Arbor Virtual Sightline 9.5.0.0-Virtual Machine Installation Guide 2021-09-07

Sightline
Virtual Machine Installation Guide
Version 9.5.0.0
Legal Notice
The information contained within this document is subject to change without notice. NETSCOUT SYSTEMS, INC.
makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose. NETSCOUT SYSTEMS, INC. shall not be liable for errors
contained herein or for any direct or indirect, incidental, special, or consequential damages in connection with the
furnishings, performance, or use of this material.
© 2015-2021 NETSCOUT SYSTEMS, INC. All rights reserved. Confidential and Proprietary.
Document Number: SP-VM-9500-2021/09
07 September, 2021
Contents
Preface
About the Sightline and Threat Mitigation System Documentation 6
Conventions Used in this Guide 8
Contacting the Arbor Technical Assistance Center 10
Section 1: Before you Install Sightline in a VM

Hypervisor Information 12
Hardware Environment Information 13
Additional Recommendations 14
Reference Benchmarks 15
Section 2: Installing Sightline in a VM

Installing Sightline Software 18
Adding a DNS Server 21
Initializing an Appliance for Reuse in the Deployment 22
Committing Configuration Changes and Starting Services 23
Generating an SSH key and Starting the SSH Service 24
Section 3: Converting a Physical Sightline Appliance to a VM

Conversion Methods 26
Converting an Appliance by Backing Up and Importing 27
Converting a Leader Appliance 29
Converting a Non–leader Appliance with the TRA Role 32
Sightline Virtual Machine Installation Guide, Version 9.5.0.0 3

Sightline Virtual Machine Installation Guide, Version 9.5.0.0
4 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

Preface
Introduction
This guide describes how to install Sightline software in a VM and configure it for your
network. It also describes how to convert a physical Sightline appliance to a VM.
Audience
This information is intended for network security system administrators (or network
operators) who are responsible for configuring and managing Sightline on their networks.
Administrators should have fundamental knowledge of their network security policies
and network configuration.
This guide is intended for system administrators who are responsible for installing,
configuring, and maintaining Sightline.
In this section
This section contains the following topics:
About the Sightline and Threat Mitigation System Documentation 6

Conventions Used in this Guide 8
Contacting the Arbor Technical Assistance Center 10

About the Sightline and Threat Mitigation System

Documentation
The following documentation is available for Sightline and Threat Mitigation System (TMS)
devices and software. All documentation is available from the Arbor Technical Assistance
Center (https://support.arbornetworks.com).
Document Title Description
Sightline Release Notes Release information about Sightline and TMS,

including new features, enhancements, fixed issues,
Threat Mitigation System Release
and known issues.
Notes
Sightline and Threat Mitigation Instructions and information that explain how to
System User Guide configure and use Sightline and TMS devices and
software via the Sightline user interface (UI) and the
command line interface (CLI).
You can access the User Guide by clicking the
icon in the Sightline UI. It is also available as a PDF.
The User Guide contains all information that was
previously included in the following documents:
n Sightline and Threat Mitigation System Advanced
Configuration Guide
n Sightline and Threat Mitigation System Licensing
Guide
Sightline and Threat Mitigation This document has been discontinued. The content
System Advanced Configuration previously included in this document is now
Guide included in the Sightline and Threat Mitigation System
User Guide.
Sightline and Threat Mitigation Descriptions of the support for multi-version, multi-
System Compatibility Guide platform Sightline and TMS deployments.
Sightline and Threat Mitigation Lists the enforced limits and guideline limits for
System Deployment and Device Sightline and TMS deployments. It also covers the
Limits enforced limits and guideline limits for supported
Sightline and TMS devices.
Sightline and Threat Mitigation This document has been discontinued. The content
System Licensing Guide previously included in this document is now
included in the Sightline and Threat Mitigation System
User Guide.
Sightline and Threat Mitigation Instructions and information for the managed
System Managed Services services customers who use the Sightline user
Customer Guide interface.

