Sightline

Virtual Machine Installation Guide

Version 9.2
Legal Notice
The information contained within this document is subject to change without notice. Arbor Networks, Inc. makes
no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose. Arbor Networks, Inc. shall not be liable for errors contained
herein or for any direct or indirect, incidental, special, or consequential damages in connection with the
furnishings, performance, or use of this material.

© 2019 Arbor Networks, Inc. All rights reserved. Proprietary and Confidential Information of Arbor Networks, Inc.
Document Number: SP-VM-92-2019/12
06 December, 2019
Contents

Preface
About the Sightline and Threat Mitigation System (TMS) Documentation 6
Conventions Used in this Guide 8
Contacting the Arbor Technical Assistance Center 10

Section 1: Before you Install Sightline in a VM

Hypervisor Information 12
Hardware Environment Information 13
Additional Recommendations 14
Reference Benchmarks 15

Section 2: Installing Sightline in a VM

Installing Sightline Software 18
Setting the Hostname 19
Configuring Interfaces 20
Enabling Access to Services 21
Setting the Date and Time 23
About Adding an NTP Server 24
Rebooting the System 25
Adding a DNS Server 26
Changing the Administrator Password 27
Installing the SSL Certificate 28
Initializing the Appliance 29
Committing Configuration Changes and Starting Services 30
Generating an SSH key and Starting the SSH Service 31
Installing an SSL Certificate for ATLAS Intelligence Feeds 32

Section 3: Converting a Physical Sightline Appliance to a VM

Choosing a Conversion Method 34
Converting an Appliance by Backing Up and Importing 35
Converting a Leader Appliance by Failover 37
Converting a Non–leader Appliance with the TRA Role 38

Sightline Virtual Machine Installation Guide, Version 9.2 3

Sightline Virtual Machine Installation Guide, Version 9.2

4 Proprietary and Confidential Information of Arbor Networks, Inc.

Preface

Introduction
This guide describes how to install Sightline software in a VM and configure it for your
network. It also describes how to convert a physical Sightline appliance to a VM.

Audience
This guide is intended for system administrators who are responsible for installing,
configuring, and maintaining Sightline.

In this section
This section contains the following topics:

About the Sightline and Threat Mitigation System (TMS) Documentation 6

Conventions Used in this Guide 8
Contacting the Arbor Technical Assistance Center 10

Sightline Virtual Machine Installation Guide, Version 9.2 5

Sightline Virtual Machine Installation Guide, Version 9.2
About the Sightline and Threat Mitigation System (TMS)
Documentation
See the following documentation for more information about Sightline and TMS
appliances and this version of the software:
Available Documentation
Quick Start Card for Sightline
and Threat Mitigation System
appliances
Sightline and Threat Mitigation
System User Guide
Sightline and Threat Mitigation
System Advanced Configuration
Guide
Sightline and Threat Mitigation
System Help
Sightline and Threat Mitigation
System Managed Services
Customer Guide
Sightline and Threat Mitigation
System API Guide
Sightline REST API
Documentation
Sightline Virtual Machine
Installation Guide
Software Threat Mitigation
System Virtual Machine
Installation Guide
Software Threat Mitigation
System Installation on Hardware
6 Proprietary and Confidential Information of Arbor Networks, Inc.
Contents
Instructions and requirements for the initial
installation and configuration of Sightline and TMS
appliances.
Instructions and information that explain how to
configure and use Sightline and TMS appliances and
software using the Sightline web user interface (UI).
Instructions and information about configuring
advanced settings in Sightline and TMS, including
those that can only be configured using the
command line interface (CLI).
Online help topics from the User Guide and
Advanced Configuration Guide. If you are a
managed services customer, it shows only the online
help topics from the Managed Services Customer
Guide. The Help is context-sensitive to the Sightline
web UI page from which it is accessed.
Instructions and information for the managed
services customers who use the Sightline web user
interface.
Instructions for remotely accessing Sightline and
TMS using the REST, SOAP, and Arbor Web Services
APIs.
Online help topics about the Sightline
REST API endpoints. To open the help, select
Administration > REST API Documentation .
Instructions on installing Sightline in a VM
environment. Follow the instructions in this guide if
you are using a VM instead of hardware for Sightline.
Instructions on installing Software TMS in a VM
environment. Follow the instructions in this guide if
you are using a VM instead of hardware for Software
TMS.
Instructions on installing Software TMS on your own
hardware. Follow the instructions in this guide if you
are installing Software TMS on hardware instead of a
VM.

Available Documentation
Software Threat Mitigation
System Performance
Benchmarks
Sightline and Threat Mitigation
System Licensing Guide
Insight Hardware and
Installation Guide
Sightline and Threat Mitigation
System Compatibility Guide
Sightline and Threat Mitigation
System Deployment and
Appliance Limits
Sightline Release Notes
Threat Mitigation System
Release Notes
(information)
Proprietary and Confidential Information of Arbor Networks, Inc.
Preface
Contents
Performance benchmarks for Software TMS
installations on a VM and your own hardware.
Descriptions of each Sightline and TMS software
licensing mode, how to obtain licenses to run your
Sightline and TMS software, and how to add and
change the licensed capabilities and capacities in
your deployment.
Information about Insight hardware along with
installation and upgrade instructions.
Descriptions of the support for multi-version, multi-
platform Sightline and TMS deployments
Lists the enforced limits and guideline limits for
Sightline and Sightline/TMS deployments. It also
covers the enforced limits and guideline limits for
each currently supported Sightline and TMS
appliance.
Release information about Sightline, including new
features, enhancements and fixed and known
issues.
Release information about TMS, including new
features, enhancements and fixed and known
issues.
Information about a report or a particular feature of
the Sightline web user interface (UI). This
information appears when you hover your mouse
pointer over the icon.
7
Sightline Virtual Machine Installation Guide, Version 9.2

Conventions Used in this Guide

This guide uses typographic conventions to make the information in procedures,
commands, and expressions easier to recognize.

Conventions for procedures

The following conventions represent the elements that you select, press, and type as you
follow procedures.

Typographic conventions for procedures

Convention Description Examples
Italics A label that identifies an area On the Summary page, view the
on the graphical user interface. Active Alerts section.

Bold An element on the graphical Type the computer’s address in

user interface that you click or the IP Address box.
interact with. Select the Print check box, and
then click OK .

SMALL CAPS A key on the keyboard. Press ENTER.

To interrupt long outputs, press
CTRL + C.

Monospaced A file name, folder name, or Navigate to the

path name. C:\Users\Default\Favorites
Also represents computer folder.
output. Expand the Addresses folder,
and then open the readme.txt
file.

Monospaced Information that you must Type https:// followed by the IP

bold type exactly as shown. address.

Monospaced A file name, folder name, path Type the server's IP address or
italics name, or other information hostname.
that you must supply.

> A navigation path or sequence

of commands.

The following table shows the syntax of commands and expressions. Do not type the
brackets, braces, or vertical bar in commands or expressions.

Conventions for commands and expressions

Convention Description
Monospaced bold Information that you must type exactly as shown.

Monospaced A variable for which you must supply a value.

italics

8 Proprietary and Confidential Information of Arbor Networks, Inc.

 Preface

Conventions for commands and expressions (continued)

Convention Description
{ } (braces) A set of choices for options or variables, one of which is required.
For example: {option1 | option2}.

[ ] (square brackets) A set of choices for options or variables, any of which is optional.
For example: [variable1 | variable2].

| (vertical bar) Separates the mutually exclusive options or variables.

Proprietary and Confidential Information of Arbor Networks, Inc. 9

Sightline Virtual Machine Installation Guide, Version 9.2

Contacting the Arbor Technical Assistance Center

The Arbor Technical Assistance Center is your primary point of contact for all service and
technical assistance issues that involve Arbor products.

Contact methods
You can contact the Arbor Technical Assistance Center as follows:
n Phone US toll free — +1 877 272 6721

n Phone worldwide — +1 781 362 4301

n Support portal — https://support.arbornetworks.com

Submitting documentation comments

If you have comments about the documentation, you can forward them to the Arbor
Technical Assistance Center. Please include the following information:
n Title of the guide

n Document number (listed on the reverse side of the title page)

n Page number

Example
SP-VM-92-2019/12

Sightline Virtual Machine Installation Guide

Page 9

10 Proprietary and Confidential Information of Arbor Networks, Inc.

Section 1:
Before you Install Sightline in a VM

You can deploy Sightline in a virtual machine (VM). Doing so allows you to dynamically add
routers to your deployment so that you can monitor more of your infrastructure and
improve performance. It also frees you from managing a large deployment of physical
Sightline appliances. You must read this section for information you need to know prior to
installation.

In this section
This section contains the following topics:

Hypervisor Information 12
Hardware Environment Information 13
Additional Recommendations 14
Reference Benchmarks 15

Sightline Virtual Machine Installation Guide, Version 9.2 11

Sightline Virtual Machine Installation Guide, Version 9.2

Hypervisor Information
Sightline VM instances are compatible with the following hypervisors:
n VMware vSphere Hypervisor software (formerly known as ESXi)

Versions 5.0, 5.1, 5.5, 6.0, and 6.5 are confirmed.

n KVM on QEMU emulator
Version 2.11 is confirmed.
Note
With versions of Proxmox Virtual Environment before version 4.0, you must give a
unique UUID to a KVM that is used as a leader with cloud-based licensing.
n Xen on the Xen Cloud Platform or XenServer
Note
Sightline versions higher than 9.2 will not support Xen.

12 Proprietary and Confidential Information of Arbor Networks, Inc.

 Section 1: Before you Install Sightline in aVM

Hardware Environment Information

Minimum and recommended specifications for the hardware that runs the Sightline VM
instance are listed below.

Note
We recommend running the Sightline leader and the Sightline traffic and routing analysis
role in separate VM instances. If a single VM is used as both the leader and a device with
the traffic and routing analysis role, the VM should be provisioned with the
recommended hardware specifications, listed below.

Hardware Minimum Recommended Additional Information

Core 16 cores 32 cores

allocation

Memory 24 GB 32 GB There is no significant improvement in

allocation performance when the memory
allocation is larger than 32 GB.

Disk 100 GB 250 GB If you are running Sightline in a VM and

allocation you need to expand the size of the
(user virtual disk, contact the Arbor Technical
interface Assistance Center (ATAC) at
role) https://support.arbornetworks.com
for assistance.
Note
Disk 500 GB 1 TB
Sightline does not support disk
allocation
expansion when the disk is formatted
(traffic and
using the XFS file system.
routing
analysis role)

Network 1 interface At least 1 Sightline is a network-intensive

interfaces interface application. Each Sightline VM instance
should have its own 1 Gb interface.

Important
Do not configure more than two
Sightline VM instances to share a
network interface, especially if they
have the traffic and routing analysis
role.

Although we have tested Sightline VM instances running on hardware from various

vendors, we do not make recommendations concerning the vendor that you should use
for your hardware.

Proprietary and Confidential Information of Arbor Networks, Inc. 13

Sightline Virtual Machine Installation Guide, Version 9.2

Additional Recommendations
Note the following additional recommendations concerning Sightline VM instances:
n Time service

If you are using VMware, the guest VM currently synchronizes time automatically from
the host, and you cannot configure NTP servers on the guest VM. Make sure that the
host is synchronized using NTP to a time source that is in sync with the other Arbor
appliances in your deployment.
If you are using KVM or Xen, configure NTP servers on the guest VM that are in sync
with the other Arbor appliances in your deployment.
Note
Sightline versions higher than 9.2 will not support Xen.
n Storage device
Sightline is very disk intensive. For this reason:
l When running Sightline in a VM, we strongly recommend using a solid-state drive
(SSD) as the storage device.
l Each Sightline VM instance should have its own storage device.
l If a Sightline VM instance must share a disk with another VM instance, the disk must
be an SSD.
n VM server load
For best performance, do not run other applications or services on the VM server that
runs the Sightline VM instance.
n VMware vMotion
You can use vMotion to move a Sightline VM instance to another VM host server. Arbor
recommends that you stop Sightline services on the VM instance before you move the
VM instance.
Important
Both VM instances must use the same network name.
n VMware provisioning options
When configuring the VMware settings, use the default settings except for the following
settings:

Setting Selection
Network adapter E1000

OS Other Linux 64-bit

Storage Thick Provisioned Lazy Zeroed

n Backup and restore

Sightline supports the use of VMware snapshots without snapshotting the VM’s
memory. Sightline does not support snapshots that include the VM’s memory. We
recommend you configure snapshots to quiesce the guest file system.

14 Proprietary and Confidential Information of Arbor Networks, Inc.

 Section 1: Before you Install Sightline in aVM

Reference Benchmarks
This section lists performance benchmarks when using Arbor appliances. We recommend
that your Sightline VM instances provide similar performance.

Sightline performance benchmarks for SP 6000 and SP 7000 appliances

Bonnie++ benchmarks

Expected Flow Sequential Output Sequential Input

Performance Per Block Per Block
Cores (Flows/sec) Character K/sec Character K/sec
K/sec K/sec

32 200,000 42,644 572,473 57,817 1,368,147

ApacheBench benchmarks
Expected Flow
Performance Requests Bytes Request Rate
Cores (Flows/sec) Completed Transferred (Requests/sec)
32 200,000 37,790 8,842,860 62.98

CLI Commands Used for Performance Benchmarks

You can use the following commands in the Sightline CLI to generate and confirm the
performance benchmarks.

Note
Benchmarks should be generated without services running.

Command Description
/ system This command starts the benchmarking with the apachebench and
benchmark run bonnie++ systems.

/ system This command displays whether any benchmark tests are running
benchmark show and when the last benchmark test was run. It also displays a
summary of some of the statistics from the most recent
benchmark run.

Proprietary and Confidential Information of Arbor Networks, Inc. 15

Sightline Virtual Machine Installation Guide, Version 9.2

Command Description
/ system This command stops a benchmark test that is in progress.
benchmark stop

/ system This command produces the test results in CSV format after
benchmark show benchmarks are run. The output also includes a legend.
raw To show what each entry in the comma-separated output stands
for, you can import the legend into a spreadsheet program along
with the comma-separated output. Fields in the < > brackets
change, while the values “bonnie,” “ab,” and “sysinfo” are static
fields. The format for most of the fields in the < > brackets is “test
type: subtype; units.”

16 Proprietary and Confidential Information of Arbor Networks, Inc.

Section 2:
Installing Sightline in a VM

The following sections describe how to install Sightline 9.x and later in a VM. The following
table describes the CLI command syntax used in these sections:

CLI Command Syntax Description

command Items that you must type as shown.

variable Placeholder for which you must supply a value.

In this section
This section contains the following topics:

Installing Sightline Software 18

Setting the Hostname 19
Configuring Interfaces 20
Enabling Access to Services 21
Setting the Date and Time 23
About Adding an NTP Server 24
Rebooting the System 25
Adding a DNS Server 26
Changing the Administrator Password 27
Installing the SSL Certificate 28
Initializing the Appliance 29
Committing Configuration Changes and Starting Services 30
Generating an SSH key and Starting the SSH Service 31
Installing an SSL Certificate for ATLAS Intelligence Feeds 32

Sightline Virtual Machine Installation Guide, Version 9.2 17

Sightline Virtual Machine Installation Guide, Version 9.2

Installing Sightline Software

To install Sightline software:
1. Provision a VM with the appropriate resources allocated to it. See “Hardware
Environment Information” on page 13.
2. Configure the VM to mount and boot from the Sightline VM ISO.
3. Connect to the VM’s VGA console.
4. Power on the VM.
5. To start the boot menu, press any key when you see the message, “Press any key
to continue.”
6. At the boot menu, select (re)install (VGA).
A warning message appears that states installing removes all data.
7. To confirm that you want to begin the installation process, enter y when prompted.
8. To initialize the disk, enter y.
9. When prompted to install the ArbOS software package, enter y.
10. When prompted to install the Sightline appliance software, enter y.

18 Proprietary and Confidential Information of Arbor Networks, Inc.

 Section 2: Installing Sightline in a VM

Setting the Hostname

To set the hostname:
n Enter a hostname for the appliance.

Proprietary and Confidential Information of Arbor Networks, Inc. 19

Sightline Virtual Machine Installation Guide, Version 9.2

Configuring Interfaces
To configure interfaces:
1. Determine if you are using the listed interface.
2. If you are not using the interface, press ENTER.
3. If you are using the interface, do the following:
a. Enter an IP_address for the listed interface.
b. Enter a netmask for the interface.
c. At the media type prompt, press ENTER.
4. Repeat Step 1 through Step 3 for each interface on the appliance.
5. Enter the IP_address of the default route gateway.

20 Proprietary and Confidential Information of Arbor Networks, Inc.

 Section 2: Installing Sightline in a VM

Enabling Access to Services

When you configure the access to services, you can press enter to bypass a setting. All of
these settings can be configured later using the web UI or a CLI command.

