Deploy the ExtraHop Discover 8200 Appliance
This guide explains how to install the rack-mounted EDA 8200 ExtraHop Discover appliance.
- 1U of rack space and electrical connections for 2 x 750 W power supplies.
- One 10/100/1000 BASE-T network port for appliance management.
- Monitoring (capture)
- High performance interfaces: One to two network ports for connection to 25 GbE or 10 GbE sources of packet data.
- Management + monitoring interfaces: One to three network ports for connection to 1 GbE sources of packet data.
- Network Access
- Ensure that administrators can access the Administration settings on the Discover appliance over TCP port 443.
For more information about the interfaces on the ExtraHop appliance, see the Appliance Hardware FAQ.
Rear panel ports
- One iDRAC interface port
- One RS-232 serial port to connect a console device
- One VGA port to connect an external display
- Two USB 3.0 ports to connect input devices such as a keyboard and mouse
- Two power ports to connect the appliance to an AC power source
- Four 10/100/1000 BASE-T network ports. Port 1 is the primary management port. Ports 2 - 4 are the management + monitor ports.
- Two 25 GbE-capable ports on two network adapters. Ports 5 and 6 are the high performance monitoring (capture) interfaces.
Supported packet source connectivity
|Discover 8200 Appliance Connector||Peer Connector for Packet Source||Customer-Supplied Cabling||Supported Operating Speeds|
|25 GbE SFP28 SR transceiver||25 GbE SFP28 SR transceiver||Multi-mode fiber
|25 Gbps, 10 Gbps|
|10 GbE SFP+ SR transceiver||Multi-mode fiber
|Direct Attach Connectivity|
|Customer-supplied SFP28 DAC cable, such as the Mellanox MCP2M00-Axxx series||25 Gpbs|
|Customer-supplied RJ45 Ethernet cable||1 Gbps|
Traffic distribution guidelines
- Packets from the same flow should be received on the same interface, or on interfaces of the same network interface card (NIC).
- The ingest on each NIC should not exceed 75% of the rated analysis throughput for the appliance to ensure that traffic is balanced across system resources.
- If your data feed does not require both interfaces on the NIC, disable the unconfigured interfaces in the Administration settings. For example, configure the EDA 10200 with a single interface to ingest 50 Gbps on each NIC port. Disable the extraneous ports on each NIC. This configuration optimizes performance for 100 Gbps.
- A single high-performance ERSPAN target is expected to process 20 to 30 Gbps. On larger appliances, distribute ERSPAN traffic to more interfaces to scale traffic ingest.
Set up the appliance
Rack mount the Discover appliance.
Install the Discover appliance in your data center with the included rack-mounting kit. The mounting kit supports most four-post racks with either round or square holes.
Orient the hardware to ensure proper airflow. The cold air intake is through the front of the appliance.
Connect port 1 to your management network.
The EDA 8200 appliance has four 10/100/1000 BASE-T network ports. With a network patch cable, connect the management port on the Discover appliance to your management network. Port 1 is the default management port on the EDA 8200.
Connect the monitoring port.
Important: If your deployment includes a Command appliance or Reveal(x) 360, the following workflow ensures the best performance for initial device synchronization. First, connect all sensors to the Command appliance or Reveal(x) 360, then configure network traffic forwarding to the sensors.With the appropriate network cable, connect a monitoring port on the Discover appliance to a network tap or mirror port on the switch. Note: The link lights on the monitoring interface ports do not illuminate until you register the appliance with your product key.
Connect the iDRAC port.
To enable remote management of the Discover appliance, connect your management network to the iDRAC port with a network patch cable.
Install the front bezel.
You must install the front bezel if you want to configure the appliance through the LCD display.
Insert the USB connector on the right side of the bezel into the USB port on the front of the appliance. Press and hold the release button on the left end of the bezel and push the bezel flush with the appliance until it snaps into place.
Connect the power cords.
