In this guide, you will learn how to configure the rack-mounted ExtraHop Explore appliance and to join multiple Explore appliances to create an Explore cluster.
Your environment must meet the following requirements to deploy an Explore appliance:
- 2U of rack space and 2x750W of power
- Network Access
- The following TCP ports must be open:
- TCP ports 80 and 443
- Enables you to administer the Explore appliance through the Web UI. Requests sent to port 80 are automatically redirected to HTTPS port 443.
- TCP port 9443
- Enables Explore nodes to communicate with other Explore nodes in the same cluster.
- The following TCP ports must be open:
To install the Explore appliance, complete the following steps.
Rack mount the Explore appliance.
Install the Explore appliance in your data center with the included rack-mounting kit. The mounting kit supports most four-post racks with either round or square holes.
Connect port 1.
The Explore appliance contains a set of four 10/100/1000 BASE-T network ports. Only the first port on the left is active. Connect the 1GbE port on the Explore appliance to the management network with a network patch cable.
Connect a 10 GbE port
Connect one of the 10 GbE ports on the appliance with a 10 GbE cable to your network to manage the Explore appliance. Note which port you are connecting to so you can configure this port later through the Admin UI.
Note: You can configure only one port as an Explore appliance management port.
DHCP is enabled by default on the ExtraHop appliance. When you power on the appliance, interface 1 attempts to acquire an IP address through DHCP. If successful, the IP address appears on the home screen of the LCD. If an IP address has not been configured, the LCD displays No IP.
You can access the CLI by connecting a USB keyboard and SVGA monitor to the appliance or through an RS-232 serial cable and a terminal-emulator program. The terminal emulator must be set to 115200 bps with 8 data bits, no parity, 1 stop bit (8N1), and hardware flow control should be disabled.
- Establish a connection to the ExtraHop appliance.
- At the login prompt, type shell and then press ENTER.
- At the password prompt, type the service tag number found on the pullout tab on the front of the appliance, and then press ENTER.
Enable privileged commands by running the following command:
- At the password prompt, type the service tag number, and then press ENTER.
Enter configuration mode by running the following command:
Enter the interface configuration mode by running the following command:
Run the ip command and specify the IP address and DNS settings in the following format: ip ipaddr
<ip_address> <netmask> <gateway> <dns_server>
extrahop[EXA](config-if)# ip ipaddr 10.10.2.14 255.255.0.0 10.10.1.253 10.10.1.254
Leave the interface configuration section:
Save the running config file:
- Type y and then press ENTER.
Complete the following steps to configure the IP address from the front panel. If an IP address has not been configured, the front panel displays No IP. If the system is plugged in and powered off, the LCD screen displays ExtraHop.
- Press the Select (checkmark) button. Navigate with the left and right arrow buttons, and select Net.
- Select Host. The screen displays the host name. Scroll up the screen and select the up arrow.
- Select DHCP to see how the IP address is configured. Navigate with the left and right arrow buttons to select an option, and press the Select button.
- From the Net screen, select IP and change the digits with the left and right arrow buttons. On the selected digit, click the Select button. The digit blinks when selected. While the digit is blinking, change the digits with the left and right arrow buttons.
- After you have entered the number, click Select to navigate up the screen and select the up arrow. On the Save screen, select Yes.
- Wait to be redirected to the Net screen. Repeat steps 2-6 to set IP addresses for the netmask, gateway, and up to two DNS servers.
- Optional: Scroll back to the Home menu and select iDRAC. Configure IP addresses for the iDRAC DHCP, IP, netmask, gateway, and DNS.
- From the Net screen, select Errors to view system events such as CPU errors, undetected hard drives, or missing power supplies. When an error occurs, the LCD turns amber and displays the error.
- If there are multiple errors, scroll between the error messages with the left and right arrow buttons. Press the Select button to exit the error screen. The Clear option removes the list of messages from the error screen.
After you configure an IP address for the Explore appliance, you can log into the Explore Admin UI through the following URL: https://<explore_ip_address> and complete the following recommended procedures.
|Note:||The default login username is setup and the password is the service tag number on the pullout tab on the front of the appliance. You can modify user names and passwords in the Explore Admin UI.|
Complete the following steps to apply a product key supplied by ExtraHop Support.
|Tip:||To verify that your environment can
resolve DNS entries for the ExtraHop licensing server, open a terminal application
on your Windows, Linux, or Mac OS client and run the following
nslookup -type=NS d.extrahop.com
If the name resolution is successful, output similar to the following appears:
Non-authoritative answer: d.extrahop.com nameserver = ns0.use.d.extrahop.com. d.extrahop.com nameserver = ns0.usw.d.extrahop.com.
- In your browser, type the URL of the ExtraHop Admin UI, https://<extrahop_ip_address>/admin.
- Review the license agreement, select I Agree, and then click Submit.
- On the login screen, type setup for the username.
For the password, select from the following options:
- For 1U and 2U appliances, type the service tag number found on the pullout tab on the front of the appliance.
