Virtual Arbor Enterprise Manager

Installation Guide

Version 7.0.0.0
Legal Notice
The information contained within this document is subject to change without notice. NETSCOUT SYSTEMS, INC.
makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose. NETSCOUT SYSTEMS, INC. shall not be liable for errors
contained herein or for any direct or indirect, incidental, special, or consequential damages in connection with the
furnishings, performance, or use of this material.
Use of this product is subject to the End User License Agreement available at
http://www.NetScout.com/legal/terms-and-conditions or which accompanies the product at the time of shipment
or, if applicable, the legal agreement executed by and between NetScout Systems, Inc. or one of its wholly-owned
subsidiaries (“NETSCOUT”) and the purchaser of this product (“Agreement”).
Government Use and Notice of Restricted Rights: In U.S. government (“Government”) contracts or subcontracts,
Customer will provide that the Products and Documentation, including any technical data (collectively “Materials”),
sold or delivered pursuant to this Agreement for Government use are commercial as defined in Federal
Acquisition Regulation (“FAR”) 2.101and any supplement and further are provided with RESTRICTED RIGHTS. All
Materials were fully developed at private expense. Use, duplication, release, modification, transfer, or disclosure
(“Use”) of the Materials is restricted by the terms of this Agreement and further restricted in accordance with FAR
52.227-14 for civilian Government agency purposes and 252.227- 7015 of the Defense Federal Acquisition
Regulations Supplement (“DFARS”) for military Government agency purposes, or the similar acquisition
regulations of other applicable Government organizations, as applicable and amended. The Use of Materials is
restricted by the terms of this Agreement, and, in accordance with DFARS Section 227.7202 and FAR Section
12.212, is further restricted in accordance with the terms of NETSCOUT’S commercial End User License
Agreement. All other Use is prohibited, except as described herein.
This Product may contain third-party technology. NETSCOUT may license such third-party technology and
documentation (“Third-Party Materials”) for use with the Product only. In the event the Product contains Third-
Party Materials, or in the event you have the option to use the Product in conjunction with Third-Party Materials
(as identified by NETSCOUT in the Documentation provided with this Product), then such third-party materials are
provided or accessible subject to the applicable third-party terms and conditions contained either in the “Read
Me” or “About” file located in the Software or on an Application CD provided with this Product, or in an appendix
located in the documentation provided with this Product. To the extent the Product includes Third-Party Materials
licensed to NETSCOUT by third parties, those third parties are third-party beneficiaries of, and may enforce, the
applicable provisions of such third-party terms and conditions.
Open-Source Software Acknowledgement: This product may incorporate open-source components that are
governed by the GNU General Public License (“GPL”) or licenses that are compatible with the GPL license (“GPL
Compatible License”). In accordance with the terms of the GNU GPL, NETSCOUT will make available a complete,
machine-readable copy of the source code components of this product covered by the GPL or applicable GPL
Compatible License, if any, upon receipt of a written request. Please identify the product and send a request to:
NetScout Systems, Inc.
GNU GPL Source Code Request
310 Littleton Road
Westford, MA 01886
Attn: Legal Department
No portion of this document may be copied, photocopied, reproduced, translated, or reduced to any electronic
medium or machine form without prior consent in writing from NETSCOUT. The information in this document is
subject to change without notice and does not represent a commitment on the part of NETSCOUT.
The products and specifications, configurations, and other technical information regarding the products
described or referenced in this document are subject to change without notice and NETSCOUT reserves the right,
at its sole discretion, to make changes at any time in its technical information, specifications, service, and support
programs. All statements, technical information, and recommendations contained in this document are believed
to be accurate and reliable but are presented “as is” without warranty of any kind, express or implied. You must
take full responsibility for their application of any products specified in this document. NETSCOUT makes no
implied warranties of merchantability or fitness for a purpose as a result of this document or the information
described or referenced within, and all other warranties, express or implied, are excluded.
Except where otherwise indicated, the information contained in this document represents the planned
capabilities and intended functionality offered by the product and version number identified on the front of this
document. Screen images depicted in this document are representative and intended to serve as example images
only.

© 2017-2023 NETSCOUT All rights reserved. Confidential and Proprietary.

www.netscout.com
Document Number: vAEM-IG-7000-2023/05
04 May, 2023
Contents

Preface
How to Use the vAEM Documentation 5
Command Syntax 6
Contacting the Arbor Technical Assistance Center 7

Using Virtual Arbor Enterprise Manager

About the AEM Virtual Machine 9
Installing vAEM 11
Accessing the vAEM 15

Index 16

End User License Agreement 17

© NETSCOUT Confidential and Proprietary 3

Preface

This guide explains how to configure and use NETSCOUT® Virtual Arbor Enterprise
Manager.

