Deploy the ExtraHop Discover 3100, 6100, 8100, or 9100 Appliances

This guide explains how to install the rack-mounted EDA 3100, EDA 6100, EDA 8100, and EDA 9100 ExtraHop Discover appliances.

System requirements

Installation of the Discover appliance has the following requirements:

EDA 3100
Appliance
1U of rack space and 495W of power
Network Access
Four 10/100/1000 BASE-T network ports
Remote management through iDRAC
One 10/100/1000 BASE-T network port
EDA 6100
Appliance
1U of rack space and 495W of power
Network Access
Four 10/100/1000 BASE-T network ports and two 10G BASE-SR ports
Remote management through iDRAC
One 10/100/1000 BASE-T network port
EDA 8100
Appliance
1U of rack space and 2x495W of power
Network Access
Four 10/100/1000 BASE-T network ports and two 10G BASE-SR ports
Remote management through iDRAC
One 10/100/1000 BASE-T network port
EDA 9100
Appliance
2U of rack space and 2x750W of power
Network Access
Four 10/100/1000 BASE-T network ports and four 10G BASE-SR ports
Remote management through iDRAC
One 10/100/1000 BASE-T network port

Set up the appliance

  1. Rack mount the Discover appliance.
    Install the Discover appliance in your data center with the included rack-mounting kit. The mounting kit supports most four-post racks with either round or square holes.
  2. Connect port 1.
    With a network patch cable, connect the monitoring port on the Discover appliance to a network tap or mirror port on the switch.
  3. Optional: Connect the iDRAC port.
    To enable remote management of the Discover appliance, connect your management network to the iDRAC port with a network patch cable.
  4. Connect the power cords.
    Connect the two supplied power cords to the power supplies on the back of the appliance, and then plug the cords into a power outlet. If the appliance does not power on automatically, press the power button on the front of the appliance.

Configure an IP address

DHCP is enabled by default on the ExtraHop appliance. When you power on the appliance, interface 1 attempts to acquire an IP address through DHCP. If successful, the IP address appears on the home screen of the LCD. If an IP address has not been configured, the LCD displays No IP.

If your network does not support DHCP, you can configure a static IP address through the LCD menu on the front panel or through the command-line interface (CLI).

Configure an IP address through the CLI

You can access the CLI by connecting a USB keyboard and SVGA monitor to the appliance or through an RS-232 serial cable and a terminal-emulator program. The terminal emulator must be set to 115200 bps with 8 data bits, no parity, 1 stop bit (8N1), and hardware flow control should be disabled.

  1. Establish a connection to the ExtraHop appliance.
  2. At the login prompt, type shell and then press ENTER.
  3. At the password prompt, type the service tag number found on the pullout tab on the front of the appliance, and then press ENTER.
  4. To configure the static IP address, run the following commands:
    1. Enable privileged commands:
      enable
    2. At the password prompt, type the service tag number, and then press ENTER.
    3. Enter configuration mode:
      configure
    4. Enter the interface configuration mode:
      interface
    5. Run the ip command and specify the IP address and DNS settings in the following format: ip ipaddr <ip_address> <netmask> <gateway> <dns_server>
      For example:
      ip ipaddr 10.10.2.14 255.255.0.0 10.10.1.253 10.10.1.254
    6. Leave the interface configuration section:
      exit
    7. Save the running config file:
      running_config save
    8. Type y and then press ENTER.

Configure a static IP address through the front panel

Complete the following steps to manually configure an IP address through the front panel LCD controls.

  1. Press the checkmark button.
  2. Press the arrow buttons to select Net.
  3. Select Host.
    The screen displays the host name. Return to the previous screen by scrolling to the up arrow on the screen and selecting the arrow.
  4. Select DHCP to see how the IP address is configured. Press the left and right arrow buttons to select an option and then press the Select button.
  5. On the Net screen, select IP and press the left and right arrow buttons to move between the digits. On the selected digit, click the checkmark button. The digit blinks when selected. While the digit is blinking, press the left and right arrow buttons to change the digit value.
  6. After you have entered the number, click the checkmark button.
  7. Press the left arrow button to navigate to the up arrow on the screen and select the arrow.
  8. On the Save screen, select Yes and then press the checkmark button.
  9. Wait a moment to be redirected to the Net screen. Repeat these steps to set the mask, gateway, and up to two DNS servers.
  10. Press the arrow keys to scroll back to the Home menu and select iDRAC.
  11. Configure the iDRAC DHCP, IP, mask, gateway, and DNS in the same manner as the IP address.
  12. On the Net screen, select Errors to view system events such as CPU errors, undetected hard drives, or missing power supplies. When an error occurs, the LCD turns amber and displays the error immediately.
  13. If there are multiple errors, press the left and right arrow buttons to scroll between the error messages. Press the Select button to exit the error screen. The Clear option removes the list of messages from the error screen.

Configure the Discover appliance

After you configure an IP address for the Discover appliance, you can log into the Discover Admin UI through the following URL: https://<discover_ip_address>/admin and complete the following recommended procedures.

Register the ExtraHop appliance

Complete the following steps to apply a product key supplied by ExtraHop Support.

If you do not have a product key, contact support@extrahop.com.
Tip:To verify that your environment can resolve DNS entries for the ExtraHop licensing server, open a terminal application on your Windows, Linux, or Mac OS client and run the following command:
nslookup -type=NS d.extrahop.com
If the name resolution is successful, output similar to the following appears:
Non-authoritative answer:
d.extrahop.com	nameserver = ns0.use.d.extrahop.com.
d.extrahop.com	nameserver = ns0.usw.d.extrahop.com.
  1. In your browser, type the URL of the ExtraHop Admin UI, https://<extrahop_ip_address>/admin.
  2. Review the license agreement, select I Agree, and then click Submit.
  3. On the login screen, type setup for the username.
  4. For the password, select from the following options:
    • For 1U and 2U appliances, type the service tag number found on the pullout tab on the front of the appliance.
    • For the EDA 1100, type the serial number displayed in the Appliance info section of the LCD menu. The serial number is also printed on the bottom of the appliance.
    • For a virtual appliance, type default.
  5. Click Log In.
  6. In the Appliance Settings section, click License.
  7. Click Manage License.
  8. Click Register.
  9. Enter the product key and then click Register.
  10. Click Done.

Configure the system time

The default time server setting is pool.ntp.org. If you want to maintain the default setting, skip this procedure and go to the next section.

  1. In the Appliance Settings section, click System Time.
  2. Click Configure Time.
  3. Click the Time Zone drop-down list and select a time zone.
  4. Click Save and Continue.
  5. On the Time Setup page, select one of the following options:
    • Set time manually
      Note:You cannot manually set the time if the Discover appliance is managed by a Command appliance.
    • Set time with NTP server
  6. Select the Set time with NTP server radio button, then click Select.
    The pool.ntp.org public time server appears in the Time Server #1 field by default.
  7. Type the IP address or fully qualified domain name (FQDN) for the time servers in the Time Server fields. You can add a maximum of nine time servers.
    Tip:After adding the fifth time server, click Add Server to display up to four additional time server fields.
  8. Click Save, and then click Done.

The NTP Status table displays a list of NTP servers that keep the system clock in sync. To sync the current system time a remote server, click the Sync Now button.

Connect the monitoring port

With a network patch cable, connect the monitoring port on the Discover appliance to a network tap or mirror port on the switch.
Refer to the following diagrams.
EDA 3100
EDA 6100
EDA 8100
EDA 9100

Configure email settings

You must configure an email server and sender before the ExtraHop appliance can send notifications about system alerts by email.

  1. In the Network Settings section, click Notifications.
  2. Click Email Server and Sender.
  3. Type the IP address or hostname for the outgoing SMTP mail server in the SMTP Server field.
    Note:The SMTP server should be the fully qualified domain name (FQDN) or IP address of an outgoing mail server that is accessible from the ExtraHop management network. If the DNS server is set, then the SMTP server can be a FQDN, otherwise it needs to be an IP address.
  4. Type the port number for SMTP communication in the SMTP Port field. The default port number is 25.
  5. Select one of the following encryption methods from the Encryption drop-down list:
    • None. SMTP communication is not encrypted.
    • SSL/TLS. SMTP communication is encrypted through the Secure Socket Layer/Transport Layer Security protocol.
    • STARTTLS. SMTP communication is encrypted through STARTTLS.
  6. Type the email address for the notification sender in the Sender Address field.
    Note:The displayed sender address might be changed by the SMTP server. When sending through a Google SMTP server, for example, the sender email is changed to the username supplied for authentication, instead of the originally entered sender address.
  7. Select Validate SSL Certificates to enable certificate validation. If you select this option, the certificate on the remote endpoint is validated against the root certificate chains specified by the trusted certificates manager. You must configure which certificates you want to trust on the Trusted Certificates page. For more information, see Add a trusted certificate to your ExtraHop appliance.
  8. Type the email address for the report sender in the Report Sender Address field.
  9. Select the Enable SMTP authentication checkbox and then type the SMTP server setup credentials in the Username and Password fields.
  10. Click Save.

Add an email notification group

Email notification groups are assigned to alerts to designate who should receive an email when that alert becomes active. Although you can specify individual email addresses to receive emails for alerts, email groups are the most effective way to manage your alert recipient list.

  1. In the Network Settings section, click Notifications.
  2. Click Email Notification Groups.
  3. Click Add Group.
  4. In the Group Info section, enter the following information:

    Name: The name of the email group.

    System Health Notifications: Select this checkbox if you want to send system storage alerts to the email group. These alerts are sent under the following conditions:

    • A virtual disk is in a degraded state.
    • A physical disk is in a degraded state.
    • A physical disk has an increasing error count.
    • A necessary role is missing, such a firmware, datastore, or packet capture.

  5. In the Email Addresses text box, type the recipient email addresses for the team members that you want to receive the alert emails for this group. Email addresses can be entered one per line or separated by a comma, semicolon, or space. Email addresses are checked only for [name]@[company].[domain] format validation. There must be at least one email address in this text box for the group to be valid.
  6. Click Save.

Connect the Discover appliance to any Explore, Trace or Command appliances

If you have any ExtraHop Explore, Trace or Command appliances in your environment, you can connect the Discover appliance to the Command appliance or join the Discover appliance to an Explore or Trace appliance. For more information, see the ExtraHop Admin UI Guide.

Post-deployment actions

After you deploy the Discover appliance, review the Discover and Command Post-deployment Checklist and configure additional settings.
Published 2017-06-21 22:18