ExtraHop Rescue Media Guide
The ExtraHop rescue media is a utility that enables you to recover, repair, or reset your ExtraHop system and settings.
Boot into the rescue media interface
Before you begin
Warning: | The rescue media must have the same firmware version that is installed on the ExtraHop system, unless you plan to reset the appliance to factory defaults and upgrade to the latest firmware version. To upgrade to the latest firmware version, overwrite your rescue media USB drive with the latest rescue media version. |
- Make sure that you have only one rescue media inserted into the ExtraHop appliance.
-
Restart the appliance from a console, serial, or iDRAC
connection through one of the methods listed below, in the following
recommended order.
- Log in to the Administration settings on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin. In the Appliance Settings section, click Shutdown or Restart, and then click Shutdown.
- Log in to the command-line interface with the shell user account, turn on privileged commands, and then restart the system with the restart system command. It can take up to two minutes for the system to restart.
- Press the power button once without holding, wait a few minutes for the system to shut down, and then press the power button again to restart the appliance.
- Press and hold the power button until the appliance turns off. Then, press the power button again to restart the appliance. This method should only be tried if the previous methods are unresponsive, as a forced reboot can cause data loss.
- When the system reboots, follow the instructions on the screen to access the Boot Manager (or press F11). The steps vary by the hardware manufacturing release. From the Boot Manager menu, select the option for the BIOS boot menu.
- Depending on your rescue media type, select to boot from either DVD ROM or USB. Do not select to boot from the NIC, hard drive, or UEFI (EDA 1200 only).
Recover the ExtraHop system
The system recovery option enables you to recover your ExtraHop system after an upgrade, restart failure, or firmware disk replacement, while maintaining your data and customizations. This option first attempts to replace the current system firmware with an existing backup. If no backup is available, the current system firmware is replaced with a verified version provided on the rescue media.
Next steps
Configure the primary management interface through the command-line interface. To configure the IP address through the front panel LCD controls, see the deployment guides for your specific hardware.Reset the ExtraHop system to factory defaults
To install a copy of the ExtraHop system firmware and remove all existing data and license information, you can reset the appliance to factory defaults.
Note: | You can only restore a physical Trace appliance to factory defaults. Virtual Trace appliances must be redeployed. |
- From the Select Menu Option screen, select ExtraHop System Factory Reset and press ENTER.
- Select Yes at the prompt to confirm that all data will be deleted and then press ENTER.
- You can perform a secure wipe of the ExtraHop system by selecting Yes and then pressing ENTER. A secure wipe can take several hours to complete.
- When the installation is complete, select Reboot and then press ENTER to restart the system.
Reset the ExtraHop administrator password
If you have forgotten your ExtraHop password for the Administration settings, you can reset the password to the system default. Then, you can log in to the Administration settings on the ExtraHop system with the default password and change the default password to a secure password.
Before completing these steps, return to the BIOS Boot Manager and select the option to boot from the rescue media.
- From the Select Menu Option screen, select Wipe/Reset Menu and then press ENTER.
- Select Reset Password and then press ENTER.
- At the prompt to apply the change, press ENTER.
- Select Return to Main and then press ENTER.
- Select Reboot and then press ENTER.
- Select Yes and then press ENTER.
- Return to the BIOS Boot Manager and select the option to boot from the system disk.
Perform a secure delete of all system data
You can permanently remove all of the data and customizations from your ExtraHop appliance. Select this option if you plan on disconnecting the ExtraHop appliance and want to securely remove all of your data.
Important: | 1-pass wipe options can take up to 24 hours to complete; the 3-pass option can take several weeks. |
- From the Select Menu Option screen, select Wipe/Reset Menu.
-
Select one of the following options.
- Select Run Secure Internal Wipe and then select OK. This option only wipes the internal drives in the appliance.
- For Trace appliances with attached extended storage units (ESU), select Run Secure ESU Wipe, and then select OK. This option only wipes the drives in attached ESUs.
-
Select the wipe pattern from the following options:
- 1-pass Quick Fill with 0x00 - writes zeros to every sector of every disk on the appliance.
- 1-pass One Random Pass - writes random bits to every sector of every disk on the appliance.
- 3-pass DoD 5220.22-M - writes random bits to every sector of every disk on the appliance, then writes zeros to every sector of every disk on the appliance, and then writes ones to every sector of every disk on the appliance. Finally, a verification pass is performed.
- Select OK and then press ENTER.
Repair the file system
You can check the file system for errors and replace the existing firmware on the appliance with the version of the firmware that is on the rescue media. This option will remove your data and any customizations.
Warning: | This procedure will remove your data and any customizations. |
- From the Select Menu Option screen, select Repair File System, and then press ENTER.
- Select Yes at the prompt to check for file system errors, and then press ENTER.
Verify and restore firmware files
If an unexpected firmware issue occurs on the appliance, it is possible to restore missing or corrupted files from the rescue media.
Important: | The firmware version on the rescue media must be the same as the firmware version on the appliance being restored. |
- From the Select Menu Option screen, select Verify/Restore Firmware, and then press ENTER.
- Select Restore Missing/Corrupted Files.
- Select YES at the confirmation prompt and then press ENTER.
Upgrade from RAID 0 to RAID 10
The ExtraHop system is configured by default with RAID 0 and four installed drives. You can purchase an additional two drives for the EDA 6200 from ExtraHop and upgrade to a RAID 10 configuration.
Before you begin
Insert the new drives, starting with slots 4 and reboot the appliance. Then, follow the instructions in this guide to boot into the rescue media.Appendix A: Download and create rescue media
All physical ExtraHop appliances come with either a Rescue CD or USB, which is in the drive. If you have misplaced the drive, you can download the rescue media and create a recovery CD or USB.
Note: | If you do not have physical access to the appliance (for example, if the appliance is located in a remote data center or if it is a virtual appliance), you will not be able to attach new rescue media physically. However, you can download the latest rescue media locally and then boot into the rescue media interface through the virtual media. For more information, see Appendix D: Boot into the rescue media interface through virtual rescue media. |
Create a rescue CD
- Log in to the Customer Support Portal.
- In the Downloads section, click Rescue media.
- Select your appliance type.
- Click Download.
- Burn the .iso file to a CD according to the instructions for your CD-ROM.
Create a rescue USB
- Log in to the Customer Support Portal.
- In the Downloads section, click Rescue media.
- Select your appliance type.
- Click Download.
-
Copy the .iso file to a USB flash drive through one of the following methods.
- For Linux or macOS, run the following command from a terminal: dd if=<file location> of=<location of root block device>.
- For Windows, copy the .iso file with a third-party utility such as Rufus. In Rufus, select the option to write in DD Image mode.
Appendix B: Hardware tests
Hardware tests are performed before the ExtraHop appliance has shipped and should be performed after an appliance replacement or upgrade.
Cable the hardware for testing
- Connect the 10 GB ports on the same interface card to each other with a fiber optic cable.
- Connect interface 1 to interface 2, and then connect interface 3 to interface 4 with Ethernet cables.
Run the hardware tests
- Boot into the rescue media interface.
- From the Select Menu Option screen, select Hardware Tests, and then press ENTER.
- From the Select Hardware Tests to Run screen, select the tests you want to run. By default, the first seven test are selected and marked with an asterisk. To select or deselect a test, highlight the test, and then press the space bar.
- Select OK and press ENTER.
- As each test completes, the page will pause to enable you to view the results. Press PAGE UP or PAGE DOWN on your keyboard to scroll through the information.
- When you are finished reading the results, press any key, and then press Q on your keyboard to proceed to the next test.
Hardware test types
The following table provides information about the hardware tests that are available on the ExtraHop appliance.
Test | Description | Test Time |
---|---|---|
Firmware | Verifies that the firmware version is correct by checking the MD5 sums on both the base firmware and the ExtraHop firmware. | 5 seconds |
Hard Drives | Performs a test of all hard drives in the appliance. | 5 to 10 seconds |
Raid Controller | Checks the RAID statistics and gives a summary of any errors. | 5 seconds |
Card Slot Placement | Verifies that additional SSL and 10G cards are installed in the correct slots. | 5 minutes |
SSL Offload | Turns on the card and performs two decryption tests. | 5 minutes |
NICs (Detection) | Checks the appliance to ensure the number of detected interfaces matches the number of interfaces on the appliance. The result displays the number of interfaces detected and whether the detection test has passed. | 5 to 10 seconds |
NICs (Send/Receive) | Verifies that the interfaces are working by sending and receiving data through the NICs. | 1 minutes |
Extended Hard Drive Test | Performs a thorough test of the hard drive. This test can take up to 24 hours and checks every sector of every hard drive for errors. Run this test separately and only if there were errors in the previous hard drive tests. | Up to 24 hours |
Interpreting hardware test results
The following table provides information about how to resolve hardware tests failures.
Test | Failure Description | Resolution |
---|---|---|
Firmware | If a firmware test fails, the firmware or base image file might be corrupt. | Return to the rescue media interface, and select ExtraHop System Recovery. If this option fails, return to the rescue media interface, and select ExtraHop System Factory Reset. |
Hard Drives | If the hard drive test fails, the drive might not be present or the drive might not be secure inside the slot. | Seat the drive correctly in the slot and run the test again. If the error persists, contact ExtraHop Support to replace the drive. |
Raid Controller | If the RAID controller test fails, the drives might not be present or the drives might not be secure inside the slots. | Seat the drive correctly in the slots and run the test again. If the error persists, contact ExtraHop Support to replace the drives. |
Card Slot Placement | If the card slot placement test fails, the output shows a slot mismatch for the 10G or SSL cards. Designated slots vary by appliance model. | To verify the designated slots, refer to your appliance documentation. If you have trouble replacing the cards in the correct slots, contact ExtraHop Support. |
SSL Offload | If the SSL offload test fails, the SSL card was not initialized properly or it might be in the incorrect slot. | Ensure that the SSL card is in the correct slot. If you have trouble replacing the cards in the correct slots, contact ExtraHop Support. |
NICs (Detection) | The output of the NIC detection test is a list of fiber interfaces and Ethernet interfaces on the ExtraHop appliance. | Ensure that the number of detected interfaces matches the number of interfaces on the ExtraHop appliance. If one or more interfaces are not listed, ensure that all network interfaces and cards are present. If they are present and the system does not detect them, contact ExtraHop Support. |
NICs (Send/Receive) | Ensure that the number of detected interfaces matches the number of interfaces on the ExtraHop appliance. If one or more interfaces are not listed, ensure that all network interfaces and cards are present. If they are present and the system does not detect them, contact ExtraHop Support. | Ensure that the cables are properly connected and restart the ExtraHop system. If the error persists, read the output to determine whether traffic was unable to send or receive. If there is no traffic, the NIC might be defective. To replace a defective NIC, contact ExtraHop Support. |
Extended Hard Drive Test | Contact ExtraHop Support |
Appendix D: Boot into the rescue media interface through virtual rescue media
If you want to rescue an appliance through a later version of rescue media than what is currently attached to the appliance, you can create a new rescue CD or USB. However, if you do not have physical access to the appliance (for example, if the appliance is located in a remote data center or if it is a virtual appliance), you will not be able to attach new rescue media physically. In this case, you can download the latest rescue media locally and then boot into the rescue media interface through the virtual media.
Thank you for your feedback. Can we contact you to ask follow up questions?