VMWare Workstation Player/Pro Installation Guide: Difference between revisions

Access restrictions were established for this page. If you see this message, you have no access to this page.

Latest revision as of 08:26, 17 February 2021

This Guide describes how the Allegro Network Multimeter Virtual Edition can be set up with a VMWare Workstation. The Allegro Virtual Edition is designed for 2 use cases. It can analyze pcap captures or packet ring buffers of unlimited size for forensic investigation or it can analyze live traffic from virtual machines by a virtual Mirror Port or ERSPAN.

General

DISCLAIMER

Be aware that an activated ring buffer can degrade the I/O performance for all VMs. It is recommended to use one or more dedicated HDDs or SSDs for the ring buffer to prevent side effects to other VMs.

System requirements

This Guide requires a VMWare Workstation Player or Pro. 15.5.2 or newer. Note that the non-commercial version (VMWare Workstation Player) also works with the Allegro Virtual Edition if you are testing it for personal use only. Please review the License restrictions of the VMWare Workstation Player.

The system requirement of the virtual machine is:

x86 64-Bit Intel/AMD CPU with SSE4.2 support (since 2011)
4 CPU-Cores
at least 2GB RAM for the In-Memory-DB, the larger the better
20GB free disk space

Allegro Virtual Edition installation image

Contact Allegro or your reseller to download the current Allegro Virtual Edition installation zip archive.

Installation

Zip file extraction

Extract the zip archive. It should contain the 3 files “allegro-multimeter.ovf”, “allegro-multimeter.vmdk” and “allegro-multimeter-virtualbox.ovf”.

Allegro Virtual Edition deployment to VMWare Workstation

Download, install and Open VMWare Workstation (see https://www.vmware.com/):

Import the VM with “Open Virtual Machine” and select the "allegro-multimeter.ovf" file from the extracted zip archive.

Next, specify the location on your disk, set a name and import the Allegro Virtual Edition.

The Allegro Virtual Edition will be imported. Once this is complete, you can edit the settings of the Allegro. Note that the first interface is used for Management access and requires a network with a DHCP server. The second network port is used as a data plane. The Allegro Virtual Edition analyzes all traffic on this network port. By default, both ports are bridged to your local network. You can change the first port to NAT to allow only access from your local PC. You can also change the settings later at any time.

Install USB License dongle

If the Allegro Virtual Edition was shipped with an USB License dongle, plug the dongle into an unused USB port of the VMWare host. The dongle must be connected to the Allegro Virtual Edition. When powered off, edit the settings of the Allegro Virtual Edition and add the USB dongle to it. Select a “Feitian HID Dongle” or similar.

Initial startup

Follow the VMWare ESXI Installation Guide#Initial startup. The startup is identical for ESXI and Workstations.

Mirroring virtual interface

The Allegro Virtual Edition has by default 2 network interfaces. The first port is used for Management, the second is used as capture port. The Allegro Virtual Edition will analyze all traffic received by this network port.

Enable the promiscuous mode for the second port if you would like to analyze all incoming packets. As of now, this configuration cannot be done in the VMWare Workstation GUI and it does not work for all physical interfaces.

Navigate to your VMWare directory (by default: Documents\Virtual Machines) and edit the vmx file. There add the line: "ethernet1.noPromisc = "FALSE"

Packet ring buffer and pcap storage

You can add one or multiple virtual disks to the Allegro Virtual Edition.

When powered off, edit the settings of the Allegro Virtual Edition in the VMWare Workstation and add click the "Add..." Button.

Then use the default value and add the disk as a SCSI device.

Next, select new disk or use an existing one.

If you selected a new disk, set the size in the next dialogue.

Next, review the configuration and complete it. Once it is done, start the Allegro Virtual Edition. If correctly configured, you can enable the packet ring buffer as described in Ring Buffer Configuration Guide. Note that a real-time capture of packets require high write rates to your storage device. We recommend you use dedicated disks for the ring buffer to avoid performance issues on other virtual machines.

Encapsulated remote mirroring (L3) source

The Allegro Virtual Edition supports the VMware Encapsulated remote mirroring (L3) source with the ERSPAN Mode. You can set up an IP address on the capture port and send encapsulated packets to the Allegro. See the VMWare VSphere documentation center for Encapsulated remote mirroring (L3) source.

