Deployment Guides

Deployment Guides#

Replicator is available in deployment packages for ESXi, Hyper-V, KVM, and Proxmox environments or as an Amazon Machine Image (AMI) via the AWS Marketplace. Hardware appliances are also available upon request.

Important

Profile data from a Replicator 19.1.1 deployment can be migrated to a v20.0.1 instance with the same IP address. Refer to this guide (before starting the deployment process) for further details.

On this page:

Virtual appliances
Virtual appliances
Hardware appliance
Hardware appliance
Headless instances
Headless deployments
Basic configuration
Basic configuration

Note

  • The information in this section applies specifically to Replicator 20.0.0+ standalone deployments and “headless” appliances. Refer to the Scrutinizer manual for instructions to enable the local Replicator instance on a Scrutinizer deployment. Contact Plixer Technical Support to learn more about licensing options.

  • Replicator virtual appliance packages can also be downloaded from the Plixer Customer Portal.

  • Standalone Replicator deployments can be upgraded by adding a Plixer One/Scrutinizer license under Admin > Plixer > Scrutinizer in the web interface. However, this will require the instance to be provisioned with additional resources as described in these Scrutinizer deployment guides and sizing recommendations.

Virtual appliances#

Basic requirements for virtual appliances:

Component

Recommended (for production environments)

Memory

8 GB

Storage

100 GB 15K RAID 0 or 10 configuration

Processor

2 CPU cores, 2.0+ GHz
ESXi deployment

Additional requirements:

  • ESXi 6.7 U2+

  • VMware vSphere or vCenter

Deploying the OVF template

  1. Contact Plixer Technical Support and use the link they provide (https://files.plixer.com/PACKAGE_PATH_AND_FILENAME) to download the latest VMware virtual appliance package.

  2. Extract the contents of the package to a location on the ESXi server.

  3. In vSphere or vCenter, right-click the host to deploy the appliance to and select Deploy OVF Template from the menu.

  4. Select Local file and browse to the Replicator OVF and VMDK files before clicking Next.

  5. Provide a name for the Replicator virtual appliance and continue to follow the deployment wizard.

  6. When prompted, select the datastore, set the disk format to Thick Provision and click Next.

  7. After selecting the network to be used by the virtual appliance, verify the configuration in the summary before clicking Finish to import the Replicator virtual appliance. This may take a few moments.

  8. Before powering on the Replicator virtual machine, assign a static MAC address to the NIC for licensing purposes:

    a. Right-click on the VM and select Edit Settings… b. Select the network adapter, set the MAC address to Manual, and enter a unique MAC address to assign to the virtual machine NIC. c. Click OK to save the current configuration and return to the previous page.

  9. Right-click on the Replicator virtual machine to power it on.

After the appliance boots up, proceed with the initial appliance setup.

Note

To upgrade the virtual machine’s hardware version to the latest ESXi version, select Compatibility > Upgrade VM Compatibility in vSphere or vCenter while the VM is powered off. When the VM is powered back on after the upgrade, it will boot up with the latest ESXi hardware version available.

Hyper-V deployment

Additional requirements:

  • Generation 2 Hyper-V VM

  • Hyper-V 2012

  • Hyper-V Manager

Deploying the Hyper-V virtual appliance

  1. Contact Plixer Technical Support and use the link they provide (https://files.plixer.com/PACKAGE_PATH_AND_FILENAME) to download the latest Hyper-V virtual appliance package.

  2. Extract the contents of the package to a location on the Hyper-V server.

  3. In Hyper-V Manager, right-click the virtual machine to use, and select Import Virtual Machine…

  4. Browse to the location of the Replicator_Hyper-V folder.

  5. Select the Replicator Hyper-V virtual machine file and click Next.

  6. Use the radio buttons to select the import operation type and click Next.

  7. Verify the settings in the summary and click Finish to import the virtual machine.

  8. Right-click on the Replicator virtual machine and select Settings…

  9. In the Settings menu, set the Startup RAM: to 16 GB (if not already set).

  10. Select a network adapter and assign it to the appropriate virtual switch.

  11. Expand the network adapter settings, select Advanced Features, and set the MAC address to Static.

  12. Enter a unique MAC address and click OK.

After starting the virtual machine, right-click on it, select Connect, and then proceed with the initial appliance setup.

