Deploy the ExtraHop Discover Appliance with VMware

Similar documents
Deploy the ExtraHop Discover Appliance with VMware

Deploy the ExtraHop Trace Appliance with VMware

Deploy the ExtraHop Discover Appliance with VMware

Deploy the ExtraHop Discover Appliance with Hyper-V

Deploy the ExtraHop Discover Appliance with Hyper-V

Install the EH1000v/2000v with Hyper-V

Configure RSPAN with VMware

Deploy the ExtraHop Discover 3100, 6100, 8100, or 9100 Appliances

Configure RSPAN with VMware

If you re not using VMware vsphere Client 5.1, your screens may vary.

VMware ESX ESXi and vsphere. Installation Guide

If you re not using VMware vsphere Client 4.1, your screens may vary. ITEM Example s Values Your Values

Deploy the ExtraHop Explore Appliance on a Linux KVM

ITCorporation HOW DO I INSTALL A FRESH INSTANCE OF ANALYZER? DESCRIPTION RESOLUTION. Knowledge Database KNOWLEDGE DATABASE

Deploying the LANGuardian Virtual Appliance on VMware ESXi 6.5

Online Help StruxureWare Central

VMware vfabric Data Director Installation Guide

Deploy the ExtraHop Discover EDA 6100, EDA 8100, or EDA 9100 Appliances

Deploy the ExtraHop Explore Appliance on a Linux KVM

UDP Director Virtual Edition

SteelCentral AppResponse 11 Virtual Edition Installation Guide

Stealthwatch Flow Sensor Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)

UDP Director Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)


Online Help StruxureWare Data Center Expert

Quick Start Guide. VMware vsphere / vsphere Hypervisor. Router Mode (Out-of-Path Deployment) Before You Begin

Deploy the ExtraHop Trace 6150 Appliance

Deploy the ExtraHop Discover 3100, 6100, 8100, or 9100 Appliances

WatchGuard XTMv Setup Guide Fireware XTM v11.8

Install ISE on a VMware Virtual Machine

DSI Optimized Backup & Deduplication for VTL Installation & User Guide

Deploy the ExtraHop Trace 6150 Appliance

OneSign Virtual Appliance Guide

Installing the Cisco CSR 1000v in VMware ESXi Environments

Global Management System (GMS) Virtual Appliance 6.0 Getting Started Guide

Deploy the ExtraHop Discover 3000, 6000, or 8000 Appliances

Forcepoint Sidewinder Control Center, Virtual Appliance. Installation Guide 5.3.x. Revision A

Install ISE on a VMware Virtual Machine

Install ISE on a VMware Virtual Machine

Install ISE on a VMware Virtual Machine

LiveNX All- In- One on ESXi INSTALLATION GUIDE

VMware vfabric Data Director Installation Guide

KEMP360 Central - VMware vsphere. KEMP360 Central using VMware vsphere. Installation Guide

SRA Virtual Appliance Getting Started Guide

Installation of Cisco Business Edition 6000H/M

HiveManager Virtual Appliance QuickStart

Version 2.3 User Guide

Installing the Cisco Nexus 1000V Software Using ISO or OVA Files

KEMP 360 Central for vsphere. Installation Guide

Install and Configure FindIT Network Manager and FindIT Network Probe on a VMware Virtual Machine

Install ISE on a VMware Virtual Machine

Cisco Modeling Labs OVA Installation

QUICK SETUP GUIDE VIRTUAL APPLIANCE - VMWARE, XEN, HYPERV CommandCenter Secure Gateway

Security Gateway Virtual Edition

Deploy the ExtraHop Discover Appliance 1100

Cisco Stealthwatch. Installation and Configuration Guide 7.0

Installing the Cisco IOS XRv 9000 Router in VMware ESXi Environments

Cisco Stealthwatch. Installation and Configuration Guide 7.0

Installing and Configuring vcenter Support Assistant

Deploy the ExtraHop Explore 5100 Appliance

Installing Cisco MSE in a VMware Virtual Machine

VMware vcenter AppSpeed Installation and Upgrade Guide AppSpeed 1.2

Quick Start Guide ViPR Controller & ViPR SolutionPack

Cymmetria MazeRunner INSTALLATION GUIDE

SteelCentral AppResponse 11 Virtual Edition Installation Guide

Installing vrealize Network Insight. VMware vrealize Network Insight 3.3

Managing Virtual Machines

Installation. Power on and initial setup. Before You Begin. Procedure

Cisco Mini ACI Fabric and Virtual APICs

Installing vrealize Network Insight

BIG-IP Virtual Edition and VMware ESXi: Setup. Version 12.1

Quick Start Guide: TrafficWatch

Hands-on Lab Manual. Introduction. Dell Storage Hands-on Lab Instructions. Estimated Completion Time: 30 minutes. Audience. What we will be doing

