Deploying the LANGuardian Virtual Appliance on VMware ESXi 6.5 LANGuardian Version 14.4

February 2018

This document describes how to deploy the LANGuardian v ir tual appl iance onto a VMware ESXi bare metal hyperv isor and how to configure ESXi to al low LANGuardian to monitor network traff ic.

w w w . n e t f o r t . c o m / s o f t w a r e - d o w n l o a d www.vmware.com/products/esxi-and-esx.html

Before you begin The following table summarizes the installation method and requirements for installing LANGuardian on VMware ESXi:

Requirements VMware Environment

Installation Method This document describes how to deploy the preconfigured LANGuardian virtual appliance onto the VMware ESXi 6.5 Hypervisor and the configuration needed to monitor traffic from a virtual or physical switch. For this installation, please download a LANGuardian OVA file from netfort.com.

System Requirements The virtual appliance is preconfigured to use the following resources:

• 2 CPUs

• 2 GB RAM

• 50 GB disk space You can adjust these values after installation.

Network Requirements (Management)

During deployment, you will configure the LANGuardian management interface to be accessible from your network. You must use a fixed IP address. Before starting the installation, please ensure that you have obtained a:

• Valid IP address

• Subnet mask

Deploying LANGuardian on VMware ESXi 6.5 Hypervisor

2

• Gateway address

Network Requirements (Monitoring)

An ESXi monitoring port group must be configured in promiscuous mode to allow LANGuardian access to the network traffic. A LANGuardian interface within the monitoring port group will be able to see all traffic traversing on the vswitch.

Software Requirements The LANGuardian virtual appliance is suitable for installation on a VMware ESXi 6.5 hypervisor. The appliance may not be suitable for older ESXi platforms, however, you can still install LANGuardian in these environments using the ISO image.

The steps required to install and configure LANGuardian on a VMware ESXi Hypervisor are outlined in the following table:

Step Description Refer to the section entitled…

Essential Configuration

1. Create a monitoring port group on the VMware ESXi.

Creating a monitoring port group on the VMware ESXi

2. Deploy the LANGuardian virtual appliance.

Deploying the LANGuardian virtual appliance

3. Configure the LANGuardian IP address.

Configuring the LANGuardian IP address

4. Access the LANGuardian user interface via a web browser and use the Configuration Wizard to complete the installation.

Accessing the LANGuardian Web GUI

Optional Advanced Configuration

5. Monitor additional virtual switches.

Monitoring additional virtual switches

6. Set up for monitoring physical switches

Monitoring a physical switch

7. Configure physical switches Configuring the external physical switch

Deploying LANGuardian on VMware ESXi 6.5 Hypervisor

3

Essential Configuration

Creating a monitoring port group on the VMware ESXi Monitoring of network traffic by the LANGuardian virtual appliance is only possible if network traffic is made available to LANGuardian. This is achieved by enabling promiscuous mode on a nominated vswitch port group and binding LANGuardian to this monitoring port group. All interfaces and virtual machines within the monitoring port group can see all traffic passing on the associated vswitch, but all other port groups within the same virtual switch are not. To restrict monitoring of network traffic to LANGuardian only, you must create a dedicated monitoring port group with promiscuous mode enabled just for LANGuardian.

See https://kb.vmware.com/s/article/1002934 for information on promiscuous mode, port groups and vswitches.

The steps to create a port group with promiscuous mode enabled on a vswitch are as follows:

1. Open the VMware ESXi hypervisor web portal Networking section, select the Port Groups tab and click on Add Port Group.

2. Enter the new port group name and select the vswitch that you want to monitor, in this case vswitch0.

3. Open the Security section and set Promiscuous Mode to Accept.

Deploying LANGuardian on VMware ESXi 6.5 Hypervisor

4

4. Click on Add to complete the creation of the new monitoring port group.

5. Move on to Deploying the LANGuardian virtual appliance.

Deploying the LANGuardian virtual appliance Follow these steps to deploy the LANGuardian virtual appliance:

1. Access the VMware ESXi hypervisor web portal and select Create/Register VM.

2. Select Deploy a virtual machine from an OVF or OVA file and click Next.

3. Enter a name for the new virtual machine and click on the panel Click to select files or drag/drop. Browse to the location on your filesystem

Deploying LANGuardian on VMware ESXi 6.5 Hypervisor

5

to select the LANGuardian OVA file. Click Next.

4. Select the datastore on which to store the disk and configuration files. Use SSD storage if possible. Ensure the datastore has at least 50GB of available space. Click Next.

5. Configure the network mappings for LANGuardian, by binding: • Your Management Network to the management network port group,

for example, VM Network • Your Monitoring Network to the monitoring port group, for example,

Local vswitch0 Monitoring as created earlier. Click Next.

6. Click Finish to complete the deployment.

7. Move on to Configuring the LANGuardian IP address.

Deploying LANGuardian on VMware ESXi 6.5 Hypervisor

6

Configuring the LANGuardian IP address Follow these steps to configure the LANGuardian IP address to allow access to the LANGuardian Web GUI:

1. From the VMware ESXi web portal, select the LANGuardian virtual appliance and open the console.

The LANGuardian command-line interface (CLI) Management Utility is presented in the console. It has a menu of options for basic administration of the virtual machine.

2. Type 6 to select Configure network device and press Enter.

LANGuardian Management Utility ------------------------------

System commands System configuration

1. View status 2. Restart LANGuardian 3. Shutdown LANGuardian 4. Ping command

5. Select network device 6. Configure network device 7. Set operating mode 8. Reset web user interface password

Enter a command [1-8] (or type EXIT to exit):

LANGuardian Management Utility ------------------------------ Configure the network device You have chosen to assign this device to the LANGuardian management interface:

Description Statu ----------------------------------------------------------------------------

- Intel PRO/1000 Network Connection Connected

Please enter the following network settings:

LANGuardian computer IP address [192.168.127.200]: 192.168.127.200 LANGuardian computer network mask [255.255.255.0]: 255.255.255.0 Default gateway IP address [192.168.127.1]: 192.168.127.1 DNS server IP address [16.1.20.232]: 16.1.20.232

Deploying LANGuardian on VMware ESXi 6.5 Hypervisor

7

3. Enter the IP address, subnet mask, default gateway address, and DNS server IP address.

4. Open a browser and visit the home page at the IP address you specified during the installation. For example, if the IP address you specified during the installation is 192.168.10.200, the address of your LANGuardian home page will be https://192.168.10.200.

5. Move on to Accessing the LANGuardian Web GUI.

Accessing the LANGuardian Web GUI The first time you access the LANGuardian web user interface, it displays the Configuration Wizard. Use the wizard to verify network settings and to complete your LANGuardian installation to begin monitoring traffic data.

Note

LANGuardian uses a self-signed certificate that will cause your browser to display a note about a potential issue with the security certificate for the website. After initial configuration, you can create and load your own certificate to avoid this warning. Otherwise, choose to accept the self-signed certificate.

The configuration steps are as follows:

1. Review and accept the license agreement and click Next

Deploying LANGuardian on VMware ESXi 6.5 Hypervisor

8

2. Verify the network settings and click Next.

3. Review the sensor status. This screen validates that there is mirrored network traffic available on the LANGuardian sensor interface. If the graph does not display any traffic, then review the monitoring port group configuration.

4. Click Finish to complete the configuration.

Deploying LANGuardian on VMware ESXi 6.5 Hypervisor

9

You are now ready to begin using LANGuardian to monitor activity on your network. Refer to the LANGuardian Administration and User Guide for information on using LANGuardian.

Advanced Configuration The following sections are for advanced configuration and are not required for monitoring traffic on the local ESXi vswitch.

Monitoring additional virtual switches You can monitor additional virtual switches with LANGuardian by adding more network adapters to the LANGuardian virtual appliance, binding them to the correct port group and configuring LANGuardian sensors to monitor the new adaptor. The steps to add a network adapter are as follows:

1. Identify or create a suitable monitoring port group for the vswitch the you want to monitor. See the section Creating a monitoring port group on the VMware ESXi.

2. Open the settings for the LANGuardian appliance and click Add Network Adaptor.

3. Locate the new network adaptor and select the monitoring port group identified in step 1. In this example, select Office-SPAN.

Deploying LANGuardian on VMware ESXi 6.5 Hypervisor

10

4. Click Save to finish adding the new network adaptor.

5. Access the LANGuardian Web GUI to restart the LANGuardian appliance to allow it to detect the new network adapter.

After the LANGuardian has rebooted, log on to the LANGuardian Web GUI interface to add a new sensor.

6 Click on in the LANGuardian menu bar, select Sensors, and click on Add Sensor.

Deploying LANGuardian on VMware ESXi 6.5 Hypervisor

11

7 Select Local and click Next.

8 Select the unused network adaptor and click Next.

9 Give the sensor a name and click Save.

This completes the addition of a new LANGuardian sensor.

Deploying LANGuardian on VMware ESXi 6.5 Hypervisor

12

Monitoring a physical switch To monitor traffic flowing through an external physical switch, you require:

• A dedicated physical network adaptor in the VMware ESXi hypervisor to connect to the physical switch

• A dedicated virtual switch to connect to the physical network adaptor

The additional virtual network switch and adaptor are necessary because:

• Accessing traffic on a SPAN port requires a dedicated network adaptor.

• Due to the volume of traffic generated by a monitoring session, using a dedicated virtual switch and adaptor helps to avoid performance problems with other virtual machines.

• If a dedicated physical network adaptor is available and is connected to the SPAN/mirror port in the external physical switch, use the steps below to enable monitoring for the physical switch.

Follow these steps to create the new virtual switch:

1. Access the VMware ESXi hypervisor web portal Networking section, select the Virtual Switches tab, and click on Add standard virtual switch.

2. Enter a name for the new switch and select the desired physical network adaptor that is connected to the external physical switch.

Deploying LANGuardian on VMware ESXi 6.5 Hypervisor

13

3. Click on Add to complete the creation of the new virtual switch.

Refer to the section Creating a monitoring port group on the VMware ESXi to create a monitoring port group on the new virtual switch and to the section Monitoring additional virtual switches to configure LANGuardian to monitor the new virtual (and hence the physical) switch.

Configuring the external physical switch Setting up the LANGuardian VMware appliance to monitor an external network prepares it to accept traffic data from the network, but you must also configure the core switch on the external network to provide traffic data to the dedicate network adaptor on the VMware ESXi hypervisor.

Network core switches typically have a port mirroring capability that enables you to set up a monitoring port (called a SPAN port on Cisco switches) through which you can capture network traffic for analysis. For details, see the LANGuardian Administration and User Guide at:

www.netfort.com/resources/product-documentation

The steps to configure a monitoring port are specific to each switch. See the core switch documentation page on the NetFort website for links to documentation for popular switches:

www.netfort.com/downloads/documentation/core-switch-documentation

If you need help configuring a monitoring port on your switch, contact our support team for free, no-obligation assistance.

Deploying LANGuardian on VMware ESXi 6.5 Hypervisor

14

Need help? Please contact us if you need help installing or configuring NetFort LANGuardian. You can avail of free no-obligation technical support by contacting our helpdesk on support@netfort.com. See also the NetFort discussion forum – http://forum.netfort.com – for technical tips and usage information.