Hyper-V Installation Guide

From Allegro Packets Product Wiki
Jump to navigation Jump to search

This guide describes how the Allegro Network Multimeter Virtual Edition can be set up with Hyper-V under Windows 11.

The Allegro Virtual Edition is designed for 2 use cases.

  1. It can analyze pcap captures or packet ring buffers of unlimited size for forensic investigation and/or
  2. it can analyze live traffic from virtual machines by a virtual Mirror Port or ERSPAN.

General

DISCLAIMER

Packet analysis is resource intensive. Running the Allegro Packets VM on your own hardware and its performance outcome is warranted “as is”. Our support will be limited.

Be aware that an activated ring buffer can (heavily) degrade the I/O performance for all VMs. It is strongly recommended to use one or more dedicated HDDs or SSDs for the ring buffer, to prevent side effects on other VMs.

System requirements

This guide has been tested with Windows 11 Enterprise.

The system requirement of the virtual machine is:

  • x86 64-Bit Intel/AMD CPU with SSE4.2 support (since 2011)
  • 4 CPU-Cores
  • at least 2GB RAM for the In-Memory-DB, the larger the better
  • 20GB free disk space

Virtual Machine image

Please contact Allegro or your reseller to download the current Allegro Virtual Edition installation zip archive.

Installation

Zip file extraction

Please extract the zip archive. It should contain a single file “allegro-image-X.X.X.vhdx” where X.X.X is the version number of the release. 

Creating a Hyper-V virtual machine in the Hyper-V Manager.

Open the Hyper-V Manager

Hyper-V Manager start.png

Create a new virtual machine under "Actions" → “New” → "Virtual Machine ...".

Follow the wizard by first giving a name to the virtual machine.

When asked to "Specify Generation" choose "Generation 2".

Hyperv-generation.png

On the "Assign Memory" page set the startup memory to at least 2048 MB.

On the "Configure Network" page select the network connection that you want the Allegro Virtual Edition management interface to be connected to.

Hyperv-managemnent-nic.png

On the "Connect Virtual Hard Disk" select the option "Use an existing virtual hard disk" and select the “allegro-image-X.X.X.vhdx” that was extracted from the ZIP archive.

Hyperv-hard-disk.png

Finish the wizard to create the virtual machine.

Add an additional network interface to the virtual machine, disable "Secure boot" and set the processor count

Edit the settings for the virtual machine under "Actions" → “Settings...”

With the "Add hardware" item selected "Network Adapter" and click "Add".

Hyperv-other-nic.png

Choose the virtual switch that you want the Allegro Virtual Edition monitoring interface to be connected to and click "Apply".

Now select the "Security" item and unselect the "Enable Secure Boot" checkbox as this is not supported by the Allegro Virtual Edition. Click on "Apply" to save the setting.

Hyperv-secure-boot.png

Now select the "Processor" item and change the "Number of virtual processors" to at least 4. Click on "Apply" to save the settings.

Hyperv-processor-count.png

Packet ring buffer and pcap storage

For the ring buffer to work, you need to add an additional virtual disk (or more) to the Allegro Virtual Edition.

With the "Add hardware" item selected again this time choose "SCSI Controller" and click "Add".

Hyperv-scsi-controller.png

Leave the default type "Hard drive" and click "Add".

The controller location 0 will be in use so choose 1.

Hyperv-scsi-controller-location.png

In the "media" section with "Virtual hard disk" selected click on "New".

This will open a wizard and on the "Choose disk type" page select "Fixed size" for best performance.

Hyperv-disk-type-fixed.png

Follow the wizard to create a "blank virtual hard disk" with the desired size for the packet ring buffer and after the wizard is finished click on "Apply" to save the settings.


When done, power on the Allegro VM and go to menu GenericStorage, to check if the Allegro Network Multimeter has detected a storage device.

Here an example of 1 attached/configured disk:

Hyperv-storage.png

Here, on the GenericStorage page, you can prepare the disks to be used by the Allegro by clicking the "Format" button.

This will erase all content on the disk and create the filesystem for the Allegro. You can also activate and deactivate the storage device for pcap files here.

For more information on the ring buffer, please review the corresponding page here → Ring Buffer Configuration Guide.

Disclaimer: Be aware that an activated ring buffer can (heavily) degrade the I/O performance for all VMs.

It is strongly recommended to use one or more dedicated HDDs or SSDs for the ring buffer, to prevent side effects on other VMs.

Initial startup

Powering on

Power on the virtual machine. The Allegro Virtual Edition will boot, prepare the installation and reboot once. The VM will seek for an IP address via DHCP on the MGT port. Check the screen output for an assigned IP address.

Esxi allegro screen.png

You can now connect to the IP address with your browser, in our case https://10.54.0.220/ . The browser will show a certificate warning. Accept it to access the login screen.

Esxi allegro login.png

Please use the following login credentials; user “admin” and password “allegro”.

License

Esxi allegro license.png

Navigate to “Settings” -> “License upload” and send the system serial number to testlicense@allegro-packets.com.

Allegro Packets will issue a test License for you that can be installed by the “Upload new License button”.

Once the test License is applied, it will show you the License details similar to this output:

Esxi allegro license details.png

The Allegro Virtual Edition is now running and analyzes all packets on the capture port.

Encapsulated remote mirroring (L3) source

The Allegro Virtual Edition supports the VMware Encapsulated remote mirroring (L3) source with the ERSPAN Mode. You can set up an IP address on the capture port and send encapsulated packets to the Allegro.