Software Threat Mitigation System

Installation on Hardware Guide

Version 9.3.5
Legal Notice
The information contained within this document is subject to change without notice. NETSCOUT SYSTEMS, INC.
makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties
of merchantability and fitness for a particular purpose. NETSCOUT SYSTEMS, INC. shall not be liable for errors
contained herein or for any direct or indirect, incidental, special, or consequential damages in connection with the
furnishings, performance, or use of this material.
Use of this product is subject to the End User License Agreement available at
http://www.NetScout.com/legal/terms-and-conditions or which accompanies the product at the time of
shipment or, if applicable, the legal agreement executed by and between NetScout Systems, Inc. or one of its
wholly-owned subsidiaries (“NETSCOUT”) and the purchaser of this product (“Agreement”).
Government Use and Notice of Restricted Rights: In U.S. government (“Government”) contracts or subcontracts,
Customer will provide that the Products and Documentation, including any technical data (collectively “Materials”),
sold or delivered pursuant to this Agreement for Government use are commercial as defined in Federal
Acquisition Regulation (“FAR”) 2.101and any supplement and further are provided with RESTRICTED RIGHTS. All
Materials were fully developed at private expense. Use, duplication, release, modification, transfer, or disclosure
(“Use”) of the Materials is restricted by the terms of this Agreement and further restricted in accordance with FAR
52.227-14 for civilian Government agency purposes and 252.227- 7015 of the Defense Federal Acquisition
Regulations Supplement (“DFARS”) for military Government agency purposes, or the similar acquisition
regulations of other applicable Government organizations, as applicable and amended. The Use of Materials is
restricted by the terms of this Agreement, and, in accordance with DFARS Section 227.7202 and FAR Section 12.212,
is further restricted in accordance with the terms of NETSCOUT’S commercial End User License Agreement. All
other Use is prohibited, except as described herein.
This Product may contain third-party technology. NETSCOUT may license such third-party technology and
documentation (“Third-Party Materials”) for use with the Product only. In the event the Product contains Third-
Party Materials, or in the event you have the option to use the Product in conjunction with Third-Party Materials
(as identified by NETSCOUT in the Documentation provided with this Product), then such third-party materials are
provided or accessible subject to the applicable third-party terms and conditions contained either in the “Read
Me” or “About” file located in the Software or on an Application CD provided with this Product, or in an appendix
located in the documentation provided with this Product. To the extent the Product includes Third-Party Materials
licensed to NETSCOUT by third parties, those third parties are third-party beneficiaries of, and may enforce, the
applicable provisions of such third-party terms and conditions.
Open-Source Software Acknowledgement: This product may incorporate open-source components that are
governed by the GNU General Public License (“GPL”) or licenses that are compatible with the GPL license (“GPL
Compatible License”). In accordance with the terms of the GNU GPL, NETSCOUT will make available a complete,
machine-readable copy of the source code components of this product covered by the GPL or applicable GPL
Compatible License, if any, upon receipt of a written request. Please identify the product and send a request to:
NetScout Systems, Inc.
GNU GPL Source Code Request
310 Littleton Road
Westford, MA 01886
Attn: Legal Department
No portion of this document may be copied, photocopied, reproduced, translated, or reduced to any electronic
medium or machine form without prior consent in writing from NETSCOUT. The information in this document is
subject to change without notice and does not represent a commitment on the part of NETSCOUT.
The products and specifications, configurations, and other technical information regarding the products described
or referenced in this document are subject to change without notice and NETSCOUT reserves the right, at its sole
discretion, to make changes at any time in its technical information, specifications, service, and support programs.
All statements, technical information, and recommendations contained in this document are believed to be
accurate and reliable but are presented “as is” without warranty of any kind, express or implied. You must take
full responsibility for their application of any products specified in this document. NETSCOUT makes no implied
warranties of merchantability or fitness for a purpose as a result of this document or the information described
or referenced within, and all other warranties, express or implied, are excluded.
Except where otherwise indicated, the information contained in this document represents the planned capabilities
and intended functionality offered by the product and version number identified on the front of this document.
Screen images depicted in this document are representative and intended to serve as example images only.

