Connect to Atlas services

If you have signed up for the Atlas service, you will receive monthly customized reports about your ExtraHop data. This guide shows you how to connect to the service and how to troubleshoot common connectivity issues.

Before you begin

You establish a connection to the Atlas server from the Admin UI of your ExtraHop Discover, Explore, or Trace appliance. If you have a firewall or proxy, you must first open access through those servers.

Important:The procedures in this guide require access to the appliance Admin UI and require that you modify the Running Config file. You can view and modify the code in the Running Config file, which specifies the default system configuration and saves changes to the current running configuration so the modified settings are enabled after a system restart. For more information, see the Running Config section of the ExtraHop Admin UI Guide.

Configure your firewall rules

Before you can connect to the Atlas server, you must allow access to the Atlas public IP server through any firewalls. If you do not have a firewall, you can skip this section.

Make sure that your environment meets the following conditions:
  • The ability to complete a DNS lookup of *.a.extrahop.com
  • The ability to connect to the Atlas server through HTTPS (port 443)

ExtraHop Networks can change the Atlas server IP address at any time, but you can identify the current IP address by selecting from one of the following options:

When connecting from EMEA, run the following command:

ping atlas-eu.a.extrahop.com
When connecting from all other locations, run the following command:
ping example.a.extrahop.com

Connect to Atlas through a proxy

If you want to connect to Atlas services through a proxy, add the following lines to the Running Config file in each ExtraHop system that you want to connect to the Atlas server. If you do not have a proxy, you can skip this section.

  1. Log into the Admin UI of the ExtraHop appliance you want to connect to Atlas services.
  2. In the Appliance Settings section, click Running Config.
  3. Click Edit config.
  4. Search through the Running Config file to see if an http_proxy entry already exists for atlas.
    • If the entry already exists, modify the lines to match the example below.
    • If the entry does not exist, add the example lines to the end of the Running Config file by making the following changes.
      1. Add a comma after the second to last curly brace (}).
      2. Press ENTER to create a new line.
      3. Paste the http_proxy entry on the new line before the final curly brace (}), which should look similar to the following.
    "http_proxy": {
        "atlas": {
            "host": "proxyhost",
            "port": "8080",
            "username": "username",
            "password": "password"
        }
    }
    Note:The username and password might be optional for your proxy.
  5. Click Update.
  6. Click View and Save Changes.
  7. Review the changes and click Save.
  8. Click Done.

Bypass certificate validation

Some environments are configured so that encrypted traffic cannot leave the network without inspection by a third-party device. This device can act as an SSL/TLS endpoint, which decrypts and re-encrypts the traffic before sending the packets to the Atlas server. If your environment is not set up for inspection by third-party devices, you can skip this section.

The ExtraHop appliance cannot connect to the Atlas server if certificate validation has failed. To bypass certificate validation and connect to the Atlas server, you must modify the Running Config file.

  1. Log into the Admin UI of the ExtraHop appliance you want to connect to Atlas services.
  2. In the Appliance Settings section, click Running Config.
  3. Click Edit config.
  4. Add the entry to the Running Config file by completing the following steps:
    1. Add a comma after the second to last curly brace (}).
    2. Press ENTER to create a new line.
    3. Paste "ecm": { "atlas_verify_cert": false } on the new line before the final curly brace (}).
  5. Click Update.
  6. Click View and Save Changes.
  7. Review the changes and click Save.
  8. Click Done.

Establish a connection

After you have configured any optional firewall or proxy settings, complete the following steps to establish a connection to the Atlas server.

  1. Log into the Admin UI on the ExtraHop Discover, Explore, or Trace appliance.
  2. In the Network Settings section, click Atlas Services.
  3. If you have not already changed the default password for the setup and shell users, you will see a message prompting you to change the password. Change the default password and then proceed to the next step.
  4. On the Connect to Atlas Services page, click Terms and Conditions to read about the service agreement.
    The Atlas subscription services agreement opens in the browser or downloads the file to your computer.
  5. Return to the Connect to Atlas Services page and select the checkbox next to Terms and Conditions.
  6. Click Test Connectivity to make sure the connection is successful. If you have problems connecting to the Atlas service, see the previous sections to determine if you must open access through a firewall or connecting through a proxy.
  7. Click Connect.
Published 2017-11-20 17:13