Scrutinizer

Scrutinizer is available in deployment packages for ESXi, Hyper-V, KVM, and Proxmox environments or as an Amazon Machine Image (AMI) via the AWS Marketplace. Hardware appliances are also available upon request.

Contact Plixer Technical Support or a local reseller for availability and licensing or visit www.plixer.com to learn more.

Note

Scrutinizer virtual appliance packages are also available for download from the Plixer Customer Portal.

On this page:

Virtual appliances

Virtual appliances

Hardware appliances

Hardware appliances

Basic configuration

Basic configuration

Virtual appliances

Basic requirements for virtual appliances:

Component	Minimum (for trial installations)	Recommended (for production environments)
Memory	16 GB	64 GB
Storage	100 GB	1+ TB 15K RAID 0 or 10 configuration
Processor	8 CPU cores, 2.0+ GHz	12 CPU cores, 2.0+ GHz

CPU cores and RAM based on flow rate and exporter count

Flows/s		Exporters
		5	25	50	100	200	300	400	500
5k		8 CPU cores 16 GB RAM	8 CPU cores 16 GB RAM	10 CPU cores 20 GB RAM	14 CPU cores 28 GB RAM	20 CPU cores 39 GB RAM	26 CPU cores 52 GB RAM	32 CPU cores 67 GB RAM	38 CPU cores 82 GB RAM
10k		8 CPU cores 16 GB RAM	8 CPU cores 16 GB RAM	12 CPU cores 24 GB RAM	18 CPU cores 36 GB RAM	25 CPU cores 50 GB RAM	32 CPU cores 65 GB RAM	38 CPU cores 81 GB RAM	43 CPU cores 97 GB RAM
20k		16 CPU cores 32 GB RAM	16 CPU cores 32 GB RAM	16 CPU cores 32 GB RAM	24 CPU cores 48 GB RAM	32 CPU cores 64 GB RAM	38 CPU cores 80 GB RAM	43 CPU cores 96 GB RAM	48 CPU cores 112 GB RAM
50k		32 CPU cores 64 GB RAM	32 CPU cores 64 GB RAM	32 CPU cores 64 GB RAM	32 CPU cores 64 GB RAM	39 CPU cores 80 GB RAM	44 CPU cores 96 GB RAM	48 CPU cores 112 GB RAM	52 CPU cores 128 GB RAM
75k		46 CPU cores 96 GB RAM	46 CPU cores 96 GB RAM	46 CPU cores 96 GB RAM	46 CPU cores 96 GB RAM	46 CPU cores 96 GB RAM	49 CPU cores 112 GB RAM	52 CPU cores 128 GB RAM	55 CPU cores 144 GB RAM
100k		52 CPU cores 128 GB RAM	52 CPU cores 128 GB RAM	52 CPU cores 128 GB RAM	52 CPU cores 128 GB RAM	52 CPU cores 128 GB RAM	52 CPU cores 128 GB RAM	55 CPU cores 144 GB RAM	58 CPU cores 160 GB RAM
125k		58 CPU cores 160 GB RAM	58 CPU cores 160 GB RAM	58 CPU cores 160 GB RAM	58 CPU cores 160 GB RAM	58 CPU cores 160 GB RAM	58 CPU cores 160 GB RAM	58 CPU cores 160 GB RAM	61 CPU cores 176 GB RAM
150k		64 CPU cores 192 GB RAM	64 CPU cores 192 GB RAM	64 CPU cores 192 GB RAM	64 CPU cores 192 GB RAM	64 CPU cores 192 GB RAM	64 CPU cores 192 GB RAM	64 CPU cores 192 GB RAM	64 CPU cores 192 GB RAM

Note

• In clustered virtual environments where the hostname and MAC address of the VM can be changed, assign a static MAC address to the Scrutinizer NIC to avoid license key issues.

• The disk can be expanded after deployment to handle higher flow rates. A dedicated 15k RPM RAID 10 datastore is recommended for optimal performance.

• See this guide for further sizing recommendations.

ESXi deployment

Additional requirements:

• ESXi 6.7 U2+

• VMware vSphere or vCenter

Deploying the OVF template

1. Download the latest VMware virtual appliance package from the Plixer Customer Portal.

2. Extract the contents of the package to a location on the ESXi server.

3. In vSphere or vCenter, right-click the host to deploy the appliance to and select Deploy OVF Template from the menu.

4. Select Local file and browse to the Scrutinizer OVF and VMDK files before clicking Next.

5. Provide a name for the Scrutinizer virtual appliance and continue to follow the deployment wizard.

6. When prompted, select the datastore, set the disk format to Thick Provision and click Next.

7. After selecting the network to be used by the virtual appliance, verify the configuration in the summary before clicking Finish to import the Scrutinizer virtual appliance. This may take a few moments.

