This topic describes how to deploy additional network sensors as needed, directly on a customer-owned Windows or Linux machine, or on a repurposed ASMS machine.
The Application Discovery server contains a network sensor that captures data from across your ASMS network. Additionally, AAD traffic log sensors are automatically installed wherever a syslog server is running on your system (Remote Agents, Central Manager).
You may need to add additional network sensors if you want to capture traffic from other networks or to separate your Application Discovery server and sensor machines.
The following table describes the supported configurations for installing additional sensors, and the high-level steps required for each configuration:
ESX with port mirroring
Do the following:
Deploy an Application Discovery sensor to each ESX server.
Configure each sensor to view traffic in promiscuous mode.
Physical server with port mirroring
Do the following:
Prepare a separate server for the Application Discovery sensor. The server can be physical or virtual, and Windows or Linux.
Direct mirrored traffic to the sensor.
Local mode with direct capture
Install a sensor on any server from which you want to capture traffic.
Note: To configure statistical traffic collection with NetFlow/SFlow, we recommend using the sensor installed together with the Application Discovery server.
This procedure describes how to deploy additional Application Discovery sensors.
Note: If you are deploying additional sensors, each additional sensor must be deployed on its own machine. Use different machines than the ones you are using for the Application Discovery server and the ASMS installation.
Important: For security updates for a VMware machine, reinstall OVF manually.
Do the following:
On the Application Discovery web console, go to the Sensors tab.
Select the checkboxes of the sensors you want to install from the list.
Click Upgrade.
Additional Application Discovery requirements based on network traffic collection method
Note: The number of sensors to install and where to install them depends on your network's load and topology.
For example, if you have packet brokers or standalone sniffers already collecting traffic on your network, you can send the traffic they collect to a single sensor. This avoids the need to thoroughly cover your network with sensors.
Configure full capture by connecting an Application Discovery sensor to a mirrored switch port or a TAP device.
In both cases, the output rate must match the AlgoSec appliance collector rate and interface.
System requirements for full capture include the following:
Collection rates
Supported collection rates are 250,000 packets(s) for an AlgoSec 2062 appliance-based collector and 1,000,000 packet(s) for an AlgoSec 2322 appliance.
These are recommended collection rates, since AlgoSec Application Discovery is statistical in nature and a loss of a few packets has no adverse effect.
ESX infrastructure
In order to enable port mirroring for a Sensor is installed on an ESX server, the server must be configured in promiscuous mode and the traffic must be mirrored to a port group.
Adding a Sensor to that port group will enable the Sensor to capture all of the traffic.
Log formats
From version 2.4.3, the Sensor can optionally receive traffic in the following log formats:
ERSPAN (type 2 and 3)
GRE (IP 800 and Transparent Ethernet Bridging 6558)
Encapsulated Remote Mirroring in VMware environments (on VDS from VSphere7 and up)
Port mirroring hardware requirements
When installed in port mirroring mode, memory and CPU requirements depend on the amount of traffic monitored.
Estimated minimum requirements include:
Dual CPU/dual core
2GB RAM
10MB free disk space
2 Network Adapters - one connected to the mirror port, the other connected to the LAN.
Note: For information on how to configure mirroring for a port, see your Switch/Router/Firewall documentation.
Sometimes due to caching issues, 0 search results are returned for every query . When this happens try pressing SHIFT+F5 several times to clear your browser’s cache.
You can search for a complete word or number string.
Note
The full text search is not case-sensitive. For example, a search for the word "run" will find matches for "Run" and "run." The full text search also matches with variant endings. For example, a search for the word "run" will also find matches for words such as, "runner," "running," and "runs."
You can search for phrases by enclosing their search terms in quotation marks (" "). This is useful when you want to restrict a search to locate terms that appear in an exact order.
Visual C++ Redistributable latest supported downloads page, download and install these two packages:
Deploy an 
