Deploy the ExtraHop Explore Appliance in AWS

Introduction

This guide explains how to launch the ExtraHop Explore appliance AMI in your Amazon Web Services (AWS) environment. You must have administrative access to launch a third-party AMI and an Explore product key to complete these procedures.

Create the Explore Instance in AWS

To create the Explore instance in AWS, complete the following steps:

  1. Sign in to AWS with your user name and password.
  2. Click EC2.
  3. In the left navigation panel, under Images, click AMIs.
  4. Above the table of AMIs, change the Filter from Owned by Me to Public Images.
  5. In the filter box, type ExtraHop and then press ENTER.
  6. Select the checkbox next to the ExtraHop Explore Appliance AMI and click Launch.
  7. On the Choose an Instance Type page, select m4.2xlarge, and then click Next: Configure Instance Details.
  8. In the Number of instances text box, type the number nodes in your Explore cluster.
  9. Click the Network drop-down list and select the default setting or one of your organization’s VPCs.
  10. From the Shutdown behavior drop-down list, select Stop.
  11. Click the Protect against accidental termination checkbox.
  12. (Optional) Click the IAM role drop-down list and select an IAM role.
  13. (Optional) If you launched into a VPC and want to add more than one interface, scroll down to the Network Interfaces section and click Add Device to add additional interfaces to the instance.
    Note: If you add more than one interface, make sure that each interface is on a different subnet.
  14. Click Next: Add Storage.
  15. In the Size (GiB) field, type the size of the storage volume.
    Note: Consult with your ExtraHop sales representative to determine the size of the storage volume that is best for your needs.
  16. Click Next: Tag Instance.
  17. In the Value field, type a name for the instance.
  18. Click Next: Configure Security Group.
  19. On the Configure Security Group page, follow the procedure below to create a new security group or add ports to an existing group. If you already have a security group with the required ports for ExtraHop, you can skip this step.
    1. Select either Create a new security group or Select an existing security group. If you choose to edit an existing group, select the group you want to edit. If you choose to create a new group, type a name for the Security group and type a Description.
    2. Click the Type drop-down list, and select a protocol. Type the port number in the Port Range field.
    3. For each additional port needed, click the Add Rule button. Then click the Type drop-down list, select a protocol, and type the port number in the Port Range field.

    The following ports must be open for the Explore AWS instance:

    • TCP ports 80 and 443: Enables you to administer the Explore appliance through the Web UI. Requests sent to port 80 are automatically redirected to HTTPS port 443.
    • TCP port 9443: Enables Explore nodes to communicate with other Explore nodes in the same cluster.
  20. Click Review and Launch.

  21. Select Make General Purpose (SSD)...(recommended) and click Next.
    If you select Make General Purpose (SSD)...(recommended), you will not see this step on subsequent instance launches.
  22. Scroll down to review the AMI details, instance type, and security group information, and then click Launch.
  23. In the pop-up window, click the first drop-down list and select Proceed without a key pair.
  24. Click the I acknowledge… checkbox and then click Launch Instance.
  25. Click View Instances to return to the AWS Management Console.

    From the AWS Management Console, you can view your instance on the Initializing screen.

    Under the table, on the Description tab, you can find an IP or hostname for the Explore appliance that is accessible from your environment.

Configure the Explore Appliance

After you obtain the IP address for the Explore appliance, you can log into the Explore Admin UI through the following URL: https://<explore_ip_address>/admin.

After you first log into the Explore appliance, complete the following recommended procedures:

Register the Explore Appliance

Complete the following steps to apply the product key supplied by ExtraHop Customer Support. If you do not have a product key, contact support@extrahop.com.

  1. From your browser, type the IP address of the Explore appliance (https://<explore_ip_address>). If your browser prompts you about security certificates, ignore the warning and proceed.
  2. Review the license agreement, select I Agree, and then click Submit.
  3. On the login screen, type setup for the username and type the Instance ID for the password. You can find the instance ID on the Description tab of the Explore instance selected on the Initializing screen. Type the string of characters that follow i- (but not i- itself).
  4. Click Log In.
  5. In the System Settings section, click License.
  6. Click Manage License.
  7. Click Register.
  8. Type the product key and then click Register.

Configure the System Time

By default, the Explore appliance synchronizes the system time through the pool.ntp.org network time protocol (NTP) server. If your network environment prevents the Explore appliance from communicating with this time server, you must configure an alternate time server source.

Note: Time synchronization is critical to ensuring proper cluster operations and maintaining consistent views of data across both Discover and Explore appliances. We strongly recommend that you either keep the default system time setting or configure settings for a different NTP server.
  1. In the System Settings section, click System Time.
  2. Click Configure Time.
  3. Click the Time Zone drop-down list and select a time zone. Click Save and Continue.
  4. Select the Use NTP server to set time radio button and then click Select.
  5. Type the IP addresses for the time server, and then click Save.
  6. Click Done.
  7. Click Sync Now to sync system time on the Explore appliance with the remote time server.

Configure Email Notifications

We recommend that you configure email notification settings so that the system can alert you if the following conditions occur:

  • The physical disk is in a degraded state.
  • The physical disk has an increasing error count.
  • A registered Explore appliance node is missing from the cluster. The node might have failed, or is powered off.

Configure the Email Server and Sender settings:

  1. In the Network Settings section, click Notifications.
  2. Click Email Server and Sender.
  3. On the Email Settings page, enter the following information:
    • SMTP Server: The IP address for the outgoing SMTP mail server.
    • Note: The SMTP server should be the FQDN or IP address of an outgoing mail server that is accessible from the Explore management network. If the DNS server is set, then the SMTP server can be a FQDN, otherwise it needs to be an IP address
    • Sender Address: The email address for the notification sender.
  4. Click Save.

Add a recipient email address for notifications:

  1. Go to the Network Settings section and click Notifications.
  2. Under Notifications, click Email Addresses.
  3. In the Email address text box, type the recipient email address.
  4. Click Save.

Pair the Explore Appliance to Discover and Command Appliances

After you deploy the Explore cluster, you must establish a connection from all ExtraHop Discover and Command appliances to the Explore cluster before you can query records.

To pair a Discover or Command appliance to an Explore cluster:

  1. Log in to the Discover or Command appliance Admin UI.
  2. In the ExtraHop Explore Settings section, click Configure Explore Cluster.
  3. Click Add New.
  4. In the Host #1 Host field, type the hostname or IP address of any Explore appliance in the Explore cluster.
  5. For each additional Explore appliance in the cluster, click Add New and enter the individual hostname or IP address in the corresponding Host field.
  6. Click Save.
  7. Note the information listed for Fingerprint. Verify that the fingerprint listed on this page matches the fingerprint of the Explore appliance (Host #1) listed on the Fingerprint page in the Explore Admin UI.
  8. In the Explore Setup Password field, type the password of the Explore appliance.
  9. Click Join, and then click Done.

Send record data to the Explore Appliance

After your Explore appliance is paired with all of your Discover and Command appliances, you must configure the type of records you want to store. See the following documentation for more information about Explore configuration settings, how to generate and store records, and how to create record queries.

Published 2017-08-14 22:08