Deploy the ExtraHop Explore 5100 Appliance
In this guide, you will learn how to configure the rack-mounted EXA 5100 ExtraHop Explore appliance and to join multiple Explore appliances to create an Explore cluster.
For the best performance, data redundancy, and stability, you must configure at least three Explore appliances in an Explore cluster.
System requirements
To install the Explore appliance, your environment must meet the following requirements:
- Appliance
- 2U of rack space and 2x750W of power
- Network Access
-
- The following TCP ports must be open:
- TCP ports 80 and 443
- Enables you to administer the Explore appliance. Requests sent to port 80 are automatically redirected to HTTPS port 443.
- TCP port 9443
- Enables Explore nodes to communicate with other Explore nodes in the same cluster.
- The following TCP ports must be open:
Install the Explore appliance
To install the Explore appliance, complete the following steps.
Before you begin
All Explore nodes in an Explore cluster must be physically located in the same datacenter. This configuration helps reduce any network latency that might affect the collection of records.Configure an IP address
DHCP is enabled by default on the ExtraHop system. When you power on the appliance, interface 1 attempts to acquire an IP address through DHCP. If successful, the IP address appears on the home screen of the LCD. If an IP address has not been configured, the LCD displays No IP.
If your network does not support DHCP, you can configure a static IP address through the LCD menu on the front panel or through the command-line interface (CLI).
Configure a static IP address through the CLI
You can access the CLI by connecting a USB keyboard and SVGA monitor to the appliance or through an RS-232 serial cable and a terminal-emulator program. The terminal emulator must be set to 115200 bps with 8 data bits, no parity, 1 stop bit (8N1), and hardware flow control should be disabled.
Configure a static IP address through the front panel
Complete the following steps to configure the IP address from the front panel. If an IP address has not been configured, the front panel displays No IP. If the system is plugged in and powered off, the LCD screen displays ExtraHop.
- Make sure that the default management interface is connected to the network and the link status is active.
- Press the select button (✓) to begin.
- Press the right arrow (>) button to select Net and then press the select button.
- Press the right arrow button twice to highlight DHCP and then press the select button.
- Press the right arrow button to select Static and then press the select button.
- Press the right arrow button to select IP and then press the select button. The currently configured IP address appears.
- Press the right arrow button until the first digit you want to change is highlighted.
- Press the select button. The digit blinks when selected. While the digit is blinking, press the left arrow (<) or right arrow (>) button to change the digit value.
- After you have chosen the correct digit, press the select button.
- Repeat steps 7-9 for each remaining digit you want to change.
- Press the left arrow button to navigate to the up arrow on the display and press the select button.
- On the Save screen, select Yes and then press the select button.
- Wait a moment to be redirected to the Net screen. Repeat the actions above to set the mask, gateway, and up to two DNS servers.
- Configure the iDRAC DHCP, IP, mask, gateway, and DNS in the same manner as the IP address.
Configure the Explore appliance
After you configure an IP address for the Explore appliance, log in to the Administration settings on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin and complete the following recommended procedures.
Note: | The default login username is setup and the password is the service tag number on the pullout tab on the front of the appliance. You can modify user names and passwords in the Administration settings. |
- Register your ExtraHop system
- Configure the 10GbE management port
- Review the Explore Post-deployment Checklist and configure additional Explore appliance settings.
- Create an Explore cluster
- Connect the Explore appliance to Discover and Command appliances
- Send record data to the Explore appliance
Register your ExtraHop system
This guide provides instructions on how to apply a new product key and activate all of your purchased modules. You must have privileges on the ExtraHop system to access the Administration settings.
Register the appliance
Before you begin
Note: | If you are registering a Discover or Command appliance, you can optionally enter the product key after you accept the EULA and log in to the ExtraHop system (https://<extrahop_ip_address>/). |
Next steps
Have more questions about ExtraHop licensing works? See the License FAQ.Troubleshoot license server connectivity
For ExtraHop systems licensed and configured to connect to ExtraHop Cloud Services, registration and verification is performed through an HTTPS request to ExtraHop Cloud Services.
If your ExtraHop system is not licensed for ExtraHop Cloud Services or is not yet licensed, the system attempts to register the system through a DNS TXT request for regions.hopcloud.extrahop.com and an HTTPS request to all ExtraHop Cloud Services regions. If this request fails, the system tries to connect to the ExtraHop licensing server through DNS server port 53. The following procedure is useful to verify that the ExtraHop system can communicate with the licensing server through DNS.
nslookup -type=NS d.extrahop.com
Non-authoritative answer: d.extrahop.com nameserver = ns0.use.d.extrahop.com. d.extrahop.com nameserver = ns0.usw.d.extrahop.com.If the name resolution is not successful, make sure that your DNS server is properly configured to lookup the
(Optional) Configure the 10GbE management port
- In the Network Settings section, click Connectivity.
- In the Interfaces section, click Interface 5 or Interface 6. Make sure you select the same interface as the physical port you connected the 10GbE cable to. Interface 5 is the 10GbE port to the left on the rear of the appliance.
- From the Interface Mode drop-down list, select Management Port.
- Configure the rest of the network settings.
- Click Save.
- In the Interfaces section, click Interface 1.
- From the Interface Mode drop-down list, select Disabled.
- Click Save.
- Click the View and Save Changes button at the top of the page to save the running config file.
- Click Save. Your connection to the ExtraHop system through interface 1 terminates.
- Log in to the ExtraHop system again to connect through the newly configured 10GbE interface.
Create an Explore cluster
For the best performance, data redundancy, and stability, you must configure at least three Explore appliances in an Explore cluster.
Important: | If you are creating an Explore cluster with six or more nodes, you must configure the cluster with manager nodes. For manager node instructions, see Deploying manager nodes. |
In the following example, the Explore appliances have the following IP addresses:
- Node 1: 10.20.227.177
- Node 2: 10.20.227.178
- Node 3: 10.20.227.179
You will join nodes 2 and 3 to node 1 to create the Explore cluster. All three nodes are data nodes. You cannot join a data node to a manager node or join a manager node to a data node to create a cluster.
Important: | Each node that you join must have the same configuration (physical or virtual) and the same ExtraHop firmware version. EXA 5100 and EXA 5200 physical appliances can be in the same cluster. |
Before you begin
You must have already installed or provisioned the Explore appliances in your environment before proceeding.Connect the Explore appliance to Discover and Command appliances
After you deploy the Explore appliance, you must establish a connection from all ExtraHop Discover and Command appliances to the Explore appliance before you can query records.
Important: | Connect the Discover appliance to each Explore node so that the Discover appliance can distribute the workload across the entire Explore cluster. |
Note: | If you manage all of your Discover appliances from a Command appliance, you only need to perform this procedure from the Command appliance. |
Send record data to the Explore appliance
After your Explore appliance is connected to all of your Discover and Command appliances, you must configure the type of records you want to store.
Thank you for your feedback. Can we contact you to ask follow up questions?