# B127
## Introduction
This document is intended to help customers or partners with the initial configuration of a physical Vectra B-Series appliance.
B-Series appliances can be used in Vectra deployments that use either the Respond UX or the Quadrant UX. The Respond UX is served from Vectra’s cloud and the Quadrant UX is served locally from the Brain appliance. For more detail on Respond UX vs Quadrant UX please see [Vectra Analyst User Experiences (Respond vs Quadrant)](https://docs.vectra.ai/deployment/getting-started/analyst-ux-options-rux-vs-qux).
B-Series appliances can only be deployed in Brain mode. Modes are discussed further in your deployment guide (see links below) and in [Physical appliance modes](https://docs.vectra.ai/deployment/ndr-physical-appliances/physical-appliance-modes-and-switching-between-them).
One of the below guides should be the starting point for your overall Vectra deployment:
* [Respond UX Deployment Guide](https://docs.vectra.ai/deployment/getting-started/respond-ux-deployment-guide)
* [Quadrant UX Deployment Guide](https://docs.vectra.ai/deployment/getting-started/quadrant-ux-deployment)
Full details on firewall requirements for your entire Vectra deployment are available in those guides or in [firewall requirements](https://docs.vectra.ai/deployment/getting-started/firewall-requirements).
After you have completed the initial deployment of your B-Series appliance following this guide, you can move on to [pairing appliances](https://docs.vectra.ai/deployment/appliance-operations/pairing-appliances) or other recommended [next steps](#next-steps).
Guides for other appliances are located in [NDR physical appliances](https://docs.vectra.ai/deployment/ndr-physical-appliances) and [NDR virtual / cloud appliances](https://docs.vectra.ai/deployment/ndr-virtual-cloud-appliances).
## Package Contents
* 1 B127 system with rail kit
* 2 power supply cords (matching requested type)
* Vectra bezel
* SFPs and QSFPs (matching details of your order)
* See [SFPs and QSFPs supported in Vectra appliances](https://docs.vectra.ai/deployment/ndr-physical-appliances/supported-sfps-and-qsfps) for options and additional detail.
## Physical Connections
B127 Back Panel (click to enlarge)
### Physical Connections Added Guidance
* There is an additional USB and VGA port on the front right-hand side that can be used for console access.
* You can use these or the rear USB ports for console access.
* The iDRAC Direct micro port under this front USB port is not supported. Please use the ethernet iDRAC port on the rear of the chassis for iDRAC/IPMI use.
* The B127 has two 3.2 TB SSD drives.
* Should any ever need replacing, contact Vectra support and refer to the disk numbers on the chassis.
* If you have questions on rail installation, watch this [video](https://www.youtube.com/watch?v=JfOTnRMeE5w).
### Minium Connections
Any SFPs that were included in your order will be in the top cardboard tray above the appliance itself.
* Power
* The B127 has dual auto sensing power supplies that support 100-240 VAC supply at 50 or 60 Hz.
* It is recommended to connect both power supplies for redundancy.
* MGT1 – 10/25 GbE SFP28
* This is the port that will need to be configured with an IP address in your network.
* This port serves the CLI (RUX and QUX) and GUI (QUX only), and paired Sensors connect to it.
* MGT2 – 10/25 GbE SFP28
* MGT2 can be used in place of MGT1 for initial configuration. MGT1 should be used for production.
## B127 Performance
| **Brain Mode** | **Paired Sensors** | **Tracked Hosts** |
| :------------: | :----------------: | :---------------: |
| 75 Gbps | 500 | 300,000 |
**Guidance and Definitions:**
{% hint style="info" %}
B-Series appliances do not support Mixed or Sensor mode usage
* They can only operate in Brain mode and are intended to provide the highest possible performance for high throughput environments.
* To capture traffic, Sensors must be deployed and paired to any B-Series appliance.
{% endhint %}
* **Brain Mode**
* Bandwidth number shown refers to the aggregate amount of traffic observed by paired Sensors that the B-Series appliance can process metadata for (aggregate bandwidth).
* **Paired Sensors**
* Up to 500 Sensors can be paired to the B-Series appliance.
* **Tracked Hosts**
* Refers to how many hosts the B-Series appliance can track simultaneously (open host sessions). Brains can typically retain and display data for much larger numbers of hosts, this only refers to how many hosts the system can process metadata for simultaneously. Host sessions expire after 2 hours of inactivity.
