Network Analyzer Deployment
- John Gerlock
Overview
Data Theorem’s Network Analyzer is software that runs in your environment that analyzes network traffic from any source configured to mirror traffic to it. The Network Analyzer processes the traffic in your environment and sends only metadata about the traffic back to Data Theorem.
Deployment
In most cases, the Network Analyzer will be installed automatically as a component of a specific integration. It is also possible to install the Network Analyzer by itself, independently of any integrations. This section documents the most common methods for installing the software
Deploy to Kubernetes via Helm Chart
Requirements
helm
kubectl
Step 1: Extract the Helm Chart
unzip network_analyzer_helm_chart.zipStep 2: Deploy the Helm Chart
In the directory where the archive has been uncompressed, to start the services of the network traffic analyzer run the following command:
helm update network-analyzer \
--install \
./network_analyzer \
--create-namespace \
--namespace datatheoremVerify Deployment
To verify the network traffic analyzer services have started properly run the following command:
kubectl -n datatheorem get podsIf the service has started properly you should see something mostly the same as the following:
NAME READY STATUS RESTARTS AGE
analyzer-f5f97db88-ktg4v 1/1 Running 0 69s
Deploy as AWS AppRunner Service via Terraform
Requirements
terraform
Step 1: Extract the Terraform module and copy it to your Terraform modules folder
unzip network_analyzer.zip
cp datatheorem-network-analyzer-module <your-terraform-dir>/modulesStep 2: Install the module
terraform getStep 3: Deploy the Terraform module
terraform apply
Deploy as AWS AppRunner Service via CloudFormation Template
Requirements
aws-cli
Step 1: Extract the CloudFormation template
unzip network_analyzer.zipStep 2: Deploy the the CloudFormation template
aws cloudformation create-stack \
--stack-name datatheorem-nework-analyzer \
--template-body file://${PWD}/deploy.yaml \
--capabilities CAPABILITY_IAM \
--parameters file://params.jsonVerify Deployment
To verify the network traffic analyzer services have started properly run the following command:
aws cloudformation describe-stacks \
--stack-name datatheorem-network-analyzer \
--query 'Stacks[0].StackStatus'
Deploy Docker Container
Requirements
docker
Step 1: Extract the env archive
unzip network_analyzer_env.zipStep 2: Start the container
sudo docker run \
--restart unless-stopped \
--detach \
-p 8081:8081 \
--env-file dt_env \
us-central1-docker.pkg.dev/prod-api-protect-api/cloud-protect-registry/analyzer:latestVerify Deployment
To verify the network traffic analyzer services have started properly run the following command:
sudo docker psIf the service has started properly you should see something mostly the same as the following:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
250db9d1cba5 us-central1-docker.pkg.dev/prod-api-protect-api/cloud-protect-registry/analyzer:latest "supervisord -c /etc…" 1 min ago Up 1 min (healthy) 0.0.0.0:8081->8081/tcp, :::8081->8081/tcp api-protect-analyzer-1
Deploy Podman Container
Requirements
podman
Step 1: Extract the env archive
unzip network_analyzer_env.zipStep 2: Start the container
podman run \
--restart unless-stopped \
-p 8081:8081 \
--env-file dt_env \
us-central1-docker.pkg.dev/prod-api-protect-api/cloud-protect-registry/analyzer:latestVerify Deployment
To verify the network traffic analyzer services have started properly run the following command:
podman psIf the service has started properly you should see something mostly the same as the following:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
360db972caa9 us-central1-docker.pkg.dev/prod-api-protect-api/cloud-protect-registry/analyzer:latest "supervisord -c /etc…" 1 min ago Up 1 min (healthy) 0.0.0.0:8081->8081/tcp, :::8081->8081/tcp api-protect-analyzer-1
Deploy as Docker Compose Service
Requirements
docker-compose
Step 1: Extract the archive
unzip network_analyzer.zipStep 2: Start the Docker Compose Service
In the directory where the archive has been uncompressed, to start the services of the network traffic analyzer run the following command:
docker-compose up -dVerify Deployment
To verify the network traffic analyzer services have started properly run the following command:
docker-compose psIf the service has started properly you should see something mostly the same as the following:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
360db972caa9 us-central1-docker.pkg.dev/dev-api-protect-api/cloud-protect-registry/analyzer:latest "supervisord -c /etc…" 1 hours ago Up 1 hours (healthy) 0.0.0.0:8081->8081/tcp, :::8081->8081/tcp api-protect-analyzer-1
Deploy Podman Container With Packet Capture Support
Requirements
podmantcpdumpvim
sudo yum install -y vim tcpdump podmanStep 1: Download or create analyzer_env_file in /usr/share/containers/systemd/
# copy/paste from portal or get from sales
BEARER_TOKEN="<replace with bearer token>"
#CAPTURE_ARGS='tcp and dst port 80'
#START_OPENAPI_SERVICE=false
#UVICORN_EXTRA_ARGS="--no-access-log"
#LOG_LEVEL=DEBUGStep 2: Start the container
sudo podman run \
--network host \
--privileged \
--env-file=analyzer_env_file \
us-central1-docker.pkg.dev/prod-api-protect-api/cloud-protect-registry/pc-analyzer:latestVerify Deployment
To verify the network traffic analyzer services have started properly run the following command:
sudo podman psIf the service has started properly you should see something mostly the same as the following:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
360db972caa9 us-central1-docker.pkg.dev/prod-api-protect-api/cloud-protect-registry/pc-analyzer:latest "supervisord -c /etc…" 1 min ago Up 1 min (healthy) 0.0.0.0:8081->8081/tcp, :::8081->8081/tcp api-protect-analyzer-1
Stop container and replace with systemd service in next step
sudo podman kill <container_name>
Step 3: Create systemd unit file /usr/share/containers/systemd/analyzer.container
# /usr/share/containers/systemd/analyzer.container
[Unit]
Description=Data Theorem Analyzer
After=local-fs.target
[Container]
Image=us-central1-docker.pkg.dev/prod-api-protect-api/cloud-protect-registry/pc-analyzer:latest
AutoUpdate=registry
EnvironmentFile=/usr/share/containers/systemd/analyzer_env_file
PodmanArgs=--privileged
Network=host
Pull=always
[Service]
Restart=always
# allow time for container to pull
TimeoutStartSec=900
[Install]
# Start by default on boot
WantedBy=default.target
Verify systemd service
sudo systemctl daemon-reload
sudo systemctl start analyzer.service
systemctl status analyzer.service
sudo systemctl enable --now podman-auto-update.service
sudo systemctl enable --now podman-auto-update.timer
systemctl status podman-auto-update.timer
systemctl status podman-auto-update.service