Preface
Document Title Description
Sightline and Threat Mitigation General information about the following APIs:
System API Guide n REST API
n Web Services API
n Current SOAP API
n Classic SOAP API (the API that was released prior
to SP version 5.5)
Sightline REST API Documentation Instructions and information that explain how to
use Sightline REST API. You can access this
documentation from the Sightline UI by selecting
Administration > Sightline REST API
Documentation. It is also available for download.
ArbOS REST API Documentation Instructions and information that explain how to
use ArbOS REST API. You can access this
documentation from the Sightline UI by selecting
Administration > ArbOS REST API Documentation.
It is also available for download.
Sightline Virtual Machine Instructions on installing Sightline in a VM

Installation Guide environment. Follow the instructions in this guide if
you are using a VM instead of hardware for
Sightline.
Software Threat Mitigation System Instructions on installing Software TMS on your own
Installation on Hardware hardware. Follow the instructions in this guide if you
are installing Software TMS on hardware instead of
a VM.
Software Threat Mitigation System Instructions on installing Software TMS in a VM

Virtual Machine Installation Guide environment. Follow the instructions in this guide if
you are using a VM instead of hardware for
Software TMS.
Software Threat Mitigation System Performance benchmarks for Software TMS

Performance Benchmarks installations on a VM and your own hardware.
This document is published when benchmark
information is available. It may not be published
with each new release of the TMS software.
Installation Guide for Sightline Instructions and requirements for the initial
and Threat Mitigation System installation and configuration of Sightline and TMS
appliances appliances.
© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 7

Conventions Used in this Guide

This guide uses typographic conventions to make the information in procedures,
commands, and expressions easier to recognize.
Conventions for procedures

The following conventions represent the elements that you select, press, and type as you
follow procedures.
Typographic conventions for procedures

Convention Description Examples
Italics A label that identifies an area On the Summary page, view the
on the graphical user Active Alerts section.
interface.
Bold An element on the graphical Type the computer’s address in

user interface that you click or the IP Address box.
interact with. Select the Print check box, and
then click OK.
SMALL CAPS A key on the keyboard. Press ENTER.

To interrupt long outputs, press
CTRL + C.
Monospaced A file name, folder name, or Navigate to the

path name. C:\Users\Default\Favorites
Also represents computer folder.
output. Expand the Addresses folder, and
then open the readme.txt file.
Monospaced bold Information that you must Type https:// followed by the IP
type exactly as shown. address.
Monospaced A file name, folder name, path Type the server's IP address or
italics name, or other information hostname.
that you must supply.
> A navigation path or sequence

of commands.
The following table shows the syntax of commands and other types of user input. Do not
type the brackets, braces, or vertical bars that indicate options and variables.
Conventions for commands and user input

Convention Description
Monospaced bold Information that you must type exactly as shown.
Monospaced A variable for which you must supply a value.

italics

Preface
Conventions for commands and user input (continued)

Convention Description
{ } (braces) A set of choices for options or variables, one of which is

required. For example: {option1 | option2}.
[ ] (square brackets) A set of choices for options or variables, all of which are optional.
For example: [variable1 | variable2].
| (vertical bar) Separates the mutually exclusive options or variables.

Contacting the Arbor Technical Assistance Center

The Arbor Technical Assistance Center is your primary point of contact for all service and
technical assistance issues that involve Arbor products.
Contact methods
You can contact the Arbor Technical Assistance Center as follows:
n Phone US toll free — +1 877 272 6721
n Phone worldwide — +1 781 362 4301
n Support portal — https://support.arbornetworks.com
Submitting documentation comments

If you have comments about the documentation, you can forward them to the Arbor
Technical Assistance Center. Please include the following information:
n Title of the guide
n Document number (listed on the reverse side of the title page)
n Page number
Example
Sightline Virtual Machine Installation Guide
SP-VM-9500-2021/09
Page 9

Section 1:
Before you Install Sightline in a VM
You can deploy Sightline in a virtual machine (VM). Doing so allows you to dynamically
add routers to your deployment so that you can monitor more of your infrastructure and
improve performance. It also frees you from managing a large deployment of physical
Sightline appliances. You must read this section for information you need to know prior
to installation.
In this section
Hypervisor Information 12
Hardware Environment Information 13
Additional Recommendations 14
Reference Benchmarks 15

Hypervisor Information
NETSCOUT supports the following hypervisors for running Sightline in a virtual machine:
n VMware vSphere Hypervisor software (formerly known as ESXi)
We have confirmed Sightline functionality with versions 5.0, 5.1, 5.5, 6.0, and 6.5.
n KVM
We have confirmed Sightline functionality with KVM running on QEMU version 5.1.
Notice about newer versions of hypervisors

We expect Sightline to remain compatible with newer versions of the hypervisors listed
above. We make every effort to verify compatibility with Sightline and update Sightline
accordingly when needed. If you experience issues with a newer version of the
hypervisors that are listed above, contact the Arbor Technical Assistance Center (ATAC) at
https://support.arbornetworks.com.

