updated: 31st of March 2022
published: 14th of November 2021
In this post I will show you how to import the Extrahop Discovery Appliance (EDA) and the Extrahop Explore Appliance (EXA) into Proxmox.
The following software was used as part of this post.
This post assumes that you have already downloaded the images to the Proxmox host. I have downloaded them to the /tmp/ directory. Additionally, all commands will be run as the root user. With all that out of the way, lets get started.
First, extract the image.
tar -xvf extrahop-eda-1100v-kvm-8.6.2.1446.tar.gz
# output
eda-1100v-kvm/
eda-1100v-kvm/extrahop-boot.qcow2
eda-1100v-kvm/extrahop-boot.qcow2.md5
eda-1100v-kvm/eda-1100v.xml.md5
eda-1100v-kvm/extrahop-data.qcow2.md5
eda-1100v-kvm/eda-1100v.xml
eda-1100v-kvm/extrahop-data.qcow2Create a VM for the EDA. The VM will have two interfaces, one for management and one for packet capture.
qm create 201 \
--name eda01 --numa 0 --ostype l26 \
--cpu cputype=host --cores 2 --sockets 1 \
--memory 4096 \
--scsihw virtio-scsi-pci \
--net0 virtio,bridge=vmbr0,tag=20,firewall=0, \
--net1 virtio,bridge=vmbr1,firewall=0, \
--serial0 socketImport the boot disk.
qm importdisk 201 /tmp/eda-1100v-kvm/extrahop-boot.qcow2 local-lvm
# output
Successfully imported disk as 'unused0:local-lvm:vm-201-disk-0'Attach the boot disk to the VM.
qm set 201 --scsi0 local-lvm:vm-201-disk-0Make the bootdisk bootable.
qm set 201 --boot c --bootdisk scsi0Import the data disk.
qm importdisk 201 /tmp/eda-1100v-kvm/extrahop-data.qcow2 local-lvm
# output
Successfully imported disk as 'unused1:local-lvm:vm-201-disk-1'Attach the data disk to the VM.
qm set 201 --scsi1 local-lvm:vm-201-disk-1Create a third disk for an on box packet capture disk.
qm set 201 -scsi2 qnap-nfs1:50,format=qcow2
# output
update VM 201: -scsi2 qnap-nfs1:50,format=qcow2
Formatting '/mnt/pve/qnap-nfs1/images/201/vm-201-disk-0.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off preallocation=metadata compression_type=zlib size=53687091200 lazy_refcounts=off refcount_bits=16Start the EDA VM.
qm start 201Connect to the terminal and configure an IP address.
qm terminal 201
# Username: shell
# Password: default
enable
configure
interface 1
ip ipaddr 172.16.0.10 255.255.255.0 172.16.0.1 172.16.0.23
exit
running_config save
y
exitThats it for the EDA, lets move onto the EXA.
Extract the image.
tar -xvf extrahop-exa-5100v-xs-kvm-8.6.2.1446.tar.gz
# output
exa-5100v-xs-kvm/
exa-5100v-xs-kvm/exa-5100v-xs.xml
exa-5100v-xs-kvm/exa-5100v-xs.xml.md5
exa-5100v-xs-kvm/extrahop-boot.qcow2
exa-5100v-xs-kvm/extrahop-boot.qcow2.md5Create a VM for the EXA.
qm create 202 \
--name exa01 --numa 0 --ostype l26 \
--cpu cputype=host --cores 4 --sockets 1 \
--memory 8192 \
--scsihw virtio-scsi-pci \
--net0 virtio,bridge=vmbr0,tag=20,firewall=0, \
--serial0 socketImport the boot disk.
qm importdisk 202 /tmp/exa-5100v-xs-kvm/extrahop-boot.qcow2 local-lvm
# output
Successfully imported disk as 'unused0:local-lvm:vm-202-disk-0'Attach the boot disk to the VM.
qm set 202 --scsi0 local-lvm:vm-202-disk-0Make the bootdisk bootable.
qm set 202 --boot c --bootdisk scsi0Create a second disk for metric storage.
qm set 202 -scsi1 local-lvm:100,format=raw
# output
update VM 202: -scsi1 local-lvm:100,format=raw
Logical volume "vm-202-disk-1" created.Start the EXA VM.
qm start 202Connect to the terminal and configure an IP address.
qm terminal 202
# Username: shell
# Password: default
enable
configure
interface 1
ip ipaddr 172.16.0.11 255.255.255.0 172.16.0.1 172.16.0.23
exit
running_config save
y
exitThats it for the EXA, now onto the ETA.
Extract the image.
mkdir /tmp/eta-1150v/
tar -xvf extrahop-eda-1100v-kvm-8.6.2.1446.ova -C /tmp/eta-1150v/
# output
extrahop-eta-1150v-vmware.ovf
extrahop-eta-1150v-vmware.mf
extrahop-eta-1150v-vmware-disk1.vmdk
extrahop-eta-1150v-vmware-disk2.vmdkConvert the boot and data disks from vmdk to qcow2 images.
/usr/bin/qemu-img convert -p -f vmdk -O qcow2 /tmp/eta-1150v/extrahop-eta-1150v-vmware-disk1.vmdk /tmp/eta-1150v/extrahop-boot.qcow2
/usr/bin/qemu-img convert -p -f vmdk -O qcow2 /tmp/eta-1150v/extrahop-eta-1150v-vmware-disk2.vmdk /tmp/eta-1150v/extrahop-data.qcow2Create a VM for the ETA. The VM will have two interfaces, one for management and one for packet capture.
qm create 203 \
--name eta01 --numa 0 --ostype l26 \
--cpu cputype=host --cores 2 --sockets 1 \
--memory 16384 \
--scsihw virtio-scsi-pci \
--net0 virtio,bridge=vmbr0,tag=20,firewall=0, \
--net1 virtio,bridge=vmbr1,firewall=0, \
--serial0 socketImport the boot disk.
qm importdisk 203 /tmp/eta-1150v/extrahop-boot.qcow2 local-lvm
# output
Successfully imported disk as 'unused0:local-lvm:vm-203-disk-0'Attach the boot disk to the VM.
qm set 203 --scsi0 local-lvm:vm-203-disk-0Make the bootdisk bootable.
qm set 203 --boot c --bootdisk scsi0Import the data disk.
qm importdisk 203 /tmp/eta-1150v/extrahop-data.qcow2 local-lvm
# output
Successfully imported disk as 'unused1:local-lvm:vm-203-disk-1'Attach the data disk to the VM.
qm set 203 --scsi1 local-lvm:vm-203-disk-1Create a third disk for packet capture disk.
qm set 203 -scsi2 qnap-nfs1:100,format=qcow2
# output
update VM 203: -scsi2 qnap-nfs1:100,format=qcow2
Formatting '/mnt/pve/qnap-nfs1/images/203/vm-203-disk-0.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off preallocation=metadata compression_type=zlib size=53687091200 lazy_refcounts=off refcount_bits=16Start the EDA VM.
qm start 203Connect to the terminal and configure an IP address.
qm terminal 203
# Username: shell
# Password: default
enable
configure
interface 1
ip ipaddr 172.16.0.12 255.255.255.0 172.16.0.1 172.16.0.23
exit
running_config save
y
exitThats it for the ETA, lets move onto the ECA.
First, extract the image.
tar -xvf extrahop-eca-kvm-8.6.2.1446.tar.gz
# output
eca-kvm/
eca-kvm/extrahop-boot.qcow2
eca-kvm/extrahop-boot.qcow2.md5
eca-kvm/eca.xml
eca-kvm/extrahop-data.qcow2.md5
eca-kvm/extrahop-data.qcow2
eca-kvm/eca.xml.md5Create a VM for the ECA.
qm create 204 \
--name eca01 --numa 0 --ostype l26 \
--cpu cputype=host --cores 2 --sockets 1 \
--memory 4096 \
--scsihw virtio-scsi-pci \
--net0 virtio,bridge=vmbr0,tag=20,firewall=0, \
--serial0 socketImport the boot disk.
qm importdisk 204 /tmp/eca-kvm/extrahop-boot.qcow2 local-lvm
# output
Successfully imported disk as 'unused0:local-lvm:vm-204-disk-0'Attach the boot disk to the VM.
qm set 204 --scsi0 local-lvm:vm-204-disk-0Make the bootdisk bootable.
qm set 204 --boot c --bootdisk scsi0Import the data disk.
qm importdisk 204 /tmp/eca-kvm/extrahop-data.qcow2 local-lvm
# output
Successfully imported disk as 'unused1:local-lvm:vm-204-disk-1'Attach the data disk to the VM.
qm set 204 --scsi1 local-lvm:vm-204-disk-1Start the ECA VM.
qm start 204Connect to the terminal and configure an IP address.
qm terminal 204
# Username: shell
# Password: default
enable
configure
interface 1
ip ipaddr 172.16.0.13 255.255.255.0 172.16.0.1 172.16.0.23
exit
running_config save
y
exitThats it for the ECA, and also, thats it for the post 😊
In this post, I covered the process of importing the appliances into Proxmox. In a future post, I will show you how to configure a port mirror on Proxmox to forward traffic to the EDA capture port.
https://docs.extrahop.com/8.6/deploy-eda-kvm/
https://docs.extrahop.com/8.6/deploy-exa-kvm/