Deploy Reveal(x) Ultra in AWS

In this guide, you will learn how to deploy the ExtraHop Reveal(x) Ultra sensor through AWS Marketplace.

System requirements

Make sure you have everything you need to successfully deploy the sensor:

  • An AWS account
  • An ExtraHop Reveal(x) Ultra license or product key
  • A VPC where the sensor will be deployed
  • Two ENI subnets. One subnet to access the management interface of the sensor and one subnet that will forward traffic to the sensor. Both subnets must be in the same Availability Zone.

Deploy the sensor

  1. Log in to your AWS Management Console.
  2. In Marketplace, search for ExtraHop Ultra sensors.
  3. Click one of the following sensor names:
    • Reveal(x) Ultra Cloud Sensor 1 Gbps (BYOL)
    • Reveal(x) Ultra Cloud Sensor 10 Gbps (BYOL)
  4. Click Continue to Subscribe.
  5. Read the ExtraHop Terms and Conditions, and then click Accept Terms.
  6. After the subscription process completes, click Continue to Configuration.
  7. Select CloudFormation Template from the Fulfillment option drop-down list.
  8. Select one of the following CloudFormation templates from the drop-down list:
    • Single sensor with ENI as traffic mirror target
    • Single sensor with NLB as traffic mirror target. This option is recommended when you have more than ten traffic sources.
  9. Select a firmware version from the Software Version drop-down list.
  10. Select your AWS region from the Region drop-down list.
  11. Click Continue to Launch.
  12. On the Launch this software page, under Choose Action, select Launch CloudFormation.
  13. Click Launch.
  14. On the Create stack page, leave the default settings unchanged and click Next.
  15. On the Specify stack details page, type a name in the Stack name field to identify your instance in AWS.
  16. In the Network configuration section, configure the following fields:

    VPCID: Select the VPC where the sensor will be deployed

    MgmtSubnetID: Select the subnet where the management ENI will be deployed

    CaptureSubnetID: Select the subnet where the data capture ENI will be deployed

    RemoteAccessCIDR: Type a CIDR IP range to restrict user access to the instance. We recommend that you configure a trusted IP address range.

  17. In the ExtraHop configuration section, select one of the following options for the PublicIP field:
    • Select false if you do not want a public-facing IP address.
    • Select true if you want the sensor available to users through the public internet. The MgmtSubnetID specified in the previous step must be a public subnet.
  18. (Optional): In the Other parameters section, type an AMI ID for the source instance.
  19. Click Next.
  20. Add one or more tags in the Tags section and then click Next.
  21. Review your configuration settings and then click Create stack.
  22. Wait for the creation to complete. The CREATE_COMPLETE status appears on the Stack info page when the stack creation is successful.
  23. Click the Outputs tab.
  24. Copy the SocSensorPublicCredentials value. This is the setup user password required to log in to the ExtraHop system.
  25. Click the EDAPublicAccess value URL to go to the sensor Administration settings page.

Next steps

  • Register your ExtraHop system
  • Configure the sensor network interfaces by clicking Connectivity in the Administration settings. Ensure that Management is selected on Interface 1. For Interface 2, choose one of the following options:
    • For the 1 Gbps sensor, select Management + RPCAP/ERSPAN/VXLAN/GENEVE Target.
    • For the 10 Gbps sensor, select High-Performance ERSPAN/VXLAN/GENEVE Target.
    Important:If your deployment includes a console, the following workflow ensures the best performance for initial device synchronization. First, connect all sensors to the console, then configure network traffic forwarding to the sensors.
  • Complete the recommended procedures in the post-deployment checklist.
Published 2022-09-26