Section 1: Before you Install Sightline in aVM
Hardware Environment Information

Minimum and recommended specifications for the hardware that runs the Sightline VM
instance are listed below.
Note
We recommend running the Sightline leader and the Sightline traffic and routing
analysis role in separate VM instances. If a single VM is used as both the leader and a
device with the traffic and routing analysis role, the VM should be provisioned with the
recommended hardware specifications, listed below.
Hardware Minimum Recommended Additional Information
Core 16 cores 32 cores

allocation
Memory 24 GB 32 GB or more

allocation
Disk 100 GB 250 GB If you are running Sightline in a VM

allocation and you need to expand the size of
(user the virtual disk, contact the Arbor
interface Technical Assistance Center (ATAC) at
role) https://support.arbornetworks.com
for assistance.
Disk 500 GB 1 TB
allocation
(traffic and
routing
analysis
role)
Network 1 interface 1 or more Sightline is a network-intensive

interfaces interfaces application. Each Sightline VM
instance should have its own 1 Gb
interface.
Important
Do not configure more than two
Sightline VM instances to share a
network interface, especially if they
have the traffic and routing analysis
role.
Although we have tested Sightline VM instances running on hardware from various

vendors, we do not make recommendations concerning the vendor that you should use
for your hardware.

Additional Recommendations
Note the following additional recommendations concerning Sightline VM instances:
n Time service
If you are using VMware, the guest VM currently synchronizes time automatically from
the host, and you cannot configure NTP servers on the guest VM. Make sure that the
host is synchronized using NTP to a time source that is in sync with the other Sightline
and TMS appliances in your deployment.
If you are using KVM, configure NTP servers on the guest VM that are in sync with the
other Sightline and TMS appliances in your deployment.
n Storage device
Sightline is very disk intensive. For this reason:
l When running Sightline in a VM, we strongly recommend using a solid-state drive
(SSD) as the storage device.
l Each Sightline VM instance should have its own storage device.
l If a Sightline VM instance must share a disk with another VM instance, the disk must
be an SSD.
n VM server load
For best performance, do not run other applications or services on the VM server that
runs the Sightline VM instance.
n VMware vMotion
You can use vMotion to move a Sightline VM instance to another VM host server. We
recommend that you stop Sightline services on the VM instance before you move the
VM instance.
Important
Both VM instances must use the same network name.
n VMware provisioning options
When configuring the VMware settings, use the default settings except for the
following settings:
Setting Selection
Network adapter E1000
OS Other Linux 64-bit
Storage Thick Provisioned Lazy Zeroed
Important
Your VMware must be booted using BIOS mode, not UEFI mode. Refer to the VMware
documentation if you need to switch the boot mode from UEFI to BIOS.
n Backup and restore
Sightline supports the use of VMware snapshots without snapshotting the VM’s
memory. Sightline does not support snapshots that include the VM’s memory. We
recommend you configure snapshots to quiesce the guest file system.

Section 1: Before you Install Sightline in aVM
Reference Benchmarks
This section lists performance benchmarks when using Sightline appliances. We
recommend that your Sightline VM instances provide similar performance.
Sightline performance benchmarks for SP 7000 appliances

Bonnie++ benchmarks
Expected Flow Sequential Output Sequential Input

Performance Per Block Per Block
Cores (Flows/sec) Character K/sec Character K/sec
K/sec K/sec
32 200,000 42,644 572,473 57,817 1,368,147
ApacheBench benchmarks
Expected Flow
Performance Requests Bytes Request Rate
Cores (Flows/sec) Completed Transferred (Requests/sec)
32 200,000 37,790 8,842,860 62.98
CLI Commands Used for Performance Benchmarks

You can use the following commands in the Sightline CLI to generate and confirm the
performance benchmarks.
Note
Benchmarks should be generated without services running.
Command Description
/ system This command starts the benchmarking with the apachebench

benchmark run and bonnie++ systems.
/ system This command displays whether any benchmark tests are running
benchmark show and when the last benchmark test was run. It also displays a
summary of some of the statistics from the most recent
benchmark run.

