Deployment Guides

Deployment Guides#

Replicator virtual appliances can be deployed in local hypervisors, Amazon Web Services (as an AMI via the AWS Marketplace), Google Cloud Platform, Microsoft Azure, or Oracle Cloud Infrastructure. Hardware appliances are also available upon request.

Contact Plixer Technical Support or a local reseller for availability and licensing or visit www.plixer.com to learn more.

Note

Profile data from a Replicator 19.1.1 appliance can be migrated to a different v20.0.2+ instance. Refer to this guide for further details.

On this page:

Virtual appliances
Virtual appliance deployment
Hardware appliance
Hardware appliance deployment
Headless instances
Headless deployments
Basic configuration
Basic configuration

Note

  • The information in this section applies specifically to Replicator 20.0.0+ standalone deployments and “headless” appliances. Refer to the Scrutinizer manual for instructions to enable the local Replicator instance on a Scrutinizer deployment. Contact Plixer Technical Support to learn more about licensing options.

  • Standalone Replicator deployments can be upgraded by adding a Plixer One/Scrutinizer license under Admin > Plixer > Scrutinizer in the web interface. However, this will require the instance to be provisioned with additional resources as described in these Scrutinizer deployment guides and sizing recommendations.

Virtual appliance deployment#

Basic requirements for virtual appliances:

Component

Recommended (for production environments)

Memory

8 GB

Storage

100 GB 15K RAID 0 or 10 configuration

Processor

2 CPU cores, 2.0+ GHz

Local hypervisors#

ESXi deployment

Additional requirements:

  • ESXi 6.7 U2+

  • VMware vSphere or vCenter

Deploying the OVF template

  1. Log in to the Plixer Customer Portal or use the link provided by Plixer Technical Support to download the latest VMware virtual appliance package:

    curl -k -o PACKAGE_FILENAME.tar.gz https://files.plixer.com/PACKAGE_PATH/PACKAGE_FILENAME.tar.gz

  2. Extract the contents of the package to a location on the ESXi server.

  3. In vSphere or vCenter, deploy the appliance on a host using the OVF template option (this will require the OVF and VMDK files).

  4. Select Thick Provision for the datastore disk format.

  5. After selecting the network to be used by the virtual appliance, verify the configuration in the summary before starting the import operation.

  6. After the template has been successfully imported (may take several minutes), assign a static MAC address to the Replicator NIC for licensing purposes.

  7. Power on the VM.

After the Replicator virtual appliance completes booting, proceed with the initial appliance setup.

Note

To upgrade the virtual machine’s hardware version to the latest ESXi version, select Compatibility > Upgrade VM Compatibility in vSphere or vCenter while the VM is powered off. When the VM is powered back on after the upgrade, it will boot up with the latest ESXi hardware version available.

Hyper-V deployment

Additional requirements:

  • Generation 2 Hyper-V VM

  • Hyper-V 2012

  • Hyper-V Manager

Deploying the Hyper-V virtual appliance

  1. Log in to the Plixer Customer Portal or use the link provided by Plixer Technical Support to download the latest Hyper-V virtual appliance package:

    curl -k -o PACKAGE_FILENAME.tar.gz https://files.plixer.com/PACKAGE_PATH/PACKAGE_FILENAME.tar.gz

  2. Extract the contents of the package to a location on the Hyper-V server.

  3. In Hyper-V Manager, select the option to import a VM, and then select the Replicator Hyper-V image.

  4. After the image has been imported, provision the Replicator VM based on the recommended resources.

  5. Select a network adapter and assign it to the appropriate virtual switch.

  6. Assign a static MAC address to the VM.

  7. Save the updated settings, and then start the VM.

After the Replicator virtual appliance completes booting, connect to the VM and then proceed with the initial appliance setup.

