Deploy the ExtraHop Explore Appliance in Azure

Similar documents
Deploy the ExtraHop Discover Appliance in Azure

Deploy the ExtraHop Explore 5100 Appliance

Deploy the ExtraHop Explore Appliance on a Linux KVM

Deploy the ExtraHop Explore Appliance on a Linux KVM

Dell EMC Avamar Virtual Edition for Azure

Deploy the ExtraHop Trace 6150 Appliance

Course AZ-100T01-A: Manage Subscriptions and Resources

Dell EMC Avamar Virtual Edition for Azure

ExtraHop 6.1 ExtraHop Explore Admin UI Guide

How to Deploy a VHD Virtual Test Agent Image in Azure

Create and Configure a VM in the Azure Step by Step Basic Lab (V2.0)

The Balabit s Privileged Session Management 5 F5 Azure Reference Guide

Deploy the ExtraHop Discover 3100, 6100, 8100, or 9100 Appliances

Deploy the ExtraHop Trace Appliance with VMware

Deploy the ExtraHop Trace 6150 Appliance

Deploy the ExtraHop Discover Appliance 1100

Silver Peak EC-V and Microsoft Azure Deployment Guide

SECURE Gateway with Microsoft Azure Installation Guide. Version Document Revision 1.0

HySecure Quick Start Guide. HySecure 5.0

MarkLogic Server. MarkLogic Server on Microsoft Azure Guide. MarkLogic 9 January, 2018

Deploy the ExtraHop Discover Appliance with VMware

IBM Security Guardium Cloud Deployment Guide Microsoft Azure

EXPRESSCLUSTER X 4.0. HA Cluster Configuration Guide for Microsoft Azure (Windows) April 17, st Edition

ExtraHop 7.0 ExtraHop Explore Admin UI Guide

Deploying and Provisioning the Barracuda Web Application Firewall in the New Microsoft Azure Management Portal

USING NGC WITH AZURE. DU _v01 September Setup Guide

Using PCF Ops Manager to Deploy Hyperledger Fabric

LiveNX 7.4 QUICK START GUIDE (QSG) LiveAction, Inc WEST BAYSHORE ROAD PALO ALTO, CA LIVEACTION, INC.

SaaSaMe Transport Workload Snapshot Export for. Alibaba Cloud

DOCUMENTATION. UVM Appliance Azure. Quick Start Guide

Michael Wells Microsoft Specialist, Dell EMC. SQL DBaaS on Microsoft Azure Stack

OnCommand Cloud Manager 3.2 Deploying and Managing ONTAP Cloud Systems

InControl 2 Software Appliance Setup Guide

All - In - One for Hyper- V

Sophos Virtual Appliance. setup guide

Azure for On-Premises Administrators Practice Exercises

Reset the Admin Password with the ExtraHop Rescue CD

<Hot>Table 1.1 lists the Infoblox vnios for Azure appliance models that are supported for this release. # of vcpu Cores. TE-V Yes

KeyNexus Hyper-V Deployment Guide

LiveNX 8.0 QUICK START GUIDE (QSG) LiveAction, Inc WEST BAYSHORE ROAD PALO ALTO, CA LIVEACTION, INC.

LiveNX QUICK START GUIDE (QSG) LiveAction, Inc WEST BAYSHORE ROAD PALO ALTO, CA LIVEACTION, INC.

Pexip Infinity and Microsoft Azure Deployment Guide

Proofpoint Threat Response

Developing Microsoft Azure Solutions (70-532) Syllabus

ExtraHop Command-line Reference

Install and Configure FindIT Network Manager and FindIT Network Probe on a VMware Virtual Machine

Microsoft Azure Configuration. Azure Setup for VNS3

Best Practices for Migrating Servers to Microsoft Azure with PlateSpin Migrate

Using RDP with Azure Linux Virtual Machines

TECHNICAL WHITE PAPER DECEMBER 2017 VMWARE HORIZON CLOUD SERVICE ON MICROSOFT AZURE SECURITY CONSIDERATIONS. White Paper

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Transcode and Add Pulse Video Analytics to Video Content on Cisco Show and Share