Command Description
/ system This command stops a benchmark test that is in progress.

benchmark stop
/ system This command produces the test results in CSV format after
benchmark show benchmarks are run. The output also includes a legend.
raw To show what each entry in the comma-separated output stands
for, you can import the legend into a spreadsheet program along
with the comma-separated output. Fields in the < > brackets
change, while the values “bonnie,” “ab,” and “sysinfo” are static
fields. The format for most of the fields in the < > brackets is
“test type: subtype; units.”

Section 2:
Installing Sightline in a VM
The following sections describe how to install Sightline 9.x and later in a VM. The following
table describes the CLI command syntax used in these sections:
CLI Command Syntax Description
command Items that you must type as shown.
variable Placeholder for which you must supply a value.
In this section
Installing Sightline Software 18

Adding a DNS Server 21
Initializing an Appliance for Reuse in the Deployment 22
Committing Configuration Changes and Starting Services 23
Generating an SSH key and Starting the SSH Service 24

Installing Sightline Software

To install Sightline software:
1. Provision a VM with the appropriate resources allocated to it. See “Hardware
Environment Information” on page 13.
2. Configure the VM to mount and boot from the Sightline VM ISO.
3. Connect to the VM’s VGA console.
4. Power on the VM.
5. To start the boot menu, press any key when you see the message, “Press any key
to continue.”
6. At the boot menu, select (re)install (VGA).
A warning message appears that states installing removes all data.
7. To confirm that you want to begin the installation process, enter y when prompted.
8. To initialize the disk, enter y.
9. When prompted to install the ArbOS software package, enter y.
10. When prompted to install the Sightline device software, enter y.
Setting the Hostname

To set the hostname:
1. Enter a hostname for the device.
Configuring Interfaces
To configure interfaces:
1. Determine if you are using the listed interface.
2. If you are not using the interface, press ENTER.
3. If you are using the interface, do the following:
a. Enter an IP_address for the listed interface.

b. Enter a netmask for the interface.
c. At the media type prompt, press ENTER.
4. Repeat Step 1 through Step 3 for each interface on the device.
5. Enter the IP_address of the default route gateway.
Enabling Access to Services

When you configure the access to services, you can press enter to bypass a setting. All of
these settings can be configured later using the Sightline UI or CLI command.
Caution
Do not enter 0.0.0.0/0 or ::/0 as a CIDR for a service unless absolutely necessary. We
recommend that you use the narrowest CIDR you can for each service.
To enable access to services:

1. At the asidnsflow prompt, enter the CIDR_block of an ISNG appliance from which
you want to receive DNS data. DNS data is used for dynamic DNS matching only.
2. Repeat step 1 for each ISNG appliance in your deployment.

3. At the BGP access prompt, press ENTER to skip configuring BGP access to the device.
You can configure BGP access to the device in the Sightline UI when you configure
routers.
4. At the Cloud Signaling access prompt, press ENTER to skip configuring Cloud Signaling
access to the device.
You can configure Cloud Signaling access to the device in the Sightline UI when you
configure a managed object.
5. At the HTTP access prompt, enter the CIDR_block from which you want allow HTTP
6. At the HTTPS access prompt, do one of the following:
n If you are configuring a device that has the user interface role, then enter the
CIDR_block of a network from which you want to enable HTTPS access.
n If you are configuring a device that has the traffic and routing analysis role or the
data storage role, then press ENTER.
7. Repeat Step 5 for each network from which you want to enable HTTPS access.
8. At the OpenFlow access prompt, press ENTER to skip configuring OpenFlow access to
the device.
Sightline does not use OpenFlow.
9. At the ping access prompt, enter the CIDR_block from which you want to allow ping
10. Repeat Step 8 for each network from which you want to enable ping access.
11. At the SNMP access prompt, enter the CIDR_block from which you want to allow
SNMP queries to the device.
12. If the SPCOMM access prompt appears, press ENTER to deny all SPCOMM access to
the device.
Note
Configurations that you perform later (bootstrap command) will automatically add
SPCOMM access as needed.
13. At the SSH access prompt, enter the CIDR_block of the network from which you want
to enable SSH access.
Note
You cannot access the VM using SSH until an SSH key is generated and the SSH
service is started. See “Generating an SSH key and Starting the SSH Service” on
page 24.
14. Repeat Step 15 for each network from which you want to enable SSH access.
About Adding an NTP Server

If you are using VMware, when the NTP prompt appears, press ENTER to skip enabling
NTP. If you are using KVM, enter the IP addresses of your NTP server(s). For more
information, see "Time service" on page 14.
Setting the Date and Time

To set the date and time:
1. Enter the date in the format mmddHHMMyyyy.SS (month, day, hour, minute, year,
second).

