TechNote
Installing the Scrutinizer 10.1 Virtual Appliance
Management and Reporting
SonicOS
Contents
Overview .................................................................................................................................................................1
System Requirements..............................................................................................................................................1
Installing the Scrutinizer 10.1 Virtual Appliance ........................................................................................................2
Expanding the Database Size ..................................................................................................................................9
Optimizing Scrutinizer Datastores ..........................................................................................................................17
Manually Adding SSL ............................................................................................................................................17
Frequently Asked Questions ..................................................................................................................................19
Overview
This TechNote outlines the Scrutinizer Virtual Appliance (VA) system requirements and installation process. It also
provides configuration procedures for the manual SSL installation process.
The Scrutinizer VA is obtained from Plixer International or your local reseller, and is downloaded as an all-in-one
virtual machine template (OVF template). An appliance license or evaluation license must be obtained from Plixer
International or your local reseller for the Scrutinizer VA to function properly.
The performance you get out of a Scrutinizer VA is directly dependent on the hardware in which it’s deployed on. It
is recommended to dedicate (not share) all the resources that are allocated to the Scrutinizer virtual machine. This
is especially important for the Scrutinizer datastores. In environments with high volumes of NetFlow data,
Scrutinizer requires dedicated datastores which are discussed in further detail later in this document. If you have an
exceedingly high volume of flow data, Scrutinizer hardware appliances are recommended for these types of
deployments, as they are designed to handle the highest flow rates.
After installing and licensing the Scrutinizer VA, it is ready to start collecting NetFlow data. With the default of 100
GB of disk space, you can store up to 1 month of NetFlow version 5 data from 25 devices at 1,500 flows a second.
If you are planning on exceeding this volume of flow data, or if you need to store data for longer than 30 days, there
are detailed steps indicated below that show you how to expand the amount of disk space allocated to the
appliance.
System Requirements
The Scrutinizer 10.1 Virtual Appliance requires the following:
Component
Minimum Specifications (for trial
installations)
Recommended Specifications (for
production environments)
RAM
16 GB
64 GB
Disks
100 GB
1 + TB, 15K RAID or 10 configuration
Processor
1 CPU, 4 Cores, 2 GHz or more
2 CPUs, 8 Cores, 2 GHz or more
Operating System
ESX4, ESXi4, ESX5, ESXi5
ESX4, ESX5
Installing the Scrutinizer 10.1 Virtual Appliance
P/N 232-001348-00 Rev A
TechNote
Installing the Scrutinizer 10.1 Virtual Appliance
This section includes configuration procedures for installing the Scrutinizer 10.1 OVF template and
allocating/dedicating resources to the Scrutinizer Virtual Machine.
Installing the Scrutinizer OVF Template
To install the Scrutinizer 10.1 Virtual Appliance, perform the following:
1. Download the latest Scrutinizer Virtual Appliance OVF file.
2. Launch the VMware vSphere Client, and then connect to the desired ESX host.
3. In the toolbar, click File > Deploy OVF Template.
Installing the Scrutinizer 10.1 Virtual Appliance
P/N 232-001348-00 Rev A
2
TechNote
The Source page displays:
4. Click the Deploy from file radio button, and then browse for the Scrutinizer Virtual Appliance OVF file you
downloaded.
5. Click the Next button.
The OVF Template Details page displays:
6. Verify the OVF template details, and then click the Next button.
Installing the Scrutinizer 10.1 Virtual Appliance
P/N 232-001348-00 Rev A
3
TechNote
The Name and Location page displays:
7. In the Name text-field, enter a name for the Scrutinizer Virtual Appliance template, and then click the Next
button.
The Datastore page displays:
8. From the list, select a datastore to store the Virtual Machine (VM) files in, and then click the Next button.
Installing the Scrutinizer 10.1 Virtual Appliance
P/N 232-001348-00 Rev A
4
TechNote
The Network Mapping page displays:
9. From the list, select the network to be used by the Scrutinizer Virtual Appliance, and then click the Next
button.
The Ready to Complete page displays:
10. Verify the deployment setting you chose, and then click the Finish button.
The VMware vSphere Client imports the Scrutinizer Virtual Appliance. This may take a few minutes.
Installing the Scrutinizer 10.1 Virtual Appliance
P/N 232-001348-00 Rev A
5
TechNote
Allocating and Dedicating Resources
Before the Scrutinizer Virtual Machine (VM) can be powered on, the necessary resources must be provided.
Note: The Scrutinizer OVF grabs 1CPU with 4 cores, 16GB of RAM, and 100GB of disk space. When deploying the
VA it’s recommended to increase the resources to meet the recommend System Requirements. Since all installs
will vary more resources may be required.
To configure the VM properties, perform the following steps:
1. Right-click on the Scrutinizer VM (the VM name you created in the previous section), and then select Edit
Settings.
