Single Node VM
Foresight is delivered as part of the Glasswall Halo CDR engine and is disabled by default.
This page covers enabling Foresight on a Glasswall Halo Single Node VM (OVA) deployment.
Prerequisites
- Halo version 2.19.0 - a Halo release that includes Foresight. See v2.19.0 release notes.
- Foresight entitlement - a Halo license that includes the Foresight entitlement (
Glasswall Halo: Foresight). If the entitlement is missing or invalid, Halo continues to process files normally and Foresight results are reported as unavailable. - System requirements - To support Foresight, the VM must have 24 CPU cores and 48GB of memory.
Deploying Foresight
Foresight ships disabled by default on the Single Node VM; the installer sets foresight.enabled=false. To enable it, run the enable_foresight.sh script included on the appliance:
/home/glasswall/enable_foresight.sh
The script enables the Foresight sidecar on the cdrplatform-engine deployment and sizes it for the appliance. No further configuration is required:
- The Foresight image is pre-pulled into the appliance's local image store at build time, so Foresight works on an air-gapped appliance with no outbound registry access.
- The sidecar reuses the engine's existing license.
The engine pods then roll to add the Foresight sidecar.
Enabling Foresight manually
Alternatively, run the Helm upgrade that the script performs:
helm upgrade cdrplatform-engine ~/cdrplatform-engine -n cdrplatform \
--reuse-values \
--set foresight.enabled=true \
--set foresight.resources.requests.cpu=1.3 \
--set foresight.resources.requests.memory=3Gi \
--set foresight.resources.limits.cpu=1.3 \
--set foresight.resources.limits.memory=3Gi \
--atomic
Disabling Foresight
To turn Foresight off again, run the same upgrade with foresight.enabled=false:
helm upgrade cdrplatform-engine ~/cdrplatform-engine -n cdrplatform \
--reuse-values \
--set foresight.enabled=false \
--atomic
The engine pods roll to remove the Foresight sidecar; standard Glasswall CDR protection is unaffected.
Resource considerations
The Foresight sidecar performs machine learning inference on the CPU; no GPU is required. On the Single Node VM, enable_foresight.sh sizes each sidecar to match the engine container, with requests and limits of 1.3 CPU and 3Gi memory:
| CPU | Memory | |
|---|---|---|
| Requests | 1.3 | 3Gi |
| Limits | 1.3 | 3Gi |
The appliance runs three engine replicas, so allow headroom for three Foresight sidecars. Because the models are bundled into the image, nothing is fetched at runtime.