Rebooting the System

To reboot the system:
1. When you are prompted to reboot the system, enter y
2. After the device restarts, log in to the system by using the administrator user name
(admin) and password (arbor).
Changing the Administrator Password

Important
Do not leave the administrator password set to the default value.
To change the administrator password:

1. Log in to the CLI by using the administrator name and password.
2. Enter / services aaa local password admin interactive
3. Enter the new_password.
4. Enter the new_password again.

Adding a DNS Server

On a leader appliance, you can add a DNS server to a local or global configuration. On a
non-leader appliance, you can only add a DNS server to a local configuration. When a
DNS server is added to a local configuration, Sightline associates the DNS server with the
individual appliance. A local DNS configuration takes precedence over a global DNS
configuration.
For additional information about adding DNS servers, see "Configuring DNS Servers and
Configuring Network Services" in the Sightline and Threat Mitigation System User Guide.
Adding a local DNS server

To add a local DNS server:
2. Enter / services dns server add IP_address
IP_address = IP address of the DNS server
Adding a global DNS server on the leader appliance

To add a global DNS server on the leader appliance:
2. Enter / services dns server add IP_address global
IP_address = IP address of the DNS server

Initializing an Appliance for Reuse in the Deployment

To initialize the appliance:
1. Log in to the CLI of the appliance you want to reuse by using the administrator name
and password.
2. This step is different for leaders and non-leaders.
If the appliance will be used as the leader:
Enter / services sp bootstrap leader leader_IP zone_secret role
If the appliance will be used as a non-leader:
Enter / services sp bootstrap nonleader leader_IP nonleader_IP zone_
secret role
leader_IP = the IP address of the interface on the leader that nonleader
appliances use to communicate with the leader
nonleader_IP = the IP address of the interface on this device that the leader
uses to communicate with this device
zone_secret = the word or phrase that is used by all devices in the deployment
for internal communication
role = the role to assign to the appliance, specified by one of the following:
bi: data storage role
cp: traffic and routing analysis role
pi: user interface role
ac: ASI collector role
Note
For information about appliance roles, see "About Sightline appliance roles" in the
Sightline and Threat Mitigation System User Guide.
3. To delete the existing alert and mitigation database, at the prompt Would you like
to delete the existing Alert and Mitigation database?, enter y

Committing Configuration Changes and Starting Services

To commit configuration changes and start services:
1. Do one of the following:
n If the Commit (and activate) configuration? prompt appears, enter y
n To save the configuration, enter / config write
2. To start the appliance, enter / services sp start
3. To save the started state of the Sightline services and to push the config to all of the
boxes in the deployment, enter / config write again.

Generating an SSH key and Starting the SSH Service

To generate an SSH key:
n Enter /services ssh key generate
To start the SSH service:

n Enter /services ssh start

Section 3:
Converting a Physical Sightline
Appliance to a VM
Use the information in this section to convert a physical appliance to a VM.
In this section
Conversion Methods 26
Converting an Appliance by Backing Up and Importing 27
Converting a Leader Appliance 29
Converting a Non–leader Appliance with the TRA Role 32

Conversion Methods
There are several methods available for converting a physical appliance to a VM. The
conversion method you can use depends on the type of appliance you are converting.
Converting leader appliances (does not include the backup leader)

There are two methods for converting a leader appliance:
n Fail over to the VM

This is the preferred conversion method, as it requires less down time and fewer
missed alerts. However, this method results in the leader name and IP address
changing. Follow the steps in “Converting a Leader Appliance” on page 29.
n Back up the leader appliance and import the backup onto the VM
This type of conversion requires longer downtime for the leader, and the database will
not contain any information between the time of the backup and the time of the VM
leader starting. Follow the steps in “Converting a leader by backing up and importing”
on page 31.
Converting non-leader appliances with the Traffic and Routing Analysis (TRA)
role
There are two methods for converting a non–leader with the TRA role:
n Back up the appliance and import the backup onto the VM

This is the preferred conversion method. Follow the steps in “Converting an Appliance
by Backing Up and Importing” on the facing page.
n Migrate the TRA appliance manually from the appliance to the VM
This type of conversion will not move historical data from the physical device to the
VM, and the name and IP address of the appliance will change. Follow the steps in
“Converting a Non–leader Appliance with the TRA Role” on page 32.
Converting other non-leader appliances (including the backup leader)

There is one method for converting other non–leaders:
n Back up the appliance and import the backup onto the VM

Follow the steps in “Converting an Appliance by Backing Up and Importing” on the
facing page.

