Observer Analyzer : Expert Probe Software : How to install or upgrade the software
   
How to install or upgrade the software
 
Page Contents
Comparing software probe features
Minimum and recommended system specifications
How to upgrade to Windows 10
Capture card driver requirements
Installing the wireless NIC driver on Windows 7/Vista
Installing a third-party USB wireless adapter
Installing Windows updates and updating virus protection
Revised: 2017-10-25
This section describes the installation process and minimum requirements if you are installing Observer or probe on your system. This applies to physical and virtualized servers. If you virtualize the server, each server must meet these specifications.
An administrator account is required to install and run any version of Observer or probe software except Observer Expert Console Only (ECO). Observer ECO requires an administrator account just for installation; a standard user account can be used for running Observer ECO.
Standard network cards do not support “raw” wireless packets, nor do they enable “promiscuous” mode by default. Promiscuous mode captures all packets for the analyzer, not just those addressed to the network card. Both “raw” wireless packets and promiscuous mode are required by Observer. ErrorTrak drivers were needed in earlier versions of Observer. They are no longer necessary.
If you do not meet the minimum requirements, the system may seem to operate in the short term, but be aware that even if a sub-minimum installation works momentarily, a later, heavier load on the system can cause it to fail. VIAVI sells hardware probes that are guaranteed to keep up with heavy loads. See the Observer Platform website for details.
You may install the probe software on a virtual machine so long as it meets the system requirements. The installation process is the same. You may also want to consider using a virtual TAP. See Using the probe as a virtual TAP.
Caution: See the important information in How to upgrade to Windows 10 if you want to upgrade the operating system!
1. Ensure your system meets the minimum requirements.
See Minimum and recommended system specifications.
2. Choose one of the following:
How to install all versions
How to upgrade version 17 and later
How to upgrade version 16 and earlier
 
 
 
After completing this task:
License your software. See FAQ: Licensing and updating.
If you are using a wireless network adapter to capture traffic, see Installing the wireless NIC driver on Windows 7/Vista.
If you are using a USB wireless network adapter to capture traffic, see Installing a third-party USB wireless adapter.
If you use Observer on a virtual machine and network traffic cannot be captured or BSODs (bluescreens) are occurring, see Virtual machine troubleshooting.
 
Comparing software probe features
 
Single Probes are appropriate for sites with smaller administrative staffs. This type of probe communicates with only one Observer at a time.
If you have a need for multiple network administrators to view packet decodes and analysis from the same probe simultaneously, choose a Multi Probe. The Multi Probe allows you to run multiple probe instances of the probe on a single system, which means that:
You can install multiple network interface cards in a single Multi Probe system, allowing multiple “points of visibility” from that probe.
You can connect multiple sessions of Observer to the same Multi Probe system. Any Observer session can see all of the networks available on the Multi Probe. The probe instances are securely encrypted and password-protected.
Although Multi Probes behave similarly to Single Probes, the Multi Probe has a different user interface for configuring the probe.
For the highest level of distributed performance, choose an Expert Probe. An Expert Probe provides Expert Analysis and capture/decode capabilities. This saves bandwidth when performing remote expert analysis, and also allows remote decode views and expert analysis in real time.
The Expert Probe can be configured to run as an Observer when you need to perform troubleshooting from where the probe is located.
Hardware >
GigaStor, Portable probes, Probe Appliances, 3rd party hardware
Dual port Ethernet Probe, 3rd party hardware
Ethernet Single probe, 3rd party hardware
Installed software >
Expert Probe
Multi Probe
Single Probe
Sends entire buffer1
X
X
Alarms
X
X
X
Trending
X
X
X
Triggers
X
X
X
Wireless
X
X
X
X
X
Simultaneous multi-topology support
X
X
Simultaneous users2
X
X
X
X
X
X
X
Full-duplex3
X
X
X
X
Remote decode of GigaStor captures
X
Sends expert summary & decode packets4
X
sFlow
X
X

1 Buffers are sent to Observer where the decoding and analysis is performed. This is less efficient than sending the expert summary and decode packets, which is available with Expert Probe.

2 Simultaneous users are supported when each user has his own probe instance.

3 Only available on hardware probes from VIAVI.

4 Decoding and expert analysis are performed by the probe and a summary is sent to Observer reducing network bandwidth use.

5 Application Performance Analysis and Application Transaction Analysis. Applications are generally OSI Layer7 applications like HTTP, FTP, RTSP, SMB, and so on.

 
Minimum and recommended system specifications
Created: 2015-11-06   Revised: 2017-08-07
If you are installing the software on your own hardware or a virtual machine, these are the minimum and recommended specifications for a production environment.
 
Table 31. Observer Expert Console Only (ECO)
Minimum
Recommended
Processor / CPU
Dual core Pentium class processor
Quad core Pentium class processor
RAM1
2 GB RAM
8 GB RAM
Operating system2
64-bit Operating System
Windows 7 or newer
64-bit Operating System
Windows 7 or newer
Network Card
Server-class
Intel server-class

1 If your system has 4 GB of RAM, you cannot reserve any memory for Observer. This is a limitation of Windows known as the BIOS memory hole. Either add more RAM or take some out.

