Networking connections (US)¶

VSatellite requires connectivity with specific endpoints and ports over HTTPS when running the VSatellite install.

IMPORTANT!

For our European customers (EMEA), see Networking connections (EMEA).

Required endpoints¶

dl.venafi.cloud:443
registry.venafi.cloud:443
vsat-gw.venafi.cloud:9443
vsat-gw.venafi.cloud:443
vsat-login.venafi.cloud:443

Verifying connectivity to required endpoints¶

To quickly verify connectivity to the required endpoints, you could use the cURL utility to request headers from each base URL. For example:

curl -I https://dl.venafi.cloud

curl -I https://vsat-gw.venafi.cloud

If your connection is successful, you'll get a 404 error, which confirms that you did connect to the endpoints successfully.

If you don't have cURL, you can install it on Ubuntu using apt-get install curl or on RHEL using yum install curl.

Local server firewall configuration for VSatellite¶

Certain network ports must be open for VSatellites to function correctly. This is particularly important for enterprise environments where disabling the firewall (firewalld) is not a viable option.

Necessary ports¶

Ensure the following TCP ports are open on the server firewall where VSatellite is running:

6443: Used by all nodes for communication with the K3s API server
10250: Needed for K3s metrics server functionality and to perform other important functions

These ports facilitate various functionalities essential for VSatellite.

Configuring firewalld¶

To open the required ports, use the firewall-cmd command. Here are the commands for the necessary TCP and UDP ports:

firewall-cmd --permanent --add-port=6443/tcp

firewall-cmd --permanent --add-port=10250/tcp

After adding the ports, reload the firewall to apply the changes:

firewall-cmd --reload

Changing the default VSatellite (10.x.x.x) network CIDR range¶

To override the default VSatellite network CIDR ranges, you can set the following environment variables before installing VSatellite.

We recommend using these settings if you are installing VSatellite on the 10.x.x.x network. For example:

export VSATELLITE_CLUSTER_CIDR=192.168.0.0/24  (default: 10.42.0.0/16)

export VSATELLITE_SERVICE_CIDR=192.168.1.0/24  (default: 10.43.0.0/16)

Use CIDR ranges that do not conflict with any of your internal networks.

Deploy a new VSatellite
Proxy server considerations
If you're deploying to RHEL, carefully review special considerations here
Learn how to manage your installed VSatellites
Rename a VSatellite
View your current list of VSatellites
Troubleshooting VSatellite connection issues
Delete a VSatellite