The Virtual Machine Properties page displays:
2. Select the Hardware tab, and then adjust the Memory, CPUs, and Hard disks as necessary to meet the
system requirements.
Installing the Scrutinizer 10.1 Virtual Appliance
P/N 232-001348-00 Rev A
6
TechNote
3. Select the Resources tab, under CPU and Memory, set the Shares value to High and set the
Reservation value to the amount of resources dedicated to the VM.
Note: The amount of RAM in the screenshot below is on a small test ESX server so it won’t match a
production install.
4. Click the OK button.
5. Right-click on the Scrutinizer VM, and then select Power > Power On.
Installing the Scrutinizer 10.1 Virtual Appliance
P/N 232-001348-00 Rev A
7
TechNote
6. Navigate to the Console tab, and then login.
The server does a quick setup and automatically reboots.
7. Login to the server again and answer the questions that display.
The server downloads and installs the PDF converter.
8. Press the Enter key.
The server reboots to apply the necessary settings.
9. Login to the Scrutinizer 10.1 Management Interface, and then apply the necessary evaluation license keys.
Installing the Scrutinizer 10.1 Virtual Appliance
P/N 232-001348-00 Rev A
8
TechNote
Expanding the Database Size
Depending on the volume of NetFlow data that is sent to the Scrutinizer appliance, you may need to expand the
size of the database. Expanding the size of the database is a multi-stage process, if you have any questions please
contact your support representative.
1. Power off the Scrutinizer virtual machine by logging in and issuing the “shutdown -h now” command.
2. Open the vSphere Client.
3. Add an additional hard drive to your Scrutinizer Virtual Appliance (VA), right-click on the desired Scrutinizer
Virtual Machine (VM), and then select Edit Settings….
The Virtual Machine Properties pop-up window displays:
4. On the Hardware tab, click the Add… button.
Installing the Scrutinizer 10.1 Virtual Appliance
P/N 232-001348-00 Rev A
9
TechNote
The Add Hardware pop-up window displays:
5. In the Device Type page, select Hard Disk, and then click the Next button.
The Select a Disk page displays:
6. Select the Create a new virtual disk radio button, and then press the Next button.
Installing the Scrutinizer 10.1 Virtual Appliance
P/N 232-001348-00 Rev A
10
TechNote
The Create a Disk page displays:
7. Select the type of Disk Provisioning and by how much you want to expand the disk, and then press the
Next button.
The Advanced Options page displays:
8. Specify any advanced options you need, and then press the Next button.
Installing the Scrutinizer 10.1 Virtual Appliance
P/N 232-001348-00 Rev A
11
TechNote
The Ready to Complete page displays:
9. Review your changes, and then press the Finish button.
10. Power on your VM by right-clicking on your VM, and then selecting Power > Power On.
Installing the Scrutinizer 10.1 Virtual Appliance
P/N 232-001348-00 Rev A
12
TechNote
Now that the new hard drive is added, resize the volume group, partition volume, and file system so that
Scrutinizer can use the newly allocated space.
11. Login to the Scrutinizer VA and run the “df –h” command to view the current size of the database, which is
mounted on “/var/db”.
12. Start by increasing the size of the “vg_scrut” volume group. You can check the current size of the
“vg_scrut” volume group by running the vgs vg_scrut command.
Installing the Scrutinizer 10.1 Virtual Appliance
P/N 232-001348-00 Rev A
13
TechNote
13. Determine the name of the newly added hard drive that you are going to add to the “vg_scrut” volume
group. You can find out the current drive schema by running the “fdisk –l” command. The disk “/dev/sda” is
by default 100 GB of disk space. If this is the first time you are increasing the disk space, the disk is named
“/dev/sdb”. The last letter will increment with each new drive that’s added. For example, a third drive will be
called “/dev/sdc”.
14. Extend the “vg_scrut” group to include the newly added drive “/dev/sdb” by running the vgextend vg_scrut
/dev/sdb command.
Installing the Scrutinizer 10.1 Virtual Appliance
P/N 232-001348-00 Rev A
14
TechNote
15. Now you can verify the above command worked successfully and see the new size of your vg_scrut volume
group by running “vgs vg_scrut”.
16. Run the command lvextend --size +399.99g /dev/mapper/vg_scrut-lv_db. Make sure the increased size is
modified for how much space you are adding. The following example is for 400 GB. Due to being one block
short, the value had to be decreased to 399.99 from 400. This extends the Scrutinizer database volume by
how much new space was added.
17. Run the command “lvdisplay /dev/mapper/vg_scrut-lv_db” and look at the LV Size value, this is to check the
new size of your logical volume to verify that the size has increased appropriately.
18. Resize the file system to use the newly allocated space.
A. Stop the Scrutinizer services by running the following commands:
•
service plixer_flow_collector stop
•
service plixer_domain stop
•
service plixer_smtpd stop
•
service plixer_flowalyzer_svc stop
•
service plixer_notifyd stop
•
service plixer_syslogd stop
•
service httpd stop
•
service mysqld stop
B. Un-mount the Scrutinizer database volume by running the umount /dev/mapper/vg_scrut-lv_db
command.
Installing the Scrutinizer 10.1 Virtual Appliance
P/N 232-001348-00 Rev A
15
TechNote
C. Before resizing the file system, check it for any errors by running the fsck –f /dev/mapper/vg_scrutlv_db command.
D. Increase the file system to use all of the available space by running the resize2fs /dev/mapper/vg_scrutlv_db command. The time it takes for this command to complete depends on how much disk space is
being added to the file system.
E. Re-mount the Scrutinizer database volume by running the mount /dev/mapper/vg_scrut-lv_db /var/db
command.
19. Verify that the database volume is now the correct size by running the df - h command.
Installing the Scrutinizer 10.1 Virtual Appliance
P/N 232-001348-00 Rev A
16
TechNote
20. Start the Scrutinizer services by up by running the following commands:
•
service plixer_domain start
•
service mysqld start
•
service plixer_flow_collector start
•
service plixer_smtpd start
•
service plixer_flowalyzer_svc start
•
service plixer_notifyd start
•
service plixer_syslogd start
•
service httpd start
Optimizing Scrutinizer Datastores
Due to the nature of NetFlow, large deployments require a very high volume of disk I/O. For the best performance,
the Scrutinizer virtual appliance should be deployed on a dedicated 15,000 RPM RAID 10 datastore, with however
much disk space is required for your history settings.
Note: 1.8 TB in RAID 10 is the most common datastore deployment size.
If Scrutinizer is deployed on shared drives, such as a SAN or a NAS, then collection rates cannot be guaranteed as
the collection rates will directly depend on what other applications are also using the same disks and how busy they
are.
In high flow volume environments, if you cannot get dedicated datastores, it’s recommended to use a Scrutinizer
hardware appliance for the dedicated resources and higher collection rates.
Manually Adding SSL
Manually add SSL to your Scrutinizer Virtual Appliance by entering the commands in the following steps:
1. Install the required modules:
yum install mod_ssl openssl
2. Generate private key:
openssl genrsa -out ca.key 1024
3. Generate a CSR (you will be asked questions, make sure the common name is the hostname of the
server):
openssl req -new -key ca.key -out ca.csr
4. Generate a Self Signed Key:
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
5. Copy the files to the correct locations
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr
6. Then update the Apache SSL configuration file:
vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf
Installing the Scrutinizer 10.1 Virtual Appliance
P/N 232-001348-00 Rev A
17
TechNote
7. Find:
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
8. Replace:
SSLCertificateFile /etc/pki/tls/certs/ca.crt
9. Find:
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
10. Update:
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
11. Restart apache
/etc/init.d/httpd restart
12. Add a VirtualHost for port *:443
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
<Directory /home/plixer/scrutinizer/html>
AllowOverride All
</Directory>
DocumentRoot /home/plixer/scrutinizer/html
ServerName (the IP address of the user’s Scrutinizer VA)
</VirtualHost>
13. Restart apache:
/etc/init.d/httpd restart
14. Configuring the firewall by adding:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
15. Restart the firewall:
service iptables restart
Installing the Scrutinizer 10.1 Virtual Appliance
P/N 232-001348-00 Rev A
18
TechNote
Frequently Asked Questions
This section includes frequently asked questions about the Scrutinizer 10.1 Virtual Appliance.
•
Q: How do I make the collector listen on a non-standard NetFlow port?
A: This is a 4 step process:
1. Login to the web interface, navigate to the Admin > Settings > System Preferences page and
update the listener port.
2. From the Scrutinizer VA Command Line Interface, edit the /etc/sysconfig/iptables file and add a
line identical to another UDP line, but with your port number.
3. Type the command “service iptables restart”.
4. Type the command “service plixer_flow_collector stop” then “service plixer_flow_collector
start”.
•
Q: How do I look at the resources in use?
A: Run the command “top”.
•
Q: Where can I find the error logs?
A: MySQL log: /var/log/mysqld.log
A: Httpd log: /var/log/httpd/error_log
A: Collector logs: /home/plixer/scrutinizer/files/logs/plixer_collector-*.log
A: Install log: /home/plixer/scrutinizer/files/install.log
A: Bitrock logs: /tmp/bitrock_installer*.log
•
Q: How do I stop/start the services?
A: Run the following commands (stop|start means type one OR the other):
-
service plixer_flow_collector stop|start
-
service plixer_domain stop|start
-
service plixer_smtpd stop|start
-
service plixer_flowalyzer_svc stop|start
-
service plixer_notifyd stop|start
-
service plixer_syslogd stop|start
-
service httpd stop|start
-
service mysqld stop|start
______________________
Last updated: 11/29/2012
Installing the Scrutinizer 10.1 Virtual Appliance
P/N 232-001348-00 Rev A
19