© 1999-2020 NETSCOUT SYSTEMS, INC. All rights reserved. Confidential and Proprietary.
Document Number: TMS-IG-935-2020/11
17 November, 2020
Contents

Preface
About the Sightline and Threat Mitigation System Documentation 6
Conventions Used in this Guide 8
Contacting the Arbor Technical Assistance Center 10

About this Guide 11

Before you Install Software TMS

Hardware Requirements 14
Hardware Configuration Options 15

About Installing and Configuring Software TMS

Installing Software TMS 18
Configuring Software TMS for Your Network 19
Remapping Software TMS Interfaces 20
Adding Software TMS to your Sightline Deployment 22

Software TMS Installation on Hardware Guide, Version 9.3.5 3

Software TMS Installation on Hardware Guide, Version 9.3.5

4 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

Preface

Introduction
This guide describes how to install Software Threat Mitigation System (TMS) software on
your own hardware and configure it for your management network. You can add
Software TMS to your flexible-licensed Sightline deployment in TMS 8.3.1 and higher. You
can only add Software TMSes to flexible-licensed Sightline deployments because Software
TMS bandwidth capacity is flexible-licensed only. The Software TMS installation package
contains all the software you need to install and configure Software TMS.

Note
To install Software TMS in a virtual machine, see Software Threat Mitigation System
Virtual Machine Installation Guide . For Software TMS performance benchmarks, see
Software Threat Mitigation System Performance Benchmarks. You can download these
guides from the Arbor Networks Technical Assistance Center (ATAC) website
(https://support.arbornetworks.com).

This guide steps you through the following processes:

n determining the hardware needed for the performance you desire

n installing Software TMS
n configuring Software TMS
n adding Software TMS to your Sightline deployment

After you perform the procedures in this guide, you will need to add one or more Software
TMS bandwidth licenses to your Sightline flexible license before you can add a Software
TMS to your Sightline deployment. See the Sightline and Threat Mitigation System
Licensing Guide for instructions. You can download this guide from the Arbor Networks
Technical Assistance Center (ATAC) website (https://support.arbornetworks.com).

Audience
This information is intended for network security system administrators (or network
operators) who are responsible for configuring and managing Sightline on their networks.
Administrators should have fundamental knowledge of their network security policies and
network configuration.

This guide is intended for system administrators who are responsible for installing,
configuring, and maintaining Sightline and TMS.

In this section
This section contains the following topics:

About the Sightline and Threat Mitigation System Documentation 6

Conventions Used in this Guide 8
Contacting the Arbor Technical Assistance Center 10

Software TMS Installation on Hardware Guide, Version 9.3.5 5

Software TMS Installation on Hardware Guide, Version 9.3.5

About the Sightline and Threat Mitigation System

Documentation
The following documentation is available for Sightline and Threat Mitigation System (TMS)
devices and software. All documentation is available from the Arbor Technical Assistance
Center (https://support.arbornetworks.com).

Document Title Description

Sightline Release Notes Release information about Sightline and TMS,
including new features, enhancements, fixed issues,
Threat Mitigation System and known issues.
Release Notes

Sightline and Threat Mitigation
System User Guide
Instructions and information that explain how to
configure and use Sightline and TMS devices and
software via the Sightline user interface (UI) and the
command line interface (CLI).
You can access the User Guide by clicking the 
icon in the Sightline UI. It is also available as a PDF.
Note
The User Guide contains all information that was
previously included in the Sightline and Threat
Mitigation System Advanced Configuration Guide .

Sightline and Threat Mitigation Descriptions of the support for multi-version, multi-
System Compatibility Guide platform Sightline and TMS deployments.

Sightline and Threat Mitigation
System Deployment and
Appliance Limits
Lists the enforced limits and guideline limits for
Sightline and Sightline/TMS deployments. It also
covers the enforced limits and guideline limits for
each currently supported Sightline and TMS
appliance.

Sightline and Threat Mitigation
System Licensing Guide
Descriptions of each Sightline and TMS software
licensing mode, how to obtain licenses to run your
Sightline and TMS software, and how to add and
change the licensed capabilities and capacities in
your deployment.

Sightline and Threat Mitigation Instructions and information for the managed
System Managed Services services customers who use the Sightline user
Customer Guide interface.

Sightline and Threat Mitigation Instructions for remotely accessing Sightline and
System API Guide TMS using the REST, SOAP, and Arbor Web Services
APIs.

6 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

 Preface

Document Title Description

Sightline REST API Instructions and information that explain how to use
Documentation Sightline REST API. You can access this
documentation from the Sightline UI by selecting
Administration > REST API Documentation . It is
also available for download.

Sightline Virtual Machine Instructions on installing Sightline in a VM

Installation Guide environment. Follow the instructions in this guide if
you are using a VM instead of hardware for Sightline.

Software Threat Mitigation Instructions on installing Software TMS on your own

System Installation on Hardware hardware. Follow the instructions in this guide if you
are installing Software TMS on hardware instead of a
VM.

Software Threat Mitigation Instructions on installing Software TMS in a VM

System Virtual Machine environment. Follow the instructions in this guide if
Installation Guide you are using a VM instead of hardware for Software
TMS.

Software Threat Mitigation Performance benchmarks for Software TMS

System Performance installations on a VM and your own hardware.
Benchmarks

Installation Guide for Sightline, Instructions and requirements for the initial
Insight, and Threat Mitigation installation and configuration of Sightline, Insight,
System appliances and TMS appliances.

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 7

Software TMS Installation on Hardware Guide, Version 9.3.5

Conventions Used in this Guide

This guide uses typographic conventions to make the information in procedures,
commands, and expressions easier to recognize.

Conventions for procedures

The following conventions represent the elements that you select, press, and type as you
follow procedures.

Typographic conventions for procedures

Convention Description Examples
Italics A label that identifies an area On the Summary page, view the
on the graphical user interface. Active Alerts section.

Bold An element on the graphical Type the computer’s address in

user interface that you click or the IP Address box.
interact with. Select the Print check box, and
then click OK .

SMALL CAPS A key on the keyboard. Press ENTER.

To interrupt long outputs, press
CTRL + C.

Monospaced A file name, folder name, or Navigate to the

path name. C:\Users\Default\Favorites
Also represents computer folder.
output. Expand the Addresses folder,
and then open the readme.txt
file.

Monospaced Information that you must Type https:// followed by the IP

bold type exactly as shown. address.

Monospaced A file name, folder name, path Type the server's IP address or
italics name, or other information hostname.
that you must supply.

> A navigation path or sequence Select Mitigation > Threat

of commands. Management .
Navigate to the Alerts Ongoing
page (Alerts > Ongoing).

8 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

 Preface

The following table shows the syntax of commands and expressions. Do not type the
brackets, braces, or vertical bar in commands or expressions.

Conventions for commands and expressions

Convention Description
Monospaced bold Information that you must type exactly as shown.

Monospaced A variable for which you must supply a value.

italics

{ } (braces) A set of choices for options or variables, one of which is required.

For example: {option1 | option2}.

[ ] (square brackets) A set of choices for options or variables, any of which is optional.
For example: [variable1 | variable2].

| (vertical bar) Separates the mutually exclusive options or variables.

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 9

Software TMS Installation on Hardware Guide, Version 9.3.5

Contacting the Arbor Technical Assistance Center

The Arbor Technical Assistance Center is your primary point of contact for all service and
technical assistance issues that involve Arbor products.

Contact methods
You can contact the Arbor Technical Assistance Center as follows:
n Phone US toll free — +1 877 272 6721
n Phone worldwide — +1 781 362 4301
n Support portal — https://support.arbornetworks.com

Submitting documentation comments

If you have comments about the documentation, you can forward them to the Arbor
Technical Assistance Center. Please include the following information:
n Title of the guide
n Document number (listed on the reverse side of the title page)
n Page number

Example
Software TMS Installation on Hardware Guide

TMS-IG-935-2020/11

Page 9

10 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

About this Guide

This guide contains the information and steps you need to install and configure Software
TMS on your own hardware.

Using this Guide

Before you begin, use the information in "Hardware Requirements" on page 14 to verify
that your hardware and network meet the requirements for Software TMS. Then, estimate
how much Software TMS mitigation capacity and performance you need. Use this estimate
and the performance benchmarks provided in the Software Threat Mitigation System
Performance Benchmarks document to choose one of the supported Software TMS
configuration options in "Hardware Configuration Options" on page 15 .