## Accessing the CLI
The Command Line Interface (CLI) of a physical Vectra appliance is accessible in multiple ways. All appliances will not always have all methods available. See [physical connections](#physical-connections) to see the options available for your specific model.
* KVM or “crash cart”
* Direct connection to "Support" (MGT2) port
* iDRAC/IPMI - not all appliance types will have iDRAC/IPMI
* MGT1 port once configured
* Serial console - only supported officially on S1, S2 (EOL), X29/M29, and the X80 (EOL) appliances.
Once you have connected to the CLI login prompt on the appliance, use the default credentials to login.
* Username: `vectra` and password: `changethispassword`
* Please change the password immediately after logging in using the `set password` command.
### KVM or “crash cart”
If your appliance has USB and VGA ports, a KVM (Keyboard, Video, Mouse) switch or “crash cart” can be used to connect to the appliance console.
### Direct Connection to "Support" (MGT2) Port
A direct connection to the MGT2 port on your appliance.
* If you can physically connect to your MGT2 port, then you can direct connect to the MGT2 port via SSH to do the initial configuration.
* The appliance MGT2 port is factory configured with a 169.254.0.10/16 (255.255.0.0) address.
* Configure your host’s IP to 169.254.0.11 with subnet mask of 255.255.0.0.
* Use SSH to connect to the appliance from your host using the default credentials from above.
### iDRAC/IPMI
If your appliance has a built in Dell iDRAC / IPMI interface you can access the CLI through it.
{% hint style="info" %}
Vectra strongly recommends that customers configure iDRAC / IPMI access permanently for all platforms supporting this interface.
Benefits:
* Easier access in case of network connectivity issues or DHCP mishaps.
* Simpler remote IP address changes.
* Reduced resolution time during Vectra support engagements requiring console access.
{% endhint %}
Please expand for iDRAC/IPMI configuration details:
The default username / password for iDRAC/IPMI is `vectra` / `changethispassword`.
To access the interface, point your web browser to ****
* Initially, your iDRAC interface will default to DHCP.
At the login screen enter your credentials:
Click on the **Virtual Console**:
And you will be presented with a login prompt for the CLI:
To set a static IP for iDRAC you must 1st be logged in to the CLI of the Sensor as the `vectra` user:
```
Command:
show ipmi_interface
Example Output:
Gateway: 10.2.0.1
Ip: 10.2.2.32
Mac: d0:94:66:48:0a:ad
Mode: static
Netmask: 255.255.0.0
To set the IPMI / iDRAC interface the command syntax and an example are shown below:
Syntax example:
set ipmi_interface -h
Usage: set ipmi_interface [OPTIONS] [dhcp|static] [IP_ADDRESS] [SUBNET_MASK] [GATEWAY_ADDRESS]
Set the ipmi interface config
Options:
-h, --help Show this message and exit.
Command Example (Static Addressing):
set ipmi_interface static 10.2.2.34 255.255.248.0 10.2.0.1
IPMI Interface Change: success
Command Example (DHCP):
set ipmi_interace dhcp
IPMI Interface Change: Success
```
### Serial Console
{% hint style="info" %}
Serial console is only supported on S1, S2 (EOL), X29/M29, and X80 (EOL) appliances.
{% endhint %}
If supported on your appliance model, the serial settings should be 115,200, 8, N, 1
* 115,200 baud data rate
* 8 data bits
* No parity bit
* 1 stop bit
* Do not enable flow control
## Initial Network Configuration
### DHCP
The appliance can obtain its network configuration from a DHCP server in your network. The MGT1 port functions as a DHCP client by default.
* Connect the management port (MGT1) of the appliance to the network switch.
* Find the IP address that was assigned to MGT1 from your DHCP server logs.
* You can also find the IP address at the CLI of your appliance if you can access it another way .
* Use the `show interface` command to display the address that was assigned to MGT1 via DHCP once you are logged onto the appliance.
* See Accessing the Command Line Interface (CLI) of the Appliance above for instructions on how to log on).
### Static Addressing
#### Configuration Checklist for Static Addressing
Below is a list of information needed for the initial configuration:
* IP address to be used for the MGT1 interface
* Default gateway IP address
* DNS nameserver IP addresses
* DNS servers for the Sensor must be configured at the CLI if you are not using DHCP. This cannot be done in your Brain.
#### Setting a Static MGT1 IP Address
Once logged in to the appliance you can view the syntax for the "set interface" command:
```
set interface -h
Usage: set interface [OPTIONS] {mgt1|mgt2} {dhcp|static} [IP] [SUBNET_MASK]
[GATEWAY_ADDRESS]
Sets network interfaces to either dhcp or static ip configuration
Options:
-h, --help Show this message and exit.
```
Setting the IP address example:
```
set interface mgt1 static 10.50.10.10 255.255.255.0 10.50.10.1
```
#### IPv6 Support:
IPv6 is supported for the MGT1 and MGT2 interfaces. For full details, including information regarding dual stack support, please [IPv6 Management Support for Vectra Appliances](https://docs.vectra.ai/deployment/getting-started/ipv6-management-support-for-vectra-appliances) on the Vectra support portal. Below we will show how to enable IPv6 support (its off by default) and the syntax to use when setting an IPv6 address.
To enable/disable IPv6 support:
```
# show ipv6 enabled
IPv6 is disabled
# set ipv6 enabled
Response: ok
# show ipv6 enabled
IPv6 is enabled
# set ipv6 disabled
Response: ok
```
Setting IPv4 and IPv6 syntax examples:
Execute the following command to set the MGT1 or MGT2 (a gateway address cannot be configured for MGT2, the gateway on MGT1 will be used) interface to the desired static IP address:
```
IPv4 Syntax:
set interface mgt1 static x.x.x.x y.y.y.y z.z.z.z
set interface mgt2 static x.x.x.x y.y.y.y
Where:
x.x.x.x is the desired interface IP address
y.y.y.y is the desired interface network mask
z.z.z.z is the desired gateway
IPv6 Syntax:
set interface mgt1 static [IPv6 IP] [Subnet Mask] [Gateway]
Example:
set interface mgt1 static 2001:0db8:0:f101::25 64 2001:0db8:0:f101::1
```
#### Configuring DNS for the appliance:
Command syntax to set DNS (up to 3 nameservers are supported):
```
set dns [nameserver1 ] [nameserver2 ] [nameserver3 ]
```
Configuring DNS Example:
```
set dns 10.50.10.101 10.50.10.102
```
Verifying DNS Configuration:
```
show dns
```
Instructions for configuring the DNS settings using the management GUI can be found in [Vectra Respond UX Deployment Guide](https://docs.vectra.ai/deployment/getting-started/respond-ux-deployment-guide) or [Vectra Quadrant UX Deployment Guide](https://docs.vectra.ai/deployment/getting-started/quadrant-ux-deployment). This is only supported for Brain or Mixed mode configurations.
### Brain and Sensor Communications Requirements
A Sensor can pair with any Vectra Brain type. For example, the Brain can be a physical appliance, a Brain deployed in a IaaS cloud, or a Brain deployed in a traditional hypervisor environment on customer premises.
Sensors must be able to reach the Brain over the below ports. It is recommended to enable these ports bidirectionally to aid in troubleshooting.
* TCP/443 (HTTPS) - Used for Sensor discovery and initial pairing connection.
* TCP/22 (SSH) - Used for Paired Sensor connections.
Additionally, for online pairing (physical Sensors only), both the Sensor and Brain must be able to communicate with:
* update2**.**vectranetworks**.**com or 54.200.156.238 over TCP/443 (HTTPS)
Please work with your security and networking contacts to ensure that any Sensors will be able to initiate a connection to the Brain. Sensors only communicate with the Vectra Brain and do not need to communicate to Vectra directly. Software updates for Sensors will come from the Brain.
For full details on all potential firewall requirements in Vectra deployments, please see [firewall requirements](https://docs.vectra.ai/deployment/getting-started/firewall-requirements).
### Verifying your Connectivity:
Once you have configured an IP statically or via DHCP you can verify connectivity by pinging known IPs in your environment from the CLI with the `debug ping` command.
It is recommended to check connectivity to the Brain from Sensors at the Sensor CLI. For more detail, please see [Checking brain or sensor network connectivity](https://support.vectra.ai/vectra/article/KB-VS-1280).
To validate that you can connect to Vectra services, it is also recommended to use the `debug connectivity` command at your Brain’s CLI to check connectivity to the following endpoints:
* update2.vectranetworks.com
* api.vectranetworks.com
* Vectra Cloud Gateways that correspond to the region your tenant is deployed in when using the Respond UX (see the [Vectra Respond UX Deployment Guide](https://docs.vectra.ai/deployment/getting-started/respond-ux-deployment-guide) for more details)
* rp.vectranetworks.com
* rs.vectranetworks.com
**Example:**
```
vscli > debug connectivity -h
Usage: debug connectivity [OPTIONS] HOST PORT
Test TCP connectivity to destination host or IP through proxy if configured
Options:
--bypass-proxy / --dont-bypass-proxy
Bypass proxy while testing connectivity if
proxy is configured
--ssl / --no-ssl Test connectivity to host using SSL
--timeout FLOAT Seconds to attempt a connection to host and
proxy if configured [default: 5]
-h, --help Show this message and exit.
vscli > debug connectivity api.vectranetworks.com 443 --ssl
Connectivity: Success
Proxy: False
SSL: True
```
## Next Steps
### Proxy Support
If a proxy is required in your environment for your Brain appliance to communicate with the Vectra cloud, this can be set at the CLI (during initial deployment) or in your Vectra UI (after initial deployment).
{% hint style="info" %}
For RUX deployments, you should not log in to the local GUI before connecting with the Vectra cloud. All UI based configuration for RUX deployments should be done in the RUX UI that is served from Vectra's cloud. For more details, please see the [Respond UX deployment guide](https://docs.vectra.ai/deployment/getting-started/respond-ux-deployment-guide).
See [logging in to the UI ](#logging-in-to-the-ui-n-a-in-sensor-mode)for more details.
{% endhint %}
Login to the CLI is done using the `vectra` user account. The default password is `changethispassword` for a newly deployed Brain or mixed mode appliance. For more details see [SSH login process for CLI](https://docs.vectra.ai/deployment/appliance-operations/ssh-login-process-for-cli).
* Proxy commands:
* `show proxy`
* `set proxy config [IP or Hostname] [port] [USERNAME] [PASSWORD]`
* `set proxy enable [on|off]`
* Any of these with `-h` option will show command help with syntax.
Examples:
```
vscli > set proxy config 1.1.1.1 80 testuser testpass
Saving proxy config...
Proxy config updated
vscli > show proxy
Enabled: True
Host: 1.1.1.1
Port: 80
Authentication:
Authentication enabled: True
User: testuser
Password: **********
Method: basic
vscli > set proxy enable on
Updating proxy config...
Proxy enabled
```
### Logging in to the UI
{% hint style="info" %}
For RUX deployments, you should not log in to the local UI before connecting with the Vectra cloud. All UI based configuration for RUX deployments should be done in the RUX UI that is served from Vectra's cloud. For more details, please see the [Respond UX deployment guide](https://docs.vectra.ai/deployment/getting-started/respond-ux-deployment-guide).
{% endhint %}
For QUX deployments, once an IP has been configured for the MGT1 interface of your Brain, you can access it using a modern browser such as Edge, Chrome, or Safari at or the hostname if you have configured a hostname in your DNS for the Brain. The GUI can also be accessed via MGT2 at [https://169.254.0.10](https://169.254.0.10/) via direct connection. The default username is `admin` and the default password is `changethispassword`**.**
Please note that by default, Vectra uses a self-signed certificate to secure the user interface. As a result, the certificate causes SSL warning in most web browsers. Instructions for how to replace this with a customer-provided signed certificate can be found in [SSL certificate installation](https://docs.vectra.ai/configuration/qux-specific/ssl-certificate-installation).
**For both the Respond UX and the Quadrant UX:**
After logging in to the UI (for the Respond UX you will login to your Vectra tenant identified in your welcome letter), it is recommended to immediately change the `admin` password.
* Navigate to **My Profile** on the left-hand side of the screen
* Click on **Change Password** in the username/password area, fill in and save the form
* Password requirements - must be at least 8 characters long and contain at least
* 1 digit (0-9), 1 upper case letter (A-Z), 1 lower case letter (a-z)
* One symbol (\~!@#$%^&\*\_-+=\`| \ ( ){ }\[ ]:;”’<>,.?/)
### Pairing Sensors to the Brain
After initial configuration, it is suggested to pair any Sensors your deployment will need with your Brain appliance.
* [Pairing appliances](https://docs.vectra.ai/deployment/appliance-operations/pairing-appliances) covers pairing of all physical Vectra appliances.
## Worldwide Support Contact Information
* Support portal: [https://support.vectra.ai](https://support.vectra.ai/)
* Email: (preferred contact method)
* Additional information:
