CyberSnap

CyberSnap Pre-Requisites


To ensure the correct operation of CyberSnap, certain pre-requisites must be set up before installation.


Hardware and Software

CyberSnap Server – Windows 2019/2022
– One server with 16 GB Ram, 4 CPUs, disk size of 250 GB.
– The latest VMware VM tools need to be installed on the server.
– The correct time zone should be set.
Proxy server requirements for the CyberSnap ECE service Windows 2022
The VMware SCSI Paravirtual controller must be used for virtual machine setup
Add three additional VMware SCSI Paravirtual controllers, bringing the total number
of SCSI Paravirtual controllers attached to the proxy server to four
One server with 16 GB RAM, 4 CPUs, disk size 250 GB
The latest VMware VM tools need to be installed on the server
The correct time zone should be set
Supported Virtual Environment – VMware vCenter version 7 or above.
– VMware ESXi version 7 or above.
Windows Credentials – The Cybersnap service should be configured to use the default Local System Account.
VMWare Credentials – Dedicated VMware account that has full right in VMware vCenter.
NetApp Credentials – Dedicated NetApp account that has full right in NetApp.
Networking – Server must have a single NIC and assign a static IP.
Supported Browser – Google Chrome, Microsoft Edge, and Mozilla Firefox.
UAC – Our best practice is to disable Users Access Control if possible.


Firewall Setup

If your company enforces strict rules requiring all network segments to be configured with a firewall, the following ports will need to be enabled:

Source Destination Port Type Notes
CyberSnap VMware VCenter 443 TCP VMware default port
CyberSnap ESXi(s) 443 TCP ESXi default port
CyberSnap NetApp 443 TCP NetApp default port
CyberSnap CyberSnap Proxy 5000 TCP CyberSnap Proxy default port

All the ports listed are default ones. If you have customized your setup with different ports, you will need to define firewall rules for those specific ports.


NetApp ONTAP

To access CyberSnap capabilities, specific NetApp pre-requisites must be fulfilled:

      • Applied the FlexClone license.

      • NFS volumes, create a new export policy or update the existing NetApp ONTAP Export Policy to include all specified VMware ESXi hosts in the CyberSnap Policy.

      • Ensure that an initiator group (igroup) is created for each ESXI host or cluster. This step is necessary for establishing connections between the ESXi hosts and the NetApp LUNs. (iSCSI/FC only).
            • Note: if INFRA scanning will be performed only using specific ESXi hosts, configure an igroup for each of those specific ESXi hosts.

        • Set up snapshot policies on volumes that will be configured in CyberSnap.


      AD Service Account

      CyberSnap does not require any dedicated Windows account.

      Upon successful setup, a CyberSnap service will be created on the CyberSnap server, and the local system account will be configured for this service.

      If your company policy restricts the use of the local system account, you will need to create a service account with local administrator privileges on the CyberSnap server and specify this account for the CyberSnap service.

      This service account can be either local or domain-based, depending on your company’s rules.


      VMware vCenter DRS

      In a VMware vSphere environment, when working with clusters, you may have configured DRS (Distributed

      Resource Scheduler), which focuses on load balancing by automatically migrating VMs between hosts to

      optimize performance and resource usage.

      Because CyberSnap scans datastores attached to dedicated VMware hosts, it is important to understand that

      migrating a CyberSnap server to a different host may cause a loss of connection to the datastore, resulting

      in the scan being unable to complete.

      To avoid this situation, you must create VM Override rules that disable DRS for the CyberSnap virtual

      machine. This will enable CyberSnap to stay connected to the dedicated data storage throughout the

      scanning process.


      VMware vCenter Resource Pool

      As part of the best practices, we suggest creating a dedicated Resource Pool for Infra policy types. By

      implementing Resource Pools, you can limit the resources available to CyberSnap in the VMware vSphere

      environment while simultaneously allowing your production environment to utilize the maximum available

      resources.

      Since Cyber Policy types works with VMDK disk files and this approach does not introduce additional impact

      to your VMware environment, except for the load on the CyberSnap server during scanning, we require

      configuring the Cyber Policy to the ‘Target ESX’ host in the policy settings and selecting the same VMware

      host where the Cyber Proxy server is located. If VMware DRS is enabled, ensure that VM Override rules

      disable DRS for the CyberSnap virtual machine.

      To accommodate varying numbers of virtual machines with different RAM and CPU configurations, we

      suggest setting the following parameters for the CyberSnap Resource Pool:

      Memory
      Reservations: 20% of the total RAM limit
      Limits: 50% of the total RAM
      CPU
      Reservation: 20% of the MAX Limit
      Limits: 50% of the MAX Limit
      Be aware that not all versions of VMware vSphere support Resource Pool feature, here is brief overview of
      versions:
      – vSphere Essentials: Does not include the ability to create Resource Pools.
      – vSphere Essentials Plus: Includes the ability to create Resource Pools, along with features like
      vMotion and High Availability.
       – vSphere Standard and above (including vSphere Enterprise and Enterprise Plus): Also allow you to
      create Resource Pools and include additional features like Distributed Resource Scheduling (DRS),
      Storage DRS, and more.
      In cases where you cannot use the Resource Pool feature due to license limitations, you will still be able to
      select hosts from VMware vCenter. We recommend upgrading your license to a level that supports the
      Resource Pool feature, as this will enable CyberSnap scans to run on a larger scale, with more servers
      simultaneously.
      Regardless of whether you configure a Resource Pool in your environment or not, the virtual machine
      Overrides rule that disables DRS for the CyberSnap virtual machine must be configured if VMware DRS is
      enabled.

       


      5.If you require further assistance, please feel free to submit a support ticket here.

      CyberSnap Pre-Requisites

      Download