Network Sensor Host System Requirements

This article covers all host system requirements for the Insight Network Sensor. You can install a network sensor on either a physical or virtual host.

Operating System

Although the network sensor software itself runs in the form of a container, all physical or virtual network sensor hosts must run one of the following supported Linux operating systems. The version number shown for each indicates the minimum supported version:

  • Ubuntu Server 20.04 and above
  • RHEL 7.2 and above
  • CentOS 8 and above
  • Fedora 30 and above
  • SUSE 15.0 and above
  • Debian 8.11 and above

If you deploy the network sensor on a physical host, ensure that your machine meets the following specifications:

1GB Sensors:

  • Processor - Minimum of 4 cores:
    • Intel Sandy Bridge microarchitecture (Core i3/i5/i7, Xeon E3/E5) or later
    • AMD Zen microarchitecture Ryzen 2017 or later
  • Memory - Minimum of 16GB of RAM
  • 1Gb interface or higher for sensor management.
  • 1Gb RSS capable PCI interface for traffic capture
  • Storage - 100GB of available disk space recommended

10GB Sensors:

  • Processor - Minimum of 8 cores:
    • Intel Sandy Bridge microarchitecture (Core i3/i5/i7, Xeon E3/E5) or later
    • AMD Zen microarchitecture Ryzen 2017 or later
  • Memory - Minimum of 32GB of RAM
  • 1Gb interface or higher for sensor management.
  • 10Gb RSS capable PCI interface for traffic capture
  • Storage - 100GB of available disk space recommended

Virtual Deployment Infrastructure

If you virtualize the network sensor host, you must do so with a VMware ESXi hypervisor.

There are two options for Enhanced vMotion Compatibility (EVC) virtualizations:

  • Enhanced vMotion Compatibility (EVC) entirely disabled (recommended)
  • Enhanced vMotion Compatibility (EVC) compatibility mode "Sandy Bridge" (minimum)

If you deploy the network sensor as a virtual machine, ensure that your machine meets the following specifications:

If you want to connect your virtual sensor to a physical SPAN or mirror port via a dedicated NIC then you should also use PCI Passthrough. See https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.networking.doc/GUID-386F225C-C890-4437-874B-449796423D4A.html for more information.

Network Interface Controllers (NICs)

All physical or virtual network sensor hosts require two Network Interface Controllers (NICs):

  • One NIC for the network sensor to receive network traffic from your configured source.
    • This NIC should be configured without an IP address since its only purpose is to ingest network traffic.
    • This NIC can support either 1GB or 10GB of bandwidth. If your overall network throughput exceeds what your chosen NIC can handle, you will need to deploy multiple network sensors in proper locations to ensure full coverage of network traffic.
  • One NIC for the network sensor to transmit processed traffic to the Insight platform for your Insight products to analyze.
    • Since the network sensor software also comes pre-packaged with the Insight Agent, this communication NIC must have an IP address so that the Insight platform can identify it as it would with any other asset.

NOTE - Virtual network sensor NIC requirements

Virtual network sensor deployments require additional physical NICs if you intend to monitor both your virtual and physical infrastructure with the same network sensor. We’ll cover this deployment case in more detail on the Network Requirements for Network Sensor Deployment and Step 3: Provision a Network Sensor Host pages.

NICs and Network Sensors deployment

The Network Sensor Deployment is not complete unless the NICs are defined and you confirm which interface is used for network traffic capture within Network Sensor management. We will go through the necessary steps on the Network Sensor Deployment Guide