Connect the two supplied power cords to the power supplies on the back of the appliance, and then plug the cords into a power outlet. If the appliance does not power on automatically, press the power button on the front-right of the appliance.
Configure the management IP address
DHCP is enabled by default on the ExtraHop system. When you power on the system, interface 1 attempts to acquire an IP address through DHCP. If successful, the IP address appears on the home screen of the LCD.
If your network does not support DHCP, you can configure a static IP address through the LCD menu on the front panel or through the command-line interface (CLI).
|Important:||For deployments that include a Discover appliance that is connected to a Command appliance, we strongly recommend configuring a unique hostname. If the IP address on the sensor is changed, the Command appliance can re-establish connection easily to the sensor by hostname.|
Configure a static IP address through the LCD
- Make sure that the default management interface is connected to the network and the link status is active.
- Press the select button (✓) to begin.
- Press the down arrow button to select Network, and then press the select button.
- Press the down arrow to DHCP and then press the select button.
- Press the down arrow to select No, and then press the select button to disable DHCP.
- Press the down arrow to select Set static IP, and then press the select button.
- Press the left or right arrows to select the first digit to change, and then press the up or down arrows to change the digit to the desired number. Repeat this step for each digit you need to change. After you configure the desired IP address, press the select button.
- On the Network mask screen, press the left or right arrows to select the first digit to change, and then press the up or down arrows to change the digit to the desired number. Repeat this step for each digit you need to change. After you configure the desired network mask, press the select button.
- On the Default gateway screen, press the left or right arrows to select the first digit to change, and then press the up or down arrows to change the digit to the desired number. Repeat this step for each digit you need to change. After you configure the desired default gateway, press the select button.
- Confirm your modified network settings on the Settings saved screen, and then press any button to return to the Network Menu.
- Press the down arrow and scroll to Set DNS servers, and then press the select button.
- Press the left or right arrows on the DNS1 screen to select the first digit to change, and then press the up or down arrows to change the digit to the desired number. Repeat this step for each digit you need to change, and then press the select button to continue to the DNS2 screen.
- Configure a second DNS server.
- Confirm the DNS settings on the Settings saved screen, and then press any button to return to the Network Menu.
- Press the down arrow twice until ← Back appears, and then press the select button.
- Press the down arrow twice to select iDRAC. Configure the iDRAC DHCP, IP, mask, gateway, and DNS in the same manner as the IP address.
- Press the X button to return to the main menu.
Configure an IP address through the CLI
You can access the CLI by connecting a USB keyboard and SVGA monitor to the appliance or through an RS-232 serial cable and a terminal emulator program. The terminal emulator must be set to 115200 bps with 8 data bits, no parity, 1 stop bit (8N1), and hardware flow control should be disabled.
- Establish a connection to the ExtraHop system.
- At the login prompt, type shell and then press ENTER.
- At the password prompt, type the system serial number and then press ENTER. The serial number is printed on a label on the back of the appliance. The serial number can also be found on the LCD display on the front of the appliance in the Info section.
Enable privileged commands:
- At the password prompt, type the serial number, and then press ENTER.
Enter configuration mode:
Enter the interface configuration mode:
Run the ip command and specify the IP address and DNS
settings in the following format: ip ipaddr <ip_address>
<netmask> <gateway> <dns_server>
ip ipaddr 10.10.2.14 255.255.0.0 10.10.1.253 10.10.1.254
Leave the interface configuration section:
Save the running config file:
- Type y and then press ENTER.
Configure the Discover appliance
After you configure an IP address for the Discover appliance, open a web browser and navigate to the ExtraHop system through the configured IP address. Accept the license agreement and then log in with the setup user account. The password is the system serial number that appears in the Info section of the LCD display and on the label on the back of the appliance. Enter the product key to license the system.
After the system is licensed, and you have verified that traffic is detected, complete the recommended procedures in the post-deployment checklist.
Thank you for your feedback. Can we contact you to ask follow up questions?