Audience
This guide is intended for enterprise security operators and engineers who are
responsible for securing the internet data center edge from threats against availability.
These operators and engineers should have fundamental knowledge of their network
security policies and network configuration.

In this section
This section contains the following topics:

How to Use the vAEM Documentation 5

Command Syntax 6
Contacting the Arbor Technical Assistance Center 7

© NETSCOUT Confidential and Proprietary 4

 Preface
vAEM Installation Guide, Version 7.0.0.0

How to Use the vAEM Documentation

This guide contains instructions and requirements for the installation and initial
configuration of AEM on a virtual machine.

AEM documentation set

See the following guides for information about AEM and its deployment:

Document Contents

Arbor Enterprise Manager Release Release information about AEM, including new features, system
Notes requirements, fixed issues, and known issues.

Arbor Enterprise Manager User Guide
Information about how to configure and use AEM.
You can access the User Guide by clicking the Help button in the
AEM UI. It also is available as a PDF file.
The User Guide includes all of the information that previously
was included in the Arbor Enterprise Manager Advanced
Configuration Guide.

Installation Guides and Configuration Information about how to install, connect, and configure AEM
Guides for AEM appliances on a physical appliance.
Each AEM appliance has its own installation guide.

Virtual Arbor Enterprise Manager Information about how to install and configure the AEM virtual
Installation Guide (this document) machine (vAEM). Follow the instructions in this guide if you will
run AEM in a VM instead of on hardware.

Arbor Edge Defense, Arbor APS, and The requirements for managing AED devices and APS devices
Arbor Enterprise Manager that have different software versions on AEM.
Compatibility Guide

© NETSCOUT Confidential and Proprietary 5

 Preface
vAEM Installation Guide, Version 7.0.0.0

Command Syntax
This guide uses typographic conventions to make the information in commands and
procedures easier to recognize.

The following table shows the syntax of commands and other types of user input. Do not
type the brackets, braces, or vertical bars that indicate options and variables.

Conventions for commands and user input

Convention Description

Monospaced bold Information that you must type exactly as shown.

Monospaced A variable for which you must supply a value.

italics

{ } (braces) A set of choices for options or variables, one of which is

required. For example: {option1 | option2}.

[ ] (square brackets) A set of choices for options or variables, all of which are optional.
For example: [variable1 | variable2].

| (vertical bar) Separates the mutually exclusive options or variables.

© NETSCOUT Confidential and Proprietary 6

 Preface
vAEM Installation Guide, Version 7.0.0.0

Contacting the Arbor Technical Assistance Center

The Arbor Technical Assistance Center is your primary point of contact for all service and
technical assistance issues that involve Arbor products.

Contact methods
You can contact the Arbor Technical Assistance Center as follows:
n Phone US toll free — +1 877 272 6721
n Phone worldwide — +1 781 362 4301
n Support portal — https://my.netscout.com

Submitting documentation comments

If you have comments about the documentation, you can forward them to the Arbor
Technical Assistance Center. Please include the following information:
n Title of the guide
n Document number (listed on the reverse side of the title page)
n Page number

Example
vAEM Installation Guide

vAEM-IG-7000-2023/05

Page 9

© NETSCOUT Confidential and Proprietary 7

Using Virtual Arbor Enterprise
Manager

This section describes Virtual Arbor Enterprise Manager and how to use it to manage
Arbor APS devices and Arbor Edge Defense devices.

In this section
This section contains the following topics:

About the AEM Virtual Machine 9

Installing vAEM 11
Accessing the vAEM 15

© NETSCOUT Confidential and Proprietary 8

 Using Virtual Arbor Enterprise Manager
vAEM Installation Guide, Version 7.0.0.0

About the AEM Virtual Machine

You can run AEM as a virtual machine (vAEM), which provides you with a hardware-
independent resource without the need for physical AEM equipment.

You use vAEM to manage multiple AED and APS devices. The vAEM UI provides an
enterprise-wide view for all of the AED and APS devices that it manages. The UI only
displays data that is associated with traffic on the managed devices, not traffic on vAEM.

Configuration requirements
The configuration requirements for the VMware hypervisor and host hardware are as
follows:

Configuration requirements for the VMware hypervisor and host hardware

Each additional 50 devices

Configuration Base vAEM with 2 devices device total

Disk space 250 GB 70 GB 2.6 T

Cores 4 0.25 16

Memory 16 GB 1 GB 64 GB

Management 1 management interface is

interface required; a second
management interface is
optional.

Required CPU instruction sets

The CPUs on the host server must have the following instruction sets:
n MMX
n SSE
n SSE2
n SSE3 (PNI)
n SSSE3

To check which instruction sets the CPU supports, enter the following command on the
host’s Linux shell command line:
cat /proc/cpuinfo

The Flags field lists the supported instruction sets.

