This document outlines everything needed for site preparation to get ggRock up and running
Hardware Preparation
- Rack Space
- Dependent on server selected, at least 1U, sometimes 2U
- ggC typically installs a 12U rack to support the edge, switches, UPS, ggRock Server, and surge protector.
- Battery Backup
- Recommended - 1000VA
- ggC only plugs the ggRock server into the UPS. Networking gear directly into the power connected to the rack.
- Electrical Plugs
- Dependent upon server selected and country of destination, typically redundant power supplies so at least two power connections should be planned for.
Network Preparation
- Network Plug/Interface
- Dependent upon server selected, typically SFP+.
- 10G, 25G, 40G mandatory for servers only
- Clients at least gigabit to the desktop
- Network Topology
- Flat topology, server on same network segment as clients
- IP address/network setup
- DHCP mandatory from edge device.
- ggRock does not do DHCP, it acts as a proxyDHCP entity fetching and passing on DHCP requests
- No management features of switch enabled
- No DHCP option 66/67
- No STP (spanning tree)
- No DHCP Snooping
- No other PXE servers on the same network segment
- Ports/access for team to remote manage
- 443/9090 TCP
- Feel free to implement a deny all rule at the edge and then allow connections specifically from the ggCircuit corporate VPN gateway on the above pots: 104.200.145.151
- The ggLeap API runs through Fastly, so the only outbound IPs you need to add for API access are https://api.fastly.com/public-ip-list - they change periodically, so worth subscribing for updates https://docs.fastly.com/en/guides/fastlys-network-status#subscribing-to-notifications
- You will also need to add AWS IP ranges for SQS (tcp/443) and API gateway (tcp/443) for ggLeap client -> backend communication (non API), which are available here: https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
- According to the docs for parsing that JSON file, The addresses listed for API_GATEWAY are egress only. and there isn't a subset for SQS or API Gateway ingress
- The IP ranges can be extracted in Powershell using:
- > Install-Module -Name AWS.Tools.Common
- > Get-AWSPublicIpAddressRange -Region us-east-1 | where {$_.IpAddressFormat -eq "Ipv4"} | select IpPrefix