@@ Line 1: / Line 1: @@
-This guide describes how the Allegro Network Multimeter Virtual Edition can be set up with VMWare Workstation. The Allegro Virtual Edition is designed for 2 use cases. It can analyze [[Parallel Packet processing|pcap captures]] or [[Ring Buffer Configuration Guide|packet ring buffers]] of unlimited size for forensic investigation or it can analyze live traffic from virtual machines by a virtual Mirror Port or [[ERSPAN Installation|ERSPAN]].
+This Guide describes how the Allegro Network Multimeter Virtual Edition can be set up with a VMWare Workstation. The Allegro Virtual Edition is designed for 2 use cases. It can analyze [[Parallel packet processing|pcap captures]] or [[Ring Buffer Configuration Guide|packet ring buffers]] of unlimited size for forensic investigation or it can analyze live traffic from virtual machines by a virtual Mirror Port or [[ERSPAN Installation|ERSPAN]].
 == General ==
@@ Line 9: / Line 9: @@
 === System requirements ===
-This guide requires a VMWare Workstation 15.5.2 or newer. Please note that Allegro Virtual Edition with the non-commercial version ( VMWare Workstation Player ) if you are testing it for personal use only. Please review the license restrictions of the VMWare Workstation Player.
+This Guide requires a VMWare Workstation Player or Pro. 15.5.2 or newer. Note that the non-commercial version (VMWare Workstation Player) also works with the Allegro Virtual Edition if you are testing it for personal use only. Please review the License restrictions of the VMWare Workstation Player.
 The system requirement of the virtual machine is:
-* x86 64-Bit Intel/AMD CPU with SSE4.2 support ( since 2011 )
+* x86 64-Bit Intel/AMD CPU with SSE4.2 support (since 2011)
 * 4 CPU-Cores
 * at least 2GB RAM for the In-Memory-DB, the larger the better
 * 20GB free disk space
-=== Virtual Machine image ===
+=== Allegro Virtual Edition installation image ===
-Please contact [https://allegro-packets.com/en/contact Allegro] or your reseller to download the current Allegro Virtual Edition installation zip archive.
+Contact [https://allegro-packets.com/en/contact Allegro] or your reseller to download the current Allegro Virtual Edition installation zip archive.
 == Installation ==
@@ Line 25: / Line 25: @@
 === Zip file extraction ===
-Please extract the the zip archive. It should contain the 3 files “allegro-multimeter.ovf”, “allegro-multimeter.vmdk” and “allegro-multimeter-virtualbox.ovf”.
+Extract the zip archive. It should contain the 3 files “allegro-multimeter.ovf”, “allegro-multimeter.vmdk” and “allegro-multimeter-virtualbox.ovf”.
-=== OVF deployment to VMWare ESXi ===
+=== Allegro Virtual Edition deployment to VMWare Workstation ===
-Log in to VMWare ESXi.
+Download, install and Open VMWare Workstation (see [https://www.vmware.com/ https://www.vmware.com/]):
-[[File:Esxi login.png|400px]]
+[[File:Workstation player dashboard.png|600px]]
-Once you have logged in, navigate to “Virtual Machines”
-[[File:Esxi dashboard.png|600px]]
-Create a new VM with “Create / Register VM” and select the option “Deploy a virtual machine from an OVF or OVA file”.
+Import the VM with “Open Virtual Machine” and select the "allegro-multimeter.ovf" file from the extracted zip archive.
-[[File:Esxi create new vm.png|600px]]
-Press “Next”, use a preferred name for the Allegro and drag/drop the 2 files into the window and press “Next”.
-[[File:Esxi create new vm step 2.png|600px]]
+[[File:Workstation player import.png|600px]]
-Select your data storage for the Allegro. This storage will be used as the boot partition and to store the configuration of the Allegro Virtual Edition and does not require a high-speed disk. It will not store the packet ring buffer.
+Next, specify the location on your disk, set a name and import the Allegro Virtual Edition.
-[[File:Esxi create new vm select storage.png|600px]]
-The deployment options allow you to select the network mapping for the MGT port and the disk provisioning.
-[[File:Esxi create new vm management.png|600px]]
+[[File:Workstation player import 2.png|600px]]
-Please double-check all options in the next dialogue and press finish if everything is fine.
-[[File:Esxi create new vm finish.png|600px]]
+The Allegro Virtual Edition will be imported. Once this is complete, you can edit the settings of the Allegro. Note that the first interface is used for Management access and requires a network with a DHCP server. The second network port is used as a data plane. The Allegro Virtual Edition analyzes all traffic on this network port. By default, both ports are bridged to your local network. You can change the first port to NAT to allow only access from your local PC. You can also change the settings later at any time.
-The upload and import of the Allegro Virtual Edition will start. Please be patient until it is finished.
-[[File:Esxi import.png|600px]]
+[[File:Workstation player settings.png|600px]]
 === Install USB License dongle ===
-If the Allegro Virtual Edition is shipped with an USB License dongle, plug the dongle into an unused USB port of the VM host. The dongle must be connected to the virtual machine. When powered off, press “Edit” in the Vmware ESXi host and click on “Add other device”. Choose “USB device”. A new entry on the bottom of the hardware list appears. Please select a “Feitian HID Dongle” or similar.
+If the Allegro Virtual Edition was shipped with an USB License dongle, plug the dongle into an unused USB port of the VMWare host. The dongle must be connected to the Allegro Virtual Edition. When powered off, edit the settings of the Allegro Virtual Edition and add the USB dongle to it. Select a “Feitian HID Dongle” or similar.