To enable access to services:

1. At the BGP access prompt, press ENTER to skip configuring BGP access to the
appliance.
You can configure BGP access to the appliance in the web UI when you configure
routers.
2. At the Cloud Signaling access prompt, press ENTER to skip configuring Cloud Signaling
access to the appliance.
You can configure Cloud Signaling access to the appliance in the web UI when you
configure a managed object.
3. At the FTP access prompt, do one of the following:
l If you need to copy files from an FTP server, enter the CIDR_block from which you
want to allow FTP access to the appliance.
l If you do not need to copy files from an FTP server, press ENTER.
4. At the HTTP access prompt, enter the CIDR_block from which you want allow HTTP
access to the appliance.
5. At the HTTPS access prompt, do one of the following:
l If you are configuring an appliance that has the user interface role, then enter the
CIDR_block of a network from which you want to enable HTTPS access.
l If you are configuring an appliance that has the traffic and routing analysis role or
the data storage role, then press ENTER.
6. Repeat Step 5 for each network from which you want to enable HTTPS access.
7. At the OSPF access prompt, press ENTER to skip configuring OSPF access.
8. At the ping access prompt, enter the CIDR_block from which you want to allow ping
access to the appliance.
9. Repeat Step 8 for each network from which you want to enable ping access.
10. At the SNMP access prompt, enter the CIDR_block from which you want to allow
SNMP queries to the appliance.
11. If the SPCOMM access prompt appears, press ENTER to deny all SPCOMM access to the
appliance.
Note
Configurations that you perform later (bootstrap command) will automatically add
SPCOMM access as needed.
12. At the telnet access prompt, enter the CIDR_block of a network from which you want
to allow telnet access to the appliance.
Note
Arbor does not recommend using telnet for CLI access, because it is an insecure
protocol; you should use SSH instead. Add networks to the telnet access list only if
you will later enable telnet access.
13. If the TFTP access prompt appears, press ENTER to skip configuring TFTP access.
TFTP is not supported.
14. If the VRRP access prompt appears, press ENTER to skip configuring VRRP access.

Proprietary and Confidential Information of Arbor Networks, Inc. 21

Sightline Virtual Machine Installation Guide, Version 9.2

Sightline does not support VRRP.

15. At the SSH access prompt, enter the CIDR_block of the network from which you want
to enable SSH access.
Note
You cannot access the VM using SSH until an SSH key is generated and the SSH
service is started. See “Generating an SSH key and Starting the SSH Service” on
page 31.
16. Repeat Step 15 for each network from which you want to enable SSH access.

22 Proprietary and Confidential Information of Arbor Networks, Inc.

 Section 2: Installing Sightline in a VM

Setting the Date and Time

To set the date and time:
n Enter the date in the format mmddHHMMyyyy.SS (month, day, hour, minute, year,
second).

Proprietary and Confidential Information of Arbor Networks, Inc. 23

Sightline Virtual Machine Installation Guide, Version 9.2

About Adding an NTP Server

If you are using VMware, when the NTP prompt appears, press ENTER to skip enabling
NTP. If you are using KVM or Xen, enter the IP addresses of your NTP server(s). For more
information, see “Time service” in “Additional Recommendations” on page 14 .

Note
With Xen version 7.5.0 and 7.5.1, NTP does not work.

Note
Sightline versions higher than 9.2 will not support Xen.

24 Proprietary and Confidential Information of Arbor Networks, Inc.

 Section 2: Installing Sightline in a VM

Rebooting the System

To reboot the system:
1. When you are prompted to reboot the system, enter y
2. After the appliance restarts, log in to the system by using the administrator user name
(admin) and password (arbor).
To change the administrator password, see “Changing the Administrator Password”
on page 27.

Proprietary and Confidential Information of Arbor Networks, Inc. 25

Sightline Virtual Machine Installation Guide, Version 9.2

Adding a DNS Server

On a leader appliance, you can add a DNS server to a local or global configuration. On a
non-leader appliance, you can only add a DNS server to a local configuration. When a DNS
server is added to a local configuration, Sightline associates the DNS server with the
individual appliance. A local DNS configuration takes precedence over a global DNS
configuration.