Exam : Implementing Microsoft Azure Infrastructure Solutions

Configure the Cisco DNA Center Appliance

Azure 209x Practical Exercises Overview

MOVEit Transfer on Azure Marketplace Quickstart Guide. How to deploy and use MOVEit Transfer from Microsoft Azure Marketplace

ScaleArc Azure Deployment Guide

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

Threat Response Auto Pull (TRAP) - Installation Guide

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

ExtraHop 7.0 ExtraHop Trace Admin UI Guide

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline 1.4

Dell Storage Manager 2016 R3 Installation Guide

Implementing Infoblox Data Connector 2.0

Developing Microsoft Azure Solutions (70-532) Syllabus

How to Configure Azure Route Tables (UDR) using Azure Portal and ARM

Load Balancing Web Servers with OWASP Top 10 WAF in Azure

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

WatchGuard Dimension v2.1.1 Update 3 Release Notes

Installing Cisco MSE in a VMware Virtual Machine

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

SonicOS Release Notes

Upgrading the Cisco APIC-EM Deployment

Installation Prerequisites

Let s manage agents. Tom Sightler, Principal Solutions Architect Dmitry Popov, Product Management

Developing Microsoft Azure Solutions (70-532) Syllabus

Community Edition Getting Started Guide. July 25, 2018

Web Self Service Administrator Guide. Version 1.1.2

Storage Manager 2018 R1. Installation Guide

WatchGuard XTMv Setup Guide Fireware XTM v11.8

Deploy the ExtraHop Discover 3000, 6000, or 8000 Appliances

EASYHA SQL SERVER V1.0

akkadian Global Directory 3.0 System Administration Guide

Neutron Series OCTOBER 2015

IBM Single Sign On for Bluemix Version December Identity Bridge Configuration topics

Deploying the Cisco Tetration Analytics Virtual Appliance in Microsoft Azure

Mediant Virtual Edition (VE) SBC

CA Agile Central Administrator Guide. CA Agile Central On-Premises

StorageGRID Webscale Installation Guide. For VMware Deployments. January _B0

Quick Start Guide for Vmware. Version 2.5 Vmware vsphere Instance

How to Deploy the Barracuda Security Gateway in the New Microsoft Azure Management Portal

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

Processing Big Data with Hadoop in Azure HDInsight

Installing or Upgrading ANM Virtual Appliance

ATTACHMENT MANAGEMENT USING AZURE BLOB STORAGE

Administering vrealize Log Insight. September 20, 2018 vrealize Log Insight 4.7

WatchGuard XTMv Setup Guide

Virtual Appliance Installation Guide

Cisco Integrated Management Controller (IMC) Supervisor is a management system that allows you to manage rack mount servers on a large scale.

Tanium Network Quarantine User Guide

Transcription:

Deploy the ExtraHop Explore Appliance in Azure Published: 2018-07-19 In this guide, you will learn how to deploy an ExtraHop Explore virtual appliance in a Microsoft Azure environment and join multiple Explore appliances to create an Explore cluster. System requirements Your environment must meet the following requirements to deploy a virtual Explore appliance: An Explore appliance product key An Azure storage account A Linux, Mac, or Windows client with the latest version of Azure CLI installed. The ExtraHop Explore 5100v virtual hard disk (VHD) file, available on the ExtraHop Customer Portal An Azure instance size that most closely matches the Explore appliance VM size, as listed below: Appliance EXA 5100v Azure Instance Size Basic_A4, Standard_A7, or Standard_DS13 Deploy the EXA 5100v Before you begin The procedures below assume that you do not have the required resource group, storage account, storage container, and network security group configured. If you already have these parameters configured, you can proceed to step 5 after you log into your Azure account. 1. Open a terminal application on your client and log into to your Azure account. az login 2. Open https://aka.ms/devicelogin in a web browser and enter the code to authenticate, and then return to the command-line-interface. 3. Create a resource group. az group create --name <name> --location <location> For example, create a new resource group in the West US region. az group create --name examplerg --location westus 4. Create a storage account. az storage account create --resource-group <resource group name> --name <storage account name> az storage account create --resource-group examplerg --name examplesa 2018 ExtraHop Networks, Inc. All rights reserved.

5. View the storage account key. The value for key1 is required for step 5. az storage account keys list --resource-group <resource group name> -- account-name <storage account name> az storage account keys list --resource-group examplerg --account-name examplesa Output similar to the following appears: [ { "keyname": "key1", "permissions": "Full", "value": "CORuU8mTcxLxq0bbszhZ4RKTB93CqLpjZdAhCrNJugAorAyvJjhGmBSedjYPmnzXPikSRigd 5T5/YGYBoIzxNg==" }, { "keyname": "key2", "permissions": "Full", "value": "DOlda4+6U3Cf5TUAng8/GKotfX1HHJuc3yljAlU+aktRAf4/ KwVQUuAUnhdrw2yg5Pba5FpZn6oZYvROncnT8Q==" } ] 6. Set default Azure storage account environment variables. You can have multiple storage accounts in your Azure subscription. To select one of them to apply to all subsequent storage commands, set these environment variables. If you do not set environment variables you will always have to specify --account-name and --account-key in the commands in the rest of this procedure. export AZURE_STORAGE_ACCOUNT=<storage account_name> export AZURE_STORAGE_ACCESS_KEY=<key1> Where <key1> is the storage account key value that appears in step 5. export AZURE_STORAGE_ACCOUNT=exampleSA export AZURE_STORAGE_ACCESS_KEY=CORuU8mTcxLxq0bbszhZ4RKTB93CqLpjZdAhCrNJugAor AyvJjhGmBSedjYPmnzXPikSRigd5T5/YGYBoIzxNg== 7. Create a storage container. az storage container create --name <storage container name> az storage container create --name examplesc 8. Upload the Discover appliance VHD file to the blob storage. az storage blob upload --container-name <container> --type page --name <blob name> --file <path/to/file> --validate-content exclude_from_doc_site Deploy the ExtraHop Explore Appliance in Azure 2

az storage blob upload --container-name examplesc --type page --name discover_appliance.vhd --file /Users/admin/Downloads/extrahopexa-5100v-azure-7.2.0.5000.vhd --validate-content 9. Retrieve the blob URI. You need the URI when you create the managed disk in the next step. az storage blob url --container-name <storage container name> --name <blob name> az storage blob url --container-name examplesc --name explore_appliance.vhd Output similar to the following appears: https://examplesa.blob.core.windows.net/examplesc/explore_appliance.vhd 10. Create a managed disk, sourcing the Discover VHD file. az disk create --resource-group <resource group name> --location <Azure region> --name <disk name> --sku Premium_LRS --source <blob uri> --size-gb <size gb> Where sku specifies the type of disk and desired replication pattern. Managed disks support only Standard_LRS and Premium_LRS. Premium_LRS has a maximum disk size of 1 TB and Standard_LRS has a maximum disk size of 4TB. az disk create --resource-group examplerg --location westus --name exampledisk --sku Standard_LRS --source https:// examplesa.blob.core.windows.net/examplesc/explore_appliance.vhd --size-gb 60 11. Create the VM and attach the managed disk. This command creates the Explore appliance VM with a default network security group and dynamic public IP address. az vm create --resource-group <resource group name> --location <Azure region> --name <vm name> --os-type linux --attach-os-disk <disk name> --size <azure machine size> az vm create --resource-group examplerg --location westus --name examplevm --OS-type linux --attach-os-disk exampledisk --size Basic_A4 12. Log into the Azure portal, https://portal.azure.com, and configure the networking rules for the appliance. The network security group must have the following rules configured: Table 1: Inbound Port Rules Name Port Protocol EXA 9443 TCP exclude_from_doc_site Deploy the ExtraHop Explore Appliance in Azure 3

Name Port Protocol HTTPS 443 TCP SSH 22 TCP Table 2: Outbound Port Rules Name Port Protocol EXA 9443 ANY HTTPS 443 TCP SSH 22 TCP Next steps Open a web browser and log into the Admin UI on the Explore appliance through the configured public IP address. The default login name is setup and the password is default. Complete the following recommended procedures: Register your ExtraHop appliance Configure the system time Configure email settings for notifications Create an Explore cluster If you are deploying more than one Explore appliance, join the appliances together to create a cluster. For the best performance, data redundancy, and stability, you must configure at least three Explore appliances in an Explore cluster. In the following example, the Explore appliances have the following IP addresses: Node 1: 10.20.227.177 Node 2: 10.20.227.178 Node 3: 10.20.227.179 You will join nodes 2 and 3 to node 1 to create the Explore cluster. Important: Each node that you join must have the same configuration (physical or virtual) and ExtraHop firmware version. 1. Log into the Admin UI of all three Explore appliances with the setup user account in three separate browser windows or tabs. 2. Select the browser window of node 1. 3. In the Status and Diagnostics section, click Fingerprint and note the fingerprint value. You will later confirm that the fingerprint for node 1 matches when you join the remaining two nodes. 4. Select the browser window of node 2. 5. In the Explore Cluster Settings section, click Join Cluster. 6. In the Host field, type the hostname or IP address of node 1 and then click Continue. 7. Confirm that the fingerprint on this page matches the fingerprint you noted in step 3. exclude_from_doc_site Deploy the ExtraHop Explore Appliance in Azure 4

8. In the Setup Password field, type the password for the node 1 setup user account and then click Join. When the join is complete, the Explore Cluster Settings section has two new entries: Explore Cluster Members and Data Management. 9. Click Explore Cluster Members. You should see node 1 and node 2 in the list. 10. In the Status and Diagnostics section, click Explore Cluster Status. Wait for the Status field to change to Green before adding the next node. 11. Repeat steps 5-11 to join each additional node to the new cluster. Tip: To avoid creating multiple clusters, always join a new node to the existing cluster and not to another single appliance. 12. When you have added all of your Explore appliances to the cluster, click Explore Cluster Members in the Explore Cluster Settings section. You should see all of the joined nodes in the list, similar to the following figure. exclude_from_doc_site Deploy the ExtraHop Explore Appliance in Azure 5

13. In the Explore Cluster Settings section, click Data Management and make sure that Replication Level is set to 1 and Shard Reallocation is ON. Connect the Explore appliance to Discover and Command appliances After you deploy the Explore appliance, you must establish a connection from all ExtraHop Discover and Command appliances to the Explore appliance before you can query records. Important: If you have an Explore cluster of three or more Explore nodes, connect the Discover appliance to each Explore node so that the Discover appliance can distribute the workload across the entire Explore cluster. Note: If you manage all of your Discover appliances from a Command appliance, you only need to perform this procedure from the Command appliance. 1. Log into the Admin UI of the Discover or Command appliance. 2. In the ExtraHop Explore Settings section, click Connect Explore Appliances. 3. Click Add New. 4. In the Explore node field, type the hostname or IP address of any Explore appliance in the Explore cluster. 5. For each additional Explore appliance in the cluster, click Add New and enter the individual hostname or IP address in the corresponding Explore node field. exclude_from_doc_site Deploy the ExtraHop Explore Appliance in Azure 6

6. Click Save. 7. Confirm that the fingerprint on this page matches the fingerprint of node 1 of the Explore cluster. 8. In the Explore Setup Password field, type the password for the Explore node 1 setup user account and then click Connect. 9. When the Explore Cluster settings are saved, click Done. Next steps Important: If you only deployed a single Explore appliance, after you connect to your Discover or Command appliance, you must log into the Admin UI on the Explore appliance and set the Explore Cluster Settings > Data Management > Replication Level to 0. Send record data to the Explore appliance After your Explore appliance is connected to all of your Discover and Command appliances, you must configure the type of records you want to store. See Records concepts for more information about Explore configuration settings, how to generate and store records, and how to create record queries. Create an Explore cluster If you are deploying more than one Explore appliance, join the appliances together to create a cluster. For the best performance, data redundancy, and stability, you must configure at least three Explore appliances in an Explore cluster. In the following example, the Explore appliances have the following IP addresses: exclude_from_doc_site Deploy the ExtraHop Explore Appliance in Azure 7

Node 1: 10.20.227.177 Node 2: 10.20.227.178 Node 3: 10.20.227.179 You will join nodes 2 and 3 to node 1 to create the Explore cluster. Important: Each node that you join must have the same configuration (physical or virtual) and ExtraHop firmware version. 1. Log into the Admin UI of all three Explore appliances with the setup user account in three separate browser windows or tabs. 2. Select the browser window of node 1. 3. In the Status and Diagnostics section, click Fingerprint and note the fingerprint value. You will later confirm that the fingerprint for node 1 matches when you join the remaining two nodes. 4. Select the browser window of node 2. 5. In the Explore Cluster Settings section, click Join Cluster. 6. In the Host field, type the hostname or IP address of node 1 and then click Continue. 7. Confirm that the fingerprint on this page matches the fingerprint you noted in step 3. 8. In the Setup Password field, type the password for the node 1 setup user account and then click Join. When the join is complete, the Explore Cluster Settings section has two new entries: Explore Cluster Members and Data Management. 9. Click Explore Cluster Members. You should see node 1 and node 2 in the list. exclude_from_doc_site Deploy the ExtraHop Explore Appliance in Azure 8

10. In the Status and Diagnostics section, click Explore Cluster Status. Wait for the Status field to change to Green before adding the next node. 11. Repeat steps 5-11 to join each additional node to the new cluster. Tip: To avoid creating multiple clusters, always join a new node to the existing cluster and not to another single appliance. 12. When you have added all of your Explore appliances to the cluster, click Explore Cluster Members in the Explore Cluster Settings section. You should see all of the joined nodes in the list, similar to the following figure. exclude_from_doc_site Deploy the ExtraHop Explore Appliance in Azure 9

13. In the Explore Cluster Settings section, click Data Management and make sure that Replication Level is set to 1 and Shard Reallocation is ON. Connect the Explore appliance to Discover and Command appliances After you deploy the Explore appliance, you must establish a connection from all ExtraHop Discover and Command appliances to the Explore appliance before you can query records. Important: If you have an Explore cluster of three or more Explore nodes, connect the Discover appliance to each Explore node so that the Discover appliance can distribute the workload across the entire Explore cluster. Note: If you manage all of your Discover appliances from a Command appliance, you only need to perform this procedure from the Command appliance. 1. Log into the Admin UI of the Discover or Command appliance. 2. In the ExtraHop Explore Settings section, click Connect Explore Appliances. 3. Click Add New. 4. In the Explore node field, type the hostname or IP address of any Explore appliance in the Explore cluster. 5. For each additional Explore appliance in the cluster, click Add New and enter the individual hostname or IP address in the corresponding Explore node field. exclude_from_doc_site Deploy the ExtraHop Explore Appliance in Azure 10

6. Click Save. 7. Confirm that the fingerprint on this page matches the fingerprint of node 1 of the Explore cluster. 8. In the Explore Setup Password field, type the password for the Explore node 1 setup user account and then click Connect. 9. When the Explore Cluster settings are saved, click Done. Next steps Important: If you only deployed a single Explore appliance, after you connect to your Discover or Command appliance, you must log into the Admin UI on the Explore appliance and set the Explore Cluster Settings > Data Management > Replication Level to 0. Send record data to the Explore appliance After your Explore appliance is connected to all of your Discover and Command appliances, you must configure the type of records you want to store. See Records concepts for more information about Explore configuration settings, how to generate and store records, and how to create record queries. exclude_from_doc_site Deploy the ExtraHop Explore Appliance in Azure 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback