ggRock Site Preparation

This document outlines everything needed for site preparation to get ggRock up and running

 

Hardware Preparation


  • Rack Space
    • Dependent on server selected, at least 1U, sometimes 2U
    • ggC typically installs a 12U rack to support the edge, switches, UPS, ggRock Server, and surge protector.
  • Battery Backup
    • Recommended - 1000VA
      • ggC only plugs the ggRock server into the UPS. Networking gear directly into the power connected to the rack.
  • Electrical Plugs
    • Dependent upon server selected and country of destination, typically redundant power supplies so at least two power connections should be planned for.

Network Preparation

  • Network Plug/Interface
    • Dependent upon server selected, typically SFP+. 
      • 10G, 25G, 40G mandatory for servers only
      • Clients at least gigabit to the desktop
  • Network Topology
    • Flat topology, server on same network segment as clients
  • IP address/network setup
    • DHCP mandatory from edge device.
      • ggRock does not do DHCP, it acts as a proxyDHCP entity fetching and passing on DHCP requests 
    • No management features of switch enabled
    • No DHCP option 66/67
    • No STP (spanning tree)
    • No DHCP Snooping
    • No other PXE servers on the same network segment
  • Ports/access for team to remote manage
    • 443/9090 TCP
    • Feel free to implement a deny all rule at the edge and then allow connections specifically from the ggCircuit corporate VPN gateway on the above pots: 104.200.145.151
  • The ggLeap API runs through Fastly, so the only outbound IPs you need to add for API access are https://api.fastly.com/public-ip-list - they change periodically, so worth subscribing for updates https://docs.fastly.com/en/guides/fastlys-network-status#subscribing-to-notifications
  • You will also need to add AWS IP ranges for SQS (tcp/443) and API gateway (tcp/443) for ggLeap client -> backend communication (non API), which are available here:  https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
  • According to the docs for parsing that JSON file, The addresses listed for API_GATEWAY are egress only. and there isn't a subset for SQS or API Gateway ingress
  • The IP ranges can be extracted in Powershell using:
  • > Install-Module -Name AWS.Tools.Common
  • > Get-AWSPublicIpAddressRange -Region us-east-1 | where {$_.IpAddressFormat -eq "Ipv4"} | select IpPrefix