Start Demo

Deploy Reveal(x) Ultra on Google Cloud Platform

The following procedures explain how to deploy an ExtraHop Ultra virtual packet sensor in a Google Cloud environment. You must have experience deploying virtual machines in Google Cloud within your virtual network infrastructure.

To ensure that the deployment is successful, make sure you have the ability to create the required resources. You might need to work with other experts in your organization to ensure that the necessary resources are available.

System requirements

Your environment must meet the following requirements to deploy a virtual packet sensor on GCP:

  • You must have a Google Cloud Platform (GCP) account
  • You must have the ExtraHop deployment file, which is available on the ExtraHop Customer Portal.
  • You must have an ExtraHop product key.
  • You must have packet mirroring enabled in GCP to forward network traffic to the ExtraHop system. Packet mirroring must be configured to send traffic to nic1 (not nic0) of the ExtraHop instance. See https://cloud.google.com/vpc/docs/using-packet-mirroring.
    Important:To ensure the best performance for initial device synchronization, connect all sensors to the console and then configure network traffic forwarding to the sensors.
  • You must have firewall rules configured to allow DNS, HTTP, HTTPS, and SSH traffic for ExtraHop administration. See https://cloud.google.com/vpc/docs/using-firewalls.
  • You must provision the GCP instance type that most closely matches the virtual sensor size, as follows:
    Sensor Recommended Instance Type
    Reveal(x) Ultra 1 Gbps n1-standard-8 (8 vCPU, 30 GB memory)
    Reveal(x) Ultra 10 Gbps n2-standard-32 (32 vCPU, 128 GB memory)

Upload the ExtraHop deployment file

  1. Sign in to your Google Cloud Platform account.
  2. From the navigation menu, click Cloud Storage > Browser.
  3. Click the name of the storage bucket where you want to upload the ExtraHop deployment file. If you do not have a preconfigured storage bucket, create one now.
  4. Click Upload files.
  5. Browse to the extrahop-edaultra-gcp-<version>.tar.gz file you previously downloaded and click Open. Wait for the file to upload, and then continue to the next procedure.

Create the image

  1. From the navigation menu, click Compute Engine > Images.
  2. Click Create Image and complete the following steps:
    1. In the Name field, type a name to identify the sensor.
    2. From the Source drop-down list, select Cloud Storage file.
    3. Click Browse, locate the extrahop-edaultra-gcp-<version>.tar.gz file in your storage bucket and then click Select.
    4. Configure any additional fields that are required for your environment.
    5. (Reveal(x) Ultra 10 Gbps Only) Click Equivalent Command Line.
      Click Run in Cloud Shell, add --guest-os-features=GVNIC to the end of the command and then press ENTER on your keyboard to run the command. After the command runs, close Cloud Shell and then click Cancel. Clicking Cancel does not cancel the creation of the image through Cloud Shell.
  3. (Reveal(x) Ultra 1 Gbps Only) Click Create.

Create the datastore disk

  1. From the navigation menu, click Compute Engine > Disks.
  2. Click Create Disk and complete the following steps:
    1. In the Name field, type a name to identify the datastore disk.
    2. From the Disk source type drop-down list, select Image.
    3. From the Source image drop-down list, select the image you created in the previous procedure.
    4. From the Disk type drop-down list, select Balanced persistent disk.
    5. In the Size field, configure the disk size as follows:
      Sensor Disk size
      Reveal(x) Ultra 1 Gbps 150
      Reveal(x) Ultra 10 Gbps 1000
    6. Configure any additional fields that are required for your environment.
  3. Click Create.

Create the packetstore disk

  1. From the navigation menu, click Compute Engine > Disks.
  2. Click Create Disk and complete the following steps:
    1. In the Name field, type a name to identify the packetstore disk.
    2. From the Disk source type drop-down list, select Blank disk.
    3. In the Disk settings section, configure the disk type and size as follows:
      Sensor Disk type Size
      Reveal(x) Ultra 1 Gbps Standard persistent disk 4000
      Reveal(x) Ultra 10 Gbps Balanced persistent disk 32000
    4. Configure any additional fields that are required for your environment.
  3. Click Create.

Create the VM instance

  1. From the navigation menu, click Compute Engine > VM instances.
  2. Click Create Instance and complete the following steps:
    1. In the Name field, type a name to identify the ExtraHop instance.
    2. From the Region drop-down list, select your geographic region.
    3. From the Zone drop-down list, select a location within your geographic zone.
    4. In the Machine configuration section, select the following options for your specific deployment.
      Sensor Machine family Series Machine type
      Reveal(x) Ultra 1 Gbps General Purpose N1 n1-standard-8 (8 vCPU, 30 GB memory)
      Reveal(x) Ultra 10 Gbps General Purpose N2 n2-standard-32 (32 vCPU, 128 GB memory)
    1. In the Boot disk section, click Change.
    2. Click Existing disks.
    3. From the Disk drop-down list, select the datastore disk you created previously.
    4. Click Select.
  3. Click Advanced options.
  4. Click Networking.
  5. In the Network tags field, type the following tag names:
    Important:Network tags are required to apply firewall rules to the ExtraHop instance. If you do not have existing firewall rules that allow this traffic, you must create the rules. See https://cloud.google.com/vpc/docs/using-firewalls.
    • https-server
    • http-server
    • dns
    • ssh-all


  6. (Reveal(x) Ultra 10 Gbps Only) In the Network performance configuration section, select gVNIC from the Network interface card drop-down list.
  7. In the Network interfaces section, click the edit icon to edit the management interface.
    1. From the Network drop-down list, select your management network.
    2. From the Subnetwork drop-down list, select your management network subnet.
    3. Configure any additional fields that are required for your environment.
    4. Click Done.
  8. Click Add network interface to configure the data capture interface.
    Important:The management interface and data capture interface must be in different Virtual Private Cloud (VPC) networks.
    1. From the Network drop-down list, select your network that will mirror traffic to the ExtraHop system.
    2. From the Subnetwork drop-down list, select your network subnet.
    3. From the External IP drop-down list, select None.
    4. Configure any additional fields that are required for your environment.
    5. Click Done.
  9. Click Disks.
  10. Click Attach Existing Disk.
  11. Add the packetstore disk you created previously and then click Save.
  12. Click Create.

Register the system

Open a web browser and navigate to the ExtraHop system through the configured management IP address. Accept the license agreement and then log in with the setup user account. The password is the VM instance ID. Follow the prompts to enter the product key, change the default setup and shell user account passwords, connect to ExtraHop Cloud Services, and connect to an ExtraHop console.

Configure L3 device discovery

You must configure the ExtraHop system to discover and track local and remote devices by their IP address (L3 Discovery). To learn how device discovery works in the ExtraHop system, see Device discovery.
  1. Log in to the Administration settings on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin.
  2. In the System Configuration section, click Capture.
  3. Click Device Discovery.
  4. In the Local Device Discovery section, select the Enable local device discovery checkbox to enable L3 Discovery.
  5. In the Remote Device Discovery section, type the IP address in the IP address ranges field.
    You can specify one IP address or a CIDR notation, such as 192.168.0.0/24 for an IPv4 network or 2001:db8::/32 for an IPv6 network.
  6. Click Save.
Last modified 2024-06-19