A virtual appliance is a convenient way of distributing full system images with software pre-installed. Modern virtualization technology makes it possible to operate virtual machines with little or no performance impact compared to running straight on hardware. This means that end users of software no longer have to complete all the manual steps necessary to prepare a system and install software packages.
FlowTraq is delivered in a compressed virtual machine with all FlowTraq software components pre-installed and configured. This means that you can simply download the "vApp" and run it, and your FlowTraq system is ready for use. Since FlowTraq uses the Open Virtualization Format the vApp can be deployed on many virtualization technologies such as ESXi, VirtualBox, or VMWare Player.
When you first launch the FlowTraq vApp it will automatically present you with login credentials. Once you log in a menu is presented that allows you to change your network configuration. It is also possible to use the vApp as an web portal to an existing FlowTraq server. The FlowTraq server daemon that is installed on the vApp will not be used in that case. To gain access to a command prompt, simply "quit" the menu.
Since the vApp is a full virtual machine, it comes by default with settings for RAM, CPU, and Disk preconfigured. Before you start your vApp you can change any of them to match your environment best.
By default the vApp comes with 2 CPU cores configured. You can set this to any value that matches your environment. The FlowTraq server daemon will automatically use all the available cores on a FlowTraq system. Adding more CPUs to your FlowTraq system will improve query performance.
To change the number of CPU cores available to FlowTraq, simply edit the CPU settings in your virtualization environment before starting the FlowTraq vApp. No further configuration of the FlowTraq server daemon is required.
By default the vApp comes with 4 GB of RAM configured. You can set this to any value that matches your environment. The FlowTraq server daemon will automatically use all the available RAM on a FlowTraq system, but never exceeds it. Adding more RAM to your FlowTraq system will increase your RAM retention in high volume environments.
To change the amount of RAM available to FlowTraq, simply edit the RAM settings in your virtualization environment before starting the FlowTraq vApp. No further configuration of the FlowTraq server daemon is required.
By default the vApp comes with 1 TB of disk space configured. Additional storage capacity can be added to your vApp in several ways, including by adding additional virtual disks. Depending on your virtualization environment, and your storage setup, the way in which you access these disks may vary. Another option for increasing retention is network-backed storage. This is typically slower, and more suitable for third-tier storage using FlowTraq's archive capability.
After adding additional storage, boot the vApp and "quit" the administrative menu. Additional formatting and/or mounting commands may be required to add the new storage to the vApp.
Finally, you must modify the FlowTraq server configuration file to point to the new storage location instead of the original /opt/flowtraq/SESSIONDB directory.
To get the most out of a FlowTraq server installation it is sometimes advisable to deploy the FlowTraq server daemon directly on physical hardware. This way FlowTraq will be able to make full use of the available resources, without needing to share CPU, memory, or IO bandwidth. Also, it is recommended that clustered deployments are provisioned directly on dedicated hardware.
In these cases it is still possible to deploy the vApp and target it directly at a remote FlowTraq server or cluster portal. The vApp will handle the relatively light-weight tasks of providing the web front-end while the remote FlowTraq server takes care of all flow processing and analysis.
To configure the vApp to use a remote FlowTraq server please select "configure" in the main vApp menu. In the submenu select "remote" to configure a remote FlowTraq server:
Follow the onscreen instructions to setup connectivity to the remote FlowTraq server daemon. You will need access to a FlowTraq account with administrative privileges (usually the 'admin' account).
![[Tip]](../common/images/admon/tip.png) | Tip |
|---|---|
Please direct your flow data directly at the remote FlowTraq server. The FlowTraq vApp will NOT forward your flow records! |
