Deploy an ExtraHop sensor on Google Cloud Platform
The following procedures explain how to deploy a virtual ExtraHop sensor in a Google Cloud environment. You must have experience deploying virtual machines in Google Cloud within your virtual network infrastructure.
An ExtraHop virtual sensor can help you to monitor the performance of your applications across internal networks, the public internet, or a virtual desktop interface (VDI), including database and storage tiers. The ExtraHop system can monitor application performance across geographically distributed environments, such as branch offices or virtualized environments through inter-VM traffic.
This installation enables you to run network performance monitoring, network detection and response, and intrusion detection on a single sensor. By adding the IDS module, you can also upload and view IDS detections.
Important: | The IDS module requires the NDR module. Before you can enable the IDS module on this sensor, you must upgrade the sensor firmware to version 9.6 or later. When the upgrade completes, you can apply the new license to the sensor. |
Note: | If you have enabled the IDS module on this sensor, and your ExtraHop system does not have direct access to the Internet and access to ExtraHop Cloud Services, you will need to upload IDS rules manually. For more information, see Upload IDS rules to the ExtraHop system through the REST API. |
To ensure that the deployment is successful, make sure you have access and ability to create the required resources. You might need to work with other experts in your organization to ensure that the necessary resources are available.
System requirements
Your environment must meet the following requirements to deploy a virtual ExtraHop sensor in GCP:
- You must have a Google Cloud Platform (GCP) account.
- You must have the ExtraHop deployment file, which is available on the ExtraHop Customer Portal.
- You must have an ExtraHop sensor product key.
- You must have packet mirroring enabled in GCP to forward network traffic to the ExtraHop
system. Packet mirroring must be configured to send traffic to nic1 (not nic0)
of the ExtraHop instance. See https://cloud.google.com/vpc/docs/using-packet-mirroring.
Important: To ensure the best performance for initial device synchronization, connect all sensors to the console and then configure network traffic forwarding to the sensors. - You must have firewall rules configured to allow DNS, HTTP, HTTPS, and SSH traffic for ExtraHop administration. See https://cloud.google.com/vpc/docs/using-firewalls.
Virtual machine requirements
You must provision a GCP instance type that most closely matches your ExtraHop virtual sensor size and that meets the following module requirements.
Sensor | Modules | Recommended Instance Type | Datastore Disk Size |
---|---|---|---|
EDA 1100v | NDR, NPM | n1-standard-4 (4 vCPUs and 15 GB memory) | 61 GB |
EDA 6320v | NDR, NPM, IDS | n2-standard-32 (32 vCPUs and 128 GB memory) | 1400 GB |
Note: | Throughput might be affected when more than one module is enabled on the sensor. |
Upload the ExtraHop deployment file
Next steps
When the file upload completes, you can create the image.Create the image
Next steps
After the command runs, close Cloud Shell, and then click Cancel. Clicking Cancel does not cancel the creation of the image through Cloud Shell.Create an instance group
- From the navigation menu, click .
- Click Create Instance Group.
- Click New unmanaged instance group.
- In the Name field, type an instance group name.
- From the Network drop-down list, select the network that the instance can access.
- From the Subnet drop-down list, select your network subnet.
- From the Select VM drop-down list, select your sensor.
- Click Create.
Create a traffic mirroring policy
- From the navigation menu, click .
- Click Create Policy.
- In the Policy name field, type a new policy name.
- From the Region drop-down list, select your geographic region.
- Click Continue.
- Select Mirrored source and collector destination are in the same VPC network.
- From the Network drop-down list, select the VPC network.
- Click Continue.
- Select the Select one or more subnetworks checkbox.
- From the Select subnet drop-down list, select the checkbox next to your subnet.
- Click Continue.
- Select the checkbox next to the VM instance.
- Click Continue.
- From the Collector destination drop-down list. select the load balancer that you previously created.
- Click Continue.
- Select Mirror all traffic (default).
- Click Submit.
Configure the sensor
Next steps
After the system is licensed, and you have verified that traffic is detected, complete the recommended procedures in the post-deployment checklist.
Thank you for your feedback. Can we contact you to ask follow up questions?