Converting an Appliance by Backing Up and Importing

Read the following information before converting an appliance to a VM.
n Converting a leader using the “backup and import” method requires a longer
downtime for the leader and leaves the database with no information between the
time of the backup and the time of the VM leader starting.
n Note the minimum and recommended specifications listed in "Hardware Environment
Information" on page 13. However, make sure that the specifications provisioned to
the VM are at least equal to the specifications of the appliance being converted to a
VM.
To convert an appliance from a physical appliance to a VM by backing it up and then

restoring to a VM:
1. Do one of the following to create and export a backup of the files on the physical
appliance:
n In the Sightline UI of any device in the deployment with the user interface role,
navigate to the Managed Backups page (Administration > System Maintenance >
Backups) and then perform tasks to create and export a full or incremental
backup. See "Managing System Backups" in the Sightline and Threat Mitigation
System User Guide.
n In the CLI of the physical appliance you want to convert to a VM, enter the
following commands to create and export a full or incremental backup:
/ services sp backup create {full | incremental}
/ services sp backup export {full | incremental}
scp://user@host/path/ password
user = the user name that is required to access the remote server
host = the fully qualified DNS name, or IPv4 or IPv6 address (with or without a port
number) of the remote server
path = the directory path to which to export the backup on the remote server
password = the password that is required to access the remote server
Note
You can create an incremental backup only if you already have a full backup. An
incremental backup includes only the changes that have occurred since the last
full backup.
2. In the CLI of the physical appliance you want to convert to a VM, enter shutdown.
3. In the CLI of the new VM, enter the following commands to configure the network
settings of the VM (IP/Gateway/NTP/DNS):
/ ip interfaces ifconfig interface_name IPv4_address netmask up
interface_name = the name of the interface
IPv4_address = the IP address to assign to the interface
netmask = the netmask
/ services dns server add ip_address
ip_address = the IPv4 or IPv6 address of the DNS server
/ services ntp server add {ip_address | hostname}
{ip_address | hostname} = the IPv4 or IPv6 address or hostname of the NTP server

4. Do one of the following to import the backup created in step 1 onto the VM:
n In the Sightline UI of the new VM, navigate to the Managed Backups page
(Administration > System Maintenance > Backups) and perform tasks to import
and restore the backup.
n In the CLI of the new VM, use the following commands to import and restore
the backup:
/ services sp backup import {full | incremental}
scp://user@host/path/password
/ service sp backup restore skip_arbos
user = the user name that is required to access the remote server
host = the fully qualified DNS name, or IPv4 or IPv6 address (with or without a port
number) of the remote server
path = the directory path to where you want to export the backup on the remote
server
password = the password that is required to access the remote server
Important
If you restore the full backup, the IP interface, IP access, and IP route settings will no
longer be correct. Make sure to configure these settings on the new appliance so
that they are the same as those on the old appliance. For information about how to
configure these settings, see the appliance's Installation Guide
at https://support.arbornetworks.com.
5. In the CLI of the new VM, enter the following commands to bootstrap the VM,
keeping the database and starting services.
a. Enter / services sp bootstrap nonleader leader_IP_address nonleader_
IP_address zone_secret role
leader_IP_address = IP address of the new leader appliance
nonleader_IP_address = IP address of the non-leader appliance
zone_secret = the word or phrase that is used by all appliances in the system
for internal communication
role = the role to assign to the appliance, specified by one of the following:
bi: data storage role
cp: traffic and routing analysis role
pi: user interface role
b. Enter n to keep the existing alert and mitigation database.

Converting a Leader Appliance

Important information for converting a leader appliance
Read the following information before converting a leader appliance.
When using locally-managed flexible licensing

Cloud-based flexible licensing is required to use a VM as a leader or backup leader. If you
are not using cloud-based flexible licensing, contact the Arbor Technical Assistance Center
(ATAC) at https://support.arbornetworks.com before converting.
When using Cloud Signaling

Make sure any APS or AED appliances that are configured to send Cloud Signaling
mitigation requests to the Sightline leader appliance can continue to successfully send
requests to the new leader. If the hostname or IP address of the leader changes after
converting the leader from an appliance to a VM, the settings must be updated on the
APS or AED.
When using Sightline Signaling

Make sure any Sightline deployments that are configured to send Sightline Signaling
mitigation requests to the Sightline leader appliance can continue to successfully send
requests to the new leader. If the IP address of the leader changes after converting the
leader from an appliance to a VM, or if the new leader’s Sightline Signaling mitigation
requester settings are different from the older leader, the settings must be updated on
the mitigation requester deployment.
Specification requirements
Note the minimum and recommended specifications listed in "Hardware Environment
Information" on page 13. However, make sure that the specifications provisioned to the
VM are at least equal to the specifications of the appliance being converted to a VM.
Backup leaders
Do not use the procedures listed below to convert a backup leader.
See “Converting other non-leader appliances (including the backup leader)” on page 26.
Converting a leader appliance by failover

To convert a leader appliance from a physical appliance to a VM by failing over to a VM:
1. If the deployment currently uses cloud-based flexible licensing, skip this step.
If your deployment currently uses locally-managed flexible licensing, follow the steps
below to switch to cloud-based flexible licensing, which is required when using VMs.
a. Log in to the current leader’s CLI using the administrator user name and
password.
b. Enter / services sp license flexible server url set license_server_
url
license_server_url = the license server URL sent to you by NETSCOUT
c. Enter / services sp license flexible server cloud_licensing enable
d. Enter / services sp device edit leader_name license_mode set flexible

leader_name = the name of the current leader

e. To commit the changes, enter / config write
f. After one to three minutes, verify the license is working by entering / services
sp license flexible show
2. Add the VM to the deployment by following the steps below:
a. Initialize the VM by following the steps in “Initializing an Appliance for Reuse in the
Deployment” on page 22.
b. Navigate to the Add Appliance page on the physical appliance (Administration >
Appliances > Add Appliance) and add the VM to the deployment by setting the
following fields:
l Name: enter the name of the VM appliance
l IP Address: enter the IP address of the VM appliance
l Appliance: select the User Interface role
l License Mode: select Flexible
c. Click Save, then commit your changes.
3. If the deployment does not have a backup leader, skip this step.
If the deployment already has a backup leader, follow the steps below to disable that
device as a backup leader:
a. Navigate to the Edit Appliance page for the current backup leader.
b. Click the High Availability tab.
c. Clear the Backup Leader check box.
d. Click Save.
4. Follow the steps below to make the VM the backup leader:
a. Navigate to the Edit Appliance page for the VM.
c. Select the Backup Leader check box.
d. Click Save, then commit your changes.
5. Follow the steps below to verify that the VM backup leader has a license and the
same license entitlements as the current leader:
a. Log in to the VM’s CLI using the administrator user name and password.
b. Enter / services sp license flexible show
c. To confirm, enter y
Note
n To display the license entitlements of the current leader, log in to the current
leader’s CLI and enter the command above.
n If there is any discrepancy between the license entitlements of the leader and
backup leader, contact the Arbor Technical Assistance Center (ATAC) at
https://support.arbornetworks.com before continuing.
n It may take a few minutes for the license to appear.
6. Follow the steps below to take the physical leader offline:
a. Log in to the leader’s CLI using the administrator user name and password.
b. Enter / shutdown

7. Follow the steps below to trigger a manual failover so that the virtual leader is now
the leader:
a. Log in to the VM’s CLI using the administrator user name and password.
b. Enter / services sp backup failover activate
c. To confirm, enter y
Note
It may take a few minutes for the new configuration to propagate to all the other
appliances in your deployment.
8. If you want to continue to use the original backup leader as the backup leader, follow
the steps below to reinstate the original backup leader:
a. Navigate to the Edit Appliance page for the original backup leader.
c. Select the Backup Leader check box.
9. If you want to use the original leader as an appliance in the deployment, power on
the original leader and initialize it for reuse in the deployment.
See “Initializing an Appliance for Reuse in the Deployment” on page 22.
Converting a leader by backing up and importing

To convert a leader appliance by backing up and importing the backup to a VM, follow the
procedure described in “Converting an Appliance by Backing Up and Importing” on
page 27.

