Vmware vSensor

See attachment at the top right for the full document!

Introduction

This guide is intended to help customers or partners deploy vSensors in VMware environments and pair them to your Vectra Brain. It will cover basic background information, connectivity requirements (firewall rules that may be needed in your environment), vCenter integration, deployment of the vSensor in VMware, and pairing.

vSensors behave much in the same way that physical Sensors do. One advantage is that there is no cost to deploy a vSensor other than your own costs to provide and maintain the infrastructure they run in. vSensors also allow you to capture and analyze traffic that only exists in the virtual environment. You can even use vSensors in place of physical Sensors to capture physical network traffic.

VMware vSensors can be used in both Respond UX and Quadrant UX deployments. For more detail on Respond UX vs Quadrant UX please see Vectra Analyst User Experiences (Respond vs Quadrant). One of the below guides should be the starting point for your overall Vectra deployment:

• Vectra Respond UX Deployment Guide

• Vectra Quadrant UX Deployment Guide

Either of the above guides cover basic firewall rules needed for the overall deployment and initial platform settings. Virtual Sensor (VMware, Hyper-V, KVM, AWS, Amazon, and GCP) configuration and pairing and covered in their respective guides. Physical appliance pairing is covered in the Vectra Physical Appliance Pairing Guide. Please see the Vectra Product Documentation Index on the Vectra support site for additional documentation including deployment guides for CDR for M365 / Azure AD and CDR for AWS.

Special Note Concerning VMware Hardware Version Compatibility

• Vectra supports only versions 11 and 15 of VMware hardware.

• DO NOT update the hardware version ever (during deployments, upgrades, or in any other situation).

  • This includes updating from v11 to v15.

  • Redeployment is the only supported way to change hardware between supported versions.

• If you move to an unsupported hardware version, Vectra support will direct you to redeploy any VMware vSensor that is running an unsupported version. Downgrades are unsupported.

Contains

• About VMware vSensor Images

• VMware vSensor Resource Requirements and Performance

• Connectivity Requirements

• About VMware vCenter Integration

• Enabling vCenter Integration

• vSensor Deployment in VMware

  • Requirements

  • Downloading the latest vSensor VMware OVA image

  • VMware vSwitch types and port group guidance

    • VSS (VMware/vSphere Standard Switch)

    • VDS (VMware/vSphere Distributed Switch)

    • Preparing Port Groups

  • VMware physical hosts and vSensor coverage

  • VMware networking interface guidance

  • Deploying the OVA

    • Deploying using your vCenter/vSphere client or web UI for standalone ESXi servers

    • Deploying a vSensors using the Vectra CLI on your Brain

  • Special Note: Embryo state of vSensor before pairing and updating

  • Modifying 16 and 32 core vSensors after deployment

• Capturing Physical Network Traffic Using a vSensor

  • Method 1: Dedicated link to ESXi host

  • Method 2: Utilizing a VLAN tag over an existing trunked link

• Initial vSensor Configuration at CLI

• Pairing vSensors

  • Additional Pairing Guidance

• Traffic Validation

• Worldwide Support Contact Information

Attachments