ARCSERVE UDP CLOUD DIRECT DISASTER RECOVERY APPLIANCE VMWARE

vrealize Network Insight Installation Guide

Platform Compatibility... 1 Known Issues... 1 Resolved Issues... 2 Deploying the SRA Virtual Appliance... 3 Related Technical Documentation...

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

Quick Start Guide ViPR Controller & ViPR SolutionPack

Contents. Limitations. Prerequisites. Configuration

NetScaler Analysis and Reporting. Goliath for NetScaler Installation Guide v4.0 For Deployment on VMware ESX/ESXi

SteelCentral AppResponse 11 Virtual Edition Installation Guide

EventTracker: Virtual Appliance

Cisco ACI with Cisco AVS

EventTracker: Virtual Appliance

Netwrix Auditor. Virtual Appliance and Cloud Deployment Guide. Version: /25/2017

EventTracker: Virtual Appliance

Basic Configuration Installation Guide

FusionHub. Evaluation Guide. SpeedFusion Virtual Appliance. Version Peplink

LiveNX 7.4 QUICK START GUIDE (QSG) LiveAction, Inc WEST BAYSHORE ROAD PALO ALTO, CA LIVEACTION, INC.

SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6. Getting Started Guide

ECDS MDE 100XVB Installation Guide on ISR G2 UCS-E and VMWare vsphere Hypervisor (ESXi)

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Installing the Cisco Virtual Network Management Center

Emulator Virtual Appliance Installation and Configuration Guide

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

AccelStor All-Flash Array VMWare ESXi 6.0 iscsi Multipath Configuration Guide

NSFOCUS WAF (VM) User Guide

Creating an IBM API Management Version 2.0 environment

Using a Virtual Machine for Cisco IPICS on a Cisco UCS C-Series Server

vrealize Network Insight Installation Guide

Transcription:

Deploy the ExtraHop Discover Appliance with VMware Published: 2018-09-26 Published: 2018-09-26 The ExtraHop virtual appliance can help you to monitor the performance of your applications across internal networks, the public internet, or a virtual desktop interface (VDI), including database and storage tiers. ExtraHop can monitor application performance across geographically distributed environments such as branch offices or virtualized environments through intra-vm traffic. Before you begin You must have familiarity with administrating VMware. The images in this guide are from VMware version 5.0.0, and some of the menu selections might have changed. We recommend that you upgrade to the latest patch for the vsphere environment, to avoid any known issues. This guide explains how to deploy the following ExtraHop Discover virtual appliances on the VMware ESXi/ ESX platform: EDA 1000v (Monitors up to 250 devices) EDA 2000v (Monitors up to 1000 devices) EDA 6100v (Monitors up to 3000 devices) Virtual machine requirements You must have an existing installation of the VMware ESX/ESXi server version 5.5 or later, capable of hosting the Discover virtual appliance. In addition, you need a vsphere client to deploy the OVF file and to manage the virtual machine. The following table provides the server hardware requirements for each Discover model. Appliance CPU RAM Disk EDA 1000v 2 processing cores with 4 GB or higher hyper-threading support, VT-x technology, and 64bit architecture. 46 GB or higher disk (thick-provisioned) If you want to enable SSL decryption, 3 CPUs are required. For more information, see Add a CPU Core to the EDA 1000v with VMware. Reveal(x) EDA 1100v 4 processing cores with 8 GB or higher hyper-threading support, VT-x technology, and 64bit architecture. 46 GB or higher disk (thick-provisioned) EDA 2000v 6 processing cores with 6 GB or higher hyper-threading support, VT-x technology, and 64bit architecture. 255 GB or higher disk (thick-provisioned) 2018 ExtraHop Networks, Inc. All rights reserved.

Appliance CPU RAM EDA 6100v 16 processing cores with 64 GB or higher hyper-threading support, VT-x technology, and 64bit architecture. Disk 1 TB or higher disk (thick-provisioned) To ensure proper functionality of the virtual appliance: Always choose thick provisioning. The ExtraHop datastore requires low-level access to the complete drive and is not able to grow dynamically with thin provisioning. Thin provisioning can cause metric loss, VM lockups, and capture issues. Do not change the default disk size on initial installation. The default disk size ensures correct lookback for ExtraHop metrics and proper system functionality. If your configuration requires a different disk size, contact your ExtraHop representative before you make any changes. Do not migrate the VM. Although it is possible to migrate when the datastore is on a remote SAN, ExtraHop does not recommend this configuration. Important: If you want to deploy more than one ExtraHop virtual appliance, create the new instance with the original deployment package or clone an existing instance that has never been started. Network requirements You can monitor intra-vm or external traffic with the Discover virtual appliance. Appliance Intra-VM External EDA 1000v One 1-Gbps Ethernet network port is required (for management). The management port must be accessible on port 443. Two 1-Gbps Ethernet network ports are required. One for the physical port mirror and one for management. The physical port mirror interface must be connected to the port mirror of the switch. While it is possible to configure a 10-Gbps Ethernet network port for the port mirror interface, it is not recommended as the virtual appliance cannot process more than 1 Gbps of traffic. EDA 2000v One 1-Gbps Ethernet network port is required (for management). The management interface must be accessible on port 443. Two to four 1-Gbps Ethernet network ports are required for the physical port mirror and management. The physical port mirror interface must be connected to the port mirror of the switch. The VMware ESX server must support network interface drivers. While it is possible to configure a 10-Gbps Ethernet network port for the port mirror interface, it is not recommended as the virtual 2

Appliance Intra-VM External appliance cannot process more than 3 Gbps of traffic. EDA 6100v One 1-Gbps Ethernet network port is required (for management). The management interface must be accessible on port 443. A 10-Gbps Ethernet network port is recommended for the physical port mirror. Optionally, you can configure two to four 1-Gbps Ethernet network ports for the physical port mirror and management. The physical port mirror interface must be connected to the port mirror of the switch. The VMware ESX server must support network interface drivers. Note: For registration purposes, the virtual Discover appliance requires outbound DNS connectivity on UDP port 53 unless managed by the ExtraHop Command appliance. Deploy the OVA file through the VMware vsphere web client ExtraHop distributes the Discover virtual appliance package in the open virtual appliance (OVA) format. Before you begin If you have not already done so, download the ExtraHop Discover virtual appliance OVA file for VMware from the ExtraHop Customer Portal. 1. 2. 3. 4. 5. Start the VMware vsphere web client and connect to your ESX server. Select the data center where you want to deploy the Discover virtual appliance. Select Deploy OVF Template from the Actions menu. Follow the wizard prompts to deploy the virtual machine. For most deployments, the default settings are sufficient. a) Select Local file and then click Browse. b) Select the OVA file on your local machine and then click Open. c) Click Next. d) Review the virtual appliance details and then click Next. e) Specify a name and location for the appliance and then click Next. f) For Disk Format, select Thick Provision Lazy Zeroed and then click Next. g) Map the OVF-configured network interface labels with the correct ESX-configured interface labels and then click Next. h) Verify the configuration, select the Power on after deployment checkbox, and then click Finish to begin the deployment. When the deployment is complete, you can see the unique name you assigned to the ExtraHop VM instance in the inventory tree for the ESX server to which it was deployed. The Discover appliance contains a preconfigured bridged virtual interface with the network label, VM Network. If your ESX has a different interface label, you must reconfigure the network adapter on the Discover virtual appliance before starting the appliance. a) Select the Summary tab. b) Click Edit Settings, select Network adapter 1, select the correct network label from the Network label drop-down list, and then click OK. 3

6. 7. Select the Discover virtual appliance in the ESX Inventory and then select Open Console from the Actions menu. Click the console window and then press ENTER to display the IP. 8. Note: DHCP is enabled by default on the ExtraHop virtual appliance. To configure a static IP address, see the Configure a Static IP Address section. In VMware ESXi, configure the virtual switch to receive traffic and restart to see the changes. Configure a static IP address through the CLI The ExtraHop appliance is delivered with DHCP enabled. If your network does not support DHCP, no IP address is acquired, and you must configure a static address manually. 1. 2. 3. 4. Establish a console connection to the ExtraHop appliance. At the login prompt, type shell and then press ENTER. At the password prompt, type default, and then press ENTER. To configure the static IP address, run the following commands: a) Enable privileged commands: enable b) c) At the password prompt, type default, and then press ENTER. Enter configuration mode: configure d) Enter the interface configuration mode: interface e) Run the ip command and specify the IP address and DNS settings in the following format: ip ipaddr <ip_address> <netmask> <gateway> <dns_server> For example: ip ipaddr 10.10.2.14 255.255.0.0 10.10.1.253 10.10.1.254 f) Leave the interface configuration section: exit g) Save the running config file: running_config save h) Type y and then press ENTER. Configure the Discover appliance After you configure an IP address for the Discover appliance, open a web browser and navigate to the ExtraHop Web UI through the configured IP address. Accept the license agreement and then log in. The default login name is setup and the password is default. Enter the product key to license the appliance. After the appliance is licensed, and you have verified that traffic is detected, complete the recommended procedures in the post-deployment checklist. 4

Mirror Wire Data This section includes procedures for mirroring data to your ExtraHop virtual appliance. Mirroring internal and external traffic The ExtraHop Discover virtual appliance can be configured to monitor network traffic in the following network configuration examples. Monitoring Intra-VM Traffic One virtual interface on the EDA 1000v Up to three virtual interfaces on the EDA 2000v or EDA 6100v Monitoring external mirrored traffic to the VM Monitoring external mirrored traffic to the VM (EDA 2000v or EDA 6100v) Monitoring both intra-vm and external mirrored traffic to the VM (EDA 2000v or EDA 6100v) Note: Monitoring external network-mirrored traffic requires an external NIC and an associated virtual switch. Monitoring intra-vm traffic This scenario requires a second VM port group on the default virtual switch of the ESX host for monitoring traffic within the virtual switch as well as external traffic in and out of the switch. 1. 2. 3. 4. Start the VMware vsphere client and connect to your ESX server. Select the ESX host at the top of the tree control in the left panel and then click the Configuration tab. In the Configuration tab, click Networking under the Hardware section. This view shows how the virtual switch is configured. It displays the physical NIC to which the vswitch is tied (vmnic0 is eth0) and which networking components are using that vswitch (VM Network Port Group, Service Console). The VM Network port group contains the VM network. To add a port group to the vswitch0, click Add Networking. The Add Network Wizard window appears. Select Virtual Machine as the connection type and then click Next. 5

5. In the Network Access step, select Use vswitch0 and then click Next. 6. In the Connection Settings step, assign a unique name to the new port group, click the VLAN ID dropdown menu, and select All (VLAN 4095). 6

7. Click Next. The virtual switch appears as follows: 8. 9. Click Finish to exit the Add Network Wizard. Set the Remote Port Mirror to Promiscuous Mode as follows. a) Click the Properties link next to vswitch0. In the vswitch0 Properties window, select the newly created Port Group (Local Port Mirror in the example below) and click the Edit button. 7

b) Click the Security tab, set the Promiscuous Mode to Accept, and then click OK. c) Click Close to exit the vswitch0 Properties window. 10. Click the Getting Started tab and then click Edit Virtual Machine Settings. 11. Click Network Adapter 2, click the Network label drop-down menu, select Local Port Mirror, and then click OK. 8

12. Restart the ExtraHop Discover virtual appliance to activate the new adapter setting. Monitoring external mirrored traffic to the VM This scenario requires a second physical network interface and the creation of a second vswitch associated with that NIC. This NIC then connects to a mirror, tap, or aggregator that copies traffic from a switch. This setup is useful for monitoring the intranet of an office. 1. 2. Start the VMware vsphere client and connect to your ESX server. Select the ESX host at the top of the tree control in the left panel and then click the Configuration tab. In the Configuration tab, click Networking under the Hardware section. 9

3. 4. This view shows how the virtual switch is configured. It displays the physical NIC to which the vswitch is tied (vmnic0 is eth0) and which networking components are using that vswitch (VM Network Port Group, Service Console). The VM Network port group contains the VM network. To add a second vswitch, click Add Networking. The Add Network Wizard window appears. Select Virtual Machine as the connection type and then click Next. In the Network Access step, select Create a vsphere standard switch, ensure vmnic1 is selected, and then click Next. 10

5. In the Connection Settings step, assign a unique name to the new port group (Remote Port Mirror in the example below), click the VLAN ID drop-down menu, and select All (VLAN 4095). 6. 7. Click Next and then click Finish to exit the Add Network Wizard. The Networking section of the configuration table for the ESX host appears as follows. 11

8. Set the Remote Port Mirror to Promiscuous Mode as follows. a) Click the Properties link next to vswitch1. In the vswitch1 Properties window, select vswitch and click the Edit button. 12

b) Click the Security tab, set the Promiscuous Mode to Accept, and then click OK. c) Click Close to exit the vswitch1 Properties window. 9. Select the ExtraHop Virtual Appliance at the top of the tree control in the left panel, click the Getting Started tab, and then click Edit Virtual Machine Settings. 10. Click Network Adapter 2, click the Network label drop-down menu, select Remote Port Mirror, and then click OK. 13

11. Restart the ExtraHop VM to activate the new adapter setting. Monitoring external mirrored traffic to the VM (EDA 2000v or EDA 6100v) In this scenario, you must create a third and fourth physical network interface and two more vswitches associated with those NICs. These NICs then connect to a mirror, tap, or aggregator that copies traffic from a switch. 1. 2. Start the VMware vsphere client and connect to your ESX server. Select the ESX host at the top of the navigation tree in the left panel and then click the Configuration tab. In the Configuration tab, click Networking under the Hardware section. 14

3. To add a third vswitch, click Add Networking. The Add Network Wizard window appears. Select Virtual Machine as the connection type and then click Next. 4. In the Network Access step, select Create a vsphere standard switch, ensure vmnic2 is selected, and then click Next. In the Connection Settings step, assign a unique name to the new port group (Remote Port Mirror 2, for example), click the VLAN ID drop-down menu, and select All (VLAN 4095). Click Next and then click Finish to exit the Add Network Wizard. The Networking section of the configuration table for the ESX host appears as follows. 5. 6. 7. 15

8. Set the Remote Port Mirror to Promiscuous Mode as follows. a) Click the Properties link next to vswitch2. In the vswitch2 Properties window, select vswitch and click the Edit button. b) Click the Security tab, set the Promiscuous Mode to Accept, and then click OK. c) Click Close to exit the vswitch2 Properties window. 9. Select the ExtraHop Virtual Appliance at the top of the naviagation tree in the left panel, click the Getting Started tab, and then click Edit Virtual Machine Settings. 10. Click Network Adapter 3, click the Network label drop-down menu, select Remote Port Mirror 2, and then click OK. 16

11. Repeat steps 2 through 10 to add a fourth vswitch. 12. Restart the ExtraHop VM to activate the new adapter setting. Monitoring both intra-vm and external mirrored traffic to the VM (EDA 2000v or EDA 6100v) In this scenario, you can monitor a mix of intra-vm and external mirrored traffic on up to three virtual interfaces. 1. 2. 3. To monitor intra-vm traffic on one or more virtual interfaces, create a VM port group on the default virtual switch of the ESX host for each interface as described in Monitoring Intra-VM Traffic. To monitor external mirrored traffic on one or more virtual interfaces, create a physical network interface and corresponding vswitch for each interface as described in Monitoring External Mirrored Traffic to the VM. Click Network Adapter x and select an option from the Network label drop-down list for each interface. 17

Mirroring VLANs To mirror VLANs, you must either set the destination port on the port mirror configuration to VLAN Trunking or set the exact VLAN ID on the ports of the VLANS you are mirroring. Related documentation For information about configuring RSPAN, ERSPAN, and RPCAP to monitor remote devices, see the following topics. Configure RSPAN with VMware Configure ERSPAN with VMware Configure ERSPAN with the Nexus 1000V Packet Forwarding with RPCAP 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback