Installing a Data Aggregator in VMware

Important: Stellar Cyber recommends that you deploy an aggregator using a Modular Sensor with the Aggregator feature enabled in its Sensor Profile rather than using the purpose-built aggregator image. Installation of aggregators using the purpose-built images is officially a deprecated feature, although the images are still available.

You can install a data aggregator on a VMware ESXi virtual machine. To install you must:

• Prepare
• Create a virtual switch
• Create a VM
• Connect to the DP
• Authorize the aggregator

Preparing

Click to see the minimum system requirements for installing a data aggregator.

To prepare for the installation:

1. Open firewall ports.

2. Contact Stellar Cyber support (support@stellarcyber.ai) for login credentials.

3. Using those credentials, download the image from https://acps.stellarcyber.ai/release/4.3.7/datasensor/aella-device-agg-4.3.7.ova.

Installation links point to the most recent release. To download a different version, simply substitute the version you want for the version specified in the link.

Supported ESXi Versions

Aggregator installation is supported on the following ESXi versions:

• 8.0
• 7.0
• 6.7

Creating the Virtual Switch

To create the virtual switch:

Use our example as a guideline, as you might be using a different software version.

1. Start the add networking wizard and choose Virtual Machine Port Group.

   

2. Add the port to an existing switch or create a new switch.

   

3. Click Finish.

   

Creating the VM

To create the VM:

1. Click Deploy OVF Template. The wizard appears.

   The Stellar Cyber distribution provides an OVA file, which is a format that includes the requested OVF file as a component.

   

2. Choose Local.
3. Browse to the OVA file you downloaded in preparation.
4. Enter a name for the VM.

5. Choose which data center to run the VM on.

   

6. If the data center has more than one resource to run the VM, choose the one hosting the mirror port.

   

7. Click Finish. The VM is loaded into the hypervisor and shown on the summary page.

   

8. Expand VM Hardware.

   

9. Select Network Adapter 1.

10. Edit the settings and add a second adapter.

    

11. Start the VM.

Connecting the Aggregator to the DP

To connect to the DP:

1. Log in to your new aggregator . The default username/password is aella/changeme. You are immediately prompted to change the password.

2. Change the password.

   After you change the password, your session closes automatically. When you log back in with your new credentials, the prompt changes to DataSensor>.

3. Set IP parameters for the management port. You can use either a static IP address or a DHCP server, if available.

   Stellar Cyber recommends using a static IP address for ease of troubleshooting.

   The commands are as follows:

   Configuration Type	Commands
   Static IP Substitute your own IP parameters for those shown in bold.	set interface management ip 192.168.14.100/255.255.255.0 set interface management gateway 192.168.14.1 set interface management dns 8.8.8.8
   DHCP	set interface management ip dhcp

4. Verify the IP settings with the show interfaces command.

5. Set the host name. The host name is displayed in Stellar Cyber and should be unique for each sensor:

   set hostname <new hostname>

6. If necessary, set the proxy HTTP server:

   set proxy http://<proxy IP address:port>

7. If this aggregator is associated with a specific Tenant, use the set tenant_id <Tenant ID> command to specify the name of that tenant. For example:

   set tenant_id MyTenant

8. Use the set cm command to specify the IP address to reach the management interface of the Data Processor. For a DP cluster, this is the IP address of the DL-master's management interface. For a single DP deployment, this is simply the DP's management IP address. You can specify either an IP address or a hostname. For example:

   set cm 192.168.44.10

   or:

   set cm example.company.com

   If you specify a hostname rather than an IP address, the system attempts to verify the hostname with the DNS server. If the DNS server is not reachable, the system reports the error and lets you either proceed with the configured hostname or quit. This way, you can specify a hostname for the set cm destination in an offline environment without access to a DNS server.

9. Verify your settings with the show cm command. You should see the IP address of the DP listed as the CM Controller and the Status should be Established.
10. Log out with the quit command.

The aggregator automatically contacts the DP to register itself.

Authorize the Aggregator

You must authorize the aggregator when it appears in the network.

You can authorize multiple aggregators at a time. So if you're installing multiple aggregators, install them all, then authorize them all at once.

Configure Sensors to Use the Aggregator

After you install the aggregator, you can configure sensors to use the aggregator.