Install the ExtraHop ECM on a Linux KVM

This document provides information on how to install the ExtraHop Central Manager (ECM) virtual appliance on a Linux kernel-based virtual machine (KVM) using the package files available from ExtraHop Networks.

Notes:
  • If you need either the installation package files or a license key for the virtual appliance, contact support@extrahop.com.
  • This document assumes that you are familiar with basic KVM administration.

Package Contents

The installation package for KVM systems is a tar.gz file that contains the following items:

Item File name
The domain XML configuration file ECM_KVM.xml
The boot disk extrahop-boot.qcow2
The datastore disk extrahop-data.qcow2

Requirements

Before you can install the ExtraHop virtual appliance, make sure that your environment meets the following requirements:

  • A KVM hypervisor environment capable of hosting a VM that has:
    • 4 GB RAM
    • 2 vCPU
    • 1 4 GB boot disk (virtio-scsi interface recommended)
    • 1 40 GB datastore disk (virtio-scsi interface recommended)
  • An ExtraHop virtual appliance license key

Deployment Process

Follow these steps to deploy the ExtraHop virtual appliance:

  1. Determine the best virtual bridge configuration for your network.
  2. Edit the domain XML configuration file and create your virtual appliance.

Determine the Best Bridge Configuration

Identify the bridge through which you will access the management interface of your ECM.

  • Make sure the management bridge is accessible to the ExtraHop virtual appliance and to all users who must access the management interface.
  • If you need to access the management interface from an external computer, configure a physical interface on the virtual management bridge.
  • (Recommended) Configure separate bridges for the ECM management bridge and any bridge you use to capture network traffic on other ExtraHop appliances.

Edit the Domain XML Configuration File

After you identify the management bridge, edit the configuration file, and create the ExtraHop virtual appliance.

  1. Extract the tar.gz file that contains the installation package.
  2. Copy the two disks extrahop-boot.qcow2 and extrahop-data.qcow2 to your KVM system. Make a note of the location where you store these files.
  3. Open the domain XML configuration file. Find and edit the following values:
    • Change the VM name (ExtraHop-ECM) to the name you want to use for your ExtraHop virtual appliance.
      <name>ExtraHop-ECM</name>
    • Change the source file path ([PATH_TO_STORAGE]) to the location where you stored the virtual disk files in step 1.
      <source file='[PATH_TO_STORAGE]/extrahop-boot.qcow2'/> <source file='[PATH_TO_STORAGE]/extrahop-data.qcow2'/>
    • Change the source bridge for the management network (ovsbr0) to match the name of your management bridge.
      <interface type='bridge'> <source bridge='ovsbr0'/> <model type='virtio'/> <alias name='net0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface>

      If you are using Open vSwitch virtual switch software for your virtual bridge, add the following virtualport type setting to the interface (after the source bridge setting):

      <virtualport type='openvswitch'> </virtualport>
  4. Save the XML file.
  5. Log in to the KVM console, and create the new ExtraHop virtual appliance with your revised domain XML configuration file by running the following command:
    virsh create <domain XML file>

    Replace <domain XML file> with the name of your domain XML configuration file (ECM_KVM.xml).

Next Steps

After you have created your new ExtraHop virtual appliance, you can log in to the management interface through a web browser to apply your license key, see network traffic, and customize your ExtraHop virtual appliance.

  1. Log in to the KVM console and get the IP address for your new ExtraHop virtual appliance by running the following command:
    sudo virsh console [ExtraHop-ECM]

    Replace ExtraHop-ECM with the name of your ExtraHop virtual appliance.

  2. Open your web browser, and enter the IP address of your ExtraHop virtual appliance.
  3. Log in with the default user name (setup) and password (default).
  4. Apply your license key. See the Admin UI Users Guide for instructions.
  5. For more information about ExtraHop features, see the Web UI Users Guide.
Published 2017-08-14 22:08