# Introduction and general requirements

## Introduction

This guide is intended to help customers or partners deploy vSensors in VMware environments and pair them with a Vectra Brain. It will cover basic background information, connectivity requirements (firewall rules that may be needed in your environment), vCenter integration, deployment of the vSensor in VMware, and pairing.

vSensors behave much in the same way that physical Sensors do. One advantage is that there is no cost to deploy a vSensor other than your own costs to provide and maintain the infrastructure they run on. vSensors also allow you to capture and analyze traffic that only exists in the virtual environment. You can even use vSensors in place of physical Sensors to capture physical network traffic.

VMware vSensors can be used in both Respond UX and Quadrant UX deployments. For more detail on Respond UX vs Quadrant UX please see [Vectra Analyst User Experiences (Respond vs Quadrant)](https://docs.vectra.ai/deployment/getting-started/analyst-ux-options-rux-vs-qux). One of the below guides should be the starting point for your overall Vectra deployment:

* [Vectra Respond UX Deployment Guide](https://docs.vectra.ai/deployment/getting-started/respond-ux-deployment-guide)
* [Vectra Quadrant UX Deployment Guide](https://docs.vectra.ai/deployment/getting-started/quadrant-ux-deployment)

## About VMware vSensor Images

The Brain makes a VMware OVA available for download and subsequent provisioning. Vectra appliances typically operate with updates enabled. Regular updates ensure that the appliances are running the very latest version. Deployed Sensors and vSensors also update regularly from the Brain. Once a vSensor has been deployed, it will update itself as needed, staying current with its Brain.

{% hint style="info" %}
**Please Note:**

As your Vectra Brain is updated, the OVA for the VMware vSensor is also updated.

* If you deploy additional VMware vSensors in the future, always download a fresh copy of the OVA from an up-to-date Brain to ensure you are working with the latest code.
* vSensor images are retrieved from the Brain when using either the Respond UX and Quadrant UX.
  * The RUX UI is delivered from Vectra's cloud but the download link still retrieves the image from the Brain itself.
    {% endhint %}

## Resource Requirements and Performance

<table data-header-hidden><thead><tr><th width="145.1953125"></th><th></th><th></th><th></th><th></th><th></th></tr></thead><tbody><tr><td>Performance<sup>1</sup></td><td>500 / 250 Mbps</td><td>1 / .5 Gbps</td><td>2 / 1 Gbps</td><td>5 / 2.5 Gbps</td><td>20 / 10 Gbps</td></tr><tr><td>CPU Cores</td><td>2</td><td>4</td><td>8<sup>3</sup></td><td>16<sup>3</sup></td><td>32<sup>3</sup></td></tr><tr><td>Memory</td><td>8 GB</td><td>8 GB</td><td>16 GB</td><td>64 GB</td><td>114 GB</td></tr><tr><td>Storage</td><td>100 GB</td><td>150 GB</td><td>150 GB</td><td>600 GB<sup>4</sup></td><td>830 GB<sup>4</sup></td></tr><tr><td>Capture Interfaces</td><td>2<sup>2</sup></td><td>2<sup>2</sup></td><td>4</td><td>4</td><td>4</td></tr></tbody></table>

{% hint style="info" %}
**Footnotes:**

<sup>**1**</sup>  1<sup>st</sup> number represents NDR/Detect only performance, 2<sup>nd</sup> number represents performance with NDR/Detect and [Match](https://docs.vectra.ai/deployment/match/deployment) and/or [Suspect Protocol Activity](https://docs.vectra.ai/operations/general/suspect-protocol-activity-detections-feature-overview) detections enabled.

<sup>**2**</sup>  2-core and 4-core vSensors can use up to 4 capture ports if the RAM is updated to at least 10GB.

<sup>**3**</sup>  2 and 4 core vSensors throttle CPU usage while 8, 16, and 32 core versions do CPU pinning to maintain performance.

<sup>**4**</sup>  The 16 and 32 core vSensors will need their configuration modified after deployment due to limitations in what can be preconfigured when using one image file for multiple different deployment configurations.

* Please see: [Modifying 16 and 32 core vSensors after deployment](https://docs.vectra.ai/deployment/ndr-virtual-cloud-appliances/vsensor-deployment-in-vmware#modifying-16-and-32-core-vsensors-after-deployment) for instructions.
* 16 core requires 600 GB storage.
* 32 core requires 830 GB storage and added ethernet configuration.
* 32 core may also need NUMA parameters adjusted in advanced VM configuration options.
  {% endhint %}

**Supported vSwitch Types**

* VMware Virtual Standard Switch (VSS) or VMware Distributed Switch (VDS a.k.a. dvSwitch)

**Supported vSphere Versions**

* 6.5 to 8
  * 5.x was supported through version v6.14 and 6.0 was supported through v6.19

{% hint style="warning" %}
**Special Note:**

**Regarding Vectra supported VMware hardware versions.**

* Vectra supports only versions 11 and 15 of VMware hardware.
* **DO NOT** update the hardware version ever (during deployments, upgrades, or in any other situation).
  * This includes updating from v11 to v15.
  * Redeployment is the only supported way to change hardware between supported versions.
* If you move to an unsupported hardware version, Vectra support will direct you to redeploy any VMware vSensor that is running an unsupported version. Downgrades are unsupported.
  {% endhint %}

Please see [VMware deployment details and considerations](https://docs.vectra.ai/deployment/ndr-virtual-cloud-appliances/vmware-vsensor/vmware-deployment-details-and-considerations) (the next section in this guide) for addtional guidance on the following topics:

## Connectivity Requirements

The [Vectra Respond UX Deployment Guide](https://docs.vectra.ai/deployment/getting-started/respond-ux-deployment-guide) or [Vectra Quadrant UX Deployment Guide](https://docs.vectra.ai/deployment/getting-started/quadrant-ux-deployment) detail basic connectivity requirements for initial platform deployment. It also gives guidance on firewall/proxy SSL inspection, Internet access to and from the Brain, and guidance for air-gapped environments. For full detail on all possible firewall rules, please see [Firewall Requirements for Vectra Appliances](https://docs.vectra.ai/deployment/getting-started/firewall-requirements). VMware vSensor specific requirements are listed below:

**Connectivity Requirements for VMware vSensors**

<table data-header-hidden><thead><tr><th width="123.5"></th><th width="119.80859375"></th><th width="207.88671875"></th><th width="299.37890625"></th></tr></thead><tbody><tr><td><strong>Source</strong></td><td><strong>Destination</strong></td><td><strong>Protocol/Port</strong></td><td><strong>Description</strong></td></tr><tr><td>Admin Hosts</td><td>vSensors</td><td>TCP/22 (SSH)</td><td>CLI access to vSensor</td></tr><tr><td>Brain</td><td>vSensors</td><td>TCP/22 (SSH)</td><td>Remote management and troubleshooting</td></tr><tr><td>vSensors</td><td>Brain</td><td><p>TCP/22 (SSH)</p><p>TCP/443 (HTTPS)</p></td><td>Pairing, metadata transfer, and ongoing communication</td></tr><tr><td>Brain</td><td>vCenter</td><td>Configured TCP Port(s)</td><td>Physical Hosts view, vCenter Host ID input, vCenter Host context, vCenter alerts</td></tr></tbody></table>

{% hint style="info" %}
**Please note:**

* vSensors do not communicate with the Vectra Cloud.
  * All communication sessions with vSensors are initiated from the vSensor to the Brain.
  * Updates for vSensors are downloaded to the Vectra Brain, and the vSensor retrieves them from the Brain.
* Command Line (CLI) access can also be obtained via the console in your hypervisor if you wish to login to the vSensor CLI after deployment.  Please [SSH login process for CLI](https://docs.vectra.ai/deployment/appliance-operations/ssh-login-process-for-cli) for more details.
  {% endhint %}