xtrhop

For Extra Hopping information

Deploy Reveal(x) in VMware

by

Hopper

If you want to learn more about the powerful capabilities of Reveal(x) then testing it out in a lab environment is a perfect way to get a better understanding. To do so you will need the following things:

  • A VMware environment (ExtraHop also has physical appliances, but we will go for the virtual setup)
  • Reveal(x) licenses (contact your local ExtraHop account team for this)
  • OVA files which you can get from https://customer.extrahop.com/s/login/

The setup will comprise of three virtual appliances, which all provide their own functionalities.

  • Packet Sensor (EDA): Used to ingest the packet data and responsible for generating metrics and records
  • Recordstore (EXA): Used to store the records which are generated by the EDA
  • Packetstore (ETA): Used to ingest packet data and responsible for storing the raw packets

Deploying/configuring the Packet Sensor (EDA)

The process of deploying a Packet Sensor can be found on the ExtraHop website. The specific virtual packet sensor in this deployment is the 1100v and the link to this deployment can be found here:

https://docs.extrahop.com/current/dep-eda-vmw/

The following video shows the deployment and configuration of a packet sensor in VMware.

Deploying/configuring the Recordstore (EXA)

The process of deploying a virtual Recordstore can be found on the ExtraHop website:

https://docs.extrahop.com/current/deploy-exa-vmware/

The following video shows the deployment and configuration of a Recordstore in VMware.

Deploying/configuring the Packetstore (ETA)

The process of deploying a virtual Packetstore can be found on the ExtraHop website:

https://docs.extrahop.com/current/deploy-eta-vmware/

The following video shows the deployment and configuration of a Packetstore in VMware.

Connecting EDA+EXA+ETA together

Now that all the appliances are deployed the last step to take it to connect them all together so that they will work as one system. If you have a ExtraHop Command Appliance (ECA) then go to the following post:

https://xtrhop.com/connecting-evrything-together-with-a-eca/

If you don’t use a ECA then continue with the rest of this port. Keep in mind that the users will only have to login to the GUI of the Packet Sensor (EDA) to be able to access all the data that is stored on the three appliances.

The following video shows how to connect all the appliances together.

Summary

This blog should hold all the data to get you up and running for your lab environment. Please always try to use a live data feed to get the most value out of the lab environment as it will provide you with really interesting data and detections. If you are looking for any other ExtraHop deployment then please go to:

https://docs.extrahop.com/current/deploy/