Verify the CoPilot Deployment and the Connectivity with Controller
You are now successfully logged into CoPilot. To verify Copilot has connected successfully to your Aviatrix Controller, perform the following steps:
-
From the CoPilot dashboard, confirm that you can see your resource inventory across all clouds in your multicloud network that is managed by Aviatrix Controller.
-
Confirm that the inventory tiles show the number and status of each of your managed resources and that the global location of your managed VPCs/VNets is represented on the geographic map.
-
(For the cluster deployment only, Verify the cluster is intact via CoPilot) In the CoPilot application, go to Settings > Cluster > Cluster Status to check the status of the cluster instances. You can also review the cluster details in Settings > Cluster > Cluster Settings.
-
(For the cluster deployment only, Verify the cluster is intact via the AWS environment) In your EC2 console, check the following:
-
Verify the server instance is created and running after deployment (“Aviatrix-CoPilot-Cluster-Main-Node” is the server instance name.)
-
Verify all data instances are created and running after deployment (“Aviatrix-CoPilot-Cluster-Data-Node_node_number” is the data instance name format.)
-
Verify the CoPilot IP address was added on port 443 to the user Security Groups of the Controller instance on the cloud service provider.
-
-
After deployment, the CoPilot virtual machine ports 31283 and 5000 will be open for any IP (0.0.0.0/0). It is strongly recommended to remove the 0.0.0.0 entry from the CoPilot security group for these ports and add entries for all of your gateway IP addresses as described in the next steps.
In Controller 6.8, the CoPilot Security Group Management feature (From Controller User Interface, SETTINGS > CoPilot > CoPilot Security Group Management) is automatically enabled so this configuration is expected to be completed. This is only a verification step. -
(Verify NetFlow Agent is enabled in Controller) To use the FlowIQ feature in CoPilot, ensure that the Controller is configured to forward NetFlow logs to CoPilot.
In Controller 6.8, the CoPilot Netflow Agent feature is automatically enabled so this configuration is expected to be completed. This is only a verification step. -
Log in to Aviatrix Controller UI.
-
Go to SETTINGS > Logging > NetFlow Agent.
-
Use the static IP address of CoPilot as the Netflow server IP and UDP port 31283 (default, port is configurable).
-
Use version 9.
-
Click EDIT OPTIONS to enable the edit the Netflow Agent settings. Tick the Advanced check-box. In Gateways, verify all of your Aviatrix gateways are in the Include List.
-
Click Enable.
If you launch new gateways from your Controller later, you must transfer the newly launched gateways to the Include List here. In addition, in your native cloud console, you must open your CoPilot security group for UDP 31283 from each newly launched gateway.
-
-
(Verify Remote Syslog is enabled in Controller) Remote syslog index 9 is used for the Settings > Logging > Remote Syslog page. Ensure the controller is configured to specify CoPilot as the loghost server.
In Controller 6.8, the CoPilot Security Group Management feature (in Controller > SETTINGS> CoPilot > CoPilot Security Group Management) is automatically enabled so this configuration is expected to be completed. This is only a verification step. -
Log in to Aviatrix Controller.
-
Go to SETTINGS > Logging > Remote Syslog.
-
Choose Profile Index 9.
-
Click EDIT OPTIONS to edit the Remote Syslog settings.
-
In Enable Remote Syslog, enter the profile name you want to use, the static IP address of CoPilot as the server, and UDP port 5000 (default).
-
If you want to use custom certificates, choose your custom Server CA certificate, Client certificate, and Client Private Key.
-
Tick the Advanced checkbox. In Gateways, verify all of your Aviatrix gateways are in the Include List.
-
Click Enable.
If you launch new gateways from your Controller later, you must transfer the newly launched gateways to the Include List here. In addition, in your native cloud console, you must open your CoPilot security group for UDP 5000 from each newly launched gateway.
-