# Post deployment guidance

## Setting a static IP and DNS after initial DHCP deployment

If you used DHCP for initial deployment but would like to configure a static IP for production use, you will need to login to the CLI of the Brain to set a static interface assignment. DNS for Brain VMs can be configured at the CLI or in the UI.

Logging in can be done via your hypervisor console function or using SSH to the management port if it was preconfigured with DHCP.

* Connect to your Brain CLI using your hypervisor console or `ssh vectra@<IP or Hostname>` if you use DHCP and already know the address or hostname.
* Once logged in to the Brain you can view command syntax for the `set interface` command:

{% code expandable="true" %}

```
set interface -h
Usage: set interface [OPTIONS] [mgt1] [dhcp|static] [IP] [SUBNET_MASK]
[GATEWAY_ADDRESS]
Sets mgt1 to either dhcp or static ip configuration
Options:
-h, --help Show this message and exit.
```

{% endcode %}

### Setting the IP address statically

IPv6 is supported for the MGT1 interface. For full details, including information regarding dual stack support, please [IPv6 Management Support for Vectra Appliances](https://docs.vectra.ai/deployment/getting-started/ipv6-management-support-for-vectra-appliances). Below we will show how to enable IPv6 support (its off by default) and the syntax to use when setting an IPv4 or IPv6 address.

**To enable/disable IPv6 support:**

{% code expandable="true" %}

```
# show ipv6 enabled
IPv6 is disabled
# set ipv6 enabled
Response: ok
# show ipv6 enabled
IPv6 is enabled
# set ipv6 disabled
Response: ok
```

{% endcode %}

**Setting IPv4 and IPv6 syntax examples:**

Execute the following command to set the MGT1 interface to the desired static IP address:

```
IPv4 Syntax:
set interface mgt1 static x.x.x.x y.y.y.y z.z.z.z
 
Where:
x.x.x.x is the desired interface IP address
y.y.y.y is the desired interface network mask
z.z.z.z is the desired gateway
 
IPv6 Syntax:
set interface mgt1 static [IPv6 IP] [Subnet Mask] [Gateway]
 
Example:
set interface mgt1 static 2001:0db8:0:f101::25 64 2001:0db8:0:f101::1
```

**To change back to DHCP (default):**

```
set interface mgt1 dhcp
```

### Configure DNS for the appliance

**Command syntax to set DNS (up to 3 nameservers are supported):**

```
set dns [nameserver1 <ip>] [nameserver2 <ip>] [nameserver3 <ip>]
```

**Example:**

```
set dns 10.50.10.101 10.50.10.102
```

**Verifying DNS Configuration:**

```
show dns
```

To set DNS in the UI, navigate to *Configuration → COVERAGE → Data Sources → Network → Brain Setup → DNS Entries* and edit the settings.

**Setting static IP and DNS at the CLI Example:**

```
vscli > set interface mgt1 static 172.16.12.11 255.255.255.0 172.16.12.1
Interfaces updated successfully
vscli > set dns 10.50.10.101
DNS Set: success
vscli > show interface
mgt1:
    Running:
        Gateway: 172.16.12.1,
        Ip: 172.16.12.11,
        Link Speed: 10Gbps,
        Link State: up,
        Mac: 00:0c:29:89:ad:a6,
        Mode: static,
        Netmask: 255.255.255.0
vscli > show dns
Id|Server      |Description
1  10.50.10.101 Configured DNS nameserver
```

## Performance testing

As discussed earlier in this guide, a performance test is run during the initial boot process. This is to test the performance of the Brain against baselines that Vectra has established for the different configuration options.

Cached results from the initial performance test run can be retrieved from the command line while logged in as the `vectra` user. Additional performance tests can be run by using the `--force` switch on the performance test command.&#x20;

{% hint style="warning" %}
**Please Note the Following:**

**Running the performance test is an intensive operation which takes down most services on the Brain**.

* Additional performance tests should only be run when your security team knows the Brain will be unavailable.
  * Paired Sensors will buffer metadata that can’t be sent to the Brain so there should ultimately be no Detection gap, although this could introduce a delay in Detection publishing while the test is run.
* Baselines are set by Vectra for each of the various configurations of Brain.
  * Warning is for 10% below expectations. Critical is for 20% or more below expectations.
    * 260 MB/s is the minimum required throughput for all disks (OS and Data) and is represented by a score of 10.0 on the performance test in the `disk` category.
  * Critical is considered a failure and performance is not expected to be satisfactory. Vectra engineering considers systems which fail the performance test to be invalid configurations and customers should use more performant base hardware to ensure supportability, reliability, and performant operation.
    {% endhint %}

**Example:**

```
vscli > performance-test --help
Usage: performance-test [OPTIONS]
 
Run a system performance test
 
Options:
--force Run all tests regardless of cached results.
-h, --help Show this message and exit.
 
vscli > performance-test
This may take up to five minutes. Most system services will be down for the duration of the test.
Test |Score |Result |Time
cpu 10.00 / 10.0 pass 30.04
cpu_steal 10.00 / 10.0 pass 0.06
disk 10.00 / 10.0 pass 47.94
memory 10.00 / 10.0 pass 0.00
memory_balloon 10.00 / 10.0 pass 0.05
overall 10.00 / 10.0 pass 78.09
```

## Integrity checks

Vectra performs file system integrity checks to make sure that core libraries have not been altered. If the system detects changes during boot, a system setup and provisioning dialog will appear that is similar to the licensing screen.