2 See Supported Operating Systems for a full list of supported operating systems.

 
 
Table 32. Observer or GigaStor Software Edition in a virtual server
Minimum
Recommended
Processor / CPU
Four core
Six core Intel
RAM1
Minimum 16 GB (8 GB for Observer and 8 GB for the operating system)
64 GB
Storage
Packet capture - Hardware: Determined by your product
Packet capture - GigaStor Software Edition: Determined by your license.
Same
Operating system2
64-bit Operating System
Windows 7 or newer
64-bit Operating System
Windows 7 or newer
Network Card
Virtualized network adapter
Intel server-class
Capture Card3
Virtualized network adapter
Server-class onboard network adapter

1 If your system has 4 GB of RAM, you cannot reserve any memory for Observer. This is a limitation of Windows known as the BIOS memory hole. Either add more RAM or take some out.

2 See Supported Operating Systems for a full list of supported operating systems.

3 A second network card that acts solely as a capture card is required (and must be in “promiscuous mode”). Alternatively, a dual-port NIC can be used. For further details, see Capture card driver requirements.

 
 
 
 
Current compatibility and incompatibly of virtual machines with the GigaStor Software Edition (GSE) is described in this list:
VMWare ESXi Server
ESXi 5.0 and higher is compatible with GSE.
VMWare Workstation Pro is not supported with GSE
Microsoft Hyper-V may function but is not supported with GSE
 
Supported Operating Systems
Revised: 2018-10-02
Your product must be installed on one of these operating systems to receive assistance from Technical Support.
 
Product name
64-bit Windows
32-bit Windows
Observer Suite
Observer Expert
Observer Standard
GigaStor Software Edition
 
Windows 7 (SP1 or higher) or newer
Windows Server 2008 R2 Enterprise, Standard, Web (SP1 or higher) or newer
Windows 7 (SP1 or higher) or newer
 
 
Not supported
 
Observer ECO
 
Windows 7 (SP1 or higher) or newer
Windows Server 2008 R2 Enterprise, Standard, Web (SP1 or higher) or newer
 
 
Windows 7 (SP1 or higher) or newer
Windows Server 2008 R2 Enterprise, Standard, Web (SP1 or higher) or newer
 
 
How to upgrade to Windows 10
Created: 2017-10-25   Revised: 2017-10-25
Due to the way Microsoft has designed its Windows® 10 operating system upgrade feature, Observer will not function if you upgrade your operating system from Windows 7, Vista or Windows 8 to Windows 10 without first uninstalling Observer.
This information does not apply if you:
Already uninstalled Observer.
Are installing Windows 10 rather than upgrading to it.
Are already using Windows 10.
Are upgrading using the Observer Platform OS Upgrade product because it replaces the operating system rather than upgrading it. Additionally, it uses Windows Server 2012 R2.
Note: Unfortunately, if you have already upgraded the operating system and Observer was not uninstalled prior to upgrading to Windows 10, the only path to recovery is to reinstall the operating system. Back up any Observer files on the operating system, reinstall the operating system, then install Observer and restore its files.
To upgrade a system with Observer to Windows 10:
1. Back up your settings.
2. Uninstall Observer using Control Panel > Program and Features.
3. Upgrade your operating system.
4. Install the Observer software.
5. Restore your settings from step 1 using whatever method is best for you.
 
Observer is now available to use on Windows 10.
 
