Installing the Juniper ATP Appliance Collector Open Virtual Appliance (OVA)
Juniper ATP Appliance’s extensible deployment options include a Virtual Collector (vCollector) product, as an Open Virtual Appliance, or OVA, that runs in virtual machines. Specifically, a Juniper ATP Appliance OVA-packaged image is available for VMware Hypervisor for vSphere 6.5, 6.0, 5.5 and 5.0. Virtual Collector models supporting 25 Mbps, 100 Mbps, 500 Mbps and a 1.0 Gbps are available.
An OVF package consists of several files contained in a single directory with an OVF descriptor file that describes the Juniper ATP Appliance virtual machine template and package: metadata for the OVF package, and a Juniper ATP Appliance software image. The directory is distributed as an OVA package (a tar archive file with the OVF directory inside).
RECOMMENDATION: Juniper advises use of a dedicated physical NIC assigned to the vCollector for best collection results.
Virtual Collector Deployment Options
Two types of vCollector deployments are supported for a network switch SPAN/TAP:
Traffic that is spanned to a vCollector from a physical switch. In this case, traffic is spanned from portA to portB. ESXi containing the Juniper ATP Appliance vCollector OVA is connected to portB. This deployment scenario is shown in the figure above.
Traffic from a virtual machine that is on the same vSwitch as the vCollector. In this deployment scenario, because the vSwitch containing the vCollector is in promiscuous mode, by default all port-groups created will also be in promiscuous mode. Therefore, 2 port groups are recommended wherein port-groupA (vCollector) in promiscuous mode is associated with the vCollector, and port-groupB (vTraffic) represents traffic that is not in promiscuous mode.
Traffic from a virtual machine that is not on the same vSwitch as the vCollector is not supported. Also, a dedicated NIC adapter is required for the vCollector deployment; attach the NIC to a virtual switch in promiscuous mode (to collect all traffic). If a vSwitch is in promiscuous mode, by default all port-groups are put in promiscuous mode and that means other regular VMs are also receiving unnecessary traffic. A workaround for that is to create a different port-group for the other VMs and configure without promiscuous mode.
Provisioning Requirements and Sizing Options
Table 1: Provisioning Requirements
VM vCenter Version Support
VM vCenter Server Version: 6.5, 6.0, 5.5 and 5.0
vSphere Client Version: 6.5, 6.0, 5.5 and 5.0
ESXi version: 5.5.0 and 5.5.1
Processor speed 2.3-3.3 GHz
As many physical CORES as virtual CPUs
Hyperthreading: either enable or disable
CPU Reservation: Default
CPU Limit: Unlimited
Hyperthreaded Core Sharing Mode: None (if Hyperthreading is enabled on the ESXi)
Memory Reservation: Default
Memory Limit: Unlimited
Table 2: Sizing Options
Number of vCPUs
OVA Deployment vSwitch Setup
- Identify the physical network adapter from which the spanned traffic is received, then create a new VMware Virtual Switch and associate it with the physical network adapter.
- Click on Virtual Switch Properties. On the Ports tab, select vSwitch and click on the Edit button.
- Select the Security tab and change Promiscuous Mode to accept, then click OK. Click OK again to exit.
- Create a new port-group “vtraffic” in the Virtual Switch. This new port-group will be assigned to your vCollector later. See vSwitch Tip below for information about troubleshooting this setup.
Install the JATP OVA to a VM
- Download the Juniper ATP Appliance OVA file from the location specified.
- Connect to vCenter and click on File>Deploy OVF Template.
- Browse the Downloads directory and select the OVA file, then click Next to view the OVF Template Details page.
- Click Next to display and review the End User License Agreement page.
- Accept the EULA and click Next to view the Name and Location page.
- The default name for the Virtual Collector is Juniper ATP Appliance Virtual Collector Appliance. If desired, enter a new name for the Virtual Collector.
- Choose the Data Center on which the vCollector will be deployed, then click Next to view the Host/Cluster page.
- Choose the host/cluster on which the vCollector will reside, then click Next to view the Storage page.
- Choose the destination file storage for the vCollector virtual machine files, then click Next to view the Disk Format page. The default is THIN PROVISION LAZY ZEROED which requires 512GB of free space on the storage device. Using Thin disk provisioning to initially save on disk space is also supported. Click Next to view the Network Mapping page.
