Deploy the ExtraHop Trace Appliance with VMware

Similar documents
Deploy the ExtraHop Discover Appliance with VMware

Deploy the ExtraHop Discover Appliance with VMware

Deploy the ExtraHop Trace 6150 Appliance

Deploy the ExtraHop Trace 6150 Appliance

Configure RSPAN with VMware

Deploy the ExtraHop Discover Appliance with Hyper-V

Deploy the ExtraHop Discover Appliance with VMware

Deploy the ExtraHop Discover Appliance with Hyper-V

Deploy the ExtraHop Explore Appliance on a Linux KVM

Configure RSPAN with VMware

Online Help StruxureWare Central

Online Help StruxureWare Data Center Expert

Deploy the ExtraHop Discover 3100, 6100, 8100, or 9100 Appliances

If you re not using VMware vsphere Client 5.1, your screens may vary.

Deploy the ExtraHop Explore 5100 Appliance

Deploy the ExtraHop Explore Appliance on a Linux KVM

Deploy the ExtraHop Discover 3000, 6000, or 8000 Appliances

Deploying Silver Peak Velocity with Dell Compellent Remote Instant Replay. November 2012

If you re not using VMware vsphere Client 4.1, your screens may vary. ITEM Example s Values Your Values

Deploy the ExtraHop Discover EDA 6100, EDA 8100, or EDA 9100 Appliances

OneSign Virtual Appliance Guide

VMware ESX ESXi and vsphere. Installation Guide

Installing the Cisco IOS XRv 9000 Router in VMware ESXi Environments

ECDS MDE 100XVB Installation Guide on ISR G2 UCS-E and VMWare vsphere Hypervisor (ESXi)

DSI Optimized Backup & Deduplication for VTL Installation & User Guide

Install the EH1000v/2000v with Hyper-V

LiveNX All- In- One on ESXi INSTALLATION GUIDE

Quick Start Guide. VMware vsphere / vsphere Hypervisor. Router Mode (Out-of-Path Deployment) Before You Begin

Installing the Cisco Virtual Network Management Center

Deploy the ExtraHop Discover 3100, 6100, 8100, or 9100 Appliances

Quick Start Guide ViPR Controller & ViPR SolutionPack

Install ISE on a VMware Virtual Machine

Stealthwatch Flow Sensor Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)


Installing the Cisco Nexus 1000V Software Using ISO or OVA Files

VMware vfabric Data Director Installation Guide

Installing the Cisco CSR 1000v in VMware ESXi Environments

Install ISE on a VMware Virtual Machine

Emulator Virtual Appliance Installation and Configuration Guide

SteelCentral AppResponse 11 Virtual Edition Installation Guide

Install ISE on a VMware Virtual Machine

Security Gateway Virtual Edition

Install ISE on a VMware Virtual Machine

Emulator Virtual Appliance Installation and Configuration Guide

Install and Configure FindIT Network Manager and FindIT Network Probe on a VMware Virtual Machine

Install ISE on a VMware Virtual Machine

VMware vcenter AppSpeed Installation and Upgrade Guide AppSpeed 1.2

vrealize Network Insight Installation Guide

Installing Cisco CMX in a VMware Virtual Machine

LiveNX 7.4 QUICK START GUIDE (QSG) LiveAction, Inc WEST BAYSHORE ROAD PALO ALTO, CA LIVEACTION, INC.

Deploy the ExtraHop Discover Appliance 1100

Securing Containers Using a PNSC and a Cisco VSG

VMware vfabric Data Director Installation Guide

Free Download: Quick Start Guide

FusionHub. Evaluation Guide. SpeedFusion Virtual Appliance. Version Peplink

HiveManager Virtual Appliance QuickStart

Securing Containers Using a PNSC and a Cisco VSG

Preparing Virtual Machines for Cisco APIC-EM

Preparing Virtual Machines for Cisco APIC-EM

UDP Director Virtual Edition

ITCorporation HOW DO I INSTALL A FRESH INSTANCE OF ANALYZER? DESCRIPTION RESOLUTION. Knowledge Database KNOWLEDGE DATABASE

Quick Start Guide ViPR Controller & ViPR SolutionPack

KEMP360 Central - VMware vsphere. KEMP360 Central using VMware vsphere. Installation Guide