The following CPUs have the required instruction sets:

n AMD CPUs: Bulldozer or later
n Intel CPUs: Westmere or later

Installing vAEM
To install the vAEM, you create a virtual machine in the VMware vSphere Hypervisor™,
and then install and configure vAEM. After the initial installation and configuration, you

© NETSCOUT Confidential and Proprietary 9

 Using Virtual Arbor Enterprise Manager
vAEM Installation Guide, Version 7.0.0.0

can access the vAEM through any supported web browser. For a list of the supported web
browsers, see the AEM release notes.

You install vAEM from an OVA (Open Virtual Appliance) file. See “Installing vAEM” on the
next page.

Upgrading to vAEM
You can upgrade vAEM from the NSI 5.7 virtual machine. You use package files that
NETSCOUT provides, and follow the same procedure as you do when you upgrade a
physical AEM appliance.

For upgrade instructions, see the AEM Release Notes or the AEM User Guide.

Unsupported features and functions

The vAEM does not support the following features and functions:
n Shell access
n RAID
n NetScout integration

© NETSCOUT Confidential and Proprietary 10

 Using Virtual Arbor Enterprise Manager
vAEM Installation Guide, Version 7.0.0.0

Installing vAEM
After you verify that you have met the minimum system requirements, you can install the
vAEM by using the .ova file that you obtained from NETSCOUT. The installation consists of
creating a virtual machine, and then installing and configuring AEM on the virtual
machine.

For information about the system requirements, see “Configuration requirements” on

page 9.

After you complete the installation, you can access the vAEM at any time. See “Accessing
the vAEM” on page 15.

Creating a virtual machine

To create a virtual machine:
1. Open VMware vSphere Client and log in, using the credentials for the VMware server.
2. Select File > Deploy OVF Template.
3. In the Source window of the Deploy OVF Wizard, select the .ova file that you
downloaded, and then click Next.
We recommend that you deploy the .ova file from the computer on which the
VMware client is installed. If you deploy a .ova file from a remote location, then the
VMware client can time out.
4. In the OVF Template Details window, click Next.
5. In the Name and Location window, type a unique name for this virtual machine or
accept the default name, and then click Next.
6. In the Storage window, select the location in which to store the virtual machine files,
and then click Next.
7. In the Disk Format window, we recommend that you click Next to accept the default
format of Thick Provision Lazy Zeroed. If you are an experienced VMware user, then
you might choose to select a different option.
8. In the Network Mapping window, map the VM network adapter mgt0 to VM Network 1,
which is tied to the physical interface vmnic0.
9. Click Next in the Network Mapping window.
10. In the Ready to Complete window, review the settings, select Power on after
deployment, and then click Finish.
The deployment process might take several minutes.
11. When the completion window appears, click Close.

Installing and configuring vAEM

You configure the vAEM with the settings that allow it to access the networks on the
VMware server.

To configure the vAEM network settings:

1. In VMware vSphere Client, display the Inventory view.
2. In the inventory list in the left pane, right-click the AEM virtual machine, and then
select Open Console from the context menu.
A new window opens.

© NETSCOUT Confidential and Proprietary 11

 Using Virtual Arbor Enterprise Manager
vAEM Installation Guide, Version 7.0.0.0

3. If the virtual machine is not powered on, then click the Power On icon.
4. If the GRUB menu appears, then select disk (VGA) and press ENTER, or wait and allow
the system to start automatically.
5. At the login prompt, enter the default user name of admin
6. At the Password prompt, enter the default password of arbor

7. Change the administrator password as follows:

a. Enter / services aaa local password admin interactive
b. At the prompts, enter the new password.
Important
To use AEM, you must change the default password.
8. To configure the mgt0 management port, enter / ip interfaces ifconfig mgt0
address netmask up
address = The IP address of the mgt0 management interface on the virtual
machine.
netmask = The netmask of the management interface in dotted-quad format. For
example: 255.255.255.0.
9. (Optional) To configure the mgt1 management port, enter / ip interfaces
ifconfig mgt1 address netmask up
address = The IP address of the mgt1 interface on the virtual machine.
netmask = The netmask of the mgt1 interface in dotted-quad format. For
example: 255.255.255.1.
10. Enter / ip route add default address
address = The IP address for the default gateway.
11. To configure access to services, enter the following command for each of the services
that are listed below: / ip access add service {mgt0 | all} CIDR
service = one of the following services:
http = optional, for redirection to https
https = required for access to the AEM UI and for communication between
AEM and its managed devices
ping = optional for checking the communications between the appliances in
the AED or APS deployment
snmp = allows SNMP access to AEM
ssh = optional but strongly recommended for administrative access to the
CLI
{mgt0 | all} = the name of the management interface on which to apply a
service exclusively, or all to apply the rule to all of the interfaces
CIDR = the address range from which you want to allow communications to a
service
For security reasons, do not enter IP access rules that specify numeric ports.
Caution
We strongly recommend that you do not use 0.0.0.0/0 or ::/0 in IP access rules,
because these address ranges allow unrestricted access to a service. To restrict
access, be sure to specify the narrowest address range that you can.
12. To commit the access rules, enter / ip access commit
13. To save the configuration, enter / config write