- For the EDA 1100, type the serial number displayed in the Appliance info section of the LCD menu. The serial number is also printed on the bottom of the appliance.
- For a virtual appliance, type default.
- Click Log In.
- In the Appliance Settings section, click License.
- Click Manage License.
- Click Register.
- Enter the product key and then click Register.
- Click Done.
- In the Network Settings section, click Connectivity.
- In the Interfaces section, click Interface 5 or Interface 6. Make sure you select the same interface as the physical port you connected the 10GbE cable to. Interface 5 is the 10GbE port to the left on the rear of the appliance.
- From the Interface Mode drop-down list, select Management Port.
- Configure the rest of the network settings.
- Click Save.
- In the Interfaces section, click Interface 1.
- From the Interface Mode drop-down list, select Disabled.
- Click Save.
- Click the View and Save Changes button at the top of the page to save the running config file.
- Click Save. Your connection to the Web UI through interface 1 is terminated.
- Log in to the Web UI again to connect through the newly configured 10GbE interface.
By default, the Explore appliance synchronizes the system time through the pool.ntp.org network time protocol (NTP) server. If your network environment prevents the Explore appliance from communicating with this time server, you must configure an alternate time server source.
|Note:||Time synchronization is critical to ensuring proper cluster operations and maintaining consistent views of data across both Discover and Explore appliances. We strongly recommend that you either keep the default system time setting or configure settings for a different NTP server.|
- In the Appliance Settings section, click System Time.
- Click Configure Time.
- Click the Time Zone drop-down list and select a time zone. Click Save and Continue.
- Select the Use NTP server to set time radio button and then click Select.
- Type the IP addresses for the time server, and then click Save.
- Click Done.
- Click Sync Now to sync system time on the Explore appliance with the remote time server.
You must configure an email server and sender before the ExtraHop appliance can send notifications about system alerts by email.
- A virtual disk is in a degraded state.
- A physical disk is in a degraded state.
- A physical disk has an increasing error count.
- A registered Explore node is missing from the cluster. The node might have failed, or is powered off.
If you are deploying more than one Explore appliance, join the appliances together to create a cluster. For optimal performance, we recommend that you set up three or more Explore appliances in a cluster to take advantage of data redundancy.
- Node 1: 10.20.227.177
- Node 2: 10.20.227.178
- Node 3: 10.20.227.179
You will join nodes 2 and 3 to node 1 to create the Explore cluster.
|Important:||Each node that you join must have the same configuration (physical or virtual) and ExtraHop firmware version.|
- Log into the Admin UI of all three Explore appliances with the setup user account in three separate browser windows or tabs.
- Select the browser window of node 1.
- In the Status and Diagnostics section, click Fingerprint and note the fingerprint value. You will later confirm that the fingerprint for node 1 matches when you join the remaining two nodes.
- Select the browser window of node 2.
- In the Explore Cluster Settings section, click Join Cluster.
- In the Host field, type the hostname or IP address of node 1 and then click Continue.
Confirm that the fingerprint on this page matches the fingerprint you noted in
- In the Setup Password field, type the password for the node 1 setup user account and then click Join.
- When the join is complete, notice that the Explore Cluster Settings section has two new entries; Explore Cluster Members and Data Management.
Click Explore Cluster Members. You should see node 1 and
node 2 in the list.
- In the Status and Diagnostics section, click Explore Cluster Status. Wait for the Status field to change to green before adding the next node.
Repeat steps 5 - 11 to join each additional node to the new cluster.
Note: To avoid creating multiple clusters, always join a new node to the existing cluster and not to another single appliance.
When you have added all of your Explore appliances to the cluster, click
Cluster Members in the Explore Cluster
Settings section. You should see all of the joined nodes in the
list, similar to the following figure.
You have now created an Explore cluster.
After you deploy the Explore appliance, you must establish a connection from all ExtraHop Discover and Command appliances to the Explore appliance before you can query records.
|Important:||If you have an Explore cluster, connect the Discover appliance to each Explore node so that the Discover appliance can distribute the workload across the entire Explore cluster.|
|Note:||If you manage all of your Discover appliances from a Command appliance, you only need to perform this procedure from the Command appliance.|
- Log into the Admin UI of the Discover or Command appliance .
- In the ExtraHop Explore Settings section, click Connect Explore Appliances.
- Click Add New.
- In the Explore node field, type the hostname or IP address of any Explore appliance in the Explore cluster.
For each additional Explore appliance in the
cluster, click Add New and enter the individual hostname
or IP address in the corresponding Explore node
- Click Save.
- Confirm that the fingerprint on this page matches the fingerprint of node 1 of the Explore cluster.
- In the Explore Setup Password field, type the password for the Explore node 1 setup user account and then click Connect.
- When the Explore Cluster settings are saved, click Done.
After your Explore appliance is connected to all of your Discover and Command appliances, you must configure the type of records you want to store. See the following documentation for more information about Explore configuration settings, how to generate and store records, and how to create record queries.