-[[File:License dongle.png|600px]]
 == Initial startup ==
-=== Powering on ===
+Follow the [[VMWare ESXI Installation Guide#Initial startup]]. The startup is identical for ESXI and Workstations.
-Power on the virtual machine when the import has been successful. The Allegro Virtual Edition will boot, prepare the installation and reboot once.
+== Mirroring virtual interface ==
-The VM will seek for an IP address via DHCP on the MGT port. Check the screen output for an assigned IP address.
-[[File:Esxi allegro screen.png|600px]]
-You can now connect to the IP address with your browser, in our case https://10.54.0.220/ . The browser will show a certificate warning. Accept it to access the login screen.
+The Allegro Virtual Edition has by default 2 network interfaces. The first port is used for Management, the second is used as capture port. The Allegro Virtual Edition will analyze all traffic received by this network port.
-[[File:Esxi allegro login.png|600px]]
+Enable the promiscuous mode for the second port if you would like to analyze all incoming packets. As of now, this configuration cannot be done in the VMWare Workstation GUI and it does not work for all physical interfaces.
-Please use the following login credentials; user “admin” and password “allegro”.
-=== License ===
+Navigate to your VMWare directory (by default: Documents\Virtual Machines) and edit the vmx file. There add the line: "ethernet1.noPromisc = "FALSE"
-If the Allegro Virtual Edition was shipped with a USB License dongle and it has been correctly installed, the License is validated and the Allegro should activate.
-The serial number of the Allegro Virtual Edition would be e.g. “dongle: 1234567890” and is displayed in the serial number box under “Settings” -> “License upload”. If it is not displayed even though the dongle has been correctly installed, please contact Allegro support.
+[[File:Workstation player promisc mode.png|600px]]
-If the Allegro Virtual Edition was shipped without an USB License dongle, please follow the following steps. In the web interface a warning is shown that the Allegro Virtual Edition does not yet have a License.
+== Packet ring buffer and pcap storage ==
-[[File:Esxi allegro license.png|400px]]
+You can add one or multiple virtual disks to the Allegro Virtual Edition.
-Navigate to “Settings” -> “License upload” and send the system serial number to testlicense@allegro-packets.com.
-Allegro Packets will issue a test License for you that can be installed by the “Upload new License button”.
+When powered off, edit the settings of the Allegro Virtual Edition in the VMWare Workstation and add click the "Add..." Button.
-Once the test License is applied, it will show you the License details similar to this output:
+[[File:Workstation player add hard disk.png|600px]]
-[[File:Esxi allegro license details.png|400px]]
+Then use the default value and add the disk as a SCSI device.
-The Allegro Virtual Edition is now running and analyzes all packets on the capture port.
-== Mirroring virtual interface ==
+[[File:Workstation player select scsi.png|600px]]
-The Allegro Virtual Edition has by default 2 network interfaces. The first port is used for Management, the second is used as capture port. The Allegro Virtual Edition will analyze all traffic received by this network port.
+Next, select new disk or use an existing one.
-Please enable the promiscuous mode for the vwsitch to allow the Allegro Virtual Edition to monitor all packets from on a VMWare vswitch.
+[[File:Workstation player create new disk.png|600px]]
-[[File:Esxi switch allow promicuous mode.png|900px]]
-== Packet ring buffer and pcap storage ==
-You can add one or multiple virtual disks to the Allegro Virtual Edition.
-When powered off, press “Edit” in the Vmware ESXi host and add a new HDD.
+If you selected a new disk, set the size in the next dialogue.
-[[File:Esxi add hdd.png]]
+[[File:Workstation player select size.png|600px]]
-If done, you can enable the packet ring buffer as described in [[Ring Buffer Configuration Guide]].
+Next, review the configuration and complete it. Once it is done, start the Allegro Virtual Edition.
-Please note that a real-time capture of packets require high write rates to your storage device. Please use dedicated disks for the ring buffer to avoid performance issues on other virtual machines.
+If correctly configured, you can enable the packet ring buffer as described in [[Ring Buffer Configuration Guide]].
+Note that a real-time capture of packets require high write rates to your storage device. We recommend you use dedicated disks for the ring buffer to avoid performance issues on other virtual machines.
 == Encapsulated remote mirroring (L3) source ==
-The Allegro Virtual Edition supports the VMware '''Encapsulated remote mirroring (L3) source''' with the [[ERSPAN Installation|ERSPAN Mode]]. You can set up an IP address on the capture port and send encapsulated packets to the Allegro. Please see the Vsphere documentation center for Encapsulated remote mirroring (L3) source.
+The Allegro Virtual Edition supports the VMware '''Encapsulated remote mirroring (L3) source''' with the [[ERSPAN Installation|ERSPAN Mode]]. You can set up an IP address on the capture port and send encapsulated packets to the Allegro. See the VMWare VSphere documentation center for Encapsulated remote mirroring (L3) source.