* Click **Set File System Configuration**.
* Copy the **Error Code** and send it to Vectra support for decryption.
* Vectra has tooling to determine what has been changed, and if warranted can provide a whitelist code to the customer to allow the system to continue booting.
* Whitelist codes work one time. If the system again fails a file system integrity check, a new whitelist code will be required. Please work with Vectra support to ensure compliance.

Below are some example screenshots:

![](https://4227135129-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHJ1ltuWFvsArFWtevnRn%2Fuploads%2Fgit-blob-6ec1eecee0d9b518fd9353356d76e8850f1f8510%2Fvmware-brain-deployment-guide-17.png?alt=media) ![](https://4227135129-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHJ1ltuWFvsArFWtevnRn%2Fuploads%2Fgit-blob-3e054cafa87c3273425caa1a86731598d0dcf4bd%2Fvmware-brain-deployment-guide-18.png?alt=media)

## Configuration validation

During boot, the Brain determines which configuration it is running and sets some parameters differently depending on resource availability per configuration. This is an automatic process and requires no user input. Vectra may choose to support additional configuration options in the future.

Please work with your Vectra account team to provide feedback regarding additional configuration options that would be useful to your organization. The `show system-health` command can be run at the command line as the `vectra` user to see that your configuration is a supported option. Look for the `[ OK ] VM Specifications`**.** The specific checks shown may not match your system. Vectra occasionally updates the specific checks used in the system-health command.

**Example:**

```
vscli > show system-health
======== Ran 8 check(s). 8 Passed, 0 Failed, 0 No Result ========
vscli > show system-health --verbose
[ OK ] Available Virtual Storage Space
[ OK ] Disk Writable
[ OK ] NIC Detection
[ OK ] Vectra User Password
[ OK ] Sensor Connectivity
[ OK ] Sensor Link Utilization
[ OK ] Sensor Tunnel
[ OK ] VM Specifications
```

## License checks and renewal

Once a Brain is up and running, it will periodically check its license status. This will occur whether the Brain is online or offline (from the perspective of connection to Vectra). Once a Brain is 30 days from expiration, it will begin to send syslog messages with a count down until expiration. Once the license expires a new syslog message is sent (Quadrant UX). Respond UX deployments will write the message to the audit log which is available for query via API.

**Here are examples:**

`License Checker: Detect License Expires in {days_until_expiration} days.`

`License Checker: Detected Invalid/Expired License, disabling services`

The status of your license can be seen in the following locations in the Vectra UI:

* *Configuration → SETUP → Licensing*
* *Discover → PLATFORM → System Health → Deployments*
  * If you license status does not show, click the **Update Now** button at the bottom of the section.

**Examples:**

*Configuration → SETUP → Licensing:*

<figure><img src="https://4227135129-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHJ1ltuWFvsArFWtevnRn%2Fuploads%2F5VtJjwrLboj4dG43KKuK%2Fimage.png?alt=media&#x26;token=1cdb6c0e-8aaf-4bc5-a56b-4e8e8bce918d" alt=""><figcaption></figcaption></figure>

*Discover → PLATFORM → System Health → Deployments:*

![](https://4227135129-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHJ1ltuWFvsArFWtevnRn%2Fuploads%2Fgit-blob-ca43efec696b7e1698a6b5573fe1d16b251227a6%2Fvmware-brain-deployment-guide-20.png?alt=media)

For Brains that are connected to Vectra, license renewal is an automated process that requires no user intervention. When you sales contract is renewed and the expiration date is updated, Vectra’s provisioning service will provide a new license key to your Brain.

If your Brain is offline (not connected to Vectra or air-gapped), to renew your Vectra license simply browse to the *Configuration → SETUP → Licensing* screen, copy the authorization code, provide it to Vectra (support, sales team, etc), and Vectra will provide you a new license key for entry into the UI once your entitlement is verified.

## Resizing the Brain

In some environments, you may wish to start with a smaller Brain instance and then later move to a larger Brain instance to handle additional load (metadata coming from paired sensors or additional paired sensors).

* Please see: [Resizing Virtual Sensors and Brains](https://docs.vectra.ai/deployment/appliance-operations/resizing-virtual-appliances) for details.

## Next Steps

At this point your virtual Brain is fully deployed and you can move on to other tasks associated with your overall deployment.

It is recommended to follow the [Vectra Respond UX Deployment Guide](https://docs.vectra.ai/deployment/getting-started/respond-ux-deployment-guide) or [Vectra Quadrant UX Deployment Guide](https://docs.vectra.ai/deployment/getting-started/quadrant-ux-deployment) for additional information regarding initial settings for your deployment. You may wish to deploy and pair network Sensors or configure other Vectra offerings such as Recall, Stream, CDR for M365, IDR for Azure AD, CDR for AWS, etc. Additional deployment documentation can be found on the left hand side of this site in the [Deployment](https://docs.vectra.ai/deployment) section.

## Worldwide Support Contact Information

* **Support portal:** [https://support.vectra.ai](https://support.vectra.ai/)
* **Email:** <support@vectra.ai> (preferred contact method)
* **Additional information:** <https://www.vectra.ai/support>