Converting a Non–leader Appliance with the TRA Role

1. Add the VM to the deployment by following the steps below:
a. Initialize the VM by following the steps in “Initializing an Appliance for Reuse in the
Deployment” on page 22.
b. In the Sightline UI of any device in the deployment with the user interface role,
navigate to the Add Appliance page (Administration > Appliances > Add
Appliance).
c. Add the VM to the deployment by setting the following fields:
l Name: enter the name of the VM appliance
l IP Address: enter the IP address of the VM appliance
l Appliance: select the role for the VM appliance
l License Mode: select Flexible
2. Once the VM is online, use Sightline to reassign the routers managed by the physical
appliance so that they are managed by the VM:
a. In the Sightline UI of any device in the deployment with the user interface role,
navigate to the Configure Routers page (Administration > Monitoring > Routers).
b. Click the name of a router managed by the physical appliance.
c. On the Router tab, select the VM from the Managing Appliance list.
d. Click Save.
e. Repeat the steps above for each router that was managed by the physical
appliance.
f. Click Commit Config. A background process reassigns the routers. The status of
router reassignments can be viewed on the Configure Routers page
(Administration > Monitoring > Routers). A router will have a clock icon
displayed after it while the background process is reassigning it.
3. When the background process has completed and all the routers have been
reassigned to the VM, turn off the physical appliance or leave it on for historical data
reporting.

Arbor Virtual Sightline 9.5.0.0-Virtual Machine Installation Guide 2021-09-07

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Arbor Virtual Sightline 9.5.0.0-Virtual Machine Installation Guide 2021-09-07

Uploaded by

Copyright:

Available Formats

Sightline

Virtual Machine Installation Guide

Section 1: Before you Install Sightline in a VM

Section 2: Installing Sightline in a VM

Section 3: Converting a Physical Sightline Appliance to a VM

Sightline Virtual Machine Installation Guide, Version 9.5.0.0 3

4 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

About the Sightline and Threat Mitigation System Documentation 6

Sightline Virtual Machine Installation Guide, Version 9.5.0.0 5

About the Sightline and Threat Mitigation System

Document Title Description

Sightline Release Notes Release information about Sightline and TMS,

6 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

Document Title Description

Sightline Virtual Machine Instructions on installing Sightline in a VM

Software Threat Mitigation System Instructions on installing Software TMS in a VM

Software Threat Mitigation System Performance benchmarks for Software TMS

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 7

Conventions Used in this Guide

Conventions for procedures

Typographic conventions for procedures

Bold An element on the graphical Type the computer’s address in

SMALL CAPS A key on the keyboard. Press ENTER.

Monospaced A file name, folder name, or Navigate to the

> A navigation path or sequence

Conventions for commands and user input

Monospaced bold Information that you must type exactly as shown.

Monospaced A variable for which you must supply a value.

8 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

Conventions for commands and user input (continued)

{ } (braces) A set of choices for options or variables, one of which is

| (vertical bar) Separates the mutually exclusive options or variables.

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 9

Contacting the Arbor Technical Assistance Center

Submitting documentation comments

10 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

Sightline Virtual Machine Installation Guide, Version 9.5.0.0 11

Notice about newer versions of hypervisors

12 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

Hardware Environment Information

Hardware Minimum Recommended Additional Information

Core 16 cores 32 cores

Memory 24 GB 32 GB or more

Disk 100 GB 250 GB If you are running Sightline in a VM

Network 1 interface 1 or more Sightline is a network-intensive

Although we have tested Sightline VM instances running on hardware from various

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 13

OS Other Linux 64-bit

Storage Thick Provisioned Lazy Zeroed

14 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

Sightline performance benchmarks for SP 7000 appliances

Expected Flow Sequential Output Sequential Input

32 200,000 42,644 572,473 57,817 1,368,147

32 200,000 37,790 8,842,860 62.98

CLI Commands Used for Performance Benchmarks

/ system This command starts the benchmarking with the apachebench

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 15

/ system This command stops a benchmark test that is in progress.

16 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

CLI Command Syntax Description

command Items that you must type as shown.

variable Placeholder for which you must supply a value.

Installing Sightline Software 18

Sightline Virtual Machine Installation Guide, Version 9.5.0.0 17