8. Before powering on the Scrutinizer virtual machine, assign a static MAC address to the NIC for licensing purposes:

   1. Right-click on the VM, and then select Edit Settings…

   2. Select the network adapter, set the MAC address to Manual, and then enter a unique MAC address to assign to the virtual machine NIC.

   3. While on this page, adjust the other virtual hardware settings to match the recommended specifications outlined in the environment sizing guides if necessary.

   4. Click OK to save the current configuration and return to the previous page.

9. Right-click on the Scrutinizer virtual machine to power it on.

After the appliance boots up, proceed with the initial appliance setup.

Note

To upgrade the virtual machine’s hardware version to the latest ESXi version, select Compatibility > Upgrade VM Compatibility in vSphere or vCenter while the VM is powered off. When the VM is powered back on after the upgrade, it will boot up with the latest ESXi hardware version available.

Expanding database size

Depending on the volume of NetFlow data that will be forwarded to the Scrutinizer virtual appliance, it may be necessary to allocate additional storage space for its database.

This process is divided into several tasks:

Adding a hard drive to the Scrutinizer virtual machine

1. Power off the Scrutinizer VM by either logging in and issuing the sudo shutdown -h now command or via the power menu in VMware Tools.

2. Right-click on the virtual machine, and then select Edit Settings…

3. Click Add New Device, and then select Hard Disk from the dropdown.

4. Expand the New Hard disk settings, and select the type of disk provisioning and adjust the disk capacity.

5. Click OK to complete the operation.

Once the new drive has been added, power the VM on and follow this guide to make it available to Scrutinizer.

Hyper-V deployment

Additional requirements:

• Generation 2 Hyper-V VM

• Hyper-V 2012

• Hyper-V Manager

Deploying the Hyper-V virtual appliance

1. Download the latest Hyper-V virtual appliance package from the Plixer Customer Portal.

2. Extract the contents of the package to a location on the Hyper-V server.

3. In Hyper-V Manager, right-click the virtual machine to use, and select Import Virtual Machine…

4. Browse to the location of the Scrutinizer_Hyper-V folder.

5. Select the Scrutinizer Hyper-V virtual machine file and click Next.

6. Use the radio buttons to select the import operation type and click Next.

7. Verify the settings in the summary and click Finish to import the virtual machine.

8. Right-click on the Scrutinizer virtual machine and select Settings…

9. In the Settings menu, set the Startup RAM: to 16 GB (if not already set).

10. Select a network adapter and assign it to the appropriate virtual switch.

11. Expand the network adapter settings, select Advanced Features, and set the MAC address to Static.

12. Enter a unique MAC address and click OK.

After starting the virtual machine, right-click on it, select Connect, and then proceed with the initial appliance setup.

Expanding database size

Depending on the volume of NetFlow data that will be forwarded to the Scrutinizer virtual appliance, it may be necessary to allocate additional storage space for its database.

To add a hard drive to the Scrutinizer virtual machine, follow these steps:

1. Power off the Scrutinizer VM by logging in and issuing the sudo shutdown -h now command.

2. In Hyper-V manager, right-click on the Scrutinizer virtual machine and select Settings.

3. Under the IDE Controller settings, select Hard Drive and click Add.

4. Under Virtual hard disk:, click New to start the New Virtual Hard Disk wizard.

5. When asked to choose the disk format, select VHDX to allow for for expansion past 2 TB.

6. Continue to follow the wizard and provide the requested details.

7. Review the settings in the summary, and then click Finish to complete the operation.

Once the new drive has been added, power the VM on and follow this guide to make it available to Scrutinizer.

KVM deployment

Additional requirements:

• KVM 16 or higher

Deploying the KVM virtual appliance

1. Download the latest KVM virtual appliance package from the Plixer Customer Portal.

2. Create a directory for the install:

   mkdir /kvm/scrutinizer_vm/
   

3. Extract the contents of the package to the new directory:

   sudo tar xvzf PACKAGE_FILENAME.tar.gz -C /kvm/scrutinizer_vm/
   

4. Run the installation script in the new directory:

   cd /kvm/scrutinizer_vm/PACKAGE_FILENAME
   sudo ./install-kvm-scrut.sh
   

5. Wait for the confirmation that the virtual machine has been created from the image.

After the VM starts up, access the console using virsh console <VM_DOMAIN_OR_ID> and proceed with the initial appliance setup.

