Instructions here are for download and install of the OVA on MS Hyper-V for an NDR Sensor. The same install process can be followed when installing the Data Collector for Log Collectors without an NDR Sensor.
Step 1 - Download OVA
Select the Action 'Download OVA' the zip file will be placed in your downloads folder
The zip file that contains the virtual drives, seed.iso, and a PowerShell script to make the import process as easy as possible.
CAUTION: One thing to note that is different between VMware ESXi and Hyper-V support is that the NDR application is not able to support jumbo network packets. This is due to a limitation in the driver used by Hyper-V to capture packets.
STEP 2 : Extract the zip file to a folder on your hard drive
STEP 3: Execute the Powershell
Once you have extracted the zip file, navigate to the folder where you extracted the items to and right click on the ndr-sensor.ps1 file. Then select 'Run with PowerShell'.
You will most likely need to allow the file to be run, if this is the case then click the Open button in the Security Warning popup dialog box.
STEP 4: Answer the PowerShell execution prompts
The script will ask a serious of questions that will help automate the import process and setup the vSwitch you select for the capture interfaces to read your mirrored traffic.
-
You will be asked to give the virtual machine a name
-
The PowerShell script will detect your default install location for virtual drives, and ask to create a new folder in that location.
-
You will be asked to specify how many processors the VM should have. (Default 4)
-
You will be asked to specify how much RAM the VM should be allocated (
-
You will be asked which vSwitch should be attached to the management interface and shown a list of your current vSwitches. The first entry in the list will be selected as the default.
-
You will be asked which vSwitch should be attached to the syslog interface and shown a list of your current vSwitches. The first entry in the list will be selected as the default.
-
You will be asked which vSwitch should be attached to the SPAN1 interface and shown a list of your current vSwitches. The first entry in the list will be selected as the default. If this is a “log collector only” VM, then you can use whatever vSwitch you want as a placeholder and disconnect this interface in the VM settings after it has been imported.
-
You will be asked which vSwitch should be attached to the SPAN2 interface and shown a list of your current vSwitches. The first entry in the list will be selected as the default. The second span port is not needed for all NDR deployments. It is only needed when the customer has two sources for SPAN traffic that need to be monitored. An example of this would be a physical switch, and a vSwitch in Hyper-V that is hiding traffic from the physical switch. If this is a “log collector only” VM, then you can use whatever vSwitch you want as a placeholder and disconnect this interface in the VM settings after it has been imported.
After you have answered all of the questions, the PowerShell script will then copy the VM files to the new folder in your default virtual drive location and setup the VM in Hyper-V. Once this process is finished you will see an “Installation Completed Successfully” message, and you can press any key to exit the script.
STEP 5: Review settings in Hyper-V manager
After the script is finished running, you can open the Hyper-V Manager (if it isn’t already open) and you should see the VM added to the list of virtual machines. If you need to change any settings (or confirm the ones you selected in the PowerShell script), you can do so at this point in time.
STEP 6: First Boot process