When you are ready to install Software TMS, follow the instructions in "Installing Software
TMS" on page 18. Then, follow the steps in "Configuring Software TMS for Your Network"
on page 19 to allow Software TMS to communicate with your management network and
Sightline leader. Before you start Software TMS services, you can optionally remap the
Software TMS management and mitigation interfaces to suit your deployment. See
"Remapping Software TMS Interfaces" on page 20.
The last section in this guide, "Adding Software TMS to your Sightline Deployment" on
page 22, summarizes the following procedures:
n Adding Software TMS bandwidth capacity licenses to your Sightline flexible license and
uploading a new Sightline flexible license. For complete details, see the Sightline and
Threat Mitigation System Licensing Guide .
n Adding a Software TMS to your Sightline deployment and configuring administrative
settings for Software TMS in the Sightline UI. For complete details, see "Configuring TMS
Devices" in the Sightline and Threat Mitigation System User Guide .

The steps are summarized below:

Step Task See…

1 Verify that your hardware "Hardware Requirements" on page 14
platform meets Software TMS
minimum requirements.

2 Select the appropriate "Hardware Configuration Options" on page 15

Software TMS hardware and the Software Threat Mitigation System
configuration for your needs. Performance Benchmarks document

3 Install Software TMS. "Installing Software TMS" on page 18

Software TMS Installation on Hardware Guide, Version 9.3.5 11

Software TMS Installation on Hardware Guide, Version 9.3.5

Step Task See…

4 Configure Software TMS to "Configuring Software TMS for Your Network"
communicate with your on page 19
management network.

5 (Optional) Remap the "Remapping Software TMS Interfaces" on

management and mitigation page 20
interfaces on Software TMS.

6 Add Software TMS to your "Adding Software TMS to your Sightline

Sightline deployment. Deployment" on page 22

12 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

Before you Install Software TMS

Use the information in this section to determine the hardware configuration that you need
in order to provide the mitigation performance you require.

In this section
This section contains the following topics:

Hardware Requirements 14
Hardware Configuration Options 15

Software TMS Installation on Hardware Guide, Version 9.3.5 13

Software TMS Installation on Hardware Guide, Version 9.3.5

Hardware Requirements
This section describes the hardware requirements needed for Software TMS. Once you
have determined that your hardware meets the requirements, review the information in
"Hardware Configuration Options" on the facing page to determine the hardware
configuration you need in order to meet your desired level of mitigation performance.

Supported network interface cards

The following network interface cards and drivers are supported:

n Intel 82599-based interface cards (such as Intel X520 10G NICs) or interface cards that
use the ixgbe driver
n Intel X710-based interface cards (such as Intel X710-DA4 NICs) or interface cards that
use the i40e driver
n interface cards that use the igb driver

Hardware requirements
Before you install Software TMS on your hardware, confirm that your hardware meets the
requirements in the following table:

Software TMS on hardware requirements

Component Quantity
CPU cores with the MMX, SSE, SSE2, SSE3 (PNI), and 4 to 64 physical CPU cores
SSSE3 instruction sets with hyper-threading
Note enabled (8 to 128 logical
To check which instruction sets the CPU supports, enter CPU cores)
cat /proc/cpuinfo in the shell command line. The
supported instruction sets are listed in the Flags field.

Hard disk space 100 GB for the Software TMS

disk image

RAM 14 to 194 GB
See “Calculating RAM
requirements” on page 16.

Network interfaces 1 to 2 management

interfaces
1 to 16 mitigation interfaces
See “Supported network
interface cards” above.

Hardware RAID is also recommended.

Important
Software TMS requires that your hardware is booted using Legacy BIOS mode, not UEFI
mode. Refer to your hardware documentation if you need to switch the boot mode from
UEFI to Legacy BIOS.

14 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

 Before you Install Software TMS

Hardware Configuration Options

Use the information in this section and in the Software Threat Mitigation System
Performance Benchmarks document to help you choose the optimal hardware for
Software TMS given your deployment’s expected TMS mitigation demands. For further
assistance preparing and upgrading your Sightline deployment to include Software TMS,
contact ATAC (https://support.arbornetworks.com).

Recommended Software TMS hardware configurations

The hardware you choose for Software TMS depends on the level of mitigation
performance that you need. Software TMS configurations with four to 64 physical CPU
cores with hyper-threading enabled (eight to 128 logical CPU cores) are supported. The
following configurations are recommended based on devices used to generate
performance benchmarks for Software TMS:

n An 8 physical CPU core configuration for low-level performance, mitigating up to 20

Gbps of attack traffic. Additional traffic may be mitigated depending on hardware
performance.
n A 16 physical CPU core configuration for mid-level performance, mitigating up to 55
Gbps of attack traffic. Additional traffic may be mitigated depending on hardware
performance.
n A 32 physical CPU core configuration for high performance, mitigating up to 110 Gbps
of attack traffic. Additional traffic may be mitigated depending on hardware
performance.

The tables below list the quantities of each component in the recommended Software
TMS configurations.

8-core low–performance

Component Quantity
CPU cores with the MMX, SSE, SSE2, SSE3 8 physical CPU cores with hyper-threading
(PNI), and SSSE3 instruction sets enabled (16 logical CPU cores)

Hard disk space 100 GB

RAM 32 GB (26 GB minimum)

Network interfaces management: one 1GbE interface

mitigation: two 10GbE interfaces,
hairpinned
See “Supported network interface cards”
on the previous page.

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 15

Software TMS Installation on Hardware Guide, Version 9.3.5

16-core mid–performance

Component Quantity
CPU cores with the MMX, SSE, SSE2, SSE3 16 physical CPU cores with
(PNI), and SSSE3 instruction sets hyper-threading enabled (32 logical CPU
cores)

Hard disk space 100 GB

RAM 64 GB (50 GB minimum)

Network interfaces management: one 1GbE interface

mitigation: eight 10GbE interfaces,
hairpinned
See “Supported network interface cards”
on page 14.

32-core high-performance

Component Quantity
CPU cores with the MMX, SSE, SSE2, SSE3 32 physical CPU cores with
(PNI), and SSSE3 instruction sets hyper-threading enabled (64 logical CPU
cores)

Hard disk space 100 GB

RAM 128 GB (98 GB minimum)

Network interfaces management: one 1GbE interface

mitigation: twelve 10GbE interfaces,
hairpinned
See “Supported network interface cards”
on page 14.

Calculating RAM requirements

The amount of RAM you need depends on the number of physical CPU cores in the
configuration you install:

n if you want to install one of the recommended configurations shown in the previous
tables, follow the RAM requirements listed for it
n if you want to install a different configuration, use the following formula to determine
the amount of RAM that your configuration requires:
(8 GB RAM for the first two physical CPU cores) + (3 GB RAM for each additional physical
CPU core) = the amount of RAM required

16 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

About Installing and Configuring
Software TMS

Use the steps in this section to install and configure Software TMS on your hardware. The
steps are summarized below:

Step Task See...

1 Install Software TMS. "Installing Software TMS" on the

next page

2 Configure Software TMS to communicate "Configuring Software TMS for

with your management network. Your Network" on page 19

3 (Optional) Remap the management and "Remapping Software TMS

mitigation interfaces on Software TMS. Interfaces" on page 20

4 Add Software TMS to your Sightline "Adding Software TMS to your

deployment. Sightline Deployment" on page 22

In this section
This section contains the following topics:

Installing Software TMS 18

Configuring Software TMS for Your Network 19
Remapping Software TMS Interfaces 20
Adding Software TMS to your Sightline Deployment 22

Software TMS Installation on Hardware Guide, Version 9.3.5 17

Software TMS Installation on Hardware Guide, Version 9.3.5

Installing Software TMS

This section contains the steps to install Software TMS on your hardware. You can install
Software TMS from a CD or USB drive.