For additional information about adding DNS servers, see:

n “Configuring DNS Servers” in the Sightline and Threat Mitigation System Advanced
Configuration Guide
n “Configuring Network Services” in the Sightline and Threat Mitigation System User
Guide

Adding a local DNS server

To add a local DNS server:
n Enter / services dns server add IP_address
IP_address = IP address of the DNS server

Adding a global DNS server on the leader appliance

To add a global DNS server on the leader appliance:
n Enter / services dns server add IP_address global
IP_address = IP address of the DNS server

26 Proprietary and Confidential Information of Arbor Networks, Inc.

 Section 2: Installing Sightline in a VM

Changing the Administrator Password

To change the administrator password:
1. Enter / services aaa local password admin interactive
2. Enter the new_password.
3. Enter the new_password again.

Proprietary and Confidential Information of Arbor Networks, Inc. 27

Sightline Virtual Machine Installation Guide, Version 9.2

Installing the SSL Certificate

SSL web server certificates keep information private while in transit between your web
server and web browsers. You can install SSL web server certificates from external
authorities (such as RSA or VeriSign). You can also use Arbor’s certificate packages. Arbor
provides a default certificate package to new customers. When you require a new
certificate, you can request a new certificate from Arbor or acquire a new certificate
package from a different authority.

Important
If you upload external certificate files, make sure they are properly formatted and the
lines are terminated with UNIX-style newline characters.

Important
Sightline does not support password-protected certificates.

Note
Installing an SSL certificate on an appliance is optional.

To install an Arbor certificate:

1. Enter / system files copy URL disk:
URL = the shared network resource where the Arbor certificate is located. (It can be
either an HTTP or FTP location.)
2. After the download is complete, enter / system files install disk: file_
name.
file_name = the file name of the Arbor certificate package
You can install a non-Arbor SSL certificate in the Sightline web UI on the SSL Certificates
tab when you configure an appliance that has the user interface role. See “Configuring SSL
Certificates” in the Sightline and Threat Mitigation System User Guide .

28 Proprietary and Confidential Information of Arbor Networks, Inc.

 Section 2: Installing Sightline in a VM

Initializing the Appliance

To initialize the appliance:
1. After the import of the SSL certificate is complete, enter / services sp bootstrap
nonleader IP_address zone_secret role
IP_address = the IP address of the appliance
zone_secret = the word or phrase that is used by all appliances in the deployment
for internal communication
role = the role to assign to the appliance
Type bi for the data storage role, cp for the traffic and routing analysis role, or pi for
the user interface role.
Note
For information about appliance roles, see “Introduction to Sightline Appliances” in
the Sightline and Threat Mitigation System User Guide .
2. To delete the existing alert and mitigation database, enter y

Proprietary and Confidential Information of Arbor Networks, Inc. 29

Sightline Virtual Machine Installation Guide, Version 9.2

Committing Configuration Changes and Starting Services

To commit configuration changes and start services:
1. Do one of the following:
l If the Commit (and activate) configuration? prompt appears, enter y
l To save the configuration, enter config write
2. To start the appliance, enter / services sp start
3. To save the started state of the Sightline services and to push the config to all of the
boxes in the deployment, enter config write again.

30 Proprietary and Confidential Information of Arbor Networks, Inc.

 Section 2: Installing Sightline in a VM

Generating an SSH key and Starting the SSH Service

To generate an SSH key:
n Enter /services ssh key generate

To start the SSH service:

n Enter /services ssh start

Proprietary and Confidential Information of Arbor Networks, Inc. 31

Sightline Virtual Machine Installation Guide, Version 9.2

Installing an SSL Certificate for ATLAS Intelligence Feeds

If your deployment has a license for the ATLAS Intelligence Feeds, you need to install an
SSL certificate on your leader and backup leader VMs in order to access the feeds. To
obtain the certificate, contact the Arbor Technical Assistance Center (ATAC) at
https://support.arbornetworks.com.
To install the certificate:
1. Enter / system files copy URL disk:
URL = the shared network resource where the certificate is located. (It can be
either an HTTP or FTP location.)
2. After the download is complete, enter / system files install disk:file_name
file_name = the file name of the certificate package

32 Proprietary and Confidential Information of Arbor Networks, Inc.

Section 3:
Converting a Physical Sightline
Appliance to a VM

Use the information in this section to convert a physical appliance to a VM.

In this section
This section contains the following topics:

Choosing a Conversion Method 34

Converting an Appliance by Backing Up and Importing 35
Converting a Leader Appliance by Failover 37
Converting a Non–leader Appliance with the TRA Role 38

Sightline Virtual Machine Installation Guide, Version 9.2 33

Sightline Virtual Machine Installation Guide, Version 9.2

Choosing a Conversion Method

Note
Your deployment must use cloud-based flexible licensing to convert appliances to a VM.
If you are not using cloud-based flexible licensing, please contact the Arbor Technical
Assistance Center (ATAC) at https://support.arbornetworks.com before converting.