KVM deployment

Additional requirements:

  • KVM 16 or higher

Deploying the KVM virtual appliance

  1. Contact Plixer Technical Support and use the link they provide to download the latest KVM virtual appliance package:

    curl -k -o PACKAGE_FILENAME.tar.gz https://files.plixer.com/PACKAGE_PATH/PACKAGE_FILENAME.tar.gz

  2. Create a directory for the install:

    mkdir /kvm/replicator_vm/

  3. Extract the contents of the package to the new directory:

    sudo tar xvzf PACKAGE_FILENAME.tar.gz -C /kvm/replicator_vm/

  4. Run the installation script in the new directory:

    cd /kvm/replicator_vm/PACKAGE_FILENAME
sudo ./install.sh

  5. Wait for the confirmation that the virtual machine has been created from the image.

After the VM starts up, access the console using virsh console <VM_DOMAIN_OR_ID> and proceed with the initial appliance setup.

Proxmox deployment

To deploy the Replicator virtual appliance in Proxmox, follow these steps:

Note

  • When attaching the imported disk (step 6), verify that its name matches what’s displayed in the GUI.

  • The syntax in the instructions below should be modified to match the actual VMID and disk names/numbers used.

  1. Contact Plixer Technical Support and use the link they provide to download the latest VMware virtual appliance package:

    curl -k -o PACKAGE_FILENAME.tar.gz https://files.plixer.com/PACKAGE_PATH/PACKAGE_FILENAME.tar.gz

  2. Extract the contents of the file and upload the *.vmdk file to a location that can be accessed by Proxmox on the Proxmox server (e.g., /var/lib/vz/template/).

  3. Convert the vmdk disk image to a Proxmox-compatible format:

    qemu-img convert -f vmdk -O qcow2 FILENAME.vmdk Plixer_Scrutinizer.qcow2

  4. Create a new virtual machine in Proxmox with the following configuration:

    • BIOS: OVMF (UEFI)

    • SCSI controller: VMware PVSCSI

    • Network adapter: E1000

    • CPU/memory: 2 CPU cores, 2.0+ GHz and 4 GB RAM

    • Add a new EFI disk with default sizing

  5. Import the disk via the CLI:

    qm importdisk VMID /var/lib/vz/template/Plixer_Scrutinizer.qcow2 ZFS_DISK_NAME

    Example:

    qm importdisk 100 /var/lib/vz/template/Plixer_Scrutinizer.qcow2 local-zfs

  6. Attach the imported disk to the virtual machine:

    qm set VMID -scsi0 local-zfs:VM_DISK_NAME

    Example:

    qm set 100 -scsi0 local-zfs:vm-101-disk-1

  7. Remove/delete the unused disk (the default disk created when the VM was added in Proxmox).

  8. Start the VM.

After the VM starts up, access the console and proceed with the initial appliance setup.

AWS AMI deployment

After subscribing to the service via the AWS Marketplace product page, deploy the Scrutinizer AMI by creating/launching a new EC2 instance with the following configuration:

  • Names and tags: Configure the name, resource types, and optional tags for the instance.

  • Application and OS images: Select the Scrutinizer AMI from the My AMIs tab.

  • Instance type: Select C5.large for flow rates up to 10,000 flows per second (contact Plixer Technical Support for assistance if the expected flow volume exceeds that).

  • Key pair: Select or create a new key pair to assign to the instance.

  • Network settings: Select the VPC, subnet, and security group to assign the instance to.

    Important

    Because an active instance’s primary private IP address cannot be released, we recommend deploying the AMI with two NICs and using the secondary as the collection interface.

  • Storage: Leave the size of the root volume (/dev/xvda/) at the default 100 GB.

  • Advanced details: Set Shutdown behavior to Stop and Termination protection to Enabled.

After the instance has been launched, access the Scrutinizer web interface via the instance’s primary private or public IP address, and then proceed to add a license.

Note

  • For AMI deployments, the default password for the web interface admin user is the AWS instance ID of the Scrutinizer instance, which can be copied from the Instance Summary view of the EC2 interface.

  • Use the following command to SSH to the server as the plixer user after the instance has been launched:

    ssh -i PATH_TO_KEY/key.pem plixer@SCRUTINIZER_IP

Hardware appliance#

Replicator hardware appliances support higher flow rates due to their dedicated resources and are strongly recommended for environments with extremely high flow replication requirements. They are available through Plixer Technical Support.

After receiving your package, follow this guide to deploy the appliance.

Hardware setup

After removing the Replicator hardware appliance from its packaging, verify that all accompanying accessories (rackmount kit, appliance-locking bezel and keys, and power cord) are included. The appliance can be mounted in a standard 19-inch rack or cabinet.

Important

If your box arrives torn, dented, or otherwise damaged, the appliance itself seems damaged, or there are missing parts, contact Plixer Technical Support immediately and do not attempt to install the unit.

