Deploy on vSphere/ESXi

This guide will help you deploy TrapEye on your ESXi environment smoothly, from preparing your VM template to launching your first instance.

Log in to the TrapEye Portal, go to Management → Installation and download the latest TrapEye VMware image (.ova format).

This guide illustrates the process on ESXi. The equivalent steps can be performed in vSphere as well, but note that the UI and paths may differ depending on your vSphere version.

1. Connect to your ESXi Web Client.

2. In the Virtual Machines menu, click on Create / Register VM.

   

3. A new popup will appear, inside choose Deploy a virtual machine from an OVF or OVA file, and click on Next. Choose a name for your VM and upload the OVA file download earlier.

   

4. Choose a DataStore where you want to store the virtual machine.

5. Disable Power on automatically to ensure the configuration steps can be applied correctly before the VM boots.

   

6. If asked, fill the CPU and Memory fields with recommended values.

   Resource	Minimum Value	Recommended Value
   CPU	1 vCPUs	2 vCPUs
   Memory	1024 MiB (1 GB)	4096 MiB (4 GB)

   And fill guest OS value with the following value:

   Name	Value
   Compatibility	ESXi 6.5 Virtual Machine
   Guest OS family	Linux
   Guest OS version	Latest 64 bits Debian version available in menu <= 13

7. Click finish to build the virtual machine.

The easiest way to configure TrapEye for mass deployment and to avoid manual configuration of each VM is to use a Cloud Init config in the virtual machine.

1. From the TrapEye Platform, go to Management → Installation and copy the values for url, entity_uuid, and auth_token.

   

2. Create a user-data.yml file with your specific data.

   cat > user-data.yml <<EOF
   #cloud-config
   write_files:
     - path: /etc/trapeye/auth-config.toml
       permissions: '0600'
       content: |
         url = "INGESTION-URL-HERE"
         entity_uuid = "ENTITY-UUID-HERE"
         auth_token = "ENTITY-TOKEN-HERE"
   EOF

3. On a Linux machine, install the cloud-image-utils package, which provides the cloud-localds tool.

   # On Ubuntu/Debian
   sudo apt update
   sudo apt install cloud-image-utils

4. Use to generate the Cloud-Init seed ISO (seed.iso) from your user-data.yml configuration.

   cloud-localds seed.iso ./user-data.yml

5. Connect to your ESXi Web Client. In Virtual Machines menu, edit settings of your current virtual machine before its first boot.

   Edit VM settings

6. Add a CD/DVD drive if not any, then select Datastore ISO file. In the new popup, upload your seed.iso file and select it.

   

7. In advanced settings of CD/DVD drive, enable the 2 following options :

   • Connect
   • Connect at power on

   Then click on Save.

   

By default, if Cloud Init does not push the /etc/trapeye/auth-config.toml file, TrapEye service boot in Manual Config Mode and allow you to connect to it via its IP Address (DHCP by default).

1. Start the virtual machine and find its IP Address

2. From the TrapEye Platform, go to Management → Installation and copy the values for url, entity_uuid, and auth_token.

   

3. Connect to the TrapEye Manual Config Web Page by navigating to https://<your_vm_ip>:8443

4. Ignore the TLS warning as this is a temporary self-signed certificate and fill the form with your 3 custom value copied earlier:

   

Your TrapEye virtual machine has been successfully deployed on vSphere/ESXi.

It will now appear in the Devices section of the TrapEye Deception Platform, and you will begin receiving real-time alerts as soon as any activity is detected.