The following procedure guides you through the deployment process of the ExtraHop Discover appliance AMI to monitor your Amazon Web Services (AWS) environment.
After you deploy the Discover appliance in AWS, configure remote packet capture (RPCAP) to forward traffic from remote devices to your virtual Discover appliance. For more information, see the Packet Forwarding with RPCAP guide.
Your environment must meet the following requirements to deploy a virtual Discover appliance in AWS:
- An AWS account
- Access to the Amazon Machine Image (AMI) of the ExtraHop Discover appliance
- A Discover appliance product key
- An AWS instance type that most closely matches the Discover appliance VM size, as
Appliance Recommended Instance Type EDA 1000v m5.large (2 vCPU and 8 GB RAM) EDA 2000v c5.2xlarge (8 vCPU and 16 GB RAM) EDA 6100v m5.4xlarge (16 vCPU and 64 GB RAM) Note: Whenever possible, locate the Discover appliance within the same cluster placement group as the devices that are forwarding traffic. This best practice optimizes the quality of feed that the Discover appliance receives.
Before you beginThe Amazon Machine Images (AMIs) of ExtraHop appliances are not publicly shared. Before you can start the deployment procedure, you must send your AWS account ID to email@example.com. Your account ID will be linked to the ExtraHop AMIs.
- Sign in to AWS with your username and password.
- Click EC2.
- In the left navigation panel, under Images, click AMIs.
- Above the table of AMIs, change the Filter from Owned by Me to Private Images.
- In the filter box, type ExtraHop and then press ENTER.
- Select the checkbox next to the appropriate ExtraHop Discover appliance AMI and click Launch.
- Select a supported instance type for the appliance you are deploying.
- Click Next: Configure Instance Details.
Click the Network drop-down list and select
Launch into EC2-Classic or one of the VPCs for your
Note: If you launch into EC2-Classic, you will not get support for Enhanced Networking.
- From the Shutdown behavior drop-down list, select Stop.
- Click the Protect against accidental termination checkbox.
- Click the IAM role drop-down list and select an IAM role.
If you launched into a VPC and want to have more than one
interface, scroll down to the Network Interfaces section
and click Add Device to add additional interfaces to the
Note: If you have more than one interface, make sure that each interface is on a different subnet.
On the Configure Instance Details page, click
Next: Add Storage. The default storage capacities are
Product Default Storage Capacity EDA 1000v 61 GB EDA 2000v 276 GB EDA 6100v 1000 GB
- Accept the default storage settings and click Next: Tag Instance.
- In the Value field, enter a name for the instance.
- Click Next: Configure Security Group.
On the Configure Security Group page, follow the
procedure below with the table that follows to create a new security group or
add ports to an existing group. If you already have a security group with the
required ports for ExtraHop, you can skip this step.
The following ports need to be open for the ExtraHop AWS instance:
- Select either Create a new security group or Select an existing security group. If you choose to edit an existing group, select the group you want to edit. If you choose to create a new group, enter a Security group name and Description.
- Click the Type drop-down list, and select a protocol type. Type the port number in the Port Range field.
- For each additional port needed, click the Add Rule button. Then click the Type drop-down list, select a protocol type, and type the port number in the Port Range field.
TCP ports 22, 80, and 443 inbound to the ExtraHop system: These ports are used to download the installer and administer the ExtraHop system. If you cannot open port 80, you can copy the installer to each instance manually. For more information, see Packet Forwarding with RPCAP.
TCP/UDP ports 2003-2034 inbound to the ExtraHop system: You must open a port (or a range of ports) for the software tap. For more information, see Packet Forwarding with RPCAP.
- Click Review and Launch.
Select Make General Purpose (SSD)... and click
Note: If you select Make General Purpose (SSD)..., then you will not see this step on subsequent instance launches.
- Scroll down to review the AMI details, instance type, and security group information, and then click Launch.
- In the pop-up window, click the first drop-down list and select Proceed without a key pair.
- Click the I acknowledge… checkbox and then click Launch Instance.
Click View Instances to return to the AWS Management
From the AWS Management Console, you can view your instance on the Initializing screen. Under the table, on the Description tab, you can find the IP address or hostname for the ExtraHop appliance that is accessible from your environment.