Deploy the ExtraHop Explore Appliance

This guide explains how to install and configure the rack-mounted ExtraHop Explore appliance.

System Requirements

Your environment must meet the following requirements to deploy an Explore appliance:

  • Appliance: 2U of rack space and 2x750W of power
  • Network Access:
    • One 10/100/1000 BASE-T network port. Optionally, one 10GbE port.
    • The following TCP ports must be open:
      • TCP ports 80 and 443: Enables you to administer the Explore appliance through the Web UI. Requests sent to port 80 are automatically redirected to HTTPS port 443.
      • TCP port 9443: Enables Explore nodes to communicate with other Explore nodes in the same cluster.

Install the Explore Appliance

To install the Explore appliance, complete the following steps.

  1. Rack Mount the Explore Appliance: Install the Explore appliance in your data center with the included rack-mounting kit, which supports most four-post racks with either round or square holes.

  2. Connect Port 1: The Explore appliance contains a set of four 10/100/1000 BASE-T network ports. Only the first port on the left is active. Connect the 1GbE port on the Explore appliance to the management network with a network patch cable.

  3. Connect 10GbE port (Optional): Connect one of the 10GbE ports on the appliance with a 10GbE cable to your network to manage the Explore appliance. Note which port you are connecting to so you can configure this port later through the Admin UI.

    Note: You can configure only one port as an Explore management port.

    EXA back panel

Configure an IP Address

You can configure the ExtraHop system with a dynamic IP address through DHCP or configure an IP address manually. The front panel of the appliance displays the assigned IP address.

Dynamically Acquired IP Address: DHCP is enabled by default on the appliance. When you power on the system, interface 1 attempts to acquire an IP address through DHCP.

Static IP Address (CLI):If your network does not support DHCP, you can configure a static IP address.

Configure a Static IP Address through the CLI

You can access the CLI by connecting a USB keyboard and SVGA monitor to the appliance or through an RS-232 serial cable and a terminal-emulator program. The terminal emulator must be set to 115200 bps with 8 data bits, no parity, 1 stop bit (8N1), and hardware flow control should be disabled.

  1. Log in to the console with the shell user account. At the password prompt, type the service tag number found on the pullout tab on the front of the appliance, and then press ENTER.
  2. Run the following command to enable privileged commands:
  3. At the password prompt, type the service tag number, and then press ENTER.
  4. Run the following command to enter configuration mode:
  5. Run the following command to enter the interface configuration mode:
  6. Run the ip command and specify the IP address and DNS settings in the following format: ip ipaddr <ip_address> <netmask> <gateway> <dns_server>

    For example:

    extrahop[ESA](config-if)# ip ipaddr
  7. Run the following command to leave the interface configuration section:
  8. Run the following command to save the running config file:
    running_config save
  9. Type Y and then press ENTER.

Configure a Static IP Address through the Front Panel

Complete the following steps to configure the IP address from the front panel. If an IP address has not been configured, the front panel displays No IP. If the system is plugged in and powered off, the LCD screen displays ExtraHop.

  1. Press the Select (checkmark) button. Navigate with the left and right arrow buttons, and select Net.
  2. Select Host. The screen displays the host name. Scroll up the screen and select the up arrow.
  3. Select DHCP to see how the IP address is configured. Navigate with the left and right arrow buttons to select an option, and press the Select button.
  4. From the Net screen, select IP and change the digits with the left and right arrow buttons. On the selected digit, click the Select button. The digit blinks when selected. While the digit is blinking, change the digits with the left and right arrow buttons.
  5. After you have entered the number, click Select to navigate up the screen and select the up arrow. On the Save screen, select Yes.
  6. Wait to be redirected to the Net screen. Repeat steps 2-6 to set IP addresses for the netmask, gateway, and up to two DNS servers.
  7. (Optional) Scroll back to the Home menu and select iDRAC. Configure IP addresses for the iDRAC DHCP, IP, netmask, gateway, and DNS.
  8. From the Net screen, select Errors to view system events such as CPU errors, undetected hard drives, or missing power supplies. When an error occurs, the LCD turns amber and displays the error.
  9. If there are multiple errors, scroll between the error messages with the left and right arrow buttons. Press the Select button to exit the error screen. The Clear option removes the list of messages from the error screen.

Configure the Explore Appliance

After you configure an IP address for the Explore appliance, you can log into the Explore Admin UI through the following URL: https://<explore_ip_address>.

