VMWare Workstation Player/Pro Installation Guide
This guide describes how the Allegro Network Multimeter Virtual Edition can be set up with VMWare Workstation. The Allegro Virtual Edition is designed for 2 use cases. It can analyze pcap captures or packet ring buffers of unlimited size for forensic investigation or it can analyze live traffic from virtual machines by a virtual Mirror Port or ERSPAN.
General
DISCLAIMER
Be aware that an activated ring buffer can degrade the I/O performance for all VMs. It is recommended to use one or more dedicated HDDs or SSDs for the ring buffer to prevent side effects to other VMs.
System requirements
This guide requires a VMWare Workstation Player or Pro. 15.5.2 or newer. Please note that the non-commercial version ( VMWare Workstation Player ) also works with Allegro Virtual Edition if you are testing it for personal use only. Please review the license restrictions of the VMWare Workstation Player.
The system requirement of the virtual machine is:
- x86 64-Bit Intel/AMD CPU with SSE4.2 support ( since 2011 )
- 4 CPU-Cores
- at least 2GB RAM for the In-Memory-DB, the larger the better
- 20GB free disk space
Virtual Machine image
Please contact Allegro or your reseller to download the current Allegro Virtual Edition installation zip archive.
Installation
Zip file extraction
Please extract the the zip archive. It should contain the 3 files “allegro-multimeter.ovf”, “allegro-multimeter.vmdk” and “allegro-multimeter-virtualbox.ovf”.
OVF deployment to VMWare Workstation
Download, install and Open VMWare Workstation ( see https://www.vmware.com/ ):
Import the VM with “Open a Virtual Machine” and select the "allegro-muiltimeter.ovf" file from the extracted zip archive.
Now specify the location on your disk, set a name and import the VM.
The Allegro Virtual Edition is bein imported. Once this is done, you can edit the settings of the VM. Please note that the first interface is used for the Management Access and requires a network with DHCP server. The second network port is used as data plane. The Virtual Edition analyzes all traffic on this network port. By default, both ports are bridged to your local network. You can change the first port to NAT to allow only access from your local PC. You can also change the settings later at any time.
Install USB License dongle
If the Allegro Virtual Edition is shipped with an USB License dongle, plug the dongle into an unused USB port of the VM host. The dongle must be connected to the virtual machine. When powered off, edit the settings of the VM. and add the USB dongle to it. Please select a “Feitian HID Dongle” or similar.
Initial startup
Please follow the VMWare ESXI Installation Guide#Initial startup. The Startup is identical for ESXI and Workstation.
Mirroring virtual interface
The Allegro Virtual Edition has by default 2 network interfaces. The first port is used for Management, the second is used as capture port. The Allegro Virtual Edition will analyze all traffic received by this network port.
Please enable the promiscuous mode for the vwsitch to allow the Allegro Virtual Edition to monitor all packets from on a VMWare vswitch.
Packet ring buffer and pcap storage
You can add one or multiple virtual disks to the Allegro Virtual Edition.
When powered off, press “Edit” in the Vmware ESXi host and add a new HDD.
If done, you can enable the packet ring buffer as described in Ring Buffer Configuration Guide. Please note that a real-time capture of packets require high write rates to your storage device. Please use dedicated disks for the ring buffer to avoid performance issues on other virtual machines.
Encapsulated remote mirroring (L3) source
The Allegro Virtual Edition supports the VMware Encapsulated remote mirroring (L3) source with the ERSPAN Mode. You can set up an IP address on the capture port and send encapsulated packets to the Allegro. Please see the Vsphere documentation center for Encapsulated remote mirroring (L3) source.