CoPilot Requirements

Ensure you have met the following requirements before deploying Aviatrix CoPilot:

For information about sizing your VMs for a CoPilot deployment, see CoPilot VM Instance Sizing.

Subscription Requirements for CoPilot

You can subscribe to the Aviatrix CoPilot offer through the AWS, Microsoft Azure, Google Cloud, or OCI cloud providers to deploy CoPilot. See Required Marketplace Offers for details about the license for each cloud provider.

You can see details about your Aviatrix Controller and CoPilot licenses from your CoPilot user interface. In the CoPilot left navigation pane, click Settings > Licensing.

Licensing for CoPilot

CoPilot licensing is unified with Controller licensing. The customer ID that is used to license your Aviatrix Controller will enable your use of CoPilot.

For information about obtaining an Aviatrix License, Aviatrix Trial License, or renewing an Aviatrix license after a license expires, contact any Aviatrix Sales Representative.

Supported Browsers for CoPilot

Aviatrix recommends Chrome based web browsers for using CoPilot.

Most web browsers work without issue for using CoPilot monitoring and troubleshooting functions.

Safari web browsers are not recommended as unexpected results can occur.

UTC Timezone Requirement

To ensure accurate syslog timestamps, set the Controller timezone to UTC for Controller version 7.0.1726 or later. Follow the steps below:

  1. Go to SETTINGS > Controller > Time.

  2. Select Change Timezone and choose UTC from the list.

  3. Click OK to confirm.

Custom timezones are not supported, and this step is only required for Controller version 7.0.1726 or later. An incorrectly configured Controller timezone can result in inaccurate syslog timestamps, which can affect system troubleshooting and analysis.

Instance (Virtual Machine) System Requirements for CoPilot

The following are requirements for the instance (virtual machine) you provision for CoPilot so that it can communicate with other components in the Aviatrix platform.

After launching CoPilot, you must configure integration points for CoPilot to connect and communicate with other components in the Aviatrix platform.

If you launch CoPilot from the Aviatrix Controller user interface, the Controller’s auto-deploy process configures the integration points upon deployment.

Instance Sizing for CoPilot

Ensure the virtual machine (instance) that you intend to use for CoPilot deployment meets the minimum sizing requirements.

See CoPilot VM Instance Sizing for sizing requirements and recommendations.

Configure Inbound Rules

Starting from Controller 6.8, you can enable the "CoPilot Security Group Management" option in Aviatrix Controller so that Controller can open CoPilot access to the below ports for all your gateways. For more information, see CoPilot Security Group Management.

Add the following inbound rules to enable your CoPilot access (security group) for the corresponding services:

Inbound Rules
Port Range Protocol Source Description

443

TCP

Anywhere user access

To reach CoPilot via HTTPS connection using web browser.

5000 (Default)

UDP

From each gateway

Enable Syslog for CoPilot Egress FQDN (Legacy) & Audit Data from each gateway. Gateways send remote syslog to CoPilot.

5000 (Default)

TCP

From each gateway

For private mode, enable Syslog for CoPilot Egress FQDN & Audit Data from each gateway. Gateways send remote syslog to CoPilot.

31283 (Default, configurable)

UDP

From each gateway

Enable Netflow for CoPilot FlowIQ Data from each gateway. Gateways send Netflow to CoPilot. The port is configurable.

Subnets with Outbound Access

Each CoPilot instance must be launched in a subnet (availability zone) that has outbound Internet access. This also applies if you are using private mode.

Manually Add Gateway IPs

If you need to manually add IPs for gateways to your security groups, you can view the IP addresses of all your gateways from the GATEWAY page on the Aviatrix Controller user interface.

After CoPilot’s VM is launched and assigned a static public IP address, the Controller’s SG on 443 must be open to CoPilot’s public IP.