- Set up the two vCollector interfaces:
Management (Administrative): This interface is used to communicate with the Juniper ATP Appliance Central Manager (CM). Assign the destination network to the port-group that has connectivity to the CM Management Network IP Address.
Monitoring: This interface is used to inspect and collect network traffic. Assign the destination network to a port-group that is receiving mirrored traffic; this is the port-group “vtraffic” configured in the requirements section above. Click Next to view the Juniper ATP Appliance Properties page.
- IP Allocation Policy can be configured for DHCP or Static
addressing-- Juniper recommends using STATIC addressing. For DHCP
instructions, skip to Step 12. For IP Allocation Policy as Static,
perform the following assignments:
IP Address: Assign the Management Network IP Address for the Virtual Collector; it should be in the same subnet as the management IP address for the Juniper ATP Appliance Central Manager.
Netmask: Assign the netmask for the Virtual Collector.
Gateway: Assign the gateway for the Virtual Collector.
DNS Address 1: Assign the primary DNS address for the Virtual Collector.
DNS Address 2: Assign the secondary DNS address for the Virtual Collector.
- Enter the Search Domain and Hostname for the Virtual Collector.
- Complete the Juniper ATP Appliance vCollector Settings:
New Juniper ATP Appliance CLI Admin Password: this is the password for accessing the Virtual Collector from the CLI.
Juniper ATP Appliance Central Manager IP Address: Enter the management network IP Address configured for the Central Manager. This IP Address should be reachable by the Virtual Collector Management IP Address.
Juniper ATP Appliance Device Name: Enter a unique device name for the Virtual Collector.
Juniper ATP Appliance Device Description: Enter a description for the Virtual Collector.
Juniper ATP Appliance Device Key Passphrase: Enter the passphrase for the Virtual Collector; it should be identical to the passphrase configured in the Central Manager for the Core/CM. Click Next to view the Ready to Complete page.
- Do not check the Power-On After Deployment option because you must first (next) modify the CPU and Memory requirements (depending on the Virtual Collector model--either 100Mbps, 500Mbps, or 1Gbps; refer to OVA Deployment vSwitch Setup for sizing information. It is important to reserve CPU and memory for any virtual deployment.
- To configure the number of vCPUs and memory:
Power off the virtual collector.
Right click on the virtual collector -> Edit Settings
Select Memory in the hardware tab. Enter the required memory in the Memory Size combination box on the right.
Select CPU in the hardware tab. Enter the required number of virtual CPUs combination box on the right. Click OK to set.
- To configure CPU and memory reservation:
For CPU reservation: Right click on vCollector-> Edit settings:
Select Resources tab, then select CPU.
Under Reservation, specify the guaranteed CPU allocation for the VM. It can be calculated based on Number of vCPUs *processor speed.
For Memory Reservation: Right click on vCollector -> Edit settings.
In the Resources tab, select Memory.
Under Reservation, specify the amount of Memory to reserve for the VM. It should be the same as the memory specified by the Sizing guide.
- If Hyperthreading is enabled, perform the following selections:
Right click on the virtual collector -> Edit settings.
In the Resources tab, select HT Sharing: None for Advanced CPU.
- Power on the Virtual Collector.
To install the JATP Appliance OVA to a VM
- Obtain requisite login information from your sales representative, then download the Juniper ATP Appliance ISO file [JATP.iso] and the Juniper ATP Appliance Collector image file [img.zip] to your Linux system’s local directory.
- Start a terminal session then plug in the first USB drive (Kingston USB flash drives are recommended) to the Linux system and identify its drive ID (ls /dev/sd*).
- Use the Linux “dd” utility to write the local
ISO content to the first USB flash drive; we refer to drive “sdb”
in our example below but your drive ID will likely be different:dd if=JATP.iso of=/dev/sdb
It is very important that you take note of the drive ID and install the ISO only to that correct USB drive or the dd utility will overwrite all data on the drive selected.
- OPTIONAL: To view status, use the pv utility [you may need to install the pv utility first]; for example: dd if=JATP.iso | pv | dd of=/dev/sdb
- When the ISO is fully copied to the bootable USB drive, remove USB drive1 and insert USB drive2.
- Copy the zipped Collector image file img.zip to the 2nd USB drive:
- You are now ready to install the Collector ISO from the
bootable USB drive. The ISO will unzip and install the Collector image
There are Windows Utilities that are also available for creating bootable USB drives from the ISO image.