Installation
Follow the steps below to install Software TMS:

1. Download the Software TMS software ISO disc image (.iso) file onto your computer
from the Arbor Networks Software Downloads Service.
To access the Downloads Service, go to the ATAC website
(https://support.arbornetworks.com) and click Software Downloads. The
Downloads Service requires a separate login. See the Downloads Service page for
instructions.
2. Write the downloaded Software TMS file to a USB device or CD-ROM. The USB device
or CD-ROM must be bootable, so the file must be written using a block-based tool. For
example, you can use the dd command that is present on some operating systems to
write to a USB device:
dd if=Software_TMS_iso_file of=USB_drive_block_device bs=1024k
3. Power down the hardware.
4. Insert the USB device or CD-ROM into the hardware.
5. Restart the appliance.
6. To start the boot menu, press any key when you see the message Press any key
to continue.
7. At the boot menu, select [Serial Console] (re)install from CD.
8. To confirm that you want to reinstall when the warning message appears, enter y.
After the installation completes, follow the instructions in "Configuring Software TMS for
Your Network" on the facing page to configure Software TMS.

18 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

 About Installing and Configuring Software TMS

Configuring Software TMS for Your Network

After the installation of Software TMS has finished, follow the steps in this section to
configure Software TMS for your network and then bootstrap Software TMS to the
Sightline leader.

Configuration
Follow the steps below to configure Software TMS:
1. Log in to the TMS CLI for the Software TMS. See “Using CLI Commands" in the Sightline
and Threat Mitigation System User Guide .
2. Set a static IP address for mgt0 by entering the following command:/ ip
interfaces ifconfig mgt0 X.X.X.X/XX up
3. Enter / services aaa local password admin interactive to change the
default administrator password from arbor to a different password.
Important
Do not leave the administrator password set to the default value.
4. Update any access rules to restrict access. We strongly recommend you update the
default ssh and ping access rules. To show the current access rules, enter / ip
access show
Caution
Do not enter 0.0.0.0/0 or ::/0 as a CIDR for a service unless absolutely necessary.
We recommend that you use the narrowest CIDR you can for each service.
5. Enter / services tms bootstrap X.X.X.X secrethere to bootstrap Software
TMS using the Sightline leader IP address and zone secret.
X.X.X.X = the IPv4 address of the Sightline leader
secrethere = the zone secret
6. (Optional) To remap the management or mitigation interfaces on Software TMS, stop
here and perform the procedure in "Remapping Software TMS Interfaces" on the
next page.
7. Enter / services tms start
8. Enter / config write to commit the changes to the management network
configuration for Software TMS.

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 19

Software TMS Installation on Hardware Guide, Version 9.3.5

Remapping Software TMS Interfaces

You can change the mapping for one or more of the management or mitigation interfaces
on the Software TMS. For example, you can map tms0 to eth3 instead of eth2.

Before you begin

Caution
Before you remap any Software TMS management (mgt) interfaces, back up the current
Software TMS management network configuration by exporting it to disk.

The management network configuration associates management interface IP addresses,

access rules, and routes to MAC addresses. When you remap a management interface,
these associations are lost. If you export the current configuration, you can import it later
to restore it if necessary.

Note
You do not need to back up the current Software TMS management configuration before
you remap mitigation (tms) interfaces.

n To export the Software TMS management network configuration before you remap
management interfaces, enter / config export disk:MyTmsName.conf (where
MyTmsName.conf is the name of your Software TMS).
n To import the Software TMS management network configuration that you exported to
MyTmsName.conf, enter / config import disk:MyTmsName.conf

Remap Software TMS interfaces

To remap Software TMS interfaces:
1. Log in to the TMS CLI for the Software TMS. See "Using CLI Commands" in the
Sightline and Threat Mitigation System User Guide .
2. Enter / services tms stop
3. To show the current interface mapping, enter / ip interfaces map
4. To reconfigure the interface mapping, enter / ip interfaces map remap
5. At the prompt Number of management interfaces (1-2), enter a number within
the suggested range. The range of management interfaces varies with the hardware
Software TMS is installed on.
6. The console displays the current mapping of the interface names on guest interfaces
to host hardware. For example:
PCI ID Driver MAC Address Speed Name
---------- ---------- ----------------- ------ -----
* 00:03.0 igb 24:6e:96:5d:2a:b6 1000 mgt0
00:08.0 igb 24:6e:96:5d:2a:b7 mgt1
* 00:16.0 ixgbe 00:e0:ed:42:b0:f4 10000 tms0
00:1b.0 ixgbe 00:e0:ed:42:b0:f5 tms1
^ link detected on interfaces marked with *
7. To rename one or more interfaces, enter r at the following prompt:
[r]ename interfaces, [s]ave and quit, [q]uit without saving,
[h]elp?

