Network Probe Installation
SenseOn primarily collects its network telemetry from its endpoint sensor. The majority of SenseOn customers do not use a network probe, as they are generally only used to provide coverage for Operational Technology (OT) or legacy systems within a Data Centre.
Should a probe be required, this guide details the requirements that must be met to install a SenseOn physical network probe within your network infrastructure. These probes facilitate the capture of network metadata associated with connections to/from endpoint devices that cannot host the SenseOn Universal Sensor via Deep Packet Inspection of traffic TAPped/mirrored to its capture interface.
For endpoint devices hosting the Universal Sensor, network metadata is captured using Deep Packet Inspection on the endpoint itself, which additionally allows this activity to be attributed to the user identity and process managing the interactions. Activity captured in this way is not duplicated by any hardware probes that may be deployed.
Technical Architecture
SenseOn network probes communicate with the central analytic appliance via a secure connection on port 1194, as shown in the figure below.
Firewall Requirements
A network probe’s primary IP must be permitted to connect outbound to the SenseOn master appliance on port 1194/tcp. The same IP should be made accessible on port 22/tcp (ssh) from a privileged access workstation or management jumpbox (i.e., it should be accessible to your systems administrators in case troubleshooting is required, but should not be accessible to the entire network). SSH access is not a requirement but is recommended if troubleshooting needs to be done and access to the virtual console is either not possible or not desirable.
Physical Probes
SenseOn Required Information for a Physical Probe
SenseOn probes are delivered pre-configured to run in your environment. They are shipped with three network interfaces; one management interface and two capture interfaces. One or both of the capture interfaces should be connected to a network TAP or mirror port so that the probe can perform its deep packet inspection of the network traffic of interest. The management port must be connected to a management network and able to communicate with the SenseOn cloud analysis appliance endpoint on port 1194.
To configure and ship the probe, SenseOn requires the following information. Please collate it and pass it to your SenseOn representative:
- Management Interface (active interface, used to send telemetry to SenseOn platform)
- Static IP Address.
- Subnet Mask.
- Gateway IP Address.
- Public IP address of the probe (for SenseOn to allow list).
- Management interfaces are RJ45 Copper by default.
- Capture Interface (passive interfaces for network monitoring via SPAN/TAP)
- Remote switch vendor model (Cisco, Juniper, HP, etc.).
- Average sustained bandwidth of link being monitored (note this is not the line speed).
- If capture interface is copper:
- Interface type (RJ45/DAC).
- If capture interface is fibre optic:
- Wavelength (860nm/1310nm).
- Speed (1G/10G/?).
- Fibre Type (OM1/OM2/OM3/OM4/OM5).
- Duplex (Full/Half).
- Shipping Details
- Contact Name.
- Contact Number.
- Contact Email.
- Address.
Probe Installation
Once delivered, the appliance will need unpacking, racking, and cabling. The ports on the appliance are configured according to the network requirements provided.
Diagram Rear Elevation
The connections indicated on the diagram are:
- A. Power Supply. Both of these must be connected.
- B. Management interface. These will have already been configured with the IP configuration provided.
- C. Capture interfaces, which should be connected to the span/tap ports on the network switch.
Any port marked in the diagram with a circle with a line through it will not be in use or configured.
-
Unpack the Appliance. Unpack the appliance, keeping all shipping materials in case they are later required. Your SenseOn Probe Appliance ships with a rack-mounting rail kit for installation in a 19” rack (standards ANSI/EIA 310-D-92, IEC 297 or DIN 41494).
-
Power Connectivity. Your SenseOn Probe is equipped with a redundant power supply, which consists of two hot-swappable PSU components. For hot-swapping to occur, each of the two power supplies must be powered with its own chord. Note: both PSUs should be connected to a power supply.
-
Connect Network Cables. The SenseOn Probe appliance requires one connected interface for administrative purposes, and one or more interfaces to capture traffic.
- Connect your management cable to port B
- Connect the capture cable from your switches to ports C.
-
If you only have 1 capture interface, please plug this into port C1.
-
Power On the Appliance. The appliance may be powered on with the power button at the right-hand side of the front of the appliance. This button is next to the power symbol ⏻, and will be illuminated in green when power is connected to the appliance.
- Confirm Connectivity. Once it has been connected and powered on, please contact either your Customer Success Manager or the SenseOn SOC via email or live chat so that connectivity can be confirmed. NB: The management interface will be password protected.
Virtual Probes
A virtual probe may be requested from SenseOn through your Customer Success Manager, or contact our 24/7 support team.
The probe will be built with the network connection settings you specify and will be provided as an Open Virtual Appliance (OVA) file.
When requesting a virtual probe, SenseOn will need the following details for the build:
- The IP address which the device will be using on your network. This should be an internal address on your network, to which you can ssh, and from which the appliance may communicate outbound to the SenseOn SaaS appliance (see firewall requirements above).
- The subnet mask and default gateway for this interface.
- The external IP address(es) from which traffic from the probe will egress (likely a public IPv4 address on the edge firewall of your network).
- The location to which the probe is to be deployed (e.g., “Data Centre 01 in Sandford”, or “The Swan Hotel”).
- The virtualization platform and version which the probe is to be deployed.