Contents. Limitations. Prerequisites. Configuration

Installing vrealize Network Insight. VMware vrealize Network Insight 3.3

UDP Director Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)

Installing vrealize Network Insight

vrealize Network Insight Installation Guide

Installing Cisco MSE in a VMware Virtual Machine

VELOCITY. Quick Start Guide. VMware vsphere / vsphere Hypervisor. Server Mode (Single-Interface Deployment) Before You Begin

Cisco ACI with Cisco AVS

AltaVault Cloud Integrated Storage Installation and Service Guide for Virtual Appliances

Version 1.26 Installation Guide for On-Premise Uila Deployment

FusionHub. SpeedFusion Virtual Appliance. Installation Guide Version Peplink

Deploying the LANGuardian Virtual Appliance on VMware ESXi 6.5

Creating a New SBC SWe VM Instance

Installation. Power on and initial setup. Before You Begin. Procedure

Deploying Silver Peak Velocity with NetApp SnapMirror. October 2012

Global Management System (GMS) Virtual Appliance 6.0 Getting Started Guide

Installing and Configuring vcenter Support Assistant

SteelCentral Flow Gateway Software Installation Guide. Virtual Edition for VMware ESXi 5.5 and 6.0 Version x June 2017

QUICK SETUP GUIDE VIRTUAL APPLIANCE - VMWARE, XEN, HYPERV CommandCenter Secure Gateway

WatchGuard XTMv Setup Guide Fireware XTM v11.8

Version 1.26 Installation Guide for SaaS Uila Deployment

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline 1.4

Installing vrealize Network Insight. VMware vrealize Network Insight 3.5

Quick Start Guide. VMware vsphere / vsphere Hypervisor. Compact PC. Server Mode (Single-Interface Deployment) 4th Generation.

Deploying the Cisco Tetration Analytics Virtual

Reset the Admin Password with the ExtraHop Rescue CD

SRA Virtual Appliance Getting Started Guide

NetScaler SD-WAN Center 9.2

Proofpoint Threat Response

Quick Start Guide. VMware vsphere / vsphere Hypervisor. Compact PC. Server Mode (Single-Interface Deployment) 4th Generation.

RecoverPoint for Virtual Machines

KEMP 360 Central for vsphere. Installation Guide

Creating an IBM API Management Version 2.0 environment

NexentaStor VVOL

All - In - One for Hyper- V

Product Version 1.1 Document Version 1.0-A

VMware vsphere 5.5 VXLAN Networking and Emulex OneConnect OCe14000 Ethernet Adapters

Transcription:

Deploy the ExtraHop Trace Appliance with VMware Published: 2018-12-14 This guide explains how to deploy the virtual ExtraHop Trace appliances (ETA 1150v and ETA 6150v) on the VMware ESXi/ESX platform. Virtual machine requirements Your environment must meet the following requirements to deploy a virtual Trace appliance: An existing installation of VMware ESX or ESXi server version 6.0 or later capable of hosting the virtual Trace appliance. The virtual Trace virtual appliances have the following resource requirements: ETA 1150v ETA 6150v 2 vcpus 18 vcpus 16 GB RAM 64 GB RAM 4 GB system disk 4 GB system disk 1 TB for a packetstore disk You can reconfigure the disk size between 50 GB and 4 TB before deploying, if desired. Packetstore disk You must manually add a third virtual disk between 1 TB and 25 TB at the time of deployment to store packet data. Follow these guidelines to ensure the virtual appliance functions properly: If you want to deploy more than one virtual Trace appliance, create the new instance with the original deployment package or clone an existing instance that has never been started. Always choose thick provisioning. The ExtraHop packetstore requires low-level access to the complete drive and is not able to grow dynamically with thin provisioning. Do not change the default disk size after the appliance is deployed. Size the virtual disk either smaller or larger than the default 1TB before deploying. We do not support changing the original disk size or adding additional disks after the virtual machine is deployed. Do not migrate the virtual machine from one host or storage location to another. Although it is possible to migrate when the datastore is on a remote SAN, ExtraHop does not recommend this configuration. For maximum performance and compatibility, deploy Discover and Trace appliances in the same datacenter. Performance considerations Important: The ETA 6150v is capable of capturing packets to disk at a throughput of 10 Gbps, but only with properly provisioned network and disk bandwidth. To achieve peak performance when capturing traffic from physical network interfaces, you must ensure that there is a 10 GbE physical NIC (or equivalent available bandwidth across multiple 10 GbE physical NICs) dedicated to the ETA 6150v appliance. Similarly, you must ensure that 10 Gbps of disk bandwidth is allocated to the ETA 6150v appliance. With HDDs, this disk bandwidth typically requires dedicating 12 or more disks to the virtual appliance. Storage configurations with a small number of disks or with a large number of disks that are shared among multiple virtual appliances are unlikely to sustain packet capture at 10 Gbps. 2018 ExtraHop Networks, Inc. All rights reserved.

Network requirements Appliance Intra-VM External ETA 1150v One 1 Gbps Ethernet network port is required for management. A dedicated port is not necessary. You can take advantage of the same physical NIC as other VMs in your environment. The management port must be accessible on port 443. One 1 Gbps Ethernet network port for the physical port mirror. We recommend that you duplicate the feed of the traffic that is sent to the Discover appliance to take advantage of the ExtraHop workflow. ETA 6150v A 1 Gbps Ethernet network port is required for management. A dedicated port is not necessary. You can take advantage of the same physical NIC as other VMs in your environment. The management port must be accessible on port 443. A 10 Gbps Ethernet network port for the physical port mirror. To achieve 10 Gbps throughput, you must have 10 GbE or faster NIC ports in your ESXi server. We recommend that you duplicate the feed of the traffic that is sent to the Discover appliance to take advantage of the ExtraHop workflow. Interface modes Each interface can be configured as follows: Interface Interface mode Interface 1 Disabled + RPCAP/ERSPAN/VXLAN Interface 2 Disabled Monitoring Port (receive only) + RPCAP/ERSPAN/VXLAN High-performance ERSPAN (ETA 6150v) Interface 3 (ETA 6150v) Disabled Monitoring Port (receive only) + RPCAP/ERSPAN/VXLAN High-performance ERSPAN Interface 4 (ETA 6150v) Disabled Monitoring Port (receive only) Deploy the ExtraHop Trace Appliance on VMware 2

Interface Interface mode + RPCAP/ERSPAN/VXLAN High-performance ERSPAN Virtual Extensible LAN (VXLAN) packets are received on UDP port 4789. The ExtraHop system supports the following ERSPAN implementations: ERSPAN Type I ERSPAN Type II ERSPAN Type III Transparent Ethernet Bridging, which is an ERSPAN-like encapsulation commonly found in virtual switch implementations such as the VMware VDS and Open vswitch. Deploy the OVA file through the VMware vsphere web client ExtraHop distributes the virtual Trace appliance package in the open virtual appliance (OVA) format. Before you begin If you have not already done so, download the ExtraHop Trace virtual appliance OVA file for VMware from the ExtraHop Customer Portal. 1. Start the VMware vsphere web client and connect to your ESX server. 2. Select the datacenter where you want to deploy the virtual Trace appliance. 3. Select Deploy OVF Template from the Actions menu. 4. Follow the wizard prompts to deploy the virtual machine. For most deployments, the default settings are sufficient. a) Select Local file and then click Browse. b) Select the OVA file on your local machine and then click Open. c) Click Next. d) Review the virtual appliance details and then click Next. e) Specify a name and location for the appliance and then click Next. f) Select a resource location and then click Next. g) For disk format, select Thick Provision Lazy Zeroed and then click Next. h) Map the OVF-configured network interface labels with the correct ESX-configured interface labels and then click Next. 5. Verify the configuration and then complete the following steps: For the ETA 1150v If you do not want to resize the packetstore disk, select the Power on after deployment checkbox and then click Finish to begin the deployment. If you want to resize the packetstore disk: 1. Click Finish to begin the deployment. When the deployment is complete, select Edit Settings from the Actions menu. 2. Type a new size in the Hard disk 2 field. The minimum disk size is 50 GB and the maximum is 4 TB. 3. From the Actions menu, select Power > Power on. For the ETA 6150v 1. From the Actions drop-down list, select Edit Settings... to configure the packetstore disk. 2. From the New device drop-down list, select New Hard Disk, and then click Add. Deploy the ExtraHop Trace Appliance on VMware 3