20 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

 About Installing and Configuring Software TMS

The mapping for the first interface appears with the current interface name in square
brackets. For example:
* 00:03.0 igb24:6e:96:5d:2a:b6 mgt0 [mgt0]
8. Enter a new interface name, for example, mgt1. Or, press ENTER to continue without
changing the interface name.
The mapping for the second interface appears with its current interface name in
brackets.
9. Repeat Step 8 for the second interface and subsequent interfaces. For each interface,
you either enter a new interface name or press ENTER to keep the name in brackets
and continue. If you enter an invalid interface name or a duplicate name, an error
message appears.
10. After you enter the name of the last interface, the following prompt appears:
[r]ename interfaces, [s]ave and reboot immediately, [q]uit without
saving, [h]elp?
Enter s to save your new interface mapping and reboot, or, enter q to quit without
saving and keep the current interface mapping.
11. If you saved a new interface mapping, log back in to the TMS CLI after the Software
TMS reboots and continue.
12. If you quit without saving, continue.
13. Enter / services tms start
14. Enter / config write to commit the changes to the interface mapping for the
Software TMS.

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 21

Software TMS Installation on Hardware Guide, Version 9.3.5

Adding Software TMS to your Sightline Deployment

After you configure the Software TMS for your management network in the TMS CLI,
perform the following tasks in the Sightline UI to install and configure Software TMS in
your Sightline deployment. For each task, see the indicated section for information and
instructions.

Step Task See…

1 Update your Sightline flexible license for "Adding Software TMS
Software TMS (if you have not already done so). bandwidth capacity to your
Sightline flexible license"
below

2 Add Software TMS your Sightline deployment. "Adding a Software TMS to

the Sightline deployment" on
the facing page

3 Add Software TMS to the TMS groups that you "Using a Software TMS in
use for mitigations. TMS mitigations" on the
facing page

4 Monitor the mitigation bandwidth consumed "About monitoring Software

and allocated by Software TMSes deployment- TMSes in your deployment"
wide, and for individual Software TMSes. on page 24

Adding Software TMS bandwidth capacity to your Sightline flexible license

You can configure Software TMSes in your deployment if the Sightline flexible license
includes one or more licensed capacities for Software TMS bandwidth. For each Software
TMS that you deploy, your Sightline flexible license needs at least 50 Mbps of licensed
Software TMS bandwidth capacity.

Note
You can view the status of the licensed capacities in your Sightline flexible license,
including the licensed Software TMS bandwidth capacity, on the Deployment Status page
(System > Status > Deployment Status). For more information, see "About
monitoring Software TMSes in your deployment" on page 24.
You purchase licensed capacities for Software TMS bandwidth separately. A licensed
capacity can be temporary or permanent. Each capacity that you add increases the pool of
available Software TMS bandwidth for Software TMSes. When a temporary licensed
capacity for Software TMS bandwidth expires, the available Software TMS bandwidth
capacity is reduced.

The total of all (permanent and non-expired temporary) licensed capacities for Software
TMS bandwidth determines how much bandwidth capacity you can configure for each
Software TMS. You configure the bandwidth capacity for a Software TMS in the Sightline UI
when you add the Software TMS to your deployment. See "Adding a Software TMS to the
Sightline deployment" on the facing page. If your Sightline flexible license has at least 50
Mbps of licensed capacity for Software TMS bandwidth available, you can add a Software
TMS to your deployment. When you configure multiple Software TMSes in a Sightline
deployment, you can distribute the available licensed capacity among the Software TMSes
in any valid amounts you choose.