Proxmox deployment

To deploy a Scrutinizer virtual appliance in Proxmox, follow these steps:

1. Download the latest VMware virtual appliance package from the Plixer Customer Portal.

2. Extract the contents of the file and upload the *.vmdk file to a location that can be accessed by Proxmox on the Proxmox server (.e.g., /var/lib/vz/template/).

3. Convert the vmdk disk image to a Proxmox-compatible format:

   qemu-img convert -f vmdk -O qcow2 FILENAME.vmdk Plixer_Scrutinizer.qcow2
   

4. Create a new virtual machine in Proxmox with the following configuration:

   • BIOS: OVMF (UEFI)

   • SCSI controller: VMware PVSCSI

   • Network adapter: E1000

   • CPU/memory: Recommended sizing

   • Add a new EFI disk with default sizing

5. Import the disk via the CLI:

   qm importdisk 100 /var/lib/vz/template/Plixer_Scrutinizer.qcow2 local -zfs
   

6. Attach the imported disk to the virtual machine:

   qm set 100 -scsi0 local-zfs:vm-101-disk-1
   

7. Delete the unused disk and start the VM.

After the VM starts up, access the console and proceed with the initial appliance setup.

Note

• When attaching the imported disk, verify that its name matches what’s displayed in the GUI.

• The syntax in the instructions above should be modified to match the actual VMID and disk numbers used.

AWS AMI deployment

After subscribing to the service via the AWS Marketplace product page, deploy the Scrutinizer AMI by creating/launching a new EC2 instance with the following configuration:

• Names and tags: Configure the name, resource types, and optional tags for the instance.

• Application and OS images: Select the Scrutinizer AMI from the My AMIs tab.

• Instance type: Select C5.2xlarge for flow rates up to 10,000 flows per second (contact Plixer Technical Support for assistance if the expected flow volume exceeds that).

• Key pair: Select or create a new key pair to assign to the instance.

• Network settings: Select the VPC, subnet, and security group to assign the instance to.

  Important

  Because an active instance’s primary private IP address cannot be released, we recommend deploying the AMI with two NICs and using the secondary as the collection interface.

• Storage: Leave the size of the root volume (/dev/xvda/) at the default 100 GB.

• Advanced details: Set Shutdown behavior to Stop and Termination protection to Enabled.

After the instance has been launched, access the Scrutinizer web interface via the instance’s primary private or public IP address, and then proceed to add a license.

Note

Use the following command to SSH to the server as the plixer user after the instance has been launched:

ssh -i PATH_TO_KEY/key.pem plixer@SCRUTINIZER_IP

Expanding database size

To expand the database size for a Scrutinizer AMI, create one or more additional EBS volumes in the same availability zone and attach them to the instance.

These volumes can then be made available to Scrutinizer by following this guide.

Note

set partitions (step 6 in the guide) will need to be run from the scrut_util prompt for each additional drive attached to the instance:

SCRUTINIZER> set partitions <NEW_PARTITION>

Changing instance types

Follow these steps to change the Scrutinizer instance type to increase CPU and RAM allocations:

1. SSH to the instance as the plixer user and stop all services via scrut_util:

   SCRUTINIZER> services all stop
   

2. Power off the OS:

   shutdown -h now
   

3. Stop the instance. If an Elastic IP was assigned, note the instance ID and Elastic IP address beforehand.

4. Change the instance type and restart the instance following this guide.

5. Verify that a new public DNS (IPv4), Private DNS, and Private IPs have been assigned. The Elastic IP address should also be re-assigned to the instance ID if necessary.

After the instance has been reconfigured, SSH to the Scrutinizer IP address as the plixer user and run the following scrut_util command to re-tune the system:

SCRUTINIZER> set tuning

Hardware appliances

Scrutinizer hardware appliances support higher collection rates due to their dedicated resources and are strongly recommended for environments with extremely high flow volumes. They are available through Plixer Technical Support.

After removing the Scrutinizer hardware appliance from its packaging, verify that all accompanying accessories (rackmount kit, appliance-locking bezel and keys, and power cord) are included. The appliance can be mounted in a standard 19-inch rack or cabinet.