© NETSCOUT Confidential and Proprietary 12

 Using Virtual Arbor Enterprise Manager
vAEM Installation Guide, Version 7.0.0.0

14. Enter / system name set name

name = A unique name for your virtual machine. You can type a fully qualified
domain name (such as system1.example.net) or the appliance name (such as
system1).
15. Configure the SSH host keys in one of the following ways:
n To have AEM generate the SSH host key files, enter / services ssh key
generate
n To import a file that contains the SSH host keys, enter / services ssh key host
set disk:fileName
fileName = the name of the file that contains the SSH host keys
16. Enter / services ssh start
17. Obtain the virtual machine license key as follows:
a. Enter / system hardware
b. Make a note of the serial number that appears. It will begin with VMware.
Important
Every time you create a new instance of the virtual machine, the serial number
changes.
c. Contact the Arbor Technical Assistance Center (https://my.netscout.com), provide
the serial number, and request a license key. The Arbor Technical Assistance
Center will send you the license key.
18. Enter / system license set Pravail "APS-CONSOLE" license_key
license_key = your AEM license key
Important
This command is case sensitive. Type the model and license key exactly as they
appear on the product label or in your license key email, including any spaces and
punctuation.
19. To set the shared secret, enter / services aem secret set secret
secret = A word or phrase to authenticate internal communication. The same
secret must be configured on all of the APS devices and AED devices that AEM
manages.
20. To configure a DNS server, enter / service dns server add DNS_IP_address
(Optional) Repeat this command to specify an additional DNS server for redundancy.
21. To configure an NTP server, enter / services ntp server add server_address
server_address = the hostname or IP address of your NTP server
(Optional) Repeat this command to specify additional NTP servers.
22. To save the configuration, enter / config write
23. Enter / services aem database initialize
24. To start the AEM services, enter / services aem start
25. To save the configuration, enter / config write
Important
Do not skip this step.
26. To log out of the CLI, enter exit
27. Exit the virtual machine console.

© NETSCOUT Confidential and Proprietary 13

 Using Virtual Arbor Enterprise Manager
vAEM Installation Guide, Version 7.0.0.0

Next step
You complete the remainder of the AEM configuration in the AEM UI and command line
interface (CLI). You complete the remainder of the AEM configuration in the AEM UI and
command line interface (CLI). For information about configuring AEM settings, see the
Arbor Enterprise Manager User Guide.

© NETSCOUT Confidential and Proprietary 14

 Using Virtual Arbor Enterprise Manager
vAEM Installation Guide, Version 7.0.0.0

Accessing the vAEM

You can access the vAEM through any supported web browser.

For a list of the capabilities and limitations of vAEM, see “About the AEM Virtual Machine”
on page 9.

To access the vAEM:

n In a browser window, enter https://address/summary
address = the host name or IP address of vAEM. For example:
https://192.0.2.1/summary or
https://example.com/summary

© NETSCOUT Confidential and Proprietary 15

Index

A U
AEM virtual machine 9 upgrading the vAEM 9
Arbor Technical Assistance Center, contacting 7 user input, syntax 6
ATAC, contacting 7
V
C vAEM
command syntax 6 accessing 15
configuration requirements 9 configuring 11
conventions, typographic installation 9
commands 6 installing on VMware hypervisor 11
CPU instructions sets, required 9 overview 9
customer support, contacting 7 upgrading 9
virtual machine, creating 11
D VMware hypervisor
creating 11
documentation 5
installing vAEM on 11

H
hosts
required CPU instruction sets 9
hypervisor, creating on VMware 11

I
installing vAEM 9
instruction sets, required for CPUs 9

O
overview of vAEM 9

P
publications 5

S
support, contacting 7
syntax, commands 6
system resources, minimum 9

T
typographic conventions
commands 6

© NETSCOUT Confidential and Proprietary 16

 End User License Agreement
vAEM Installation Guide, Version 7.0.0.0

End User License Agreement

The end user license agreement (EULA) contains updated terms and conditions with
respect to your license of NETSCOUT product and services and is deemed to replace any
previous license terms provided with respect thereto; provided, however, if you and
NETSCOUT have executed a direct agreement, such direct agreement shall govern your
license of NETSCOUT product and services.

You can read the complete end user license agreement online at
https://www.netscout.com/sites/default/files/2018-06/NetScout-Systems-End-User-
Product-License-Agreement.pdf.

© NETSCOUT Confidential and Proprietary 17