22 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

 About Installing and Configuring Software TMS

For information and instructions on how to add flexible-licensed Software TMS bandwidth
capacity to your Sightline flexible license, see the following sections in the Sightline and
Threat Mitigation System Licensing Guide :
n "About Flexible Licensing"
n "About License Capability and Capacity Enforcement"
You can also contact ATAC (https://support.arbornetworks.com) for help adding
Software TMS bandwidth capacity to your Sightline flexible license.

Adding a Software TMS to the Sightline deployment

Important
Your Sightline flexible license must have at least 50 Mbps of available (non-allocated; non-
expired) Software TMS bandwidth capacity before you can add a Software TMS to your
deployment. See "Adding Software TMS bandwidth capacity to your Sightline flexible
license" on the previous page.
To add a Software TMS to your Sightline deployment:
1. Log in to the Sightline UI.
2. On the Configure Appliances page (Administration > Appliances), select Add
Appliance.
3. On the Add Appliance page, do the following:
a. In the Appliance list, select Software TMS.
b. Enter the Name and IP address settings for the Software TMS. This allows
Sightline to identify and communicate with the Software TMS.
c. In the Bandwidth Capacity box, enter 50 Mbps or more. The default Software
TMS bandwidth capacity is 1 Gbps. The maximum amount you can configure
depends on the available licensed Software TMS bandwidth capacity. See "Adding
Software TMS bandwidth capacity to your Sightline flexible license" on the
previous page and "Bandwidth Capacity box (Software TMS only)" in the Sightline
and Threat Mitigation System User Guide .
d. In the Manager list, select a Sightline manager appliance for the Software TMS.
Important
Before you can select a manager appliance for a Software TMS, you must
configure a valid amount of bandwidth capacity for the Software TMS. The
bandwidth capacity setting for a Software TMS is valid if it is between 50 Mbps and
the available licensed Software TMS bandwidth capacity. The available licensed
capacity is the difference between the total licensed capacity and the bandwidth
capacity allocated to all other Software TMSes in the deployment. See "Adding
Software TMS bandwidth capacity to your Sightline flexible license" on the
previous page.
4. Configure all other administrative settings for the Software TMS in the other tabs on
the Add Appliance page, and then save and commit your configuration.
For instructions, see "Adding, Editing, and Deleting a TMS Device" in the Sightline and
Threat Mitigation System User Guide .

Using a Software TMS in TMS mitigations

After you add a Software TMS in your deployment as described above, you can add the
Software TMS to a new or existing TMS Group (Administration > Mitigation > TMS

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 23

Software TMS Installation on Hardware Guide, Version 9.3.5

Groups). To add a Software TMS to a group, see "Configuring TMS Groups" in the Sightline
and Threat Mitigation System User Guide .
Once a Software TMS is a member of a TMS Group, it can mitigate attack traffic in any TMS
mitigation that is configured to use that TMS Group. The amount of traffic that an
individual Software TMS can mitigate depends on its configured bandwidth capacity. For
more information, see "Adding Software TMS bandwidth capacity to your Sightline
flexible license" on page 22.

About monitoring Software TMSes in your deployment

After you add Software TMSes to a deployment, you can monitor their performance and
status on the Deployment Status page and the Appliance Status page.

For example, on the Deployment Status page (System > Status > Deployment Status):
n The Software TMS Total Bandwidth - flexible graph shows the IPv4 and IPv6
bandwidth consumed by all Software TMSes in your deployment for the selected
timeframe.
n The Software TMS IPv6 Bandwidth - flexible graph shows the IPv6 bandwidth
consumed by all Software TMSes in your deployment for the selected timeframe.
n The Software TMS Bandwidth - flexible entry in the Licensed Capacities and
Capabilities table shows the current total amount of Software TMS bandwidth capacity
configured for (or “allocated to”) all Software TMSes in the deployment, out of the total
Software TMS bandwidth capacity in the Sightline flexible license.

In addition, you can monitor statistics for individual Software TMSes in your deployment
on the TMS Statistics tab on the Appliance Status page (System > Status > Appliance
Status). For example, you can track the Software TMS bandwidth currently being
consumed by each Software TMS. You can use this information for mitigation capacity
planning and utilization.

For more information, see "Monitoring Your Deployment" and "Viewing TMS Appliance
Statistics" in the Sightline and Threat Mitigation System User Guide .

24 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary