# Introduction and requirements

## Introduction

This guide is intended to help customers or partners deploy virtual Sensors (vSensors) in Nutanix environments and pair them to your Vectra Brain. It will cover basic background information, connectivity requirements (firewall rules that may be needed in your environment), deployment of the vSensor, and pairing.

vSensors behave much in the same way that physical Sensors do. One advantage is that there is no cost to deploy a vSensor other than your own costs to provide and maintain the infrastructure they run in. vSensors also allow you to capture and analyze traffic that only exists in the virtual environment.

Nutanix vSensors can be used in both Respond UX and Quadrant UX deployments. For more detail on Respond UX vs Quadrant UX please see [Vectra Analyst User Experiences (Respond vs Quadrant)](https://docs.vectra.ai/deployment/getting-started/analyst-ux-options-rux-vs-qux). One of the below guides should be the starting point for your overall Vectra deployment:

* [Vectra Respond UX Deployment Guide](https://docs.vectra.ai/deployment/getting-started/respond-ux-deployment-guide)
* [Vectra Quadrant UX Deployment Guide](https://docs.vectra.ai/deployment/getting-started/quadrant-ux-deployment)

For customers who run VMware vSphere ESXi hypervisors in Nutanix AOS environments, this is a supported configuration. Please see [Support for Nutanix Management of VMware vSphere (ESXi)](#support-for-nutanix-management-of-vmware-vsphere-esxi) for details.

{% hint style="info" %}
**Please Note:**

Please see [Deployment and traffic capture options](https://docs.vectra.ai/deployment/ndr-virtual-cloud-appliances/nutanix-vsensor/nutanix-traffic-capture-options) (the next page in this guide) for additional guidance on choosing between Service Chaining 1.0 and Traffic Mirroring to steer traffic to your Vectra vSensor.

The steps to deploy the Vectra vSensor will be different depending on your traffic steering method.
{% endhint %}

**For Service Chaining 1.0:**

* Capture of virtual traffic is done by a network function NIC that must be added at the ACLI and uses Prism Central REST API calls to create and direct subnets to the NIC via a network function chain.
* Only VLAN Basic subnets are supported. NCVLANs (Network Controller VLANs or VLAN subnets) are not supported with Service Chaining 1.0.
* Nutanix has a [public KB](https://portal.nutanix.com/kb/12833) that describes service chain integration at a high level.
  * Vectra does not automate network function chain integration on behalf of the customer.
* Only TAP mode is supported for the network function chain.
  * Inline mode (unsupported) is typically used for firewall type devices that are inline.
* This guide will provide steps that can be used to create the service chain for vSensor deployment in TAP mode and direct an entire AHV network (including VM to VM traffic) to the vSensor.
  * Other traffic direction options such as using flow security policies or directing a single VM NIC to the vSensor are not covered in this guide but are also possible.

{% hint style="warning" %}
**It is strongly recommended, by both Nutanix and Vectra, that if you are not already familiar with network function chain implementation using Prism Central REST API calls, you should engage the Nutanix account team to evaluate the exact requirements and work with Nutanix Services to assist with manual or scripted network function chain implementation.**
{% endhint %}

**For Traffic Mirroring:**

* Both VLAN Basic subnets and NCVLANs are supported.
* Physical network traffic capture is possible by mirroring a host port or bonded host port on a node.
* Traffic mirroring requires a Mirror Destination NIC to be added to the vSensor for traffic capture (not a network function NIC). A traffic mirroring session would use this capture NIC as the destination.

## About Nutanix vSensor Images

The Brain makes an image available in QCOW2 format for download and subsequent use while deploying Nutanix vSensors. Vectra appliances typically operate with updates enabled. Regular updates ensure that the appliances are running the very latest version. Deployed Sensors and vSensors also update regularly from the Brain. Once a vSensor has been deployed and paired to the Brain, it will be updated from and stay current with its paired Brain.

{% hint style="info" %}
**Please Note:**

As your Vectra Brain is updated, the image for a Nutanix vSensor is also updated.

If you deploy additional Nutanix vSensors in the future, always download a fresh copy of the image from an up-to-date Brain to ensure you are working with the latest code.
{% endhint %}

## Nutanix vSensor Requirements and Performance

Vectra supports Nutanix for customers choosing to deploy virtual Sensors (vSensors) to capture virtual traffic. Vectra also supports deployment of a [Nutanix Brain](https://docs.vectra.ai/deployment/ndr-virtual-cloud-appliances/nutanix-brain).

