In this guide, you will learn how to deploy the ExtraHop Reveal(x) Ultra sensor through AWS Marketplace.
Make sure you have everything you need to successfully deploy the sensor:
- An AWS account
- An ExtraHop Reveal(x) Ultra license or product key
- A VPC where the sensor will be deployed
- Two ENI subnets. One subnet to access the management interface of the sensor and one subnet that will forward traffic to the sensor. Both subnets must be in the same Availability Zone.
- Log in to your AWS Management Console.
In Marketplace, search for ExtraHop Ultra sensors.
Click one of the following sensor names:
- Reveal(x) Ultra Cloud Sensor 1 Gbps (BYOL)
- Reveal(x) Ultra Cloud Sensor 10 Gbps (BYOL)
- Click Continue to Subscribe.
- Read the ExtraHop Terms and Conditions, and then click Accept Terms.
- After the subscription process completes, click Continue to Configuration.
Select CloudFormation Template from the
Fulfillment option drop-down list.
Select one of the following CloudFormation templates from the drop-down
- Single sensor with ENI as traffic mirror target
- Single sensor with NLB as traffic mirror target. This option is recommended when you have more than ten traffic sources.
- Select a firmware version from the Software Version drop-down list.
Select your AWS region from the Region drop-down list.
- Click Continue to Launch.
On the Launch this software page, under Choose Action, select Launch
- Click Launch.
- On the Create stack page, leave the default settings unchanged and click Next.
- On the Specify stack details page, type a name in the Stack name field to identify your instance in AWS.
In the Network configuration section, configure the following fields:
VPCID: Select the VPC where the sensor will be deployed
MgmtSubnetID: Select the subnet where the management ENI will be deployed
CaptureSubnetID: Select the subnet where the data capture ENI will be deployed
RemoteAccessCIDR: Type a CIDR IP range to restrict user access to the instance. We recommend that you configure a trusted IP address range.
In the ExtraHop configuration section, select one of the following options for
the PublicIP field:
- Select false if you do not want a public-facing IP address.
- Select true if you want the sensor available to users through the public internet. The MgmtSubnetID specified in the previous step must be a public subnet.
- (Optional): In the Other parameters section, type an AMI ID for the source instance.
- Click Next.
- Add one or more tags in the Tags section and then click Next.
- Review your configuration settings and then click Create stack.
Wait for the creation to complete. The CREATE_COMPLETE status appears
on the Stack info page when the stack creation is successful.
Click the Outputs tab.
- Copy the SocSensorPublicCredentials value. This is the setup user password required to log in to the ExtraHop system.
- Click the EDAPublicAccess value URL to go to the sensor Administration settings page.
- Register your ExtraHop system
- Configure the sensor network interfaces by clicking
Connectivity in the Administration settings. Ensure
that Management Port is selected on Interface 1. For
Interface 2, choose one of the following options:
- For the 1 Gbps sensor, select Management + RPCAP/ERSPAN/VXLAN Target.
- For the 10 Gbps sensor, select High-Performance ERSPAN/VXLAN Target.
Important: If your deployment includes a console, the following workflow ensures the best performance for initial device synchronization. First, connect all sensors to the console, then configure network traffic forwarding to the sensors.
- Complete the recommended procedures in the post-deployment checklist.