Capture card driver requirements
If you are going to use a third-party capture card in your probe, the capture card must meet certain requirements so that Observer can report statistics and errors. The network card used to monitor or capture network traffic must have all of the mandatory and optional NDIS functions. The VIAVI capture card has all of the necessary features.
Most NIC vendors provide solid, functional NDIS drivers for all cards available within the Ethernet, Token Ring, and FDDI marketplace.
Accessing a standard network with a “normal” network device is somewhat different from what a protocol analyzer requires. While both share a number of driver functions, a protocol analyzer requires a set of features and functions that the average network device will never need. Examples of these optional functions are promiscuous mode, error tracking, and network speed reporting. (Examples of mandatory functions would include functions to determine the maximum packet size, functions to verify the number of sent packets, and functions to specify or determine a packets’ protocol.)
Microsoft made a number of the less used (by “normal” network users) functions “optional”, as opposed to “mandatory” regarding driver requirements. The result has been that most vendors support all (or most) mandatory functions with the first release of the driver. As time passes, and the initial chaos of the first release of the card and driver passes, most manufacturers add some or all of the optional functions, as well as fix or complete all of the mandatory functions.
As part of the optional section of defined NDIS functions, Microsoft specified a number of counters that can be kept for Ethernet frame errors. These counters include CRC errors, Alignment errors, Packets Too Big (Jabbers), and Packets Too Small (Runts). Collisions are counted, but there are limitations of NDIS collision statistics. Four important points should be considered:
These optional counts only provide a numerical value to the total number of errors on the segment (i.e. the number of CRC errors found), they do not specify where (which station) the error originated from.
After the error packet is identified and the proper error counter is incremented, the packet is discarded, and not sent to Windows (this is the reason it is impossible to determine the source of an Ethernet error packet with standard NDIS drivers).
A number of vendor’s NDIS drivers return a positive acknowledgment when the NDIS error function is queried for existence, but the error statistic is not actually kept.
A few vendors (3COM, for example) do not keep any error statistics whatsoever.
If a NIC driver both reports that the optional Ethernet error statistics are being kept, and actually keeps data on these errors, Observer reports these statistics in the Network Vital Sign Display.
Installing the wireless NIC driver on Windows 7/Vista
See the information in Monitoring a wireless access point, which contains details about raw packets and promiscuous mode for the network card.
Follow these instructions to install the wireless driver for your network card:
1. Click Start and then right-click on the ‘Computer’ icon and choose Properties.
2. Click Device Manager.
3. Right-click on the wireless adapter you want to use as your capture card and choose Update Driver Software.
4. Choose “Browse my computer for driver software.”
5. Choose “Let me pick from a list of drivers on my computer.”
6. Click Have Disk and use the drivers in this location:
Example: C:\Program Files\Observer\DRIVERS\Wireless\Atheros_Vista
7. Click Next and Windows installs the driver for your wireless card.
To confirm that you correctly installed the driver for the wireless network card, open Observer. If the probe instance shows (Wireless) behind it, then it is correctly configured.
Figure 63: Probe instance using wireless adapter
If the probe instance shows (Ethernet), then either the network card driver was not correctly installed or the probe instance is not configured to use that network card. You can confirm the correct network card is selected, by choosing Actions > Select Network Adapter Card.
 
 
 
After completing this task:
License your probe by following the instructions in Licensing and updating.
If your wireless network uses an encryption key, you must add the encryption key information. See Configuring the probe’s adapter speed, ToS/QoS precedence, and statistics sampling.
 
Installing a third-party USB wireless adapter
Revised: 2014-01-21
You can capture wireless 802.11 traffic on systems lacking built-in wireless by installing a third-party USB wireless adapter. Wireless access point statistics and other features become usable as well. Installing a special driver on your USB wireless adapter is necessary.
The USB wireless adapter is only supported on systems running Windows Vista or 7 (32- or 64-bit).
Caution: For some wireless adapters you must install the software for the USB wireless adapter before you attach the adapter to your computer. This is not an Observer requirement, but one of the wireless adapter. If you attach the USB wireless adapter before installing the software, unplug the USB adapter, uninstall the software, restart your system, and then proceed with step 1.
Note: If using a Belkin N600DB USB wireless adapter, only revision number “F9L1101v1” is compatible. These adapters have a Broadcom chipset. The second revision, “F9L1101v2” does not have a Broadcom chipset and is incompatible.
1. Install the software that came with your USB wireless adapter.
2. Insert the USB wireless adapter into your system.
3. Choose Control Panel > Network and Sharing Center > Change adapter settings and then select your USB wireless adapter. Right-click and choose Properties.
4. From the Networking tab, click Install > Service > Add. Click Have Disk and locate this file:NiNdisMon.inf
64-bit: C:\Program Files\Observer\DRIVERS\Wireless
32-bit:C:\Program Files(x86)\Observer\DRIVERS\Wireless
5. Click OK to install the software as a Windows service.
6. Restart your system.
Restarting allows the software and adapter to be fully recognized by your system and the Windows service to start. Observer will not be able to use the wireless adapter until you restart.
7. Start Observer, select the probe instance you want to associate with the USB wireless adapter.
8. On the Home tab, in the Probe group, click Setup > Select NIC.
9. Choose the USB wireless adapter you just installed.
 
The probe instance is now configured to use the USB wireless adapter. You can confirm this because the word "[Wireless]" appears after the probe instance name, and the Wireless 802.11 tab of the probe instance is visible.
 
Installing Windows updates and updating virus protection
Revised: 2016-03-04
From time to time Microsoft releases updates for the operating system used for your probe or your virus protection software vendor updates their virus definitions. You should apply those updates as soon as feasible, however, you should always apply the updates manually.
We do not recommend that you allow Windows to automatically install the updates and restart the system. By manually applying the updates you ensure that the system restarts properly and that the probe starts correctly whether running as a Windows service or as an application.
For your anti-virus software, follow these guidelines:
Ensure TCP ports 25901 and 25903 are open. All Observer Platform products communicate on these ports.
Ensure UDP ports 25901 and 25903 are open if you use OMS.
For all probes, disable any scanning of the Observer installation directory (typically C:\Program Files\Observer) and of D: (RAID) drive as scanning greatly diminishes the performance of writing data to disk.
The performance of the operating system may be greatly diminished when using anti-virus software.