Deploy the ExtraHop Discover Appliance in AWS

The following procedure guides you through the deployment process of the ExtraHop Discover appliance AMI to monitor your Amazon Web Services (AWS) environment.

After you deploy the Discover appliance in AWS, configure remote packet capture (RPCAP) to forward traffic from remote devices to your virtual Discover appliance. For more information, see the Packet Forwarding with RPCAP guide.

System requirements

Your environment must meet the following requirements to deploy a virtual Discover appliance in AWS:

  • An AWS account
  • Access to the Amazon Machine Image (AMI) of the ExtraHop Discover appliance
  • A Discover appliance product key
  • An AWS instance type that most closely matches the Discover appliance VM size, as follows:
    Appliance Supported Instance Types
    EDA 1000v m3.large, c3.xlarge, c4.xlarge
    EDA 2000v m3.xlarge, c3.2xlarge, c4.2xlarge
    EDA 6100v c3.8xlarge, c4.8xlarge
    Note:C3 instance types deployed in a VPC will take advantage of Enhanced Networking capabilities. M3 instance types do not support Enhanced Networking.
Important:If you want to deploy more than one ExtraHop virtual appliance, create the new instance with the original deployment package or clone an existing instance that has never been started.

Create the ExtraHop instance in AWS

Before you begin

The Amazon Machine Images (AMIs) of ExtraHop appliances are not publicly shared. Before you can start the deployment procedure, you must send your AWS account ID to support@extrahop.com. Your account ID will be linked to the ExtraHop AMIs.
  1. Sign in to AWS with your username and password.
  2. Click EC2.
  3. In the left navigation panel, under Images, click AMIs.
  4. Above the table of AMIs, change the Filter from Owned by Me to Private Images.
  5. In the filter box, type ExtraHop and then press ENTER.
  6. Select the checkbox next to the appropriate ExtraHop Discover appliance AMI and click Launch.
  7. Select a supported instance type for the product you are installing, based on the information in the following table.
    Product Supported Instance Types
    EDA 1000v m3.large, c3.xlarge, c4.xlarge
    EDA 2000v m3.xlarge, c3.2xlarge, c4.2xlarge
    EDA 6100v c3.8xlarge, c4.8xlarge
    Note:C3 instance types deployed in a VPC will take advantage of Enhanced Networking capabilities. M3 instance types do not support Enhanced Networking.
  8. Click Next: Configure Instance Details.
  9. Click the Network drop-down list and select Launch into EC2-Classic or one of your organization’s VPCs.
    Note:If you launch into EC2-Classic, you will not get support for Enhanced Networking.
  10. From the Shutdown behavior drop-down list, select Stop.
  11. Click the Protect against accidental termination checkbox.
  12. Click the IAM role drop-down list and select an IAM role.
  13. If you launched into a VPC and want to have more than one interface, scroll down to the Network Interfaces section and click Add Device to add additional interfaces to the instance.
    Note:If you have more than one interface, make sure that each interface is on a different subnet.
  14. On the Configure Instance Details page, click Next: Add Storage.
  15. Accept the default storage settings and click Next: Tag Instance.
  16. In the Value field, enter a name for the instance.
  17. Click Next: Configure Security Group.
  18. On the Configure Security Group page, follow the procedure below with the table that follows to create a new security group or add ports to an existing group. If you already have a security group with the required ports for ExtraHop, you can skip this step.
    1. Select either Create a new security group or Select an existing security group. If you choose to edit an existing group, select the group you want to edit. If you choose to create a new group, enter a Security group name and Description.
    2. Click the Type drop-down list, and select a protocol type. Type the port number in the Port Range field.
    3. For each additional port needed, click the Add Rule button. Then click the Type drop-down list, select a protocol type, and type the port number in the Port Range field.
    The following ports need to be open for the ExtraHop AWS instance:

    TCP ports 22, 80, and 443 inbound to the ExtraHop system: These ports are used to download the installer and administer the ExtraHop system. If you cannot open port 80, you can copy the installer to each instance manually. Refer to Installing the Software Tap on a Linux Instance or Installing the Software Tap on a Windows Instance.

    TCP/UDP ports inbound to the ExtraHop system: Depending on the ExtraHop product, you must open a port (or a range of ports) for the software tap. See the following table for the default ports required for each product. You can use alterante port numbers, but you must add them to the security group. For the best performance, keep the port ranges for each product intact.

    Product TCP/UDP ports Range
    EDA 1000v 2003 1
    EDA 2000v 2003-2006 4
    EDA 6100v 2003-2010 8
  19. Click Review and Launch.
  20. Select Make General Purpose (SSD)... and click Next.
    Note:If you select Make General Purpose (SSD)..., then you will not see this step on subsequent instance launches.
  21. Scroll down to review the AMI details, instance type, and security group information, and then click Launch.
  22. In the pop-up window, click the first drop-down list and select Proceed without a key pair.
  23. Click the I acknowledge… checkbox and then click Launch Instance.
  24. Click View Instances to return to the AWS Management Console.
    From the AWS Management Console, you can view your instance on the Initializing screen. Under the table, on the Description tab, you can find the IP address or hostname for the ExtraHop appliance that is accessible from your environment.

Register an ExtraHop system in AWS

Complete the following steps to apply a product key supplied by ExtraHop Support in an AWS environment.

If you do not have a product key, contact support@extrahop.com.

Tip:To verify that your environment can resolve DNS entries for the ExtraHop licensing server, open a terminal application on your Windows, Linux, or Mac OS client and run the following command:
nslookup -type=NS d.extrahop.com
If the name resolution is successful, output similar to the following appears:
Non-authoritative answer:
d.extrahop.com	nameserver = ns0.use.d.extrahop.com.
d.extrahop.com	nameserver = ns0.usw.d.extrahop.com.
  1. In your browser, type the IP address of the ExtraHop appliance (https://<extrahop_management_ip>/admin).
  2. Review the license agreement, select I Agree, and click Submit.
  3. On the log in screen, type setup for the user name and the instance ID for the password.
    You can find the Instance ID on the Description tab of an instance selected on the Initializing screen. Type the string of characters that follow i- (but not i- itself), and then click Log In.
  4. Click Please apply license in Admin UI.
  5. Click Register.
  6. Enter the product key, and then click Register.
  7. Click Done.
Published 2017-04-25 00:18