This guide describes how to download, deploy and register a Sinefa Probe on an Hyper-V hypervisor. Only out-of-path (using a SPAN or mirror port) is supported when using Hyper-V.
This Quick Start Guide assumes the following:
- You have a Sinefa Account (if not, go to http://www.sinefa.com/ and click on "Free Trial")
- A Hyper-V hypervisor (running 2012 or 2012 R2 or later)
- At least 2GB of RAM resource
- At least 2 vCPU resource
- 8GB of thick provisioned storage is available
- A virtual network that has Internet access
- A dedicated, physical NIC on the host
When deploying Sinefa Probe in an Hyper-V environment you need to configure the virtual server with 2 Network Interface Cards. The NICS will need to be setup as follows:
Virtual NIC 1: eth0 = management interface
Virtual NIC 2: eth1 = monitoring port connected to a dedicated physical NIC on the host
eth0 will be the management port and pick up an IP address via DHCP (if no DHCP is available you can configure a static address).
eth1 should have SPAN traffic sent to it. The physical NIC on the VM Host must be used exclusively by the Sinefa VM and cant be used by any other VM or the host. See Setup instructions for SPAN port for more details.
VM Set-up diagram
The following installation steps are detailed below:
Step 1. Download
Step 2. Deploy
Step 3: Register
Step 4: Subscribe
Step 5: Send SPAN traffic
Step 1. Download
Currently Hyper-V images are available upon request - send a request through to firstname.lastname@example.org to obtain the image.
Step 2. Deploy
Unzip the Sinefa probe virtual machine image, then open Hyper-V Manager and select 'Import Virtual Machine...'. Specify the folder where you unzipped the Sinefa probe files.
Select 'Sinefa Probe'.
Select 'Restore the virtual machine'.
Once done, confirm the settings and click Finish to complete the import of the Sinefa probe.
Once imported, right click on the newly created Sinefa Probe and select 'Settings...'. Locate the Network Adaptor and ensure it is connected to a virtual switch that will allow the Sinefa probe to connect to the Internet.
Once done, do ahead and power the probe on.
Step 3. Register
See Manual Probe Registration for instructions on how to register the Sinefa probe to your Sinefa account.
NOTE: By default, the probe will obtain an IP Address from DHCP. If DHCP is not available, you will need to manually configure a static IP Address using the "Network" option in the menu. See the Configuring a Static IP Address article for more information.
Step 4. Subscribe
Subscribe the probe to the Sinefa service by logging into app.sinefa.com.
NOTE: No charges will apply in Trial mode. If you are not the Administrator then please notify the Administrator to complete this step.
- On the Account drop down box at the top right of the screen, make sure you are using the right Account. Under Account, select "<YOUR ACCOUNT>".
- Assuming the Probe is turned on and can communicate via HTTPS to app.sinefa.com, it will appear online (green) under Settings | Probes.
- Click on 'Subscribe' button and follow the prompts to add a Subscription to the Probe.
Step 5. Send SPAN traffic
Hyper-V requires some extra steps to allow external SPAN traffic (from a local switch or router) to reach the Sinefa probe. You will need a dedicated physical NIC on the host to complete these steps.
First, ensure the Sinefa probe is powered off.
Next, create a new virtual switch, in Hyper-V manager select 'Virtual Switch Manager...'. Select 'New virtual network switch' and choose 'External'.
We called our new switch 'SPAN'. Select 'External Network' and choose the network adaptor to use. This must be a dedicated physical NIC, only for the Sinefa probe. Other VMs as well as the host will not be able to use it. Uncheck the 'Allow management operating system to share this network adaptor' option and click 'Apply'.
Once the virtual switch has been created, click on the [+] icon next to it's name to expend the options. Select 'Extensions' and enable the 'Microsoft NDIS Capture' option. Then click 'OK'.
On the main Hyper-V manager screen, right click on the Sinefa Probe and select 'Settings...'. Select 'Add Hardware' on the left, choose 'Network Adaptor', then click 'Add'.
Select the newly created 'SPAN' virtual switch then click 'Apply'.
Once the new Network Adaptor has been added, click on the [+] icon next to it's name to expand the extra options. Choose 'Advanced Features'. Scroll down to the 'Port mirroring' section and select 'Destination' as the 'Mirroring mode' option. Then click 'OK'.
Next, we need to make the virtual switch we created previously mirror the SPAN traffic to our VM. The can be done using PowerShell. Assuming you called your virtual switch 'SPAN', open up a PowerShell and run these 3 commands:
$ExtPortFeature=Get-VMSystemSwitchExtensionPortFeature -FeatureName "Ethernet Switch Port Security Settings" $ExtPortFeature.SettingData.MonitorMode = 2 Add-VMSwitchExtensionPortFeature -ExternalPort -SwitchName SPAN -VMSwitchExtensionFeature $ExtPortFeature
You can verify Monitor Mode has been set to '2' by running this command:
Get-VMSwitchExtensionPortFeature -FeatureName "Ethernet Switch Port Security Settings" -SwitchName SPAN -ExternalPort | select -ExpandProperty SettingData
Now, power on the Sinefa probe.
Once you have set-up the above successfully, you will need to set-up the SPAN port on your switch/router and set-up SPAN port monitoring through the Sinefa UI
Now that the Sinefa Probe is registered, you can manage it using the Sinefa UI by logging in at app.sinefa.com.