General
      Back to home
      1. ggCircuit Help Center
      2. ggRock User Manual
      3. General

      ggRock Site Preparation

      This document outlines everything needed for site preparation to get ggRock up and running

       

      Hardware Preparation


      • Rack Space
        • Dependent on server selected, at least 1U, sometimes 2U
        • ggC typically installs a 12U rack to support the edge, switches, UPS, ggRock Server, and surge protector.
      • Battery Backup
        • Recommended - 1000VA
          • ggC only plugs the ggRock server into the UPS. Networking gear directly into the power connected to the rack.
      • Electrical Plugs
        • Dependent upon server selected and country of destination, typically redundant power supplies so at least two power connections should be planned for.

      Network Preparation

      • Network Plug/Interface
        • Dependent upon server selected, typically SFP+. 
          • 10G, 25G, 40G mandatory for servers only
          • Clients at least gigabit to the desktop
      • Network Topology
        • Flat topology, server on same network segment as clients
      • IP address/network setup
        • DHCP mandatory from edge device.
          • ggRock does not do DHCP, it acts as a proxyDHCP entity fetching and passing on DHCP requests 
        • No management features of switch enabled
        • No DHCP option 66/67
        • No STP (spanning tree)
        • No DHCP Snooping
        • No other PXE servers on the same network segment
      • Ports/access for team to remote manage
        • 443/9090 TCP
        • Feel free to implement a deny all rule at the edge and then allow connections specifically from the ggCircuit corporate VPN gateway on the above pots: 104.200.145.151
      • The ggLeap API runs through Fastly, so the only outbound IPs you need to add for API access are https://api.fastly.com/public-ip-list - they change periodically, so worth subscribing for updates https://docs.fastly.com/en/guides/fastlys-network-status#subscribing-to-notifications
      • You will also need to add AWS IP ranges for SQS (tcp/443) and API gateway (tcp/443) for ggLeap client -> backend communication (non API), which are available here:  https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
      • According to the docs for parsing that JSON file, The addresses listed for API_GATEWAY are egress only. and there isn't a subset for SQS or API Gateway ingress
      • The IP ranges can be extracted in Powershell using:
      • > Install-Module -Name AWS.Tools.Common
      • > Get-AWSPublicIpAddressRange -Region us-east-1 | where {$_.IpAddressFormat -eq "Ipv4"} | select IpPrefix