Proxmox Import Extrahop Appliances

Published: 2021-11-14

Intro

In this post I will show you how to import the Extrahop Discovery Appliance (EDA) and the Extrahop Explore Appliance (EXA) into Proxmox.

The following software was used as part of this post.

  • Proxmox - 7.0-11
  • Extrahop Discovery Appliance 1100v - 8.6.2.1446
  • Extrahop Explore Appliance 5100v - 8.6.2.1446
  • Extrahop Trace Appliance 1150v - 8.6.2.1446
  • Extrahop Command Appliance - 8.6.2.1446

Pre-Flight Check

This post assumes that you have already downloaded the images to the Proxmox host. I have downloaded them to the /tmp/ directory. Additionally, all commands will be run as the root user. With all that out of the way, lets get started.

Extrahop Discovery Appliance

First, extract the image.

cmd
tar -xvf extrahop-eda-1100v-kvm-8.6.2.1446.tar.gz

# output
eda-1100v-kvm/
eda-1100v-kvm/extrahop-boot.qcow2
eda-1100v-kvm/extrahop-boot.qcow2.md5
eda-1100v-kvm/eda-1100v.xml.md5
eda-1100v-kvm/extrahop-data.qcow2.md5
eda-1100v-kvm/eda-1100v.xml
eda-1100v-kvm/extrahop-data.qcow2

Create a VM for the EDA. The VM will have two interfaces, one for management and one for packet capture.

cmd
qm create 201 \
--name eda01 --numa 0 --ostype l26 \
--cpu cputype=host --cores 2 --sockets 1 \
--memory 4096  \
--scsihw virtio-scsi-pci \
--net0 virtio,bridge=vmbr0,tag=20,firewall=0, \
--net1 virtio,bridge=vmbr1,firewall=0, \
--serial0 socket

Import the boot disk.

cmd
qm importdisk 201 /tmp/eda-1100v-kvm/extrahop-boot.qcow2 local-lvm

# output
Successfully imported disk as 'unused0:local-lvm:vm-201-disk-0'

Attach the boot disk to the VM.

cmd
qm set 201 --scsi0 local-lvm:vm-201-disk-0

Make the bootdisk bootable.

cmd
qm set 201 --boot c --bootdisk scsi0

Import the data disk.

cmd
qm importdisk 201 /tmp/eda-1100v-kvm/extrahop-data.qcow2 local-lvm

# output
Successfully imported disk as 'unused1:local-lvm:vm-201-disk-1'

Attach the data disk to the VM.

cmd
qm set 201 --scsi1 local-lvm:vm-201-disk-1

Create a third disk for an on box packet capture disk.

cmd
qm set 201 -scsi2 qnap-nfs1:50,format=qcow2

# output
update VM 201: -scsi2 qnap-nfs1:50,format=qcow2
Formatting '/mnt/pve/qnap-nfs1/images/201/vm-201-disk-0.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off preallocation=metadata compression_type=zlib size=53687091200 lazy_refcounts=off refcount_bits=16

Start the EDA VM.

cmd
qm start 201

Connect to the terminal and configure an IP address.

cmd
qm terminal 201

# Username: shell
# Password: default

enable
configure
interface 1
ip ipaddr 172.16.0.10 255.255.255.0 172.16.0.1 172.16.0.23
exit
running_config save
y
exit

Thats it for the EDA, lets move onto the EXA.

Extrahop Explore Appliance

Extract the image.

cmd
tar -xvf extrahop-exa-5100v-xs-kvm-8.6.2.1446.tar.gz

# output
exa-5100v-xs-kvm/
exa-5100v-xs-kvm/exa-5100v-xs.xml\
                     nexa-5100v-xs-kvm/exa-5100v-xs.xml.md5
exa-5100v-xs-kvm/extrahop-boot.qcow2\
                     nexa-5100v-xs-kvm/extrahop-boot.qcow2.md5

Create a VM for the EXA.

cmd
qm create 202 \
--name exa01 --numa 0 --ostype l26 \
--cpu cputype=host --cores 4 --sockets 1 \
--memory 8192  \
--scsihw virtio-scsi-pci \
--net0 virtio,bridge=vmbr0,tag=20,firewall=0, \
--serial0 socket

Import the boot disk.

cmd
qm importdisk 202 /tmp/exa-5100v-xs-kvm/extrahop-boot.qcow2 local-lvm

# output
Successfully imported disk as 'unused0:local-lvm:vm-202-disk-0'

Attach the boot disk to the VM.

cmd
qm set 202 --scsi0 local-lvm:vm-202-disk-0

Make the bootdisk bootable.

cmd
qm set 202 --boot c --bootdisk scsi0

Create a second disk for metric storage.

cmd
qm set 202 -scsi1 local-lvm:100,format=raw

# output
update VM 202: -scsi1 local-lvm:100,format=raw
Logical volume "vm-202-disk-1" created.

Start the EXA VM.

cmd
qm start 202

Connect to the terminal and configure an IP address.

cmd
qm terminal 202

# Username: shell
# Password: default

enable
configure
interface 1
ip ipaddr 172.16.0.11 255.255.255.0 172.16.0.1 172.16.0.23
exit
running_config save
y
exit

Thats it for the EXA, now onto the ETA.

Extrahop Trace Appliance

Extract the image.

cmd
mkdir /tmp/eta-1150v/
tar -xvf extrahop-eda-1100v-kvm-8.6.2.1446.ova -C /tmp/eta-1150v/

# output
extrahop-eta-1150v-vmware.ovf
extrahop-eta-1150v-vmware.mf\
                     nextrahop-eta-1150v-vmware-disk1.vmdk
extrahop-eta-1150v-vmware-disk2.vmdk

Convert the boot and data disks from vmdk to qcow2 images.

cmd
/usr/bin/qemu-img convert -p -f vmdk -O qcow2 /tmp/eta-1150v/extrahop-eta-1150v-vmware-disk1.vmdk /tmp/eta-1150v/extrahop-boot.qcow2
/usr/bin/qemu-img convert -p -f vmdk -O qcow2 /tmp/eta-1150v/extrahop-eta-1150v-vmware-disk2.vmdk /tmp/eta-1150v/extrahop-data.qcow2

Create a VM for the ETA. The VM will have two interfaces, one for management and one for packet capture.

cmd
qm create 203 \
--name eta01 --numa 0 --ostype l26 \
--cpu cputype=host --cores 2 --sockets 1 \
--memory 16384  \
--scsihw virtio-scsi-pci \
--net0 virtio,bridge=vmbr0,tag=20,firewall=0, \
--net1 virtio,bridge=vmbr1,firewall=0, \
--serial0 socket

Import the boot disk.

cmd
qm importdisk 203 /tmp/eta-1150v/extrahop-boot.qcow2 local-lvm

# output
Successfully imported disk as 'unused0:local-lvm:vm-203-disk-0'

Attach the boot disk to the VM.

cmd
qm set 203 --scsi0 local-lvm:vm-203-disk-0

Make the bootdisk bootable.

cmd
qm set 203 --boot c --bootdisk scsi0

Import the data disk.

cmd
qm importdisk 203 /tmp/eta-1150v/extrahop-data.qcow2 local-lvm

# output
Successfully imported disk as 'unused1:local-lvm:vm-203-disk-1'

Attach the data disk to the VM.

cmd
qm set 203 --scsi1 local-lvm:vm-203-disk-1

Create a third disk for packet capture disk.

cmd
qm set 203 -scsi2 qnap-nfs1:100,format=qcow2

# output
update VM 203: -scsi2 qnap-nfs1:100,format=qcow2
Formatting '/mnt/pve/qnap-nfs1/images/203/vm-203-disk-0.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off preallocation=metadata compression_type=zlib size=53687091200 lazy_refcounts=off refcount_bits=16

Start the EDA VM.

cmd
qm start 203

Connect to the terminal and configure an IP address.

cmd
qm terminal 203

# Username: shell
# Password: default

enable
configure
interface 1
ip ipaddr 172.16.0.12 255.255.255.0 172.16.0.1 172.16.0.23
exit
running_config save
y
exit

Thats it for the ETA, lets move onto the ECA.

Extrahop Command Appliance

First, extract the image.

cmd
tar -xvf extrahop-eca-kvm-8.6.2.1446.tar.gz

# output
eca-kvm/
eca-kvm/extrahop-boot.qcow2
eca-kvm/extrahop-boot.qcow2.md5
eca-kvm/eca.xml
eca-kvm/extrahop-data.qcow2.md5
eca-kvm/extrahop-data.qcow2
eca-kvm/eca.xml.md5

Create a VM for the ECA.

cmd
qm create 204 \
--name eca01 --numa 0 --ostype l26 \
--cpu cputype=host --cores 2 --sockets 1 \
--memory 4096  \
--scsihw virtio-scsi-pci \
--net0 virtio,bridge=vmbr0,tag=20,firewall=0, \
--serial0 socket

Import the boot disk.

cmd
qm importdisk 204 /tmp/eca-kvm/extrahop-boot.qcow2 local-lvm

# output
Successfully imported disk as 'unused0:local-lvm:vm-204-disk-0'

Attach the boot disk to the VM.

cmd
qm set 204 --scsi0 local-lvm:vm-204-disk-0

Make the bootdisk bootable.

cmd
qm set 204 --boot c --bootdisk scsi0

Import the data disk.

cmd
qm importdisk 204 /tmp/eca-kvm/extrahop-data.qcow2 local-lvm

# output
Successfully imported disk as 'unused1:local-lvm:vm-204-disk-1'

Attach the data disk to the VM.

cmd
qm set 204 --scsi1 local-lvm:vm-204-disk-1

Start the ECA VM.

cmd
qm start 204

Connect to the terminal and configure an IP address.

cmd
qm terminal 204

# Username: shell
# Password: default

enable
configure
interface 1
ip ipaddr 172.16.0.13 255.255.255.0 172.16.0.1 172.16.0.23
exit
running_config save
y
exit

Thats it for the ECA, and also, thats it for the post.

Outro

In this post, I covered the process of importing the appliances into Proxmox. In a future post, I will show you how to configure a port mirror on Proxmox to forward traffic to the EDA capture port.