From there, follow these steps to set up the Scrutinizer hardware appliance:

  1. Connect the appliance to the network as indicated by the port labels on the rear panel.

  2. Connect the power cable to one of the power supply sockets and plug the other end to a grounded AC outlet or UPS (if the appliance has redundant PSUs, connect each socket to an independent power source).

  3. [Optional] Connect the iDRAC port to a remote access controller using an RJ-45 cable to enable remote console access for hardware management and monitoring. Contact Plixer Technical Support for help with configuring alerts for hardware-related events.

  4. Using the additional ports provided, connect a monitor and keyboard to use during the appliance’s initial setup.

Once the Replicator hardware appliance has been set up and cabled, power it on and proceed with the initial appliance setup.

Headless deployments#

Additional Replicator instances (for greater replication capacity, high availability, etc.) can be deployed as “headless” appliances to minimize their resource footprint. These deployments do not include the web interface component; they must be registered and managed from a main standalone Replicator instance or a Plixer One/Scrutinizer deployment and cannot be configured independently.

Registering a headless instance#

Before deploying a headless appliance, it must first be registered on the main instance as follows:

Note

Additional Replicator instances must be supported by the current license key. Contact Plixer Technical Support for further details.

View instructions

  1. Navigate to Admin > Resources > Replicators in the web interface.

  2. Click the Add button.

  3. Enter a name to assign to the new Replicator instance, and then click Save.

  4. Click on the name of the new instance in the main view and note the authentication token shown in the tray.

Once the instance has been registered, proceed to deploying the headless appliance.

Deploying a headless instance#

Follow these steps to deploy a headless Replicator instance after it has been registered:

View instructions

  1. Download the latest headless appliance package for your hypervisor from the Plixer Customer Portal.

  2. Deploy the VM following the instructions here.

  3. Complete the basic appliance configuration.

  4. After it reboots, SSH to the appliance as the plixer user again.

  5. Enter the following details when prompted:

    • Configuration host

    • Authentication token generated when the instance was registered

    • Name given to the headless instance during registration

The headless instance will now be available for assignment when configuring Replicator profiles. To manage the instance, return to the Admin > Resources > Replicators view.

Basic configuration#

After deploying and starting the appliance, follow the basic configuration steps below to prepare Replicator for use.

Initial setup#

After the Replicator appliance completes its first boot sequence, log in with the credentials plixer:plixer to start the initial setup script:

  1. Provide the following information when prompted by the script:

    • Static IP address

    • Netmask

    • Gateway

    • FQDN

    • DNS IP address

    • NTP server IP address

  2. Enter any additional information requested.

  3. At the end of the script, press Enter to apply the settings and wait for the server to reboot again to apply the settings.

After the final appliance reboot, log in to the web interface at the IP address provided with the default admin:admin credentials and proceed to add a license.

Note

  • The default password for the web interface admin account can be changed from the Admin > Users & Groups > User Accounts page.

  • The default self-signed certificate can be replaced with a CA-signed certificate if desired.

Adding a license#

To add/register a Replicator license key, navigate to Admin > Plixer > Replicator Licensing in the web interface after completing the initial appliance setup process.

A license key can be obtained by contacting Plixer Technical Support and providing them with the Machine ID displayed on the licensing page. The key should then be pasted into the License Key field and saved.

Details for the current license (validity, appliance/server counts, etc.) will be displayed on the page after a key has been added.

Note

  • For AWS AMI deployments, the default password for the web interface admin user is the instance ID of the Scrutinizer instance, which can be copied from the Instance Summary view of the AWS console.

  • Replicator now shares the same UI with Plixer One/Scrutinizer (requires Scrutinizer 19.7.0+ and Replicator 20.0.0+). The IP address for accessing the web interface is assigned during the initial setup process after the appliance first boots.

Configuring SSL#

SSL support is automatically enabled during the initial setup process for a standalone Replicator instance. A self-signed SSL certificate with default values is created at the same time.

This self-signed certificate can later be replaced with a CA-signed certificate if desired.

Installing a CA-signed SSL certificate#

As long as the system is set to use the self-signed SSL certificate created during the initial setup process, browsers will return an untrusted certificate warning, which users must override to access the web interface.

To avoid this, an SSL certificate that has been signed by an internal or commercial Certificate Authority (CA) will need to be installed.

Generating a custom certificate signing request (CSR)#

  1. SSH to the primary reporter as the plixer user:

    ssh plixer@PRIMARY_REPORTER_IP

  2. [Optional] Create a new directory for the custom CSR, keys, and certificates:

    sudo mkdir /home/plixer/CustomCerts

    This will provide a static location for storing and managing future certificates.

  3. Create a CSR config/details file:

    sudo touch /home/plixer/CustomCerts/csr_config.txt

    Tip

    • If the details for the CSR do not change from year to year, csr_config.txt can be re-used to create a new CSR when the old certificate expires.

    • When generating a new CSR, key, and certificate, including a date in the filename will help identify the correct files in case future changes (e.g., upgrades) overwrite the existing certificate.

  4. Add the details for the CSR to csr_config.txt in the following format:

    [req] 
default_bits=2048 
prompt=no 
default_md=sha256 
req_extensions=req_ext 
distinguished_name=dn 

[dn] 
C=US 
ST=Maine 
L=Kennebunk 
O=Plixer, LLC 
OU=IT 
emailAddress=support@plixer.com 
CN=scrutinizer.plxr.local 

[req_ext] 
subjectAltName=@alt_names 

[alt_names] 
DNS.1=scrutinizer.plxr.local

    Note

    [alt_names] is now required. To specify multiple Subject Alternative Names (SANs), use one line for each entry, with incrementing DNS numbers (DNS.2=, DNS.3=, etc.).

  5. Generate the new CSR and key:

    cd /home/plixer/CustomCerts
sudo openssl req -new -sha256 -nodes -out newRequest.csr -newkey rsa:4096 -keyout newCaKey.key -config csr_config.txt

The custom CSR (/home/plixer/CustomCerts/newRequest.csr) can then be sent to any preferred CA for signing.

Installing the signed certificate#

Important

In some cases, Scrutinizer 19.5.x and Replicator 19.01 deployments will also have localhost.crt and localhost.key files in addition to ca.crt and ca.key. These files were generated during the deployment/upgrade process but should not be used.

The following steps will ensure that the correct certificates are in place and in use:

View instructions

  1. Verify localhost.crt and localhost.key do not exist on the appliance:

    sudo ls /etc/pki/tls/certs/ 
sudo ls /etc/pki/tls/private/

    If neither file exists, no further action is required.

  2. If either of the previous commands discovers the corresponding localhost file, update the appliance to look for the correct files:

    sudo sed -i 's/localhost.crt/ca.crt/g' /etc/httpd/conf.d/ssl.conf
sudo sed -i 's/localhost.key/ca.key/g' /etc/httpd/conf.d/ssl.conf
sudo chmod 600 /etc/pki/tls/certs/ca.crt
sudo chmod 600 /etc/pki/tls/private/ca.key
sudo mv /etc/pki/tls/certs/localhost.crt /etc/pki/tls/certs.ca.crt 
sudo mv /etc/pki/tls/private/localhost.crt /etc/pki/tls/private/ca.key

  3. Restart the httpd service:

    sudo systemctl restart httpd

After receiving the CA-signed certificate, follow these steps to install it:

  1. Copy the new certificate to the /home/plixer/CustomCerts directory (or any temporary directory if CustomCerts was not previously created) on the Replicator server.

  2. Backup the current CA certificate and key:

    sudo cp /etc/pki/tls/certs/ca.crt /etc/pki/tls/certs/ca.crt.bak 
sudo cp /etc/pki/tls/private/ca.key /etc/pki/tls/private/ca.key.bak

  3. Move the new certificate to the correct location:

    cp /home/plixer/CustomCerts/CA_CERT_FILENAME.crt /etc/pki/tls/certs/ca.crt

  4. Move the new key generated with the CSR to the correct location:

    sudo cp /home/plixer/CustomCerts/NEW_KEY_FILENAME.key /etc/pki/tls/private/ca.key

    If the CustomCerts directory was not created/used, the key can be found in the same directory the CSR was generated in.

  1. Restart the nginx service (httpd on pre-v20.0.0 Replicator or pre-v19.7.0 Scrutinizer deployments):

    sudo systemctl restart nginx

To verify that the web interface is using the correct SSL certificate, use a browser to navigate to the login page using the FQDN specified in the CA-signed certificate. The browser should no longer return an untrusted certificate warning and the padlock icon in the address bar should be locked instead of open.

Note

The private key may need to be encrypted with the /usr/bin/ask.sh passphrase:

openssl rsa -in server.key -out server.key.new
Non-default CSR configurations#

Certificate signing requests can also be generated with non-default configurations (stronger encryption, no email address, etc.) using the values in the csr_config.txt file in the above instructions.

After the desired configuration has been saved, continue to follow the same instructions to generate the CSR and install the CA-signed certificate.

Contents