Deploy the ExtraHop Discover 10200 Appliance
This guide explains how to install the rack-mounted EDA 10200 ExtraHop Discover appliance.
Installation prerequisites
- Appliance
- 2U of rack space and electrical connections for 2 x 1100 W power supplies.
- Management
- One 10/100/1000 BASE-T network port or one 10G BASE-SR port for appliance management.
- Monitoring (capture)
- High-performance interfaces: One to four network ports for connection to 100 GbE, 40 GbE, 25 GbE, or 10 GbE sources of packet data, depending on the ordered configuration.
- Management + monitoring interfaces: One to three network ports for connection to 1 GbE sources of packet data.
- Network Access
- Ensure that administrators can access the Administration settings on the Discover appliance over TCP port 443.
For more information about the interfaces on the ExtraHop appliance, see the Appliance Hardware FAQ.
Rear panel ports
EDA 10200
- One iDRAC interface port
- One RS-232 serial port to connect a console device
- One VGA port to connect an external display
- Two USB 3.0 ports to connect input devices such as a keyboard and mouse
- Two power ports to connect the appliance to an AC power source
- Two 10 GbE ports. Ports 1 and 2 can be configured as a management port, management and
flow target, or management and RPCAP/ERSPAN/VXLAN target.While 10 GbE management + capture interfaces on the EDA 10200, EDA 9200, and ETA 8250 can conduct management functions at 10 Gbps speeds, processing traffic such as ERSPAN is limited to 1 Gbps.
Tip: In environments with asymmetric routing adjacent to the high-performance interfaces, ping replies might not get back to the sender. - Two 10/100/1000 BASE-T network ports. Port 3 is the primary management port. Both ports can be configured as a monitoring port, management port, management and flow target, or management and RPCAP/ERSPAN/VXLAN target.
- Four 100 GbE-capable ports on two network adapters. These ports are the high-performance monitoring (capture) interfaces.
Supported packet source connectivity
Discover 10200 Appliance Connector | Peer Connector for Packet Source | Customer-Supplied Cabling | Supported Operating Speeds |
---|---|---|---|
Transceiver-based Connectivity | |||
100 GbE QSFP28 SR4 transceiver | 100 GbE QSFP28 SR4 transceiver | Multi-mode fiber MPO connectors |
100 Gbps, 40 Gbps |
40 GbE QSFP+ SR4 transceiver | Multi-mode fiber MPO connectors |
40 Gbps | |
40 GbE QSFP SR BiDi transceiver (Customer-supplied Cisco QSFP-40G-SR-BD only) | 40 GbE QSFP+ SR BiDi transceiver | Duplex multi-mode fiber LC connectors | 40 Gbps |
25 GbE SFP28 SR transceiver (with QSFP28-to-SFP28 adapter) | 25 GbE SFP28 SR transceiver | Multi-mode fiber LC connectors |
25 Gbps, 10 Gbps |
10 GbE SFP+ SR transceiver | Multi-mode fiber LC connectors |
10 Gbps | |
Direct Attach Connectivity | |||
Customer-supplied QSFP28 DAC cable, such as the Mellanox MCP1600-Cxxx series | 100 Gbps | ||
QSFP28-to-SFP28 adapter with customer-supplied SFP28 DAC cable, such as the Mellanox MCP2M00-Axxx series | 25 Gpbs | ||
Customer-supplied RJ45 Ethernet cable 1 Gbps | 1 Gpbs |
Note: | The packet processing capability of the appliance is 100 Gbps. While it is possible to oversubscribe the appliance by sending more than 100 Gbps of packet data across the four 100 GbE-capable ports, inbound workloads that exceed 100 Gbps will result in dropped packets. |
Traffic distribution guidelines
- Packets from the same flow should be received on the same interface, or on interfaces of the same network interface card (NIC).
- The ingest on each NIC should not exceed 75% of the rated analysis throughput for the appliance to ensure that traffic is balanced across system resources.
- If your data feed does not require both interfaces on the NIC, disable the unconfigured interfaces in the Administration settings. For example, configure the EDA 10200 with a single interface to ingest 50 Gbps on each NIC port. Disable the extraneous ports on each NIC. This configuration optimizes performance for 100 Gbps.
- A single high-performance ERSPAN target is expected to process 20 to 30 Gbps. On larger appliances, distribute ERSPAN traffic to more interfaces to scale traffic ingest.
Configure the management IP address
DHCP is enabled by default on the ExtraHop system. When you power on the system, interface 3 attempts to acquire an IP address through DHCP. If successful, the IP address appears on the home screen of the LCD.
If your network does not support DHCP, you can configure a static IP address through the LCD menu on the front panel or through the command-line interface (CLI).
Important: | For deployments that include a Discover appliance that is connected to a Command appliance, we strongly recommend configuring a unique hostname. If the IP address on the sensor is changed, the Command appliance can re-establish connection easily to the sensor by hostname. |
Configure a static IP address through the LCD
Configure an IP address through the CLI
You can access the CLI by connecting a USB keyboard and SVGA monitor to the system or through an RS-232 serial cable and a terminal-emulator program. The terminal emulator must be set to 115200 bps with 8 data bits, no parity, 1 stop bit (8N1), and hardware flow control should be disabled.
(Optional) Configure the 10 GbE management interface
You can configure a 10 GbE port (port 1 or port 2) to manage the system. The commands below move the settings from port 3 to port 1 and then disables port 3. Alternatively, you can configure the 10 GbE management interface in the Administration settings.
Configure the Discover appliance
After you configure an IP address for the Discover appliance, open a web browser and navigate to the ExtraHop system through the configured IP address. Accept the license agreement and then log in with the setup user account. The password is the system serial number that appears in the Info section of the LCD display and on the label on the back of the appliance. Follow the prompts to enter the product key, change the default setup and shell user account passwords, connect to ExtraHop Cloud Services, and connect to Reveal(x) 360 or a Command appliance.
After the system is licensed, and you have verified that traffic is detected, complete the recommended procedures in the post-deployment checklist.
Thank you for your feedback. Can we contact you to ask follow up questions?