The Photon Network Sensor for VMware is a Virtual Machine (VM) that implements a **Starlight** Network Sensor from within VMware.

Site Preparation

This process will require a working VMware vCenter server with the minimal resources available.

  • 4 CPU Cores.
  • 8Gbytes of system memory.
  • 100Gbytes of file system storage.

One physical port on the system will be configured to receive network traffic to be analyzed. It must have promiscuous mode capability and and connected to an appropriate data source.

In addition the system BIOS must have VT-d/IOMMU enabled.

The VM image to use can be downloaded from the Stellar Cyber AI production server at the following URLs:

Description: [Network Sensor]
Link: (https://acps.stellarcyber.ai/release/3.2.0/datasensor/aella-device-ds-3.2.0.ova) 
Version: 3.2.0
URL: https://acps.stellarcyber.ai/release/3.2.0/datasensor/aella-device-ds-3.2.0.ova

For authentication to download, the user name is and the password are in your email.

Alternatively a curl command in a shell user environment can be used to download the images.   For example, t the following command can be used;

curl -k -u CREDENTIALS https://acps.stellarcyber.ai/release/3.2.0/datasensor/aella-device-ds-3.2.0.ova -o aella-device-ds-3.2.0.ova

Installation Steps

To perform the installation once the prerequisites have been met the following steps may be used. Create a new virtual switch with port mirroring capabilities.  Start with the add-networking wizard function and select the Virtual Machine Port Group option as shown in the following image.

You can add the port to an existing switch or create a new switch. The following image shows the attachment being made to an existing switch named vSwitch0.

Create a network label with the VLAN ID of 4095.   This is shown in the following image.

At this point the settings should be complete.  Select the “FINISH” button as shown below.

When completed the resulting switch may be observed in the Networking section of the vCenter Navigator as shown in the following image.  Select the network connection as shown in “STEP 1” and then the edit icon shown as “STEP 2”.

Select the “Security” panel option and enable Promiscuous Mode by selecting the appropriate Override and Accept controls as shown in the following image.

The above steps may be repeated as necessary to monitor additional ports.

The next steps will create the VM.   Select the option to deploy a new OVF template wizard and use the “Local” file option.   This will appear as follows.

Note: the Stellar Cyber distribution provides an OVA file which is a format that includes the requested OVF file as a component.

On the next screen provide the VM a name and selected the appropriate data center where it will be deployed, as shown below.

Within the data center there may be more than one resource that can run the VM. Select the one which hosts the mirror port. A simple configuration is shown in the following image.

Once the selections are made the summary page is shown as follows.   If the settings are correct click the “FINISH” button that is shown in the following image.

The VM will be loaded into the hypervisor management and can then be observed in the vCenter summary page.   An example of this is shown in the following image.

Expand the Virtual Hardware sub-page.   The Management channel used by the sensor will be implemented over “Network Adapter 1” which needs to be connected.  Selected it as shown in the following image.

Select the “Edit Settings” menu item to add a second adapter.  This is the network interface that will be used to monitor traffic on the virtual switch we created in prior steps.  This is shown in the next two images.

 

At this point the Sensor is installed and can be started.  An example of this is shown in the following image.

Configure the Sensor

Once the sensor is running it must be configured.  This process will change the sensor’s admin password and also set the IP address of the CM (Starlight Data Processor).

The following steps may be followed:

  1. In vCenter open the console of the VM and it will provide a login prompt.
  2. Login with the user name aella and with the password changeme.   The sensor will require a new password to be established at this time, which will be used for all subsequent logins.
  3. Set the IP address of the Data Processor with the command set cm Express.StellarCyber.ai
  4. The status of the sensor can be checked with the show version command if desired.
  5. Log out of the sensor with the quit command.

If the management network has been properly set up the sensor will now be communicating with the Data Processor and will automatically register itself.

Congratulations!

Please email us at express@stellarcyber.ai to get the credentials for the portal.