Installing the VMware appliance

Home » Downloads » Documentation » Installing the VMware appliance

Installing LANGuardian on VMware ESX

Follow the instructions on this page to install the LANGuardian VMware appliance.

Note: The LANGuardian VMware appliance requires VMware ESX server 4.0. It is not suitable for installation on VMware ESXi or VMware ESX 3.5. However, you can still install LANGuardian in these environments using the ISO image.

Before you begin

During the installation, you will configure LANGuardian to join your network. You must use a fixed IP address. Please make sure you have obtained a valid address and subnet mask, and know the address of the default gateway, before starting the installation.

The virtualized version of LANGuardian is provided as a pre-configured VMware .OVA file that you can install with the VMware vSphere client.

The virtual appliance is pre-configured to use the following resources:

  • One CPU
  • 800 MB RAM
  • 16 GB disk space

You can adjust these CPU and memory values after the LANGuardian installation has finished. If you need to capture large amounts of traffic, please install and configure LANGuardian using the ISO image because then you will be able to specify a suitable disk size.

Video overview

Watch these short videos for a quick overview of the installation and configuration process.

Monitoring your network using a virtual environment

Video player icon

How to set up a monitoring port

Video player icon

What to do after installation

Video player icon

For more NetFort videos, see our video page or check out our YouTube channel.

Installation of the LANGuardian VMware appliance is a three-part process:

  1. First, you deploy the virtual machine on your VMware ESX infrastructure.
  2. Then, you configure LANGuardian for local ESX Server monitoring and external monitoring.
  3. Finally, you access the LANGuardian user interface via a web browser and use the Configuration Wizard to complete the installation. You can also integrate LANGuardian with Active Directory.

Deploying the virtual machine

back to top

Follow these steps to deploy the LANGuardian image:

  1. Open the vSphere client and choose Deploy OVF Template from the File menu.
  2. On the Source page, click Deploy From File.
  3. Browse to find the LANGuardian .OVA file you downloaded from the Download page.
  4. Review the OVF template details.
  5. Select the datastore in which you want to store the virtual machine and its virtual disk files.
  6. Map the network in the template (VM Network) to a network in your inventory.
  7. Review the settings and click Finish to deploy the virtual machine.

The vSphere client will load the LANGuardian image and install it in the ESX server.

After the installation completes, the LANGuardian appliance will appear in a powered-down state in the vSphere client.

Initializing LANGuardian

back to top

Follow these steps to initialize your newly installed LANGuardian virtual machine.

  1. Open the vSphere client, select your virtual machine and power it on.
  2. Click the Console tab and wait for the virtual machine to boot. Verify that the virtual machine boots correctly.
  3. The command-line interface main menu has options for basic administration of the virtual machine. The option that is relevant to initial configuration is option 6 (Configure network device). Select option 6 from the list. Specify the IP address, subnet mask, and default gateway address.
  4. Visit the home page at the IP address you specified during the installation. You must use the HTTPS protocol. For example, if the IP address you specified during the installation is 192.168.10.200, the address of your LANGuardian home page will be https://192.168.10.200..

The first time you access the LANGuardian user interface, it will display the LANGuardian Configuration Wizard. Follow the wizard steps to complete the configuration of your LANGuardian system. A predefined sensor will be in place to enable LANGuardian to monitor traffic once you set up local ESX server monitoring.

Setting up local ESX Server monitoring

back to top

If you want to monitor internal traffic on an ESX Server virtual switch, you must allow promiscuous-mode connections to it. The steps are as follows:

  1. Open the host settings for the ESX Server and click on the Configuration tab.
  2. Click Properties... to view the properties for the virtual switch.
  3. Edit the properties, then click on the Security tab.
  4. Click Accept from the Promiscuous Mode drop-down list, then click on OK.

LANGuardian will immediately begin monitoring all traffic flowing through the vSwitch.

Monitoring additional virtual switches

back to top

You can monitor additional virtual switches with LANGuardian by adding more network adapters to the LANGuardian virtual appliance and configuring LANGuardian sensors to monitor them. The steps to add a network adapter are as follows:

  1. Open the settings for the LANGuardian appliance and click on the Edit Settings tab.
  2. Click on the Add button, select Ethernet Adapter, and click Next.
  3. Specify E1000M in the Adapter Type field.
  4. In the Network Label field, select the virtual switch you want to monitor.
  5. Restart the LANGuardian appliance to allow it to detect the new network adapter.

After the appliance has rebooted, log on to the LANGuardian user interface and add a new sensor. The steps are as follows:

  1. Click Sensors on the Administration menu.
  2. On the Sensors page, click Add New Sensor. LANGuardian will display a list of network adapters, including the one you just added.
  3. Select the adapter you just added and click Next.
  4. Assign a name to the new sensor, alter the parameters as required, and click Create.

To enable the LANGuardian appliance to monitor the additional virtual switch, configure the switch to accept promiscuous mode connections as described above.