**Nutanix Version Requirements**

All configurations need at least: **AOS: 5.20.3.5** / **AHV: 20201105.2267**

{% hint style="info" %}
**Please Note:**

AOS 6.8 is incompatible, while 6.8.1 and higher of 6.8 branch is ok.
{% endhint %}

**Nutanix vSensor Configurations**

<table><thead><tr><th width="129.6171875" align="center">Capture Ports</th><th width="87.421875" align="center">Cores</th><th width="104.5703125" align="center">Memory</th><th width="101.4609375" align="center">Storage</th><th width="132.6875" align="center">Performance</th><th width="161.61328125" align="center">Performance (Match)</th></tr></thead><tbody><tr><td align="center">1</td><td align="center">2</td><td align="center">8 GB</td><td align="center">100 GB</td><td align="center">500 Mbps</td><td align="center">250 Mbps</td></tr><tr><td align="center">1</td><td align="center">4</td><td align="center">8 GB</td><td align="center">150 GB</td><td align="center">1 Gbps</td><td align="center">500 Mbps</td></tr><tr><td align="center">1</td><td align="center">8</td><td align="center">16 GB</td><td align="center">150 GB</td><td align="center">2 Gbps</td><td align="center">1 Gbps</td></tr><tr><td align="center">1</td><td align="center">16</td><td align="center">64 GB</td><td align="center">500 GB</td><td align="center">5 Gbps</td><td align="center">2.5 Gbps</td></tr></tbody></table>

{% hint style="info" %}
**Please Note:**

* Performance (Match)
  * This represents performance with NDR/Detect and [Match](https://open-2v.gitbook.com/url/preview/site_D1dQb/~/revisions/kVS7dVYCfxiMiy9hIuWA/deployment/match/deployment) and/or [Suspect Protocol Activity](https://open-2v.gitbook.com/url/preview/site_D1dQb/~/revisions/kVS7dVYCfxiMiy9hIuWA/operations/general/suspect-protocol-activity-detections-feature-overview) detections enabled.
* Nutanix vSensors also require a management port that is separate from the capture port.
* Vectra recommends that Sensors are configured to use storage local to the hypervisor and are not stored on a SAN. Vectra vSensors require extremely high throughput from their disk storage and this throughput cannot normally be sustained by SAN systems without impact to other SAN users.
  {% endhint %}

## Connectivity Requirements

The [Vectra Respond UX Deployment Guide](https://docs.vectra.ai/deployment/getting-started/respond-ux-deployment-guide) or [Vectra Quadrant UX Deployment Guide](https://docs.vectra.ai/deployment/getting-started/quadrant-ux-deployment) detail basic connectivity requirements for initial platform deployment. It also gives guidance on firewall/proxy SSL inspection, Internet access to and from the Vectra Brain, and guidance for air-gapped environments. For full detail on all possible firewall rules that might be required in your environment, please see the [Firewall Requirements for Vectra Appliances](https://docs.vectra.ai/deployment/getting-started/firewall-requirements) KB.

**Connectivity Requirements for Nutanix vSensors**

| **Source**  | **Destination** | **Protocol/Port**                         | **Description**                                       |
| ----------- | --------------- | ----------------------------------------- | ----------------------------------------------------- |
| Admin Hosts | vSensors        | TCP/22 (SSH)                              | CLI access to vSensor                                 |
| Brain       | vSensors        | TCP/22 (SSH)                              | Remote management and troubleshooting                 |
| vSensors    | Brain           | <p>TCP/22 (SSH)</p><p>TCP/443 (HTTPS)</p> | Pairing, metadata transfer, and ongoing communication |

{% hint style="info" %}
**Please Note:**

* vSensors do not communicate with the Vectra Cloud.
* All communication sessions with vSensors are initiated from the vSensor to the Brain.
* Updates for vSensors are downloaded to the Vectra Brain and the vSensor retrieves them from the Brain.
* Command line access to the vSensor can also be obtained via the console in your hypervisor.
  {% endhint %}

## Support for Nutanix Management of VMware vSphere (ESXi)

Nutanix environments can use multiple hypervisors such as VMware vSphere ESXi or Hyper-V in addition to its native AHV hypervisor. In such environments, customers will often share overall management of the individual hypervisors and/or VMs running on them between Nutanix Prism Central and VMware vCenter or the embedded host client for ESXi.

In the case of running ESXi hosts with Nutanix Prism, administrators should use the VMware vSensor image and not the Nutanix vSensor image for deployment. Instructions for deploying the VMware vSensor are available in the [VMware vSensor Deployment Guide](https://docs.vectra.ai/deployment/ndr-virtual-cloud-appliances/vmware-vsensor).

The fact that Nutanix is being used for management of the ESXi hosts will be invisible to the VMware vSensor. Vectra’s vSensor will not know that it is running in a Nutanix environment. If you are still using vCenter as part of your deployment, the standard vCenter integration described in the VMware vSensor Deployment Guide is still valid.

Nutanix has validated Vectra’s VMware vSensor for AOS 6.10 and 7.0.