Deploy the ExtraHop Discover Appliance in Azure

The following procedures explain how to deploy an ExtraHop Discover virtual appliance in a Microsoft Azure environment. You must have experience administering in an Azure environment to complete these procedures.

System requirements

Your environment must meet the following requirements to deploy a virtual Discover appliance:

  • An Azure storage account
  • A Linux client with the latest updates installed
  • The ExtraHop Discover 1000v or 2000v virtual hard disk (VHD) file
  • A Discover appliance product key
Important:If you want to deploy more than one ExtraHop virtual appliance, do not clone an existing instance. Always start with the original deployment package when deploying additional instances.

Deploy the EDA 1000v or 2000v

  1. On your Linux client, open a terminal application and run the following commands.
    1. Install npm and node.js-legacy:
      sudo apt-get install npm nodejs-legacy
    2. Install the Azure command-line interface tools:
      sudo npm install -g azure-cli@0.9.7
      Note:Version 0.9.7 is not the most recent version of the Azure command-line tools. However, in order to upload VHD files to Azure, you must install the older version of the tool.
    3. Download your publish settings file from Azure:
      azure account download
      Your default browser automatically opens to http://go.microsoft.com/fwlink/?LinkId=254432
  2. Sign into your Azure account.
  3. Save the .publishsettings file to your computer.
  4. Return to your terminal application and run the following commands:
    1. Import your publish settings file:
      azure account import <path_to_publishsettings_file>
    2. Create a boot image in the Azure blob storage location. The <azure-EDA2000v.vhd> file is uploaded to blob storage, and then the new virtual instance is created from this boot image.
      azure vm image create <boot_image_name> <path_to_extrahop.vhd> -o linux -u <storage_account_url>

      Where <boot_image_name> is the name of your boot image, <path_to_extrahop_extrahop.vhd> is the name of the ExtraHop VHD file on your local machine, and <storage_account_url> is the location of your storage account in Azure.

      For example:
      azure vm image create example-image /temp/azure-EDA2000v-5.1.0.983.vhd -o linux -u https://exstorage1.blob.core.windows.net/vm-images/example-vm.vhd
      Note:The VHD name in the URL (example-vm.vhd, in the example above) must be unique. If you try to overwrite an existing VHD file with the same name, this step will fail and you will need to repeat this step with a new VHD name.
    3. Create and start an Azure VM instance:
      azure vm create <vm_name> <boot_image_name> --ssh -z <instance_size> -l '<zone_name>' --userName user --password 'Ignored@Password1'

      Where <vm_name> is the name of your Explore VM, <boot_image_name> is the name of the boot image you created in step 4b, <instance_size> is the Azure instance size, and <zone_name> is your local time zone.

      Note:Choose an Azure instance size that most closely matches the Discover VM size. For the EDA 1000v, select Basic_A3 or Standard_DS2. For the EDA 2000v, select Basic_A4 or Standard_DS4.
      For example:
      azure vm create example-vm example-image --ssh -z Basic_A4 -l 'West US' --userName user --password 'Ignored@Password1'
      Note:Azure requires that you specify a username and password to create and start the VM instance; however, the username and password are not required by the Discover virtual appliance.
    4. Create HTTP and HTTPS endpoints. Endpoints are required to direct the inbound network traffic to the virtual Discover appliance.
      azure vm endpoint create -n HTTP <vm_name> 80 80
      azure vm endpoint create -n HTTPS <vm_name> 443 443
    5. Create rpcapd endpoints:
      azure vm endpoint create -n rpcapd-tcp -o tcp <vm_name> 2003 2003
      azure vm endpoint create -n rpcapd-udp -o udp <vm_name> 2003 2003
      Note:By default, Access Control Lists (ACLs) do not restrict access to these endpoints.

Configure the Discover appliance

After the Discover appliance is deployed in Azure, log into the Discover Admin UI through the following URL: https://<vm_name>.cloudapp.net/admin.

Note:The default login name is setup and the password is default.
After you log into the Discover appliance, complete the following recommended procedures:

Register the ExtraHop appliance

Complete the following steps to apply a product key supplied by ExtraHop Support.

If you do not have a product key, contact support@extrahop.com.

  1. In your browser, type the URL of the ExtraHop appliance (https://<vm_name>.cloudapp.net/admin).
  2. Review the license agreement, select I Agree, and then click Submit.
  3. On the login screen, type setup for the username and default for the password.
  4. Click Log In.
  5. In the System Settings section, click License.
  6. Click Manage License.
  7. Click Register.
  8. Enter the product key and then click Register.
  9. Click Done.

Configure the System Time

The default time server setting is pool.ntp.org. If you want to maintain the default setting, skip this procedure and go to the next section.

  1. In the System Settings section, click System Time.
  2. Click Configure Time.
  3. Click the Time Zone drop-down list and select a time zone.
  4. Click Save and Continue.
  5. Type the IP address or FQDN for the time servers in the Time Server fields.
  6. Click Save, and then click Done.

Configure email settings

You must configure an email server and sender before the ExtraHop appliance can send notifications about system alerts by email.

  1. In the Network Settings section, click Notifications.
  2. Click Email Server and Sender.
  3. On the Email Settings page, enter the following information:

    SMTP Server: The IP address for the outgoing SMTP mail server.

    Note:The SMTP server should be the FQDN or IP address of an outgoing mail server that is accessible from the ExtraHop management network. If the DNS server is set, then the SMTP server can be a FQDN, otherwise it needs to be an IP address.

    Sender Address: The email address for the notification sender.

    Report Sender Address: The email address for the report sender.

  4. Click Save.

Add an email notification group

Email notification groups are assigned to alerts to designate who should receive an email when that alert becomes active. Although you can specify individual email addresses to receive emails for alerts, email groups are the most effective way to manage your alert recipient list.

  1. In the Network Settings section, click Notifications.
  2. Click Email Notification Groups.
  3. Click Add Group.
  4. In the Group Info section, enter the following information:

    Name: The name of the email group.

    System Health Notifications: Select this checkbox if you want to send system storage alerts to the email group. These alerts are sent under the following conditions:

    • A virtual disk is in a degraded state.
    • A physical disk is in a degraded state.
    • A physical disk has an increasing error count.
    • A necessary role is missing, such a firmware, datastore, or packet capture.

  5. In the Email Addresses text box, type the recipient email addresses for the team members that you want to receive the alert emails for this group. Email addresses can be entered one per line or separated by a comma, semicolon, or space. Email addresses are checked only for [name]@[company].[domain] format validation. There must be at least one email address in this text box for the group to be valid.
  6. Click Save.

Pair the Discover appliance to any Command or Explore appliances

If you have any ExtraHop Command or Explore appliances in your environment, you can join the Discover appliance to the Command cluster or pair the Discover to an Explore appliance. For more information, see the ExtraHop Admin UI Guide.
Published 2017-11-20 17:13