Azure: Step 1. Deploy SA Server Host in Azure

Document created by RSA Information Design and Development on Aug 4, 2017
Version 1Show Document
  • View in full screen mode

Complete the following tasks to deploy a Security Analytics (SA) Server on a virtual machine (VM) in the Azure Cloud environment.

Note: It is not mandatory to deploy the SA Server in the Azure Cloud environment to deploy other components (see Azure Deployment Scenarios).

Task 1. - Upload SA Server VHDs

Complete the following steps to upload SA Server VHDs to Azure.

  1. Upload SA Server VHDs to the Azure Cloud.
    Contact RSA Customer Support ( for instructions on how to obtain the VHDs for the SA Server.

    Note: RSA will deliver the following release files , which contain all the SA Server VHDs, to customers for testing purposes. You need to upload these files to the Azure community.





  2. Use Azure VHD Utils Windows Utility ( to upload all vhds to Azure Cloud under specified subscription ID (make sure that the storage account name, storage account key, container name are correct).
    For example:
    C:\Users\Administrator\go\bin>azure-vhd-utils.exe upload --localvhdpath "F:\SASv 1064Gold\SA-Server-" --stgaccountname netwitnessazurestorage1 --stgaccountkey #&^$##@FREW*&EgSmXrPM7dndkOg6BnhVVhU5NNpS7d8UNgQGEl62HxMsrRe9vB6W95CXx9Kxyz@%#$bg --containername sa-10640-internal --blobname "SA-Server-"

    After the upload successfully completes the following messages are displayed.

    The netwitnessazurestorage1 storage location in Azure now contains the Beta release files.
  3. In the Azure Explorer, go to the NetWitness group > Storage Accounts > netwitnessazurestorage1) > Blob Containers > nwazurevhdstore). The following screen shot shows you an example of the contents of a storage container.

  4. Verify that all the SA Server VHDs are uploaded in to the Azure Cloud.
    1. Log in to the Azure portal (
    2. In the right panel, click Storage accounts > netwitnessazurestorage1 > Blob service > nwazurevhdstore.

    Note: Alternatively, you can use the Microsoft Azure Storage Explorer windows utility ( to verify that all the VHDs from the following location subscription exist. This utility helps you manetwitnessazuree the contents your storage.

Task 2. - Create SA Server Image

Complete the following steps to create an SA Server image in Azure from upload VHDs.

  1. Login to
  2. In the left panel, click More Services and filter by Images.
  3. Click Images.

  4. Create and configure the Image.
    1. Click Add.
    2. Enter an Image Name, select the correct Resource Group, select a valid Location, and set the OS Disk to Linux.
      In the Storage blob, browse to where VHDs are uploaded.

    3. Select in the OS disk Storage blob field.

    4. Click Add data disks to add the remaining disks (for example, SA-Server-, SA-Server-, and SA-Server-

    5. Make sure that Standard (HDD) is selected for Account Type.
      The following screen shot illustrates a completed Create Image view.

    6. Click Create to create the Image.
      The following confirmation is displayed when the image is created.

Task 3. Create Virtual Machine (VM)

Complete the following steps to create a VM in Azure using the SA Server image.

  1. Go to Images and click Create VM.

    The 1 Basics - Configure basic settings section is in focus.
  2. Define values for all of the fields.
    1. In the Name field, enter a user-defined name (for example, SAServer1064).
    2. In the VM disk type field, select HDD from the drop-down list.

      Caution: The username and password that you define is used to login to the system as a non-administrator user. Do not use the root user (the login does not have superuser permissions). You must change the root password the first time that you log in to the VM by executing the su passwd root command. This is a critical step and should not be missed. You cannot use root for a username (Azure-specific).

    3. In the User name field, enter a valid username.
    4. In the Authentication type field, click Password and enter a strong password that is a combination of lowercase, uppercase, numeral and a symbol (for example, Netwitness@123).
    5. Make sure that the values selected in the Subscription, Resource group and Location fields are correct.
    1. Click OK.

      The 2 Size - Choose virtual machine size section is in focus.
  3. Click size-required-based-on-capacity (for example, F8 Standard), and click Select.

    Note: Sizing is based upon the capacity requirements of your enterprize (see Azure VM Configuration Recommendations for RSA VM size recommendations based on log capture rates. The minimum size RSA recommends for the SA Server is F8 Standard.

    The 3 Settings – Configure optional features section is in focus.

  4. Click and define the fields.
    1. In the Storage field, make sure that Use manage disks is set to Yes.
    2. In the Network field, select:
      • A valid Virtual network and Subnet.

      • None for the Public IP address.
        RSA recommends None for the Public IP address (this is not mandatory). You can assign a public IP address, but it countermands Best Practices to assign a public IP to something that is based in the Azure cloud.
    3. In the Monitoring field, select:
      • Enabled for Boot Diagnostics
      • Enabled for Guest OS diagnostics
      • a valid Diagnostics storage account

    The following screen shot illustrates a completed Settings panel.

    1. Click OK.
      The 4 Summary – SAServerStagingImage section is in focus.
  5. Verify that the Validation passed, and click OK.

    You know that the SA Server VM Deployment is successful when you see the VM status as Running.

  6. Click Properties to view the IP Address details.

  7. SSH to the VM using the username that you specified in Step 2d of Task 3 and reset the root password. Use the su passwd root command string to reset the root password as shown in the following screen shot.
  8. Close the current SSH session and open a new SSH session with root as the username and the password created in the previous step.

    Note: Step 8 is a critical, one-time step for a new deployment. If you do not complete this step, the Security Analytics User Interface will not load.


You are here
Table of Contents > Azure Deployment Checklist > Step 1 . Deploy SA Server in Azure