while simultaneously allowing your production environment to utilize the maximum
available resources.
To accommodate varying numbers of virtual machines with different RAM and CPU configurations, we
suggest setting the following parameters for the CSI Resource Pool:
Memory:
Reservations: 20% of the total RAM limit
Limits: 50% of the total RAM
CPU:
Reservation: 20% of the MAX Limit
Limits: 50% of the MAX Limit
Be aware that not all versions of VMware vSphere support the Resource Pool feature. Here is a brief overview of versions:
vSphere Standard and above (including vSphere Enterprise and Enterprise Plus): Also allow you to create Resource Pools and include additional features like Distributed Resource Scheduling (DRS), Storage DRS, and more.
vSphere Essentials: Does not include the ability to create Resource Pools.
vSphere Essentials Plus: Includes the ability to create Resource Pools, along with features like vMotion and High Availability.
In cases where you cannot use the Resource Pool feature due to license limitations, you will still be able to
select hosts from VMware vCenter. We recommend upgrading your license to a level that supports the
Resource Pool feature, as this will enable CyberSnap scans to run on a larger scale, with more servers
simultaneously.
If you require further assistance, please feel free to submit a support ticket here.
CyberSnap Pre-Requisites