Deploy additional AutoDiscovery network sensors

This topic describes how to deploy additional network sensors as needed, directly on a customer-owned Windows or Linux machine, or on a repurposed ASMS machine.

The AutoDiscovery server contains a network sensor that captures data from across your ASMS network. Additionally, AAD traffic log sensors are automatically installed wherever a syslog server is running on your system (Remote Agents, Central Manager).

You may need to add additional network sensors if you want to capture traffic from other networks or to separate your AutoDiscovery server and sensor machines.

For more details about traffic collection using remote network sensors, see Traffic collection options.

Sensor installation options

The following table describes the supported configurations for installing additional sensors, and the high-level steps required for each configuration:

ESX with port mirroring

Do the following:

  1. Deploy an AutoDiscovery sensor to each ESX server.
  2. Configure each sensor to view traffic in promiscuous mode.
Physical server with port mirroring

Do the following:

  1. Prepare a separate server for the AutoDiscovery sensor. The server can be physical or virtual, and Windows or Linux.
  2. Direct mirrored traffic to the sensor.
Local mode with direct capture

Install a sensor on any server from which you want to capture traffic.

For more details, see on this page Deploy remote AutoDiscovery network sensors.

Note: To configure statistical traffic collection with NetFlow/SFlow, we recommend using the sensor installed together with the AutoDiscovery server.

For more details, see Deploy AutoDiscovery .

Back to top

AutoDiscovery network sensor system requirements

Additional AutoDiscovery sensors must be installed on a Linux or Windows server with the following minimum specifications:

CPU

Standard: 4-core CPU, if expected traffic load has a maximum of 2 Gbps

Large: 8-core CPU, if expected traffic load is 2 - 4 Gbps

Memory

Standard: 4 GB

Large: 8 GB

Disk space 1 GB free disk space
Network adapters

At least 2 network adapters:

  • 1 adapter connected to each source mirror port or LAN
  • 1 adapter connected to the LAN, for communication with the AutoDiscovery server

Software

(Windows only)

When deploying a Windows sensor, make sure you have the following software installed on the AutoDiscovery sensor machine:

Note: You can adjust the load of traffic to a sensor by setting the NetFlow frequency filter

When deploying on a virtual machine, network cards must be physically connected to the switch / router.

Back to top

Deploy remote AutoDiscovery network sensors

This procedure describes how to deploy additional AutoDiscovery sensors.

Note: If you are deploying additional sensors, each additional sensor must be deployed on its own machine. Use different machines than the ones you are using for the AutoDiscovery server and the ASMS installation.

Do the following:

Back to top

Upgrade remote AutoDiscovery sensors

For Windows and Linux machines

Important: For security updates for a VMware machine, reinstall OVF manually.

Do the following:

  1. On the AutoDiscovery web console, go to the Sensors tab.

  2. Select the checkboxes of the sensors you want to install from the list.

  3. Click Upgrade.

Back to top

Additional AutoDiscovery requirements based on network traffic collection method

Note: The number of sensors to install and where to install them depends on your network's load and topology.

For example, if you have packet brokers or standalone sniffers already collecting traffic on your network, you can send the traffic they collect to a single sensor. This avoids the need to thoroughly cover your network with sensors.

Configure one of the following:

Back to top