Setting up external monitoring

back to top

After you install LANGuardian, it will be connected to a network adapter in your ESX Server environment. This adapter provides connectivity to the web browser user interface. To enable LANGuardian to monitor traffic flowing through an external network switch, you must create an additional virtual switch and network adapter in the ESX Server, and associate them with a physical adapter that will be connected to the external switch. The additional virtual network switch and adapter are necessary because:

  • Accessing traffic on a SPAN port requires a dedicated network adapter.
  • Due to the volume of traffic generated by a monitoring session, using a dedicated virtual switch and adapter helps to avoid performance problems with other virtual machines.

Follow these steps to create the new virtual switch:

  1. Open the host settings for the ESX Server and click on the Configuration tab.
  2. Click on Networking in the Hardware menu, then click Add Networking...
  3. In the Add Network Wizard:
    1. Click on Virtual Machine in the list of connection types, then click Next.
    2. Select Create a New Virtual Switch and click Next.
    3. Select a network adapter from the list of available adapters and click Next.
    4. Enter the switch name in the Network Label field and click Next.
    5. Click on Finish.

Follow these steps to create a new virtual adapter:

  1. Open the settings for the LANGuardian appliance and click on the Edit Settings tab.
  2. Click on the Add button, select Ethernet Adapter, and click Next.
  3. Specify E1000 in the Adapter Type field.
  4. In the Network Label field, select the virtual switch you have just created.
  5. Restart the LANGuardian appliance to allow it to detect the new network adapter.

After the appliance has rebooted, log on to the LANGuardian user interface and add a new sensor. The steps are as follows:

  1. Click Sensors on the Administration menu.
  2. On the Sensors page, click Add New Sensor. LANGuardian will display a list of network adapters, including the one you just added.
  3. Select the adapter you just added and click Next.
  4. Assign a name to the new sensor, alter the parameters as required, and click Create.

Follow these steps to configure the virtual switch to accept promiscuous connections:

  1. Open the host settings for the ESX Server and click on the Configuration tab.
  2. Click Properties... to view the properties for the virtual switch.
  3. Edit the properties, then click on the Security tab.
  4. Click Accept from the Promiscuous Mode drop-down list, then click on OK.

Configure a monitoring port on the external network

Setting up the LANGuardian VMware appliance to monitor an external network prepares it to accept traffic data from the network, but you must also configure the core switch on the external network to provide traffic data to the appliance.

Network core switches typically have a port mirroring capability that enables you to set up a monitoring port (called a SPAN port on Cisco switches) through which you can capture network traffic for analysis. For details, see the architecture and network monitoring concepts pages.

The steps to configure a monitoring port are specific to each switch. The video on this page gives an overview of the steps involved. See the core switch documentation page for links to documentation for popular switches.

If you need help configuring a monitoring port on your switch, contact our support team for free, no-obligation assistance.

Using the Configuration Wizard

back to top

When the system reboots after you finish running the LANGuardian Setup Utility, the home page of the browser-based user interface is available at the IP address you specified during the installation. You must use the HTTPS protocol. For example, if the IP address you specified during the installation is 192.168.10.200, the address of your LANGuardian home page will be https://192.168.10.200.

The first time you visit the home page after installation, LANGuardian will display the Configuration Wizard. Follow the steps to complete the installation. For details, see Using the Configuration Wizard.

After you complete the wizard steps, LANGuardian will display the home page. It comes pre-configured with a number of standard dashboards and reports, which you can use as-is or customize according to your requirements. LANGuardian begins monitoring your network immediately after installation, so you should see traffic data appearing in the reports within a few minutes. Please contact us if you encounter any problems when installing or configuring LANGuardian.

Integration with Active Directory

back to top

LANGuardian integrates with Active Directory to create reports that include user names and department information. It uses an account on the Active Directory domain server to authenticate itself and query the server event logs and global catalog for login activity and user information, such as email address and department. The domain account must have sufficient privileges to read the event security logs.

Follow these steps to integrate LANGuardian with Active Directory:

  1. Click Configuration on the Administration menu.
  2. On the Configuration page, scroll down to the section on Identify Configuration.
  3. Click Configure support for Active Directory identity logging.
  4. On the Active Directory page, click Add new server.
  5. Click the Enter new credentials radio button.
  6. Enter the following details:
    • User: the username of the domain account.
    • Password: the password for the domain account.
    • IP Address: the address of a domain controller.
  7. Click Search. LANGuardian will search for and display all Active Directory domain controllers in the domain.
  8. Tick the checkbox opposite the name of each controller you want to add, then click Save Selected.

Notes:

  • We recommend that you add all domain controllers unless you are sure that they do not authenticate users.
  • You may want to consider creating a dedicated account to associate your LANGuardian instance with Active Directory. If you do this, ensure that the account has the following rights: Deny logon locally and Manage auditing and security log.
  • On your domain controllers, configure the security settings to audit logon events.

    • For a detailed description of the steps involved, see Integrating LANGuardian with Active Directory.

    Need help?

    Please contact us if you need help installing or configuring NetFort LANGuardian. You can avail of free no-obligation technical support by contacting our helpdesk on support@netfort.com. See also the NetFort discussion forum for technical tips and usage information.

© 2011–2012 NetFort  Technologies Limited. All rights reserved.

\n