On-Premise VMware Cavirin Installation (Version 1.2 - 8 Nov 17)

Follow

Platform Deployment

1.  The latest Cavirin-distributed OVA for VMware will be posted on Zendesk.

2.  ESXi 5.5 or later is required.

3.  The Google Chrome browser is required for interface access.

4.  The VMware VM for the platform must support a minimum of 4cpu/16GB or RAM and 100GB of SSD storage.  Thin provisioning is fine.

Open ports and configuration of the platform

 The Cavirin platform will need the following ports open to incoming traffic:

  •  TCP         3000 
  • HTTPS      443 
  • SSH         22 

Notes – 

We recommend that you only allow access from your own IP address.

The Cavirin VM will use DHCP for initial setup. The IP can be changed after initial setup. If you don’t have DHCP, please contact Cavirin.

The Cavirin platform must have routable network access to the target servers you want to assess.

Platform Configuration - Discovery of Your Environment

On-prem Machine Discovery - IP Ranges

  • CIDR or starting/ending IP ranges for the subnets. This is to discover and communicate with your on-prem environment.

Cloud Discovery – Cloud Environment Credentials

  • Cloud Credentials - client ID and client secret. This is to discover and communicate with your cloud environment.

Communication – Instances Credentialed Required

  • Without credentials Cavirin will not access information from your servers. Please have read only credentials for the on-prem and virtual instances you wish to scan.

Machine Communication - Enabling Communication With Your Servers and Instances

Machine Communication - Open Ports Required

For Windows servers/instances – The username and password with Administrator credentials. If you have the ability to create a domain level service account with administrative privileges this is preferred.

  • For Windows servers/instances – Windows Remote Management (WinRM) must be enabled and port 5985 open on the firewall for the ARAP server to be able to scan the server or instance.
  • ICMP – for machine discovery

For Linux servers/instances – User with sudo permission, and either a password or SSH key authentication

  • For Linux Servers SSH port 22 must be accessible for the ARAP server to be able to assess the server or instance.
  • ICMP – for machine discovery

Network Configuration – Opening Communication Between the Host and Target Machines 

Note that your network needs to be able to provide open communication between the Cavirin host machine and all the target machines.

 

 

Have more questions? Submit a request

Comments