KVM deployment

Additional requirements:

  • KVM 16 or higher

Deploying the KVM virtual appliance

  1. Log in to the Plixer Customer Portal or use the link provided by Plixer Technical Support to download the latest KVM virtual appliance package:

    curl -k -o PACKAGE_FILENAME.tar.gz https://files.plixer.com/PACKAGE_PATH/PACKAGE_FILENAME.tar.gz

  2. Create a directory for the install:

    mkdir /kvm/replicator_vm/

  3. Extract the contents of the package to the new directory:

    sudo tar xvzf PACKAGE_FILENAME.tar.gz -C /kvm/replicator_vm/

  4. Run the installation script in the new directory:

    cd /kvm/replicator_vm/PACKAGE_FILENAME
sudo ./install-kvm-scrut.sh

  5. Wait for the confirmation that the virtual machine has been created from the image.

After the Replicator virtual appliance completes booting, access the console using virsh console <VM_DOMAIN_OR_ID> to proceed with the initial appliance setup.

Nutanix

Deploying the virtual appliance in Nutanix

  1. Log in to the Plixer Customer Portal or use the link provided by Plixer Technical Support to download the latest VMware virtual appliance package:

    curl -k -o PACKAGE_FILENAME.tar.gz https://files.plixer.com/PACKAGE_PATH/PACKAGE_FILENAME.tar.gz

  2. Extract the qcow2 image to a location that can be accessed by Prism Element.

  3. Log in to Prism Element and upload the image (as a disk) to any storage container (except SelfServiceContainer).

  4. After the image becomes active, create a new VM with the following configuration:

    • Resources: Recommended resources (minimum of 8 cores and 16 GB RAM, fewer CPUs with more cores is recommended)

    • Boot configuration: UEFI

    • Operation: Clone from image

    • Bus type: SATA (SCSI is not recommended due to known issues with Red Hat 9 systems)

    • Image: Image/disk uploaded in step 3

    • Index: Next available

  5. Add a new NIC to the VM and assign it to the desired subnet.

  6. Save the VM configuration, and then power on the VM.

After the Replicator virtual appliance completes booting, launch the console to proceed with the initial appliance setup.

Proxmox deployment

To deploy the Replicator virtual appliance in Proxmox, follow these steps:

Note

  • When attaching the imported disk (step 6), verify that its name matches what’s displayed in the GUI.

  • The syntax in the instructions below should be modified to match the actual VMID and disk names/numbers used.

Deploying the virtual appliance in Proxmox

  1. Log in to the Plixer Customer Portal or use the link provided by Plixer Technical Support to download the latest VMware virtual appliance package:

    curl -k -o PACKAGE_FILENAME.tar.gz https://files.plixer.com/PACKAGE_PATH/PACKAGE_FILENAME.tar.gz

  2. Extract the contents of the file and upload the *.vmdk file to a location that can be accessed by Proxmox on the Proxmox server (e.g., /var/lib/vz/template/).

  3. Convert the VMDK disk image to a Proxmox-compatible format:

    qemu-img convert -f vmdk -O qcow2 FILENAME.vmdk Plixer_Replicator.qcow2

  4. Create a new virtual machine in Proxmox with the following configuration:

    • BIOS: OVMF (UEFI)

    • SCSI controller: VMware PVSCSI

    • Network adapter: E1000

    • CPU/memory: Recommended resources

    • Add a new EFI disk with default sizing

  5. Import the disk via the CLI:

    qm importdisk VMID /var/lib/vz/template/Plixer_Replicator.qcow2 ZFS_DISK_NAME

    Example:

    qm importdisk 100 /var/lib/vz/template/Plixer_Replicator.qcow2 local-zfs

  6. Attach the imported disk to the virtual machine:

    qm set VMID -scsi0 local-zfs:VM_DISK_NAME

    Example:

    qm set 100 -scsi0 local-zfs:vm-101-disk-1

  7. Remove/delete the unused disk (the default disk created when the VM was added in Proxmox).

  8. Start the VM.

After the Replicator virtual appliance completes booting, access the console to proceed with the initial appliance setup.

Cloud platforms#

AWS AMI deployment

Deploying the Scrutinizer AMI

After subscribing to the service via the AWS Marketplace product page, deploy the Replicator AMI by creating/launching a new EC2 instance with the following configuration:

  • Names and tags: Configure the name, resource types, and optional tags for the instance.

  • Application and OS images: Select the Replicator AMI from the My AMIs tab.

  • Instance type: Select C5.2xlarge for flow rates up to 10,000 flows per second (contact Plixer Technical Support for assistance if the expected flow volume exceeds that).

  • Key pair: Select or create a new key pair to assign to the instance.

  • Network settings: Select the VPC, subnet, and security group to assign the instance to.

    Important

    Because an active instance’s primary private IP address cannot be released, we recommend deploying the AMI with two NICs and using the secondary as the collection interface.

  • Storage: Leave the size of the root volume (/dev/xvda/) at the default 100 GB.

  • Advanced details: Set Shutdown behavior to Stop and Termination protection to Enabled.

After the instance has been launched, access the Replicator web interface via the instance’s primary private or public IP address, and then proceed to add a license.

Note

  • For AMI deployments, the default password for the web interface admin user is the AWS instance ID of the Replicator instance, which can be copied from the Instance Summary view of the EC2 interface.

  • Use the following command to SSH to the server as the plixer user after the instance has been launched:

    ssh -i PATH_TO_KEY/key.pem plixer@REPLICATOR_IP
Google Cloud Platform

Additional requirements:

  • A GCP project with Billing, Compute Engine, and Migrate to Virtual Machines enabled

  • Permissions to create Compute Engine images, Compute Engine VM instances, and Cloud Storage buckets (if not using an existing bucket)

  • A cloud storage bucket on the region intended for the VM (for staging the image)

Importing and deploying the Replicator VM

  1. Log in to the Plixer Customer Portal or use the link provided by Plixer Technical Support to download the latest VMware virtual appliance package:

    curl -k -o PACKAGE_FILENAME.tar.gz https://files.plixer.com/PACKAGE_PATH/PACKAGE_FILENAME.tar.gz

  2. Extract the VMDK/image (Replicator_Vmware_20.0.2-disk1.vmdk) from the file.

  3. Upload the image to the staging bucket.

  4. Import the image using the Migrate to Virtual Machines option with the following configuration:

    • Source: Cloud Storage

    • File: Select the uploaded VMDK

    • Operating system: RHEL 9

    This operation will create a reusable custom image and may take up to 15 minutes. The image must be successfully imported before the Replicator VM can be created.

  5. Create a new VM instance with the machine type most closely matching the recommended resources (n4 or c4 recommended).

  6. Configure the OS and storage settings for the VM as follows:

    • Boot disk: The imported Replicator image

    • Disk type: Hyperdisk Balanced (required for C4/N4 machine types)

    • Disk size: Adjust to match storage requirements

  7. Configure the networking settings for the VM as follows

    • Assign an external IPv4 address (ephemeral).

    • Enable HTTPS traffic through the firewall.

    • Add a network tag: replicator-https.

    • Assign a hostname (optional but recommended).

  8. Verify that all settings were configured correctly, and then create/launch the VM.

After the instance has been launched, connect to the VM via serial console (see below if not already enabled for the project) to proceed with the initial appliance setup.

Enabling serial console access

Serial console access (project-level setting) can be enabled for first boot validation and troubleshooting.

In the GCP console, edit the metadata settings for the Compute Engine to add the following:

  • Key: serial-port-enable

  • Value: true

The option to connect to the Replicator VM via serial console will become available after the new key is saved.

Microsoft Azure

Additional requirements:

  • A Windows 10+ or Windows Server host with Internet access, at least 200 GB free disk space, and Hyper-V installed

  • Administrator permissions (including PowerShell commands) on the Windows host

  • Administrator credentials for the Azure account the Replicator virtual appliance will be deployed on

Uploading and deploying the Replicator VM

  1. Log in to the Plixer Customer Portal or use the link provided by Plixer Technical Support to download the latest Hyper-V virtual appliance package on the Windows host:

    curl -k -o PACKAGE_FILENAME.tar.gz https://files.plixer.com/PACKAGE_PATH/PACKAGE_FILENAME.tar.gz

  2. Extract the VHD (Replicator.vhdx) from the file.

  3. Start a PowerShell session on the Windows host, and then convert the disk image to fixed size in Powershell:

    Convert-VHD -Path C:\path\to\Replicator.vhdx -Destination C:\path\to\Replicator.vhd -VHD Type Fixed

  4. Install the Az PowerShell module:

    Install-Module -Name Az

  5. Authenticate the Windows PowerShell session with the Azure account to be used for deployment:

    Connect-AzAccount

    Note

    If the connection fails after the correct Azure credentials are entered, run the following:

    Set-ExecutionPolicy RemoteSigned

  6. Upload the Replicator VHD to Azure as a managed disk (replace RESOURCE_GROUP, AZURE_REGION, and DISK_NAME below with the appropriate details):

    Add-AzVhd -LocalFilePath C:\path\to\Replicator.vhd -ResourceGroupName RESOURCE_GROUP -Location AZURE_REGION -DiskName DISK_NAME -DiskHyperVGeneration V2 -DiskOsType Linux

  7. After the Replicator VHD has been uploaded, deploy a new VM using the disk image from the Azure portal (note the IP address assigned to the VM as this will be required when setting up the appliance).

  8. Launch/start the VM.

After the Replicator VM completes booting, SSH to the IP address assigned as the plixer user to proceed with the initial appliance setup.

Oracle Cloud Infrastructure

Additional requirements:

  • A cloud storage bucket (for staging the image)

  • Gateway and netmask of the OCI VNC subnet that Replicator will be deployed on

Importing and deploying the Replicator VM

  1. Log in to the Plixer Customer Portal or use the link provided by Plixer Technical Support to download the latest VMware virtual appliance package:

    curl -k -o PACKAGE_FILENAME.tar.gz https://files.plixer.com/PACKAGE_PATH/PACKAGE_FILENAME.tar.gz

  2. If necessary, extract the OVA (Replicator_Vmware_20.0.2-bios.ova) from the file.

  3. Upload the image to the storage bucket.

  4. Create a new custom image by importing the uploaded file from the storage bucket with the following settings:

    • Operating system: Oracle Linux

    • Image type: VMDK

    • Launch mode: Emulated (required)

  5. Create a new VM instance using the custom image and configure the following settings:

    • Select the custom image created in the previous step.

    • Select an image shape (e.g., VM.Standard.E5.Flex) and expand the CPU core count and memory allocation to match the recommended resources.

    • Enter a primary VNIC name (required for the Replicator VM).

    • Manually assign a private IPv4 address to use as the static address for the Replicator appliance (must be entered during appliance setup).

    • Add public or generated keys for SSH access.

    • Adjust the boot volume size based on these storage recommendations and keep VPU at the default value.

  6. Save the instance configuration and start/launch the VM.

After obtaining the required details, SSH to the VM as the plixer user to proceed with the initial appliance setup.

Hardware appliance deployment#

Replicator hardware appliances support higher flow rates due to their dedicated resources and are strongly recommended for environments with extremely high flow replication requirements. They are available through Plixer Technical Support.

After receiving your package, follow this guide to deploy the appliance.

Hardware setup

After removing the Replicator hardware appliance from its packaging, verify that all accompanying accessories (rackmount kit, appliance-locking bezel and keys, and power cord) are included. The appliance can be mounted in a standard 19-inch rack or cabinet.

Important

If your box arrives torn, dented, or otherwise damaged, the appliance itself seems damaged, or there are missing parts, contact Plixer Technical Support immediately and do not attempt to install the unit.

From there, follow these steps to set up the Replicator hardware appliance:

  1. Connect the appliance to the network as indicated by the port labels on the rear panel.

  2. Connect the power cable to one of the power supply sockets and plug the other end to a grounded AC outlet or UPS (if the appliance has redundant PSUs, connect each socket to an independent power source).

  3. [Optional] Connect the iDRAC port to a remote access controller using an RJ-45 cable to enable remote console access for hardware management and monitoring. Contact Plixer Technical Support for help with configuring alerts for hardware-related events.

  4. Using the additional ports provided, connect a monitor and keyboard to use during the appliance’s initial setup.

Once the Replicator hardware appliance has been set up and cabled, power it on and proceed with the initial appliance setup.

Headless deployments#

Additional Replicator instances (for greater replication capacity, high availability, etc.) can be deployed as “headless” appliances to minimize their resource footprint. These deployments do not include the web interface component; they must be registered and managed from a main standalone Replicator instance or a Plixer One/Scrutinizer deployment and cannot be configured independently.

Registering a headless instance#

Before deploying a headless appliance, it must first be registered on the main instance as follows:

Note

Additional Replicator instances must be supported by the current license key. Contact Plixer Technical Support for further details.

View instructions

  1. Navigate to Admin > Resources > Replicators in the web interface.

  2. Click the Add button.

  3. Enter a name to assign to the new Replicator instance, and then click Save.

  4. Click on the name of the new instance in the main view and note the authentication token shown in the tray.

Once the instance has been registered, proceed to deploying the headless appliance.

Deploying a headless instance#

Follow these steps to deploy a headless Replicator instance after it has been registered:

View instructions

  1. Download the latest headless appliance package for your hypervisor from the Plixer Customer Portal.

  2. Deploy the VM following the instructions here.

  3. Complete the basic appliance configuration.

  4. After it reboots, SSH to the appliance as the plixer user again.

  5. Enter the following details when prompted:

    • Configuration host

    • Authentication token generated when the instance was registered

    • Name given to the headless instance during registration

The headless instance will now be available for assignment when configuring Replicator profiles. To manage the instance, return to the Admin > Resources > Replicators view.

Basic configuration#

After deploying and starting the appliance, follow the basic configuration steps below to prepare Replicator for use.

Initial setup#

After the Replicator appliance completes its first boot sequence, log in with the credentials plixer:plixer to start the initial setup script:

  1. Provide the following information when prompted by the script:

    • Static IP address

    • Netmask

    • Gateway

    • FQDN

    • DNS IP address

    • NTP server IP address

  2. Enter any additional information requested.

  3. At the end of the script, press Enter to apply the settings and wait for the server to reboot again to apply the settings.

After the final appliance reboot, log in to the web interface at the IP address provided with the default admin:admin credentials and proceed to add a license.

Note

  • The default password for the web interface admin account can be changed from the Admin > Users & Groups > User Accounts page.

  • The default self-signed certificate can be replaced with a CA-signed certificate if desired.

Adding a license#

To add/register a Replicator license key, navigate to Admin > Plixer > Replicator Licensing in the web interface after completing the initial appliance setup process.

A license key can be obtained by contacting Plixer Technical Support and providing them with the Machine ID displayed on the licensing page. The key should then be pasted into the License Key field and saved.

Details for the current license (validity, appliance/server counts, etc.) will be displayed on the page after a key has been added.

Note

  • For AWS AMI deployments, the default password for the web interface admin user is the instance ID of the Replicator instance, which can be copied from the Instance Summary view of the AWS console.

  • Replicator now shares the same UI with Plixer One/Scrutinizer (requires Scrutinizer 19.7.0+ and Replicator 20.0.0+). The IP address for accessing the web interface is assigned during the initial setup process after the appliance first boots.

Configuring SSL#

SSL support is automatically enabled during the initial setup process for a standalone Replicator instance. A self-signed SSL certificate with default values is created at the same time.

This self-signed certificate can later be replaced with a CA-signed certificate if desired.

Installing a CA-signed SSL certificate#

As long as the system is set to use the self-signed SSL certificate created during the initial setup process, browsers will return an untrusted certificate warning, which users must override to access the web interface.

To avoid this, an SSL certificate that has been signed by an internal or commercial Certificate Authority (CA) will need to be installed.

Generating a custom certificate signing request (CSR)#

  1. SSH to the primary reporter as the plixer user:

    ssh plixer@PRIMARY_REPORTER_IP

  2. [Optional] Create a new directory for the custom CSR, keys, and certificates:

    sudo mkdir /home/plixer/CustomCerts

    This will provide a static location for storing and managing future certificates.

  3. Create a CSR config/details file:

    sudo touch /home/plixer/CustomCerts/csr_config.txt

    Tip

    • If the details for the CSR do not change from year to year, csr_config.txt can be re-used to create a new CSR when the old certificate expires.

    • When generating a new CSR, key, and certificate, including a date in the filename will help identify the correct files in case future changes (e.g., upgrades) overwrite the existing certificate.

  4. Add the details for the CSR to csr_config.txt in the following format:

    [req] 
default_bits=2048 
prompt=no 
default_md=sha256 
req_extensions=req_ext 
distinguished_name=dn 

[dn] 
C=US 
ST=Maine 
L=Kennebunk 
O=Plixer, LLC 
OU=IT 
emailAddress=support@plixer.com 
CN=replicator.plxr.local 

[req_ext] 
subjectAltName=@alt_names 

[alt_names] 
DNS.1=replicator.plxr.local

    Note

    [alt_names] is now required. To specify multiple Subject Alternative Names (SANs), use one line for each entry, with incrementing DNS numbers (DNS.2=, DNS.3=, etc.).

  5. Generate the new CSR and key:

    cd /home/plixer/CustomCerts
sudo openssl req -new -sha256 -nodes -out newRequest.csr -newkey rsa:4096 -keyout newCaKey.key -config csr_config.txt

The custom CSR (/home/plixer/CustomCerts/newRequest.csr) can then be sent to any preferred CA for signing.

Installing the signed certificate#

Important

In some cases, Replicator 19.01 and Scrutinizer 19.5.x deployments will also have localhost.crt and localhost.key files in addition to ca.crt and ca.key. These files were generated during the deployment/upgrade process but should not be used.

The following steps will ensure that the correct certificates are in place and in use:

View instructions

  1. Verify localhost.crt and localhost.key do not exist on the appliance:

    sudo ls /etc/pki/tls/certs/ 
sudo ls /etc/pki/tls/private/

    If neither file exists, no further action is required.

  2. If either of the previous commands discovers the corresponding localhost file, update the appliance to look for the correct files:

    sudo sed -i 's/localhost.crt/ca.crt/g' /etc/httpd/conf.d/ssl.conf
sudo sed -i 's/localhost.key/ca.key/g' /etc/httpd/conf.d/ssl.conf
sudo chmod 600 /etc/pki/tls/certs/ca.crt
sudo chmod 600 /etc/pki/tls/private/ca.key
sudo mv /etc/pki/tls/certs/localhost.crt /etc/pki/tls/certs.ca.crt 
sudo mv /etc/pki/tls/private/localhost.crt /etc/pki/tls/private/ca.key

  3. Restart the httpd service:

    sudo systemctl restart httpd

After receiving the CA-signed certificate, follow these steps to install it:

  1. Copy the new certificate to the /home/plixer/CustomCerts directory (or any temporary directory if CustomCerts was not previously created) on the Replicator server.

  2. Backup the current CA certificate and key:

    sudo cp /etc/pki/tls/certs/ca.crt /etc/pki/tls/certs/ca.crt.bak 
sudo cp /etc/pki/tls/private/ca.key /etc/pki/tls/private/ca.key.bak

  3. Move the new certificate to the correct location:

    cp /home/plixer/CustomCerts/CA_CERT_FILENAME.crt /etc/pki/tls/certs/ca.crt

  4. Move the new key generated with the CSR to the correct location:

    sudo cp /home/plixer/CustomCerts/NEW_KEY_FILENAME.key /etc/pki/tls/private/ca.key

    If the CustomCerts directory was not created/used, the key can be found in the same directory the CSR was generated in.

  1. Restart the nginx service (httpd on pre-v20.0.0 Replicator or pre-v19.7.0 Scrutinizer deployments):

    sudo systemctl restart nginx

To verify that the web interface is using the correct SSL certificate, use a browser to navigate to the login page using the FQDN specified in the CA-signed certificate. The browser should no longer return an untrusted certificate warning and the padlock icon in the address bar should be locked instead of open.

Note

The private key may need to be encrypted with the /usr/bin/ask.sh passphrase:

openssl rsa -in server.key -out server.key.new
Non-default CSR configurations#

Certificate signing requests can also be generated with non-default configurations (stronger encryption, no email address, etc.) using the values in the csr_config.txt file in the above instructions.

After the desired configuration has been saved, continue to follow the same instructions to generate the CSR and install the CA-signed certificate.

Contents