Deploy the ExtraHop Command Appliance in AWS

This guide explains how to launch the ExtraHop Command appliance AMI to monitor your Amazon Web Services (AWS) environment. You must have administrative access to AWS to launch a third-party AMI and an ExtraHop product key to complete these procedures.

Before you deploy the Command appliance, determine the optimal provisioning needs for your environment. For more information, see the Performance guidelines section.

Performance guidelines

The following table provides guidelines that can help you optimize the performance of the Command appliance. These guidelines are minimum requirements that you might need to adjust based on the size and needs of your environment.

Scalability Connected ExtraHop Appliances 1-8 9-24 25-64
Provisioning Requirements Recommended Instance Type c5.xlarge (4 vCPU and 8 GB RAM) c5.2xlarge (8 vCPU and 16 GB RAM) c5.4xlarge (16 vCPU and 32 GB RAM)
Boot Disk 4 GB 4 GB 4 GB
Datastore and Utility Disk 40 GB 48 GB 64 GB
Disk Total 44 GB 52 GB 68 GB

Create the ExtraHop instance in AWS

Before you begin

The Amazon Machine Images (AMIs) of ExtraHop appliances are not publicly shared. Before you can start the deployment procedure, you must send your AWS account ID to Your account ID will be linked to the ExtraHop AMIs.

  1. Sign in to AWS with your username and password.
  2. Click EC2.
  3. In the left navigation panel, under Images, click AMIs.
  4. Above the table of AMIs, change the Filter from Owned by Me to Private Images.
  5. In the Search AMIs… field, type ExtraHop.
  6. Select the checkbox next to the ExtraHop Command appliance AMI, and click Launch.
  7. On the Choose an Instance Type page, select the instance type that meets the provisioning requirements specified in the performance guidelines table above.
  8. Click Next: Configure Instance Details.
  9. Click the Network drop-down list and select one of the VPCs for your organization.
    You must launch the Command appliance in the same environment as the ExtraHop Discover appliances.
  10. Select Stop as the default shutdown behavior.
  11. Click the Protect against accidental termination checkbox.
  12. (Optional): Click the IAM role drop-down list, and select an IAM role.
  13. (Optional): If you want to configure two interfaces for VPC, scroll down to the Network Interfaces section and click Add Device to associate another interface with your instance.
    The default number of network interfaces is one. The two interfaces must be on two different subnets.
  14. Click Next: Add Storage.
  15. Accept the defaults and click Next: Tag Instance.
  16. In the Value field, enter a name for the instance.
  17. Click Next: Configure Security Group.
  18. On the Configure Security Group page, follow the procedure below to create a new security group or add ports to an existing group. If you already have a security group with the required ports for ExtraHop, you can skip this step.
    1. Select either Create a new Security Group or Select an existing security group. If you choose to edit an existing group, select the group you want to edit. If you choose to create a new group, type a name for the Security group and type a Description.
    2. From the Type drop-down list, select a protocol. Type the port number in the Port Range field.
    3. For each additional port, click the Add Rule button. Then, from the Type drop-down list, select a protocol, and type the port number in the Port Range field.
      The following ports and IP addresses must be opened for the ExtraHop AWS instance:
      TCP ports 22, 80, and 443 inbound to the Command appliance
      These ports must be open to download the installer and administer the ExtraHop system.
      IP addresses of the ExtraHop Discover appliances that are connected to the Command appliance
      After the Command appliance is launched, you must modify the security groups of the connected Discover appliances to allow traffic in from the Command appliance.
  19. Click Review and Launch.
  20. Scroll down to review the AMI details, instance type, and security group information, and then click Launch.
  21. In the pop-up window, from the first drop-down list, select Proceed without a key pair.
  22. Click the I acknowledge… checkbox and then click Launch Instance.
  23. Click View Instances to return to the AWS Management Console.
    When you return to the AWS Management Console, you can view your instance on the Initializing screen.
Located under the table, on the Description tab, is the IP address or hostname for the Command appliance.

Register the ExtraHop system

Complete the following steps to apply your product key and register the system.

If you do not have a product key, contact your ExtraHop account team.

Tip:To verify that your environment can resolve DNS entries for the ExtraHop licensing server, open a terminal application on your Windows, Linux, or Mac OS client and run the following command:
nslookup -type=NS
If the name resolution is successful, output similar to the following appears:
Non-authoritative answer:	nameserver =	nameserver =
  1. In your browser, type the IP address of the ExtraHop system (https://<extrahop_management_ip>).
  2. Review the license agreement, select I Agree, and click Submit.
  3. On the log in screen, type setup for the user name and the instance ID for the password.
    You can find the Instance ID on the Description tab of an instance selected on the Initializing screen. Type the string of characters that follow i- (but not i- itself), and then click Log In.
  4. Enter your product key, and then click Register.
Published 2023-05-30