3. Type a size in the Hard disk 3 field. The minimum disk size is 1 TB and the maximum disk size is 25 TB. 4. Specify a datastore for the packetstore disk. To help ensure that the Trace appliance can write packets at peak throughput without contention from other workloads, ExtraHop recommends that disk 3 be placed on a separate datastore than disks 1 and 2. The datastore must be backed by a high performance disk volume dedicated to the packetstore workload, and not shared with other virtual machines. 5. In the Mode section, select Independent and then select Persistent. 6. Click Finish to begin the deployment. 7. Find the ETA 6150v virtual machine in the vsphere Web Client inventory. 8. Right-click the virtual machine and click Edit Settings. 9. Click VM Options and then click Advanced. 10. Select Medium from the Latency Sensitivity drop-down menu. 11. Click OK. 12. From the Actions menu, select Power > Power on. 6. Select the virtual Trace appliance in the ESX Inventory and then select Open Console from the Actions menu. 7. Click the console window and then press ENTER to display the IP address. DHCP is enabled by default on the virtual Trace appliance. To configure a static IP address, see the Configure a static IP address through the CLI section. 8. Begin sending packets to your monitoring port or ports. Either connect a physical Ethernet port to the Monitoring Port through a virtual switch, or configure ERSPAN, RPCAP, or VXLAN sources to send traffic to the appropriate appliance IP address. Configure a static IP address through the CLI The ExtraHop appliance is delivered with DHCP enabled. If your network does not support DHCP, no IP address is acquired, and you must configure a static address manually. 1. Establish a console connection to the ExtraHop appliance. 2. At the login prompt, type shell and then press ENTER. 3. At the password prompt, type default, and then press ENTER. 4. To configure the static IP address, run the following commands: a) Enable privileged commands: enable b) At the password prompt, type default, and then press ENTER. c) Enter configuration mode: configure d) Enter the interface configuration mode: interface e) Run the ip command and specify the IP address and DNS settings in the following format: ip ipaddr <ip_address> <netmask> <gateway> <dns_server> For example: ip ipaddr 10.10.2.14 255.255.0.0 10.10.1.253 10.10.1.254 Deploy the ExtraHop Trace Appliance on VMware 4

f) Leave the interface configuration section: exit g) Save the running config file: running_config save h) Type y and then press ENTER. Configure the Trace appliance Open a web browser and log into the Admin UI on the Trace appliance through the configured IP address and complete the following procedures. The default login name is setup and the password is default. Register your ExtraHop appliance Connect the Discover and Command appliances to the Trace appliance Review the ExtraHop Post-deployment Checklist and configure additional Trace appliance settings. Connect the Discover and Command appliances to the Trace appliance After you deploy the Trace appliance, you must establish a connection from all ExtraHop Discover and Command appliances to the Trace appliance before you can query for packets. Figure 1: Connected to Discover Appliance Figure 2: Connected to Discover and Command Appliance 1. Log into the Admin UI of the Discover appliance. 2. In the ExtraHop Trace Settings section, click Connect Trace Appliances. 3. Type the hostname or IP address of the Trace appliance in the Appliance hostname field. 4. Click Pair. Deploy the ExtraHop Trace Appliance on VMware 5

5. Note the information listed in the Fingerprint field. Verify that the fingerprint listed on this page matches the fingerprint of the Trace appliance listed on the Fingerprint page in the Admin UI of the Trace appliance. 6. Type the password of the Trace appliance setup user in the Trace Setup Password field. 7. Click Connect. 8. To connect additional Trace appliances, repeat steps 2 through 7. Note: You can connect a Discover appliance to four or fewer Trace appliances. However, you can connect a Command appliance to an unlimited number of Trace appliances. 9. If you have a Command appliance, log into the Admin UI of the Command appliance and repeat steps 3 through 7 for all Trace appliances. Verify the configuration After you have deployed and configured the Trace appliance, verify that the Trace appliance can collect packets through the Discover and Command appliances. Before you begin You must have a minimum user privilege of view and download packets to perform this procedure. 1. Log into the Web UI on the Discover or Command appliance. 2. Make sure Packets appears in the top menu. 3. Click Packets to start a new packet query. You should now see a list of the collected packets. If the Packets menu item does not appear, revisit the Connect the Discover and Command appliances to the Trace appliance section. If no results are returned when you perform a packet query, check your network settings. If either issue persists, contact ExtraHop Support. Deploy the ExtraHop Trace Appliance on VMware 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback