Blue Hexagon VMware Virtual Appliance User Guide

 



BH Appliance Deployment

BH Appliance can be deployed on ESX 6.5 and higher versions. The appliance has the following resource requirements:

  • Up to 500 Mbps of sustained traffic inspection: 16 vCPUs (with AVX2 instruction set support) and 32 GB RAM

  • Up to 2 Gbps of sustained traffic inspection: 24 vCPUs (with AVX2 instruction set support) and 64 GB RAM

  • Inspecting higher than 2Gbps of sustained traffic will need additional vCPUs.

  • Up to 5 Gbps: 48 vCPUs (with AVX2 instruction set support) and 192 GB RAM

It is recommended to create a separate vSwitch for the external spanned traffic to the VM. A typical deployment scenario would look like the figure below:

Step 1: OVF Deployment

Download BlueHexagon OVF tgz package and deflate it on the client’s machine disk. Ensure that the md5 checksum provided in the package matches md5sum of vmdk file from the package. Example of the command to get md5 checksum

md5sum bh-appliance-master.configured.8-bluehexagon-pov-disk1.vmdk

Use Chrome (or other browser that works with your version of VMWare hypervisor) on the client’s machine to connect to your ESX HTTPS server, Import OVF into ESX using standard procedure for importing from the local OVF file explained in https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.vm_admin.doc/GUID-17BEDA21-43F6-41F4-8FB2-E01D275FE9B4.html.

Start Deploy

Select Files

Choose Options

BlueHexagon VM will be up and running after the deploy has been completed.

 

Step 2: Installing credentials

The Blue Hexagon Virtual Appliance requires a unique set of credentials in order to successfully boot up. These credentials are provided by Blue Hexagon as an ISO image. Mount the ISO image as a CD/DVD drive.

 

Step 3 : Configuring uplink and packet capture

BlueHexagon VM will be created with two interfaces where the first interface will try to auto-configure through DHCP protocol. If successfully configured, the IPv4 address will be available in VMWare client’s console. All services are up and running at this point.

Create vSwitch for capturing packets

Identify the physical NIC on the ESX server that receives the spanned traffic from your traffic mirror of choice (switch, proxy, firewall, packet broker).

Create a new vSwitch with uplink port as the physical NIC that receives the spanned traffic.

This NIC cannot be uplink on other vSwitches.

Turn on “promiscuous mode” in the security options of the switch.

In the example shown below, we are creating a new vSwitch called capture_vSwitch with uplink port as vmnic1. “Accept” the promiscuous mode option in security settings.

 

Create portgroup for capturing packets

Create a portgroup within the above created vSwitch.

Accept the promiscuous mode option in the security options of the portgroup.

In the below example, we are creating a portgroup named “capture_portgroup” within

capture_vSwitch.

 

Add BH Appliance vNIC to capture portgroup

BH Appliance by default comes with two interfaces, one for management and other

to received spanned traffic(capture vnic).

Add the capture vnic of BH Appliance to the portgroup created above.

The capture vnic would show up as “Network Adapter 2” in the VM settings of the appliance.

In the screenshot below, the Network Adapter 2 of the bh-appliance is added to capture_portgroup.

Access the Portal UI

Once mirroring is complete, the results from the appliance are available in the UI. Please login to the product portal at https://gobluehexagon.ai with the credentials emailed to you. Please refer to our UI guide on how to interact with results from the appliance in the console.

Custom Network Settings

The Blue Hexagon VM appliance by default uses the DHCP for the Management interface. If you need to change the network settings on the VM to use a static IP. Navigate to http://<management_interface_ip> and make the necessary changes as shown below

 

Blue Hexagon Proprietary