Creating an NSS VM Instance
Supported Platforms
NSS is supported in the following virtual environments:
- VMWare
- KVM
- Hyper-V
- Amazon Web Services (AWS)
- Google Cloud Compute (GCP)
- Sansay's STIR/SHAKEN as a Service
VM Sizing
NSS STI-AS and STI-VS query processing capability are mainly driven by your traffic volume measured in queries per second (QPS) and by the number of total entries in your attestation policy table directly related to your network's DIDs/TNs and trunk groups as applicable.
Minimum Requirements:
- 4vCPU and 12G of RAM, 500GB storage. QPS 250 and up to 20,000 entries.
- 4vCPU and 24G of RAM, 500GB storage. QPS 250 and up to 2M entries.
- 6vCPU and 24G of RAM, 1TB storage. QPS 500 and up to 2M entries
- 8vCPU and 24G or RAM, 2TB storage. QPS 1000 and up to 2M entries.
- 12vCPU and 32G of RAM, 3TB storage. QPS 2000 and 2M+ entries.
- 16vCPU and 48G or RAM, 5TB storage. QPS 5000 and 2M+ entries.
Notes:
- The vCPU count will depend on the system CPU single thread performance.
- Storage requirements will vary based on record retention policies and needs.
VMWare Setup
Sansay will provide you with a VMWare OVA file to deploy a NSS virtual instance. Sansay Support would have already provided a images.sansay.com link to download the OVA file.
VM instantiation
Under Virtual Machines, create a new VM by clicking Create / Register VM.
In the pop-up window select “Deploy a virtual machine from an OVF or OVS file”.
Enter a name for the instance and navigate to the ova file provided by Sansay Support.
Select the datastore where the instance will reside.
Select the desired network.
Verify your instance configuration and click Finish.
Once the instance has been provisioned successfully you will see task statuses, in your Recent tasks window, similar to the ones below.
With the instance provisioning completed there's an optional step to add additional network interfaces beyond the primary network interface.
The instance will only have one NIC provisioned so you will need to add a second interface.
Power off the NSS instance.
Edit the NSS instance settings.
In the pop-up window, click “Add network adapter”.
Network Configuration
NSS can run in DHCP or a static IPv4 address. The initial setup is completed via your hypervisor console. The default console user is netconf. Please ask support for your VM initial configuration password.
Upon successful login you can run the set_net.sh utlilty script which will configure all network details for your instance. Please note that the netconf user is restricted to console only and does not allow remote SSH access. This user is designed for initial configuration and troubleshooting via your hypervisor's console.
Accessing the GUI
Once the NSS VM networking settings have been configured you can access the web UI by going to https://<IP Address>:8888 using the IP address of the VM. Google Chrome is the recommended browser.
Log in with the username superuser / sansay.
Change Account Password
Navigate to the Profile page by clicking on the profile image in the upper right corner, between the Logout button and the bell.
Use the “Change Password” card in the bottom left of the page to set a new password.
NSS Initial Configuration
Once NSS is up and running you will want to take care of the following items as soon as possible.
- Configure NTP servers. NTP synchronization is vital in STIR/SHAKEN call signing and verification. Please make sure to select NTP servers you trust. (System > General>
- Configure DNS. Often times STIR/SHAKEN certificates will provide a domain name. Confiuring a DNS will make sure that NSS can resolve the URL to verify STIR/SHAKEN PASSporTs. (System > General>
- Configure new users (System > Users).
- Configure Trusted Hosts (System > Trusted Hosts)
- Configure Virtual IP(s). This IP address will be used to process SIP and/or REST STI-AS and STI-VS requests (System > Virtual IPs). This IP address can be the same as the system's static / chassis IP.
2 replies
-
Carlos Perez Does this appliance require public IP or is the query handled via the VSXI so could be internal IP space?