Note: The default log in name is setup and the password is the service tag number on the pullout tab on the front of the appliance. You can modify user names and passwords in the Explore Admin UI.

After you first log into the Explore appliance, complete the following recommended procedures:

Register the Explore Appliance

Complete the following steps to apply the product key supplied by ExtraHop Customer Support. If you do not have a product key, contact

  1. From your browser, enter the IP address of the Explore appliance (https://<explore_ip_address>). If your browser prompts you about security certificates, ignore the warning and proceed.
  2. Review the license agreement, select I Agree, and then click Submit.
  3. On the log in screen, type setup for the user name and the service tag number for the password, and then click Log In.
  4. In the System Settings section, click License.
  5. Click Manage License.
  6. Click Register.
  7. Enter the product key and then click Register.

(Optional) Configure the 10GbE management port

  1. In the Network Settings section, click Connectivity.
  2. In the Interfaces section, click Interface 5 or Interface 6. Make sure you select the same interface as the physical port you connected the 10GbE cable to. Interface 5 is the 10GbE port to the left on the rear of the appliance.
  3. From the Interface Mode drop-down list, select Management Port.
  4. Configure the rest of the network settings.
  5. Click Save.
  6. In the Interfaces section, click Interface 1.
  7. From the Interface Mode drop-down list, select Disabled.
  8. Click Save.
  9. Click the View and Save Changes button at the top of the page to save the running config file.
  10. Click Save. Your connection to the Web UI through interface 1 is terminated.
  11. Log in to the Web UI again to connect through the newly configured 10GbE interface.

Configure the System Time

By default, the Explore appliance synchronizes the system time through the network time protocol (NTP) server. If your network environment prevents the Explore appliance from communicating with this time server, you must configure an alternate time server source.

Note: Time synchronization is critical to ensuring proper cluster operations and maintaining consistent views of data across both Discover and Explore appliances. We strongly recommend that you either keep the default system time setting or configure settings for a different NTP server.
  1. In the System Settings section, click System Time.
  2. Click Configure Time.
  3. Click the Time Zone drop-down list and select a time zone. Click Save and Continue.
  4. Select the Use NTP server to set time radio button and then click Select.
  5. Type the IP addresses for the time server, and then click Save.
  6. Click Done.
  7. Click Sync Now to sync system time on the Explore appliance with the remote time server.

Configure Email Notifications

We recommend that you configure email notification settings so that the system can alert you if the following conditions occur:

  • The physical disk is in a degraded state.
  • The physical disk has an increasing error count.
  • A registered Explore appliance node is missing from the cluster. The node might have failed, or is powered off.

Configure the Email Server and Sender settings:

  1. In the Network Settings section, click Notifications.
  2. Click Email Server and Sender.
  3. On the Email Settings page, enter the following information:
    • SMTP Server: The IP address for the outgoing SMTP mail server.
    • Note: The SMTP server should be the FQDN or IP address of an outgoing mail server that is accessible from the Explore management network. If the DNS server is set, then the SMTP server can be a FQDN, otherwise it needs to be an IP address
    • Sender Address: The email address for the notification sender.
  4. Click Save.

Add a recipient email address for notifications:

  1. Go to the Network Settings section and click Notifications.
  2. Under Notifications, click Email Addresses.
  3. In the Email address text box, type the recipient email address.
  4. Click Save.

Pair the Explore Appliance to Discover and Command Appliances

After you deploy the Explore cluster, you must establish a connection from all ExtraHop Discover and Command appliances to the Explore cluster before you can query records.

To pair a Discover or Command appliance to an Explore cluster:

  1. Log in to the Discover or Command appliance Admin UI.
  2. In the ExtraHop Explore Settings section, click Configure Explore Cluster.
  3. Click Add New.
  4. In the Host #1 Host field, type the hostname or IP address of any Explore appliance in the Explore cluster.
  5. For each additional Explore appliance in the cluster, click Add New and enter the individual hostname or IP address in the corresponding Host field.
  6. Click Save.
  7. Note the information listed for Fingerprint. Verify that the fingerprint listed on this page matches the fingerprint of the Explore appliance (Host #1) listed on the Fingerprint page in the Explore Admin UI.
  8. In the Explore Setup Password field, type the password of the Explore appliance.
  9. Click Join, and then click Done.

Send record data to the Explore Appliance

After your Explore appliance is paired with all of your Discover and Command appliances, you must configure the type of records you want to store. See the following documentation for more information about Explore configuration settings, how to generate and store records, and how to create record queries.

Published 2019-09-16 14:47