Start Demo

Deploy the ExtraHop Explore Appliance with VMware

The following procedure guides you through the deployment process of the ExtraHop Explore virtual appliance with the vSphere client running on a Windows machine. You should be familiar with administrating VMware ESX and ESXi environments before proceeding.

The Explore virtual appliance is distributed as an OVA package that includes a preconfigured virtual machine (VM) with a 64-bit, Linux-based OS that is optimized to work with VMware ESX and ESXi version 5.5 and later.

Important:If you want to deploy more than one ExtraHop virtual appliance, do not clone an existing instance. Always start with the original deployment package when deploying additional instances.

System requirements

Your environment must meet the following requirements to deploy a virtual Explore appliance:

  • An existing installation of VMware ESX or ESXi server version 5.5 and later capable of hosting the Explore virtual appliance. The Explore virtual appliance is available in the following configurations:
    EXA-XS EXA-S EXA-M EXA-L
    4 CPUs 8 CPUs 16 CPUs 32 CPUs
    8GB RAM 16 GB RAM 32 GB RAM 64 GB RAM
    4 GB boot disk 4 GB boot disk 4 GB boot disk 4 GB boot disk
    500 GB or smaller datastore disk 1.2 TB or smaller datastore disk 2.5 TB or smaller datastore disk 4.1 TB or smaller datastore disk
    Note:When you deploy an Explore appliance, a second virtual disk is required to store record data. The EXA-XS is preconfigured with a 500 GB datastore disk; however, you must manually add a second virtual disk to the other available EXA configurations. The minimum datastore disk size for all configurations is 150 GB.

    Consult with your ExtraHop sales representative or Technical Support to determine the datastore disk size that is best for your needs.

  • A vSphere client
  • An Explore virtual appliance license key.
  • The following TCP ports must be open:
    • TCP ports 80 and 443: Enables you to administer the Explore appliance through the Web UI. Requests sent to port 80 are automatically redirected to HTTPS port 443.
    • TCP port 9443: Enables Explore nodes to communicate with other Explore nodes in the same cluster.

Deploy the Explore virtual appliance

To deploy the Explore virtual appliance, complete the following steps:

  1. Contact ExtraHop Support (support@extrahop.com) to obtain and download the OVA package.
  2. Start the VMware vSphere client and connect to your ESX server.
  3. Go to the File menu and select Deploy OVF Template.
  4. The steps to deploy the OVF template are described in detail below. For most deployments, the default settings are sufficient.
    1. Source: Browse to the location of the downloaded OVA file and then click Next.
    2. OVF Template Details: Review the details and then click Next.
    3. Name and Location: Configure the VM name and location. Give the VM a unique and specific name for the ESX Inventory and then click Next.
    4. Disk Format: Select Thick Provision Lazy Zeroed and then click Next.
    5. Network Mapping: Map the OVF-configured network interface labels with the correct ESX-configured interface labels and then click Next.
    6. Ready to Complete: Verify the configuration, do not select the Power on after deployment checkbox, and then click Finish to complete the deployment.
    When the deployment is complete, you can see the unique name you assigned to the Explore appliance VM instance in the inventory tree for the ESX server to which it was deployed.
  5. Click the new Explore appliance VM instance in the directory tree.
  6. From the Actions drop-down list, select Edit Settings... to configure the disk where the Explore appliance data is stored.
  7. From the New device drop-down list, select New Hard Disk, and then click Add.
  8. In the New Hard disk field, type the size of your virtual storage disk and then click OK.
  9. From the Actions drop-down list, select Power On.
  10. From the Actions drop-down list, select Open Console.
  11. Log in with the shell user account. Type default for the password.
  12. Run the show ipaddr command to display the IP address of the Explore virtual appliance.
  13. Exit the console window.

(Optional) Configure a static IP address through the CLI

The ExtraHop appliance is delivered with DHCP enabled. If your network does not support DHCP, no IP address is acquired, and you must configure a static address manually. To configure a static IP address, complete the following steps.

  1. Establish a console connection to the ExtraHop appliance.
  2. At the login prompt, type shell and then press ENTER.
  3. At the password prompt, type default, and then press ENTER.
  4. To configure the static IP address, run the following commands:
    1. Enable privileged commands: 
      enable
    2. At the password prompt, type default, and then press ENTER.
    3. Enter configuration mode: 
      configure
    4. Enter the interface configuration mode: 
      interface
    5. Run the ip command and specify the IP address and DNS settings in the following format: ip ipaddr <ip_address> <netmask> <gateway> <dns_server>
      For example:
      ip ipaddr 10.10.2.14 255.255.0.0 10.10.1.253 10.10.1.254
    6. Leave the interface configuration section: 
      exit
    7. Save the running config file: 
      running_config save
    8. Type y and then press ENTER.

Configure the Explore appliance

After you obtain the IP address for the Explore appliance, log into the Explore Admin UI through the following URL: https://<explore_ip_address>/admin and complete the following recommended procedures.

Note:The default log in name is setup and the password is default.

Register the ExtraHop appliance

Complete the following steps to apply a product key supplied by ExtraHop Support.

If you do not have a product key, contact support@extrahop.com.
Tip:To verify that your environment can resolve DNS entries for the ExtraHop licensing server, open a terminal application on your Windows, Linux, or Mac OS client and run the following command:
nslookup -type=NS d.extrahop.com
If the name resolution is successful, output similar to the following appears:
Non-authoritative answer:
d.extrahop.com	nameserver = ns0.use.d.extrahop.com.
d.extrahop.com	nameserver = ns0.usw.d.extrahop.com.
  1. In your browser, type the URL of the ExtraHop Admin UI, https://<extrahop_ip_address>/admin.
  2. Review the license agreement, select I Agree, and then click Submit.
  3. On the login screen, type setup for the username.
  4. For the password, select from the following options:
    • For 1U and 2U appliances, type the service tag number found on the pullout tab on the front of the appliance.
    • For the EDA 1100, type the serial number displayed in the Appliance info section of the LCD menu. The serial number is also printed on the bottom of the appliance.
    • For a virtual appliance, type default.
  5. Click Log In.
  6. In the System Settings section, click License.
  7. Click Manage License.
  8. Click Register.
  9. Enter the product key and then click Register.
  10. Click Done.

Create an Explore cluster

Before you begin

Log into the Admin UI of each Explore node, click Fingerprint in the Status section, and note the value listed in the Fingerprint field. The fingerprint of each node should be verified during the join process.

If you are deploying three or more Explore nodes, join the nodes to create a cluster.

Important:Each node that you join must have the same configuration (physical or virtual) and ExtraHop firmware version.
  1. Log into the Admin UI of any new Explore node.
  2. In the Cluster Settings section, click Join Cluster.
  3. In the Host text box, type the hostname or IP address of any of the other new nodes and then click Continue.
  4. Verify that the fingerprint displayed on the page matches the fingerprint of the Explore node that you are joining. If these fingerprints do not match, communication between the nodes might have been intercepted and altered.
  5. In the Setup Password field, type the password for the setup user.
  6. Click Join.
  7. In the Status section, click Cluster Status.
  8. Wait for the Status field to change to green.
  9. Repeat steps 1 - 8 to join each additional node to the new cluster.
    Note:Always join a new node to the existing cluster and not another unjoined node, or you will create multiple clusters.
  10. Click Cluster Members in the Cluster Settings section to confirm that all of the nodes are listed on the page.

Configure the system time

By default, the Explore appliance synchronizes the system time through the pool.ntp.org network time protocol (NTP) server. If your network environment prevents the Explore appliance from communicating with this time server, you must configure an alternate time server source.

Note:Time synchronization is critical to ensuring proper cluster operations and maintaining consistent views of data across both Discover and Explore appliances. We strongly recommend that you either keep the default system time setting or configure settings for a different NTP server.
  1. In the System Settings section, click System Time.
  2. Click Configure Time.
  3. Click the Time Zone drop-down list and select a time zone. Click Save and Continue.
  4. Select the Use NTP server to set time radio button and then click Select.
  5. Type the IP addresses for the time server, and then click Save.
  6. Click Done.
  7. Click Sync Now to sync system time on the Explore appliance with the remote time server.

Configure email notifications

You must configure an email server and sender before the ExtraHop appliance can send notifications about system alerts by email.

You can receive the following alerts from the system:
  • A virtual disk is in a degraded state.
  • A physical disk is in a degraded state.
  • A physical disk has an increasing error count.
  • A registered Explore node is missing from the cluster. The node might have failed, or is powered off.

Pair the Explore appliance to Discover and Command appliances

After you deploy the Explore cluster, you must establish a connection from all ExtraHop Discover and Command appliances to the Explore cluster before you can query records. If you manage all of your Discover appliances from a Command appliance, you only need to perform this procedure from the Command appliance.

Important:If you have an Explore cluster, pair the Discover appliance to each Explore node so that the Discover appliance can distribute the workload across the entire Explore cluster.
  1. Log into the Discover or Command appliance Admin UI.
  2. In the ExtraHop Explore Settings section, click Configure Explore Cluster.
  3. Click Add New.
  4. In the Host #1 Host field, type the hostname or IP address of any Explore appliance in the Explore cluster.
  5. For each additional Explore appliance in the cluster, click Add New and enter the individual hostname or IP address in the corresponding Host field.
  6. Click Save.
  7. Note the information listed for Fingerprint. Verify that the fingerprint listed on this page matches the fingerprint of the Explore appliance (Host #1) listed on the Fingerprint page in the Explore Admin UI.
  8. In the Explore Setup Password field, type the password of the Explore appliance.
  9. Click Join, and then click Done.

Send record data to the Explore appliance

After your Explore appliance is paired with all of your Discover and Command appliances, you must configure the type of records you want to store. See the following documentation for more information about Explore configuration settings, how to generate and store records, and how to create record queries.

Published 2019-06-20 20:37