Important

If your box arrives torn, dented, or otherwise damaged, the appliance itself seems damaged, or there are missing parts, contact Plixer Technical Support immediately and do not attempt to install the unit.

Hardware setup

1. Refer to the port labels to identify the ports to be used on the rear panel of the appliance:

   • iDRAC

   • Serial

   • VGA

   • USB Type-B x 2

   • 10GbE SFP x 2 (1 and 2)

   • 1GbE RJ45 x 2 (3 and 4)

   • Power supply x 2

2. Connect the power cable to one of the power supply sockets and plug the other end to a grounded AC outlet or UPS. To take advantage of the redundant PSUs, ensure that each socket is connected to an independent power source.

3. Depending on the bandwidth requirements of the environment, connect the appliance to the network using either RJ-45 or fiber optic cables. Unused ports may be left uncabled, but connecting both ports of either pair is recommended for high availability.

4. [Optional] Connect the iDRAC port to a remote access controller using an RJ-45 cable to enable remote console access for hardware management and monitoring. Contact Plixer Technical Support for help with configuring alerts for hardware-related events.

5. Using the additional ports provided, connect a monitor and keyboard to use during the appliance’s initial setup.

Once the Scrutinizer hardware appliance has been set up and cabled, proceed with the initial appliance setup.

Note

• The Ethernet port pairs are configured for adapting load balancing (bonding mode 6).

• The iDRAC virtual console can also be used for the appliance’s initial setup.

Basic configuration

After deploying and starting the appliance, follow the basic configuration steps below to prepare Scrutinizer for use.

Initial setup

After the Scrutinizer appliance completes its first boot sequence and a user logs in with the credentials plixer:plixer, it will perform a quick preliminary setup before rebooting itself.

After the reboot, log in again to start the initial setup script:

1. Provide the following information when prompted by the script:

   • Static IP address

   • Netmask

   • Gateway

   • FQDN

   • DNS IP address

   • NTP server IP address

2. Continue through the succeeding dialogs and enter any additional information requested.

3. At the end of the script, press Enter and wait for the server to reboot again to apply the settings.

After the final appliance reboot, point any supported browser to https://IP_ADDRESS_ENTERED and log in with the default admin:admin credentials to access the Scrutinizer web interface and add a license.

Note

• The default password for the web interface admin account can be changed from the Admin > Users & Groups > User Accounts page.

• To replace the default self-signed certificate with a CA-signed certificate, follow the instructions on this page.

Adding a license

Once the Scrutinizer web interface is accessible, log in as the admin user with the password configured during the initial appliance setup to add/register an active license.

Note

• For AWS AMI deployments, the default password for the web interface admin user is the instance ID of the Scrutinizer instance, which can be copied from the Instance Summary view of the AWS console.

• Passwords for the admin user and other user accounts can be changed from the Admin > Users & Groups > User Accounts page at any time.

A Plixer One or Scrutinizer license key can be obtained by contacting Plixer Technical Support and providing them with the Machine ID displayed under Admin > Plixer > Scrutinizer Licensing. This key should then be pasted into the License Key field on the same page and saved.

After a license key has been added, the Scrutinizer Licensing page will display details for the active license (validity, appliance/server counts, etc.) and can be used to update the license key when needed.

Configuring SSL

As part of the initial setup script/wizard for the Scrutinizer appliance, a self-signed SSL certificate will be created using default values. SSL support will also be enabled by default.

This self-signed certificate can later be replaced with a CA-signed certificate if desired.

Note

To learn more about additional certificate-related functions, see this page.

Installing a CA-signed SSL certificate

As long as the system is set to use the self-signed SSL certificate created during the initial setup process, browsers will return an untrusted certificate warning, which users must override to access the web interface.

To avoid this behavior, an SSL certificate that has been signed by an internal or commercial Certificate Authority (CA) will need to be installed:

1. Forward the /etc/pki/tls/private/ca.csr file to the CA for signing and ask that they return it as base 64 encoded rather than DER encoded.

2. After acquiring the CA-signed SSL certificate, stop the web server:

   sudo systemctl stop plixer_webapp
   

3. Rename the new certificate to ca.crt and overwrite the existing file in etc/pki/tls/certs.

4. Start the web server again:

   sudo systemctl start plixer_webapp
   

To verify that the web interface is using the correct SSL certificate, use a browser to navigate to the login page using the FQDN specified in the CA-signed certificate. The browser should no longer return an untrusted certificate warning and the padlock icon in the address bar should be locked instead of open.