The conversion method depends on the type of appliance you are converting:
n Leader appliances

There are two methods for converting a leader appliance:

l Fail over to the VM: This is the preferred conversion method, as it requires less down
time and fewer missed alerts. However, this method results in the leader name and
IP address changing. Follow the steps in “Converting a Leader Appliance by Failover”
on page 37.
l Back up the physical leader and import the backup onto the VM: This type of
conversion requires longer downtime for the leader, and the database will not
contain any information between the time of the backup and the time of the VM
leader starting. Follow the steps in “Converting an Appliance by Backing Up and
Importing” on the facing page.
n Non-leader appliances with the Traffic and Routing Analysis (TRA) role:
There are two methods for converting a non–leader with the TRA role:
l Back up the appliance and import the backup onto the VM: This is the preferred
conversion method. Follow the steps in “Converting an Appliance by Backing Up
and Importing” on the facing page.
l Migrate the TRA manually from the appliance to the VM: This type of conversion will
not move historical data from the physical device to the VM, and the name and IP
address of the appliance will change. Follow the steps in “Converting a Non–leader
Appliance with the TRA Role” on page 38.
n Other non-leader appliances:
l Back up the appliance and import the backup onto the VM: Follow the steps in
“Converting an Appliance by Backing Up and Importing” on the facing page.

34 Proprietary and Confidential Information of Arbor Networks, Inc.

 Section 3: Converting a Physical Sightline Appliance to a VM

Converting an Appliance by Backing Up and Importing

Read the following information before converting an appliance to a VM.
n Converting a leader using the “backup and import” method requires a longer downtime
for the leader and leaves the database with no information between the time of the
backup and the time of the VM leader starting.
n Note the minimum and recommended specifications listed in "Hardware Environment
Information" on page 13. However, make sure that the specifications provisioned to
the VM are at least equal to the specifications of the appliance being converted to a VM.

To convert an appliance from a physical appliance to a VM by backing it up and then

restoring to a VM:
1. Do one of the following to create and export a backup of the files on the physical
appliance:
l In the web UI of any device in the deployment with the user interface role, navigate
to the Managed Backups page (Administration > System Maintenance >
Backups) and then perform tasks to create and export a full or incremental
backup. See “Managing System Backups” in the Sightline and Threat Mitigation
System User Guide .
l In the CLI of the physical appliance you want to convert to a VM, enter the following
commands to create and export a full or incremental backup:
/ services sp backup create {full | incremental}
/ services sp backup export {full | incremental}
scp://user@host/path/ password
user = the user name that is required to access the remote server
host = the fully qualified DNS name, or IPv4 or IPv6 address (with or without a port
number) of the remote server
path = the directory path to which to export the backup on the remote server
password = the password that is required to access the remote server
Note
You can create an incremental backup only if you already have a full backup. An
incremental backup includes only the changes that have occurred since the last
full backup.
2. In the CLI of the physical appliance you want to convert to a VM, enter shutdown.
3. In the CLI of the new VM, enter the following commands to configure the network
settings of the VM (IP/Gateway/NTP/DNS):
/ ip interfaces ifconfig interface_name IPv4_address netmask up
interface_name = the name of the interface
IPv4_address = the IP address to assign to the interface
netmask = the netmask
/ services dns server add ip_address
ip_address = the IPv4 or IPv6 address of the DNS server
/ services ntp server add {ip_address | hostname}
{ip_address | hostname} = the IPv4 or IPv6 address or hostname of the NTP
server
4. Do one of the following to import the backup created in step 1 onto the VM:

Proprietary and Confidential Information of Arbor Networks, Inc. 35

Sightline Virtual Machine Installation Guide, Version 9.2

l In the web UI of the new VM, navigate to the Managed Backups page

(Administration > System Maintenance > Backups) and perform tasks to
import and restore the backup.
l In the CLI of the new VM, use the following commands to import and restore
the backup:
/ services sp backup import {full | incremental}
scp://user@host/path/password
/ service sp backup restore skip_arbos
user = the user name that is required to access the remote server
host = the fully qualified DNS name, or IPv4 or IPv6 address (with or without a port
number) of the remote server
path = the directory path to where you want to export the backup on the remote
server
password = the password that is required to access the remote server
Important
If you restore the full backup, the IP interface, IP access, and IP route settings will no
longer be correct. Make sure to configure these settings on the new appliance so that
they are the same as those on the old appliance. For information about how to
configure these settings, see the appliance's Quick Start Card
at https://support.arbornetworks.com.
5. In the CLI of the new VM, enter the following commands to bootstrap the VM, keeping
the database and starting services.
a. Enter / services sp bootstrap nonleader IP_address zone_secret
role
IP_address = the IP address of the appliance
zone_secret = the word or phrase that is used by all appliances in the
deployment for internal communication
role = the role to assign to the appliance
b. Enter cp for the traffic and routing analysis role.
c. Enter n to keep the existing alert and mitigation database.

36 Proprietary and Confidential Information of Arbor Networks, Inc.

 Section 3: Converting a Physical Sightline Appliance to a VM

Converting a Leader Appliance by Failover

Read the following information before converting a leader appliance to a VM.
n Converting a leader using the failover method results in the leader name and IP
address changing.
n This method cannot be used to convert a non-leader.
n Note the minimum and recommended specifications listed in "Hardware Environment
Information" on page 13. However, make sure that the specifications provisioned to
the VM are at least equal to the specifications of the appliance being converted to a VM.

To convert a leader appliance from a physical appliance to a VM by failing over to the VM

leader:
1. Add the VM to the deployment by following the steps below:
a. Initialize the VM by following the steps in “Initializing the Appliance” on page 29.
b. Navigate to the Add Appliance page on the physical appliance (Administration >
Appliances > Add Appliance).
c. Add the VM to the deployment by setting the following fields:
l Name : enter the name of the VM appliance
l IP Address: enter the IP address of the VM appliance
l Appliance : select the role for the VM appliance
l License Mode : select Flexible
d. Click Save, then commit your changes.
2. Follow the steps below to make the virtual leader the backup leader:
a. Navigate to the Edit Appliance page for the VM appliance.
b. Click the High Availability tab.
c. Click the Backup Leader check box.
3. Verify that the virtual backup leader has a license by issuing the following command in
its CLI:
/ services sp license flexible show
Note
It may take a few minutes for the license to appear.
4. Take the physical leader offline by issuing the following command in its CLI:
/ shutdown
5. Follow the steps below to trigger a manual failover so that the virtual leader is now the
leader:
a. Log in to the virtual leader’s CLI using the administrator user name and password.
b. Enter / services sp backup failover activate
c. To confirm, enter y
Note
It may take a few minutes for the new configuration to propagate to all the other
appliances in your deployment.
6. (Optional) Power on the former leader and bootstrap it back into the deployment.

Proprietary and Confidential Information of Arbor Networks, Inc. 37

Sightline Virtual Machine Installation Guide, Version 9.2

Converting a Non–leader Appliance with the TRA Role

1. Add the VM to the deployment by following the steps below:
a. Initialize the VM by following the steps in “Initializing the Appliance” on page 29.
b. In the web UI of any device in the deployment with the user interface role, navigate
to the Add Appliance page (Administration > Appliances > Add Appliance ).
c. Add the VM to the deployment by setting the following fields:
l Name : enter the name of the VM appliance
l IP Address: enter the IP address of the VM appliance
l Appliance : select the role for the VM appliance
l License Mode : select Flexible
d. Click Save, then commit your changes.
2. Once the VM is online, use Sightline to reassign the routers managed by the physical
appliance so that they are managed by the VM:
a. In the web UI of any device in the deployment with the user interface role, navigate
to the Configure Routers page (Administration > Monitoring > Routers).
b. Click the name of a router managed by the physical appliance.
c. On the Router tab, select the VM from the Managing Appliance list.
d. Click Save.
e. Repeat the steps above for each router that was managed by the physical
appliance.
f. Click Commit Config. A background process reassigns the routers. The status of
router reassignments can be viewed on the Configure Routers page
(Administration > Monitoring > Routers). A router will have a clock icon
displayed after it while the background process is reassigning it.
3. When the background process has completed and all the routers have been
reassigned to the VM, turn off the physical appliance or leave it on for historical data
reporting.

38 Proprietary and Confidential Information of Arbor Networks, Inc.