The following requirements must be met before you install the Acoustic™Tealeaf CX Passive Capture Application and Packet Forwarder.
- IPv6 addresses must be captured. Processing of IPv6 addresses throughout Tealeaf is available for Release 8.4 and later only.
- Your Apache servers are handling SSL compression traffic to and from Chrome browsers.
- For HTTP_X_FORWARDING support, you must use PCA 3502 or later.
Network traffic requirements
Network devices such as switch span ports, network taps, and load balancers are just a few of the network traffic capture points that can provide a copy of live network traffic to the PCA. Typically, the mirrored traffic consists of the customer website's web server traffic. Mirrored network traffic is considered passive in nature, as the PCA's capture NIC(s) do not interact with the live network traffic.
Note: The PCA supports the capture of 128-bit SSL traffic. Encryption methods by using a fewer numbers of encryption bits are not supported
Before you begin to capture network traffic, you must review the requirements for network traffic that PCA expects to receive. This information must be shared with the IT infrastructure team.
Note: Tealeaf does not support the use of the Diffie-Hellman cryptographic protocol and recommends configuring your web servers to not use it.
Note: The PCA supports the SSL Session Ticket extension.
For more information on downloading Tealeaf, see our downloads page. You will need an Acoustic ID to access files.
Note: The PCA expects to see the start of all TCP connections. If TCP persistent connections are used by any server that is feeding data to the PCA, then latency can be introduced in the capture of sessions, and data can be lost.
Hard disk mount point recommendations
Following are the recommended mount points and sizes for a 100-GB drive for the Passive Capture software.
Mount point | Size |
---|---|
/ | 4 GB |
/archive | 42 GB (Remaining disk) |
/tmp | 4 GB |
/usr | 40 GB |
/var | 8 GB |
swap | 2 GB |
Supported accelerator cards
The Acoustic Tealeaf PCA can be integrating with private keys retained on hardware security modules.
VMware support
The Acoustic Tealeaf CX Passive Capture Application supports being installed to a VMware vSphere 5.5 virtual machine.
Your VMware virtual machine settings must be configured to meet the same operating system and hardware requirements as a physical server that is hosting Acoustic Tealeaf CX PCA. If the virtual machine does not meet the same requirements as a physical server, you might experience performance-related issues.
Note: The following limitations apply to Acoustic Tealeaf deployed within a VMware environment:
- Limit throughput for up to 500 Mbps. The CX Passive Capture Application supports throughput for up to 500 Mbps. Environments with throughput rates greater than 500 Mbps can experience packet loss at the CX Passive Capture Application.
- You must disable multi-queue support in the VMware virtual network driver. Multi-queue support is automatically enabled by default when VMware is installed. If multi-queue support is not disabled, the packets that are sent to the CX Passive Capture Application might become out of order and cause the packets to be dropped.
PCA and packet forwarder requirements for cloud-based deployments
The CX PCA Packet Forwarder captures web traffic between a customer and your web server and forwards the data to a centralized virtual PCA instance.
Each packet forwarder service that is running on the web server connects to a listener service that is running on the PCA server.
The following requirements must be met to operate a PCA in a cloud-based web server environment that is hosted by Softlayer®.
Each packet forwarder requires the following resources:
- One processor core that is dedicated to the service. The CPU core speed requires a minimum processor speed of 2.0 GHz.
- The packet forwarder requires a minimum version of Red Hat Linux™ (RHEL) 6.4 to operate.
Note: If a packet forwarder is deployed to a 64-bit operating environment, you must install the 32-bit versions of the
yum install glibc.i686 yum
andinstall zlib.i686
libraries. - In environments that use a large amount of bandwidth, configure the packet forwarder probes for your web and application servers for dynamic instance spawning. Dynamic instance spawning gives the packet forwarder the ability to use a pool of network socket connections to locate an available packet listener.
- Each paired packet forwarder and packet listener instance require a dedicated port. The first packet forwarder and packet listener pair uses port 1888 to communicate. Each additional pair would use an incremental port number. For example, if you have 10 pairs of packet forwarders and packet listeners, you need to make sure that ports 1888 - 1898 are open in the firewall settings for the operating system and your network firewall settings.
Each packet listener service requires the following resources:
- A minimum of four processor cores with each core operating at a minimum speed of 2.0 GHz and a minimum of 8 GB of memory must be allocated to the processor core.
- A minimum version of Red Hat Linux (RHEL) 6.4 to operate.
- Each paired packet forwarder and packet listener instance require a dedicated port. The first packet forwarder and packet listener pair uses port 1888. Each additional pair would use an extra port. For example, if you have 10 packet forwarders and packet listeners, you need to make sure that ports 1888 - 1898 are open in the firewall settings for the operating system and your network firewall settings.