Deploy the ExtraHop Discover Appliance on a Linux KVM



Similar documents
Deploy the ExtraHop Discover Appliance with Hyper-V

Altor Virtual Network Security Analyzer v1.0 Installation Guide

Set Up the VM-Series Firewall on KVM

Required Virtual Interface Maps to... mgmt0. bridge network interface = mgmt0 wan0. bridge network interface = wan0 mgmt1

NETFORT LANGUARDIAN INSTALLING LANGUARDIAN ON MICROSOFT HYPER V

Monitoring VMware ESX Virtual Switches

Panda GateDefender Virtual eseries QUICK GUIDE

Getting Started Guide

Linux KVM Virtual Traffic Monitoring

Getting Started Guide

VX 9000E WiNG Express Manager INSTALLATION GUIDE

Virtual Appliance Setup Guide

ESX System Analyzer Version 1.0 Installation Guide

Quick Deployment Step-by-step instructions to deploy Oracle Big Data Lite Virtual Machine

Create bridges, add ports, show bridge and port statistics, status, as well as the OVS database

Set Up a VM-Series Firewall on an ESXi Server

Reboot the ExtraHop System and Test Hardware with the Rescue USB Flash Drive

Introduction to KVM. By Sheng-wei Lee #

WatchGuard Training. Introduction to WatchGuard Dimension

Security Analytics Virtual Appliance

Silver Peak Virtual Appliances

How to monitor network traffic inside an ESXi host

Install Guide for JunosV Wireless LAN Controller

Exinda How to Guide: Virtual Appliance. Exinda ExOS Version Exinda, Inc

Aerohive Networks Inc. Free Bonjour Gateway FAQ

Set Up a VM-Series Firewall on an ESXi Server

Open vswitch Configuration Guide

KVM Virtualization in RHEL 7 Made Easy

Required Virtual Interface Maps to... mgmt0. virtual network = mgmt0 wan0. virtual network = wan0 mgmt1. network adapter not connected lan0

Building a Penetration Testing Virtual Computer Laboratory

WEBTITAN CLOUD. User Identification Guide BLOCK WEB THREATS BOOST PRODUCTIVITY REDUCE LIABILITIES

Analyze Traffic with Monitoring Interfaces and Packet Forwarding

F-SECURE MESSAGING SECURITY GATEWAY

If you re not using Citrix XenCenter 6.0, your screens may vary. Required Virtual Interface Maps to... mgmt0. virtual network = mgmt0 wan0

Network Virtualization Tools in Linux PRESENTED BY: QUAMAR NIYAZ & AHMAD JAVAID

Thirtyseven4 Endpoint Security (EPS) Upgrading Instructions

RSA Security Analytics Virtual Appliance Setup Guide

Barracuda Message Archiver Vx Deployment. Whitepaper

Software SIParator / Firewall

ClearPass Policy Manager 6.3

Acronis Backup & Recovery 10 Advanced Server Virtual Edition. Quick Start Guide

Quick Start Guide. Citrix XenServer Hypervisor. Server Mode (Single-Interface Deployment) Before You Begin SUMMARY OF TASKS

Cloud.com CloudStack Community Edition 2.1 Beta Installation Guide

Virtualization Features

BLACK BOX. Quick Start Guide. Virtual Central Management System (VCMS) Works with LES Series Console Servers. LES-VCMS. Customer Support Information

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

Virtual Managment Appliance Setup Guide

Lab Objectives & Turn In

SI455 Advanced Computer Networking. Lab2: Adding DNS and Servers (v1.0) Due 6 Feb by start of class

Kaltura On-Prem Evaluation Package - Getting Started

VMTurbo Operations Manager 4.5 Installing and Updating Operations Manager

It should be noted that the installer will delete any existing partitions on your disk in order to install the software required to use BLËSK.

SSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks

Configure the idrac Remote Access Console

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

McAfee Asset Manager Sensor

How To Install Openstack On Ubuntu (Amd64)

ULTEO OPEN VIRTUAL DESKTOP UBUNTU (PRECISE PANGOLIN) SUPPORT

Virtual Web Appliance Setup Guide

Common Services Platform Collector 2.5 Quick Start Guide

Introduction. Installation of SE S AM E BARCODE virtual machine distribution. (Windows / Mac / Linux)

Project 4: SDNs Due: 11:59 PM, Dec 11, 2014

VELOCITY. Quick Start Guide. Citrix XenServer Hypervisor. Server Mode (Single-Interface Deployment) Before You Begin SUMMARY OF TASKS

Quick Start - Virtual Server idataagent (VMware)

CDH installation & Application Test Report

CounterACT 7.0 Single CounterACT Appliance

Intelligent Power Protector User manual extension for Microsoft Virtual architectures: Hyper-V 6.0 Manager Hyper-V Server (R1&R2)

LifeSize Transit Virtual Appliance Installation Guide June 2011

Dell UPS Local Node Manager USER'S GUIDE EXTENSION FOR MICROSOFT VIRTUAL ARCHITECTURES Dellups.com

Network Probe User Guide

The data between TC Monitor and remote devices is exchanged using HTTP protocol. Monitored devices operate either as server or client mode.

Virtual Systems with qemu

VM-Series Firewall Deployment Tech Note PAN-OS 5.0

KVM Virtualization in RHEL 6 Made Easy

VMware vcenter Log Insight Getting Started Guide

CYAN SECURE WEB APPLIANCE. User interface manual

Create a virtual machine at your assigned virtual server. Use the following specs

Hyper-V Installation Guide for Snare Server

Set Up Panorama. Palo Alto Networks. Panorama Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Acronis Backup & Recovery 11

This presentation covers virtual application shared services supplied with IBM Workload Deployer version 3.1.

Acano solution. Virtualized Deployment R1.1 Installation Guide. Acano. February B

Barracuda Message Archiver Vx Deployment. Whitepaper

Windows Server 2012 R2 Hyper-V: Designing for the Real World

OPAS Prerequisites. Prepared By: This document contains the prerequisites and requirements for setting up OPAS.

Virtual Appliance for VMware Server. Getting Started Guide. Revision Warning and Disclaimer

ISERink Installation Guide

Rally Installation Guide

6.0. Getting Started Guide

F-Secure Messaging Security Gateway. Deployment Guide

SUSE Manager in the Public Cloud. SUSE Manager Server in the Public Cloud

Linux Virtualization Nesting and Management

Quick Deployment: Step-by-step instructions to deploy the SampleApp Virtual Machine v406

AlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard

Acronis Backup & Recovery 11.5 Quick Start Guide

FortiMail VM (Microsoft Hyper-V) Install Guide

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)

Upgrading Cisco UCS Central

HOWTO configure Xinu under Virtual Box

Transcription:

Deploy the ExtraHop Discover Appliance on a Linux KVM This document provides information on how to install an ExtraHop Discover EH1000v or EH2000v virtual appliance on a Linux kernel-based virtual machine (KVM) using the package files available from ExtraHop Networks. Notes: If you need either the installation package files or a license key for the virtual appliance, contact support@extrahop.com. This document assumes that you are familiar with basic KVM administration. Package Contents The installation package for KVM systems is a tar.gz file that contains the following items: Item File name for the EH1000v File name for the EH2000v The domain XML configuration file EH1000v_KVM.xml EH2000v_KVM.xml The boot disk extrahop-boot.qcow2 extrahop-boot.qcow2 The datastore disk extrahop-data.qcow2 extrahop-data.qcow2 Requirements Before you can install the ExtraHop virtual appliance, make sure that your environment meets the following requirements: for the EH1000v A KVM hypervisor environment capable of hosting a VM that includes: 4 GB RAM 2 vcpu 1 4 GB boot disk (virtio-scsi interface recommended) 1 40 GB datastore disk (virtio-scsi interface recommended) (Optional) Open vswitch virtual switch software An ExtraHop virtual appliance license key for the EH2000v A KVM hypervisor environment capable of hosting a VM that includes: 6 GB RAM 6 vcpu 1 4 GB boot disk (virtio-scsi interface recommended) 1 250 GB datastore disk (virtio-scsi interface recommended) (Optional) Open vswitch virtual switch software An ExtraHop virtual appliance license key Deployment Process Follow these steps to deploy the ExtraHop virtual appliance: 1. Determine the best virtual bridge configuration for your network. 2. Create a virtual capture bridge that contains the traffic you want to monitor. 3. Edit the domain XML configuration file and create your virtual appliance. 4. Configure a mirror session on the virtual Page 1 of 6

Determine the Best Bridge Configuration Gather information about your network to determine the best virtual bridge configuration. 1. Identify the source of your wire data and the type of data you want to capture. For SPAN, RSPAN, or port mirroring, use Open vswitch to create the virtual capture For ERSPAN or rpcapd, use either Open vswitch or the built-in Linux bridge to create the virtual capture 2. Determine if you want to capture traffic from an external network source. If yes, configure a physical interface on the virtual capture 3. Identify the bridge you want to access the management interface through. We recommend that you configure separate bridges for the capture bridge and the management The management bridge must be accessible to the ExtraHop virtual appliance and to all users who must access the management interface. If you need to access the management interface from an external computer, configure a physical interface on the virtual capture Create the Virtual Capture Bridge Before you enable packet capture by an ExtraHop virtual appliance, you must create a virtual bridge that is set to promiscuous mode. If you want to capture traffic from an external network, you must add a physical interface to the bridge, and that interface must be also be set to promiscuous mode. The following procedure describes how to create a virtual bridge with Open vswitch. For information on how to create a virtual bridge with the built-in Linux bridge, refer to the documentation for your KVM system. 1. Log into the KVM system. 2. Create a virtual bridge by running the following command: sudo ovs-vsctl add-br <bridge_name> Replace <bridge_name> with the name of your virtual 3. Put the virtual bridge in promiscuous mode by running the following command: sudo ifconfig <bridge_name> promisc Replace <bridge_name> with the name of your virtual 4. (Optional) If you want to access traffic on an external network, add a physical interface to the bridge by running the following command. sudo ovs-vsctl add-port <bridge_name> <port_name> Replace <port_name> with the name of the port you want to add to the 5. If you added a physical interface to the bridge, put that interface in promiscuous mode by running the Page 2 of 6

following command: sudo ifconfig <port_name> promisc Note: If you want the interface changes to persist after a reboot, add the ifconfig commands to your /etc/network/interfaces file. Edit the Domain XML Configuration File After you create your virtual bridge, edit the configuration file, and create the ExtraHop virtual appliance. 1. Extract the tar.gz file that contains the installation package. 2. Copy the two disks extrahop-boot.qcow2 and extrahop-data.qcow2 to your KVM system. Make a note of the location where you store these files. 3. Open the domain XML configuration file. Find and edit the following values: Change the VM name (ExtraHop-EH1000v or ExtraHop-EH2000v) to the name you want to use for your ExtraHop virtual appliance. <name>extrahop-eh1000v</name> Change the source file path ([PATH_TO_STORAGE]) to the location where you stored the virtual disk files in step 1. <source file='[path_to_storage]/extrahop-data.qcow2'/> <source file='[path_to_storage]/extrahop-data.qcow2'/> Change the source bridge for your capture network (mirrorbr0) to match the name of your capture <interface type='bridge'> <source bridge='mirrorbr0'/> <virtualport type='openvswitch'> </virtualport> <model type='virtio'/> <alias name='net1'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/> </interface> Note: If you are configuring the built-in Linux bridge, remove the virtualport type setting. Page 3 of 6

Change the source bridge for the management network (ovsbr0) to match the name of your management <interface type='bridge'> <source bridge='ovsbr0'/> <virtualport type='openvswitch'> </virtualport> <model type='virtio'/> <alias name='net0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> Note: If you are configuring the built-in Linux bridge, remove the virtualport type setting. For the EH2000v only: You can configure two additional bridges on the EH2000v. To configure another management bridge, use the configuration pattern for the ovsbr0 source To configure another capture bridge, use the configuration pattern for the mirrorbr0 source 4. Save the XML file. 5. Log in to the KVM console. 6. Create the new ExtraHop virtual appliance with your revised domain XML configuration file by running the following command: virsh define <domain_xml_file> Replace <domain_xml_file> with the name of your domain XML configuration file (eh1000v_kvm.xml or eh2000v_kvm.xml) 7. Run the following command to start the VM: virsh start <vm_name> Replace, <vm_name> with the name of your VM. Configure a Mirror Session on the Capture Bridge This procedure explains how to configure a mirror session on an Open vswitch virtual 1. Log in to the KVM console. 2. Export the configuration file for your new ExtraHop virtual appliance by running the following command: sudo virsh dumpxml <vm_name> 3. In the XML output, find the name of your capture Locate the line that designates the target dev for this bridge (<target dev = 'virtual port name'>). Make a note of the virtual port name assigned to the target dev. Page 4 of 6

4. Add the virtual port to the bridge by running the following command: sudo ovs-vsctl add-port <bridge_name> <virtual_port_name> Replace <bridge_name> with the name of your capture bridge and <virtual_port_name> with the name of virtual port from the target dev setting that you noted in step 2. 5. Place this virtual port in promiscuous mode by running the following command: sudo ifconfig <virtual_port_name> promisc 6. (Optional) To monitor traffic from an external network, use the following procedure to configure a mirror on the For more information, see Port Mirroring with Linux Bridges. a. Create the port mirror on the capture bridge by running the following command: sudo ovs-vsctl -- --id=@m create mirror name=<your_mirror_name> -- add bridge <bridge_name> mirrors @m Replace <your_mirror_name> with the name you want to use for the mirror and <bridge_name> with the name of your capture b. Add a physical interface to the mirror by running the following command: sudo ovs-vsctl -- --id=@<mirror_port_name> get port <mirror_port_name> -- set mirror extrahop_mirror select_src_port=@<mirror_port_name> select_dst_ port=@<mirror_port_name> Replace <mirror_port_name> with the name of the port you want to mirror. Note: This example adds the port as both a source port (to capture outgoing traffic) and as a destination port (to capture incoming traffic). If you want to capture traffic in only one direction on the port, add the port as a source port (select_src_port) or a destination port (select_dst_port) only. c. Add the virtual port name (from step 2) as the output port for the mirror by running the following command: sudo ovs-vsctl -- --id=@<virtual_port_name> get port <virtual_port_name> -- set mirror <your_mirror_name> output-port=@<virtual_port_name> Next Steps After you have created your new ExtraHop virtual appliance, you can log in to the management interface through a web browser to apply your license key, see network traffic, and customize your ExtraHop virtual appliance. Page 5 of 6

1. Log in to the KVM console. 2. Get the IP address for your new ExtraHop virtual appliance by running the following command: sudo virsh console <vm_name> Replace <vm_name> with the name of your ExtraHop virtual appliance. 3. Open your web browser, and enter the IP address of your ExtraHop virtual appliance. 4. Log in with the default user name (setup) and password (default). 5. Apply your license key. See the Admin UI Users Guide for instructions. 6. For more information about ExtraHop features, see the Web UI Users Guide. Page 6 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information