VNS3:ms Overview
A VNS3:MS is a single dashboard to manage and monitor VNS3 networks plus all underlying cloud VLAN network components (CIDR, subnets, route tables, ACLs, security groups, etc.).
VNS3:ms Network Domain Model
VNS3:ms Monitors VNS3 Controllers and Cloud VLANs
This document assumes you have either a VNS3 deployment or Cloud VLAN you would like to manage and monitor via VNS3:ms.
See the specific instructions for your cloud setup and instance launch on our Product Resources page.
Please review the VNS3 Support Plans and Contacts before sending support inquiries. If you need specific help with project planning, POCs, or audits, contact our professional services team via sales@cohesive.net for details.
Requirements
- You have a cloud account that Cohesive can use for enabling your access to the VNS3:ms images.
- Ability to open the required hypervisor firewall rules to allow your VNS3:ms instance to access your VNS3 Controller instances
- Ability to create and add cloud API credentials to allow your VNS3:ms instance to access your cloud account.
- VNS3:ms currently only support the “underlay” (cloud network) view in AWS at this time. Support for Azure and Google is underway.
System Requirements
- Minimum of 2GB memory
- Persistent Storage (EBS-backed at AWS or similar in other cloud environments)
- Minimum of 30GB storage
- VNS3 Controller version 3.5 or later for devices that will be monitored and managed by VNS3:ms (3.0 and earlier are usable but not fully supported)
Firewall Considerations
VNS3:ms instances use the following TCP ports:
- Inbound: TCP port 80 and/or 443: http/https access to the VNS3:ms admin Web UI and/or API. Open these ports only to the IP(s) from which you intend to manage and monitor :ms. In support situations, you may be asked to open these ports to Cohesive’s public support IP (54.236.197.84) as well.
- Inbound: TCP port 22: Only needed in support situations where you have requested Cohesive support staff to access your VNS3:ms instance to diagnose/troubleshoot an issue. Should only be open to Cohesive’s public support IP (54.236.197.84).
- Outbound: TCP port 8000: Used to access managed VNS3 Controllers’ APIs. Each VNS3 Controller that will be added to the VNS3:ms system must be reachable by :ms and have inbound TCP port 8000 access open from the VNS3:ms instance’s IP address.
- Outbound: TCP port 80 and 443: :ms requires http/https access to the AWS API.
Remote Support
Note that TCP 22 (ssh) is not required for normal operations.
VNS3:ms has that same multi-party/multi-factor authentication system for Remote Support that all VNS3 products utilize. Each VNS3:ms instance is running a restricted SSH daemon, with access limited only to Cohesive Networks for debugging purposes controlled by the user via the Remote Support toggle and key exchange generation.
In the event Cohesive Networks needs to observe runtime state of a VNS3:ms instance in response to a tech support request, we will ask you to open Security Group access to SSH from our support IP range and Enable Remote Support via the Web UI. Cohesive Networks will send you an encrypted passphrase to generate a private key used by Cohesive Networks Support staff to access your Controller. Access to the restricted SSH daemon is completely controlled by the user. Once the support ticket has been closed you can disable remote support access and invalidate the access key.
