Start Demo

ExtraHop Rescue Media Guide

The ExtraHop rescue media is a utility that enables you to recover, repair, or reset your ExtraHop system and settings.

Boot into the rescue media interface

Before you begin

Warning:The rescue media must have the same firmware version that is installed on the ExtraHop system, unless you plan to reset the appliance to factory defaults and upgrade to the latest firmware version. To upgrade to the latest firmware version, overwrite your rescue media USB drive with the latest rescue media version.
After you have installed the ExtraHop rescue media onto a USB drive, boot into the rescue media interface.
  1. Make sure that you have only one rescue media inserted into the ExtraHop appliance.
  2. Connect to the ExtraHop system from an ExtraHop console, serial port, or iDRAC.
  3. Restart the appliance through one of the methods listed below, in the following recommended order.
    • Log in to the Administration settings on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin. In the Appliance Settings section, click Shutdown or Restart, and then click Shutdown.
    • Log in to the command-line interface with the shell user account, enable privileged commands, and then restart the system with the restart system command. It can take up to two minutes for the system to restart.
    • Press the power button once without holding, wait a few minutes for the system to shut down, and then press the power button again to restart the appliance.
    • Press and hold the power button until the appliance powers off. Then, press the power button again to restart the appliance.
      Important:Try this method only if the previous methods are unresponsive, as a forced reboot can cause data loss.
  4. When the system reboots, follow the instructions on the screen to access the Boot Manager (or press F11).
    The steps vary by the hardware manufacturing release. From the Boot Manager menu, select the option for the BIOS boot menu.
  5. Depending on your rescue media type, select to boot from either DVD ROM or USB.
    Important:Do not select to boot from the NIC, hard drive, or UEFI (EDA 1200 only).

Recover the ExtraHop system

The system recovery option enables you to recover your ExtraHop system after an upgrade, restart failure, or firmware disk replacement, while maintaining your data and customizations.

You can recover your system from the rescue media interface. This option first attempts to replace the current system firmware with an existing backup. If no backup is available, the current system firmware is replaced with a verified version provided on the rescue media.
  1. Boot into the rescue media interface.
  2. From the Select Menu Option screen, select ExtraHop System Recovery, and then press ENTER.
  3. Select Yes at the prompt to confirm that you want to recover the previous firmware installation.
  4. If no previous firmware is available, you are prompted to replace the firmware with the firmware on the rescue media.
    Type Y and press ENTER.
    Note:System recovery can take up to 45 minutes to complete.
  5. When prompted, press ENTER.
  6. Select Yes to reboot and press ENTER.
The system reboots, initializes the system hardware, and then launches the ExtraHop firmware.

Next steps

Configure the system settings according to the deployment guide for your specific hardware.

Reset the ExtraHop system to factory defaults

To install a copy of the ExtraHop system firmware and remove all existing data and license information, you can reset the appliance to factory defaults.

You can reset the system to factory defaults from the rescue media interface.
Note:You can restore only physical ExtraHop packetstores to factory defaults. Virtual ExtraHop packetstores must redeployed again after reset.
  1. From the Select Menu Option screen, select ExtraHop System Factory Reset and press ENTER.
  2. Select Yes at the prompt to confirm that all data will be deleted and press ENTER.
  3. Perform a secure wipe of the ExtraHop system by selecting Yes and pressing ENTER.
    A secure wipe can take several hours to complete.
    Important:If your appliance supports instant secure erase, this process begins automatically. This method does not require user confirmation and completes much faster.
  4. When the installation is complete, select Reboot and press ENTER to restart the system.
The system reboots, initializes the system hardware, and then launches the ExtraHop firmware.

Next steps

Configure the system settings according to the deployment guide for your specific hardware.

Reset the ExtraHop administrator password

If you have forgotten your ExtraHop password for the Administration settings, you can reset the password to the system default. Then, you can log in to the Administration settings on the ExtraHop system with the default password and change the default password to a secure password.

Before you begin

Before completing these steps, return to the BIOS Boot Manager and select the option to boot from the rescue media.
You can reset the administrator password from the rescue media interface.
  1. From the Select Menu Option screen, select Wipe/Reset Menu, and then press ENTER.
  2. Select Reset Password and press ENTER.
  3. At the prompt to apply the change, press ENTER.
  4. Select Return to Main and press ENTER.
  5. Select Reboot and press ENTER.
  6. Select Yes and press ENTER.
  7. Return to the BIOS Boot Manager and select the option to boot from the system disk.

Perform a secure delete of all system data

You can permanently remove all of the data and customizations from your ExtraHop appliance. Select this option if you plan on disconnecting the ExtraHop appliance and want to securely remove all of your data.

You can securely delete data from your appliance from the rescue media interface.
Important:The 1-pass wipe options can take up to 24 hours to complete; the 3-pass option can take several weeks.
  1. From the Select Menu Option screen, select Wipe/Reset Menu.
  2. Select one of the following options:
    • Select Run Secure Internal Wipe and select OK. This option erases only the internal drives in the appliance.
    • For ExtraHop packetstores with attached extended storage units (ESU), select Run Secure ESU Wipe, and then select OK. This option erases the drives only in attached ESUs.
  3. Select the wipe pattern from the following options:
    Option Description
    1-pass Quick Fill with 0x00 Writes zeros to every sector of every disk on the appliance.
    1-pass One Random Pass Writes random bits to every sector of every disk on the appliance.
    3-pass DoD 5220.22-M Writes random bits to every sector of every disk on the appliance, then writes zeros to every sector of every disk on the appliance, and then writes ones to every sector of every disk on the appliance. Finally, a verification pass is performed.
  4. Select OK and press ENTER.
The system reboots, initializes the system hardware, and then launches the ExtraHop firmware.

Repair the file system

You can check the file system for errors and replace the existing firmware on the appliance with the version of the firmware that is on the rescue media. This option removes your data and any customizations.

You can repair the file system from the rescue media interface.
Warning:This procedure removes your data and any customizations.
  1. From the Select Menu Option screen, select Repair File System, and then press ENTER.
  2. Select Yes at the prompt to check for file system errors and press ENTER.
The system reboots, initializes the system hardware, and then launches the ExtraHop firmware.

Verify and restore firmware files

If an unexpected firmware issue occurs on the appliance, it is possible to restore missing or corrupted files from the rescue media.

You can verify and restore firmware files from the rescue media interface.
Important:The firmware version on the rescue media must be the same as the firmware version on the appliance being restored.
  1. From the Select Menu Option screen, select Verify/Restore Firmware, and then press ENTER.
  2. Select Restore Missing/Corrupted Files.
  3. Select YES at the confirmation prompt and press ENTER.

Upgrade from RAID 0 to RAID 10

The ExtraHop system is configured by default with RAID 0 and four installed drives. You can purchase an additional two drives for the EDA 6200 from ExtraHop and upgrade to a RAID 10 configuration.

Before you begin

Insert the new drives, starting with slots 4 and reboot the appliance. Then, follow the instructions in this guide to boot into the rescue media.
  1. From the Select Menu Option screen, select Advanced RAID Features and then press ENTER.
  2. Select Yes to begin migration.
    Note:After the migration process is complete, log in to the Administration settings on the ExtraHop system and verify that the disks states are online and functioning properly.
  3. Log in to the Administration settings on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin.
  4. In the Appliance Settings section, click Disks.
  5. In the Drive Map section, verify that all of the disks in the image are green.
  6. In the Firmware section, verify that the Status field displays Optimal.
    If the disks on the drive map are not all green and the RAID status is not optimal, see the Repair a Degraded RAID10 Configuration guide.
After you upgrade your RAID configuration, we recommend that you configure system health notifications. For more information, see the Notifications section of the ExtraHop Admin UI Guide

Appendix A: Download and create rescue media

All physical ExtraHop appliances come pre-installed with a USB drive. If you have misplaced the drive, you can download the rescue media and create a recovery CD or USB.

Note:If you do not have physical access to the appliance (for example, if the appliance is located in a remote data center or if it is a virtual appliance), you will not be able to attach new rescue media physically. However, you can download the latest rescue media locally and then boot into the rescue media interface through the virtual media. For more information, see Appendix D: Boot into the rescue media interface through virtual rescue media.

Download the rescue media

If you need to manage your system with rescue media, you can create your own rescue USB drive.
  1. Log in to the Customer Support Portal.
  2. In the Downloads section, click Rescue media.
  3. Select your appliance type.
  4. Click Download.

Create a rescue CD

If you need to manage your system with rescue media, you can create your own rescue CD.
  1. Download the rescue media.
  2. Burn the .iso file to a CD according to the instructions for your CD-ROM.

Create a rescue USB drive

If you need to manage your system with rescue media, you can create your own rescue USB drive.
  1. Download the rescue media.
  2. Copy the .iso file to a USB flash drive through one of the following methods:
    • For Linux or MacOS, run the following command from a terminal: dd if=<file location> of=<location of root block device>.
    • For Windows, copy the .iso file with a third-party utility such as Rufus. In Rufus, select the option to write in DD Image mode.

Appendix B: Hardware tests

Hardware tests are performed before the ExtraHop appliance has shipped and should be performed after an appliance replacement or upgrade.

Cable the hardware for testing

When running hardware tests, connect cables to the network ports only when you run the NICs (Detection) or NICs (Send/Receive) hardware tests.
  1. Connect the 10 GB ports on the same interface card to each other with a fiber optic cable.
  2. Connect interface 1 to interface 2, and then connect interface 3 to interface 4 with Ethernet cables.

Run the hardware tests

You can run hardware tests from the rescue media interface.
  1. Boot into the rescue media interface.
  2. From the Select Menu Option screen, select Hardware Tests, and then press ENTER.
  3. From the Select Hardware Tests to Run screen, select the tests you want to run.
    By default, the first seven test are selected and marked with an asterisk. To select or deselect a test, highlight the test, and then press the space bar.
  4. Select OK and press ENTER.
  5. As each test completes, the page pauses to enable you to view the results.
    Press PAGE UP or PAGE DOWN on your keyboard to scroll through the information.
  6. When you are finished reading the results, press any key, and then press Q on your keyboard to proceed to the next test.

Hardware test types

The following table provides information about the hardware tests that are available on the ExtraHop appliance.

Test Description Test Time
Firmware Verifies that the firmware version is correct by checking the MD5 sums on both the base firmware and the ExtraHop firmware. 5 seconds
Hard Drives Performs a test of all hard drives in the appliance. 5 to 10 seconds
Raid Controller Checks the RAID statistics and gives a summary of any errors. 5 seconds
Card Slot Placement Verifies that additional SSL and 10G cards are installed in the correct slots. 5 minutes
SSL Offload Enables the card and performs two decryption tests. 5 minutes
NICs (Detection) Checks the appliance to ensure the number of detected interfaces matches the number of interfaces on the appliance. The result displays the number of interfaces detected and whether the detection test has passed. 5 to 10 seconds
NICs (Send/Receive) Verifies that the interfaces are working by sending and receiving data through the NICs. 1 minutes
Extended Hard Drive Test Performs a thorough test of the hard drive. This test can take up to 24 hours and checks every sector of every hard drive for errors. Run this test separately and only if there were errors in the previous hard drive tests. Up to 24 hours

Interpreting hardware test results

The following table provides information about how to resolve hardware tests failures.

If the steps in the Resolution column are unsuccessful, contact ExtraHop Support.
Test Failure Description Resolution
Firmware If a firmware test fails, the firmware or base image file might be corrupt. Return to the rescue media interface, and select ExtraHop System Recovery. If this option fails, return to the rescue media interface, and select ExtraHop System Factory Reset.
Hard Drives If the hard drive test fails, the drive might not be present or the drive might not be secure inside the slot. Seat the drive correctly in the slot and run the test again. If the error persists, contact ExtraHop Support to replace the drive.
Raid Controller If the RAID controller test fails, the drives might not be present or the drives might not be secure inside the slots. Seat the drive correctly in the slots and run the test again. If the error persists, contact ExtraHop Support to replace the drives.
Card Slot Placement If the card slot placement test fails, the output shows a slot mismatch for the 10G or SSL cards. Designated slots vary by appliance model. To verify the designated slots, refer to your appliance documentation. If you have trouble replacing the cards in the correct slots, contact ExtraHop Support.
SSL Offload If the SSL offload test fails, the SSL card might not be initialized properly, or it might be in the incorrect slot. Ensure that the SSL card is in the correct slot. If you have trouble replacing the cards in the correct slots, contact ExtraHop Support.
NICs (Detection) The output of the NIC (network interface card) detection test is a list of fiber interfaces and Ethernet interfaces on the ExtraHop appliance. Ensure that the number of detected interfaces matches the number of interfaces on the ExtraHop appliance. If one or more interfaces are not listed, ensure that all network interfaces and cards are present. If they are present and the system does not detect them, contact ExtraHop Support.
NICs (Send/Receive) Ensure that the number of detected interfaces matches the number of interfaces on the ExtraHop appliance. If one or more interfaces are not listed, ensure that all network interfaces and cards are present. If they are present and the system does not detect them, contact ExtraHop Support. Ensure that the cables are properly connected and restart the ExtraHop system. If the error persists, read the output to determine whether traffic was unable to send or receive. If there is no traffic, the NIC might be defective. To replace a defective NIC, contact ExtraHop Support.
Extended Hard Drive Test   Contact ExtraHop Support

Appendix D: Boot into the rescue media interface through virtual rescue media

You can use virtual rescue media to recover or restore virtual appliances or appliances that you cannot access physically.

If you want to rescue an appliance through a later version of rescue media than what is currently attached to the appliance, you can create a new rescue CD or USB. However, if you do not have physical access to the appliance (for example, if the appliance is located in a remote data center or if it is a virtual appliance), you will not be able to attach new rescue media physically. In this case, you can download the latest rescue media locally and then boot into the rescue media interface through the virtual media.
  1. Download the rescue media.
  2. Click Launch Virtual Console.
    For information about connecting to the iDRAC virtual console, see the Configure the iDRAC Remote Access Console guide.
  3. Click Connect Virtual Media.
  4. In the Map CD/DVD section, click Choose File.
  5. Browse to the directory to which you downloaded the rescue media, select the .iso file, and then click Open.
  6. Click Map Device and click Close.
  7. Click Boot.
  8. In the Boot Controls window, select Virtual CD/DVD/ISO, and then click Yes to confirm.
  9. Click Power.
  10. In the Power Controls window, click Power Cycle System (cold boot), and then click Yes to confirm.
    Wait for the appliance to reboot. Do not close the console window or the appliance might not boot correctly.
  11. On the rescue media interface, select ExtraHop Rescue Media and press ENTER.
The Select Menu Option screen displays.
Last modified 2024-04-02