Configuring Byte25 Appliances

Configuration guide for initial setup of Byte25 hardware and virtual appliances. The configuration is undertaken in two components: the first part is to configure the appliance itself to collect data and export to the cloud server, the second is to log ointo the Byte25 cloud server and setup the dashboards for your environment.

 

Configuring the Appliance for Data Collection & Export

The first part of the configuration process is to log into the Byte25 appliance from a web browser and configure it for data collection and export to the Byte25 cloud server.

Accessing the Web Console

The Byte25 hardware appliances come configured with a default address of 192.168.1.10 configured on management ethernet port (labelled MGMT or Eth0 depending on the specific model).

Byte25 virtual appliances are configured to obtain an address via DHCP on the relevant configured interface of the virtual machine.

Initial connection can be achieved by connecting an ethernet cable directly between a laptop and the Byte25  appliance on the management port. 

Once connected, browse to the Blueshift Web interface at https://192.168.1.10 (or the relevant DHCP obtained IP address) and login with the default credentials: 

Username: admin
Password: byte25password 

Setting IP Address Information

Access the network configuration menu screen from the 3 ‘ellipsis’ menu on the top right of the web interface. Network address settings are available under the ‘Configure’ option.  

Click on the port selected as a management port to have an IP address (labelled MGMT or Eth0) and apply the settings as appropriate from the left hand panel. Once done be sure to save the configuration and reboot.  

Modes of Operation

Byte25 appliances can be configured to collect performance and security data in several modes.   Out of Band mode use the Byte25 deep packet inspection engine to analyse and classify network traffic and identify security threats and NetFlow mode utilises flow based agents in external devices such as switches and routers to collect statistical information on network performance.

 

Out of Band Offline Mode

Out of Band mode is where the Byte25 Corporate Appliance is installed ‘offline’. That is, where the appliance is not installed in the main data path but rather collects data from a device such as an ethernet tap or configure switch mirror port.  Because the appliance is not in the network path, there is no risk of a network outage should the appliance lose power.

Follow the steps below to configure out of band mode:

    1. Select the ‘monitor’ port by clicking it on the appliance layout. The monitor port should be highlighted with a red box.
    2. In the Port Information panel, endure that ‘Capture Mode’ is set to ‘Enabled’
    3. Stop and start the Performance Engine and Threat Detect Engine in the right hand side Configuration Panel.

NetFlow Collection Mode

NetFlow mode is where the Byte25 Corporate appliance uses flow based agents in external devices such as switches and routers to collect statistical information on network performance.

Follow the steps below to configure NetFlow mode:

    1. From the right hand configuration panel, select the NetFlow v5 radio button
    2. Add the relevant port number in the ‘Port Number’ input dialog box. Note that the port number refers to the USP port hat the external device is using to send NetFlow data.
    3. Stop and start the Performance Engine and Threat Detect Engine in the right hand side Configuration Panel.

Configuring Data Export

The Byte25 hardware and virtual appliances do not store network performance or security data locally. The appliance must be configured to export data to a central database, either the Byte25 Cloud based server or a dedicated on premise server.

To export data, the Byte25 Corporate Appliance needs to have a ‘Customer ID’ to authenticate with the central database. The Customer ID will be different depending on whether the appliance is exporting to the Byte25 Cloud server or a dedicated on premise server;

    • When exporting to the Byte25 Cloud based server, you will need a unique customer ID that is provided as part of the Byte25 subscription. Contact Byte25 if you do not know your unique Customer ID.
    • When exporting to a dedicated Byte25 on premise server, unless you have a dedicated customer ID as part of your subscription, use the default Byte25 customer ID of 27badb594ea3.

From the right hand configuration panel, set the following parameters:

    • Remote Database Location: <Cloud or On-Premise>
    • Remote Address: <IP address of fully qualified domain name of remote database>
    • Customer ID: <Dedicated Customer ID>

Configuring the Byte25 Cloud Dashboard for Reporting & Analysis

The second part of the configuration process is to log into the Byte25 cloud server to configure the subnets and flow sources specific to your environment. This allows detailled analysis of network, application and cyber security information for individual sites, subnets and VLANs.

To complete this configuration, you must log into the Byte25 Cloud Dashboard. You should have received a logon for the Byte25 cloud server specific to your account. If you need assistance or a new account, please contact Byte25 at support@byte25.com.

 

Configuring Subnets for Reporting & Analysis

Byte25 classifies data by subnet so a much richer picture of network traffic is available if you configure known subnet or site addresses for your network.

To  configure subnets, first login to the Byte25 cloud server. Your login details should have been provided, if you do not have a Byte25 cloud login, please contact Byte25 support.

Once logged into the Byte25 cloud server, subnet configuration is accessed from the top right ‘three ellipsis’ menu under the ‘Configure Sites’ option.

From here you will see two ‘sub-tabs’ Site/Subnet Config and Flow Source Config – select Site/Subnet Config to add new subnets or sites sources.

To add a site, simply select the ‘Add New Site’ option an enter the relevant subnet details. The bandwidth field is used to calculate percent utilisation for the site and is typically set as the speed of provisioned bandwidth to the site.

Groups of sites can also be configured and to reflect the logical topology of the network.

Once configured, you will see the sites and groups appear on the left-hand panel. Sites can be dragged and dropped on this panel as required to help in building the topology.

Configuring Netflow Sources for Reporting & Analysis

When using NetFlow agents as the data source, it is often useful to be able to generate reports based on individual or specific NetFlow sources. Configuring NetFlow sources is similar to configuring subnets and can be achieved as follows.

To  configure NetFlow sources, first login to the Byte25 cloud server. Your login details should have been provided, if you do not have a Byte15 cloud login, please contact Byte25 support.

Once logged into the Byte25 cloud server, subnet configuration is accessed from the top right ‘three ellipsis’ menu under the ‘Configure Sites’ option. From here you will see two ‘sub-tabs’ Site/Subnet Config’and Flow Source Config – select Flow Source Config to add new NetFlow sources.

To add a site, simply select the ‘Add New Flow Source’ option an enter the relevant NetFlow Agent details.

Once configured, you will see the NetFlow soirces appear on the left-hand panel. Sites can be dragged and dropped on this panel as required to help in building the topology.

Synchronising Byte25 Collector Appliances

When changes are made to the flow source configuration, the changes need to be synchronised with the relevant Byte25 appliances installed onsite. The synchronisation process may take up to 5 minutes to complete.

Flow source changes will be pushed to all appliances for the specific customer.

The status of the synchronisation process can be checked from the Admin view under Appliances.

The synchronisation process is still pending when the Action Status for the specific appliance shows as Pending, The specific action to be completed is shown in the Action column. For flow source syncronisation, the action is Flowsource Synchronisation.

If you encounter any issues with installation and configuration, please contact Byte25 support at support@byte25.com. We are always happy to assist and organise a remote desktopor teams session to help you get up and running with a minum of fuss.