Complete the following tasks to deploy a Security Analytics (SA) Server on a virtual machine (VM) in the Azure Cloud environment.
- Task 1. - Upload SA Server VHDs
- Task 2. - Create SA Server Image
- Task 3. - Create Virtual Machine (VM)
Complete the following steps to upload SA Server VHDs to Azure.
- Upload SA Server VHDs to the Azure Cloud.
Contact RSA Customer Support (https://community.rsa.com/docs/DOC-1294) for instructions on how to obtain the VHDs for the SA Server.
- Use Azure VHD Utils Windows Utility (https://github.com/Microsoft/azure-vhd-utils) to upload all vhds to Azure Cloud under specified subscription ID (make sure that the storage account name, storage account key, container name are correct).
C:\Users\Administrator\go\bin>azure-vhd-utils.exe upload --localvhdpath "F:\SASv 1064Gold\SA-Server-10.6.4.0-03-Gold-disk1.vhd" --stgaccountname netwitnessazurestorage1 --stgaccountkey #&^$##@FREW*&EgSmXrPM7dndkOg6BnhVVhU5NNpS7d8UNgQGEl62HxMsrRe9vB6W95CXx9Kxyz@%#$bg --containername sa-10640-internal --blobname "SA-Server-10.6.4.0-03-Gold-disk1.vhd"
After the upload successfully completes the following messages are displayed.
The netwitnessazurestorage1 storage location in Azure now contains the Beta release files.
- In the Azure Explorer, go to the NetWitness group > Storage Accounts > netwitnessazurestorage1) > Blob Containers > nwazurevhdstore). The following screen shot shows you an example of the contents of a storage container.
- Verify that all the SA Server VHDs are uploaded in to the Azure Cloud.
- Log in to the Azure portal (https://portal.azure.com).
- In the right panel, click Storage accounts > netwitnessazurestorage1 > Blob service > nwazurevhdstore.
Complete the following steps to create an SA Server image in Azure from upload VHDs.
- Login to https://portal.azure.com.
- In the left panel, click More Services and filter by Images.
- Click Images.
- Create and configure the Image.
- Click Add.
- Enter an Image Name, select the correct Resource Group, select a valid Location, and set the OS Disk to Linux.
In the Storage blob, browse to where VHDs are uploaded.
- Select https://netwitnessazurestorage.blob.core.windows.net/nwvhdstore/SA-Server-10.6.4.0-03-Gold-disk1.vhd in the OS disk Storage blob field.
- Click Add data disks to add the remaining disks (for example, SA-Server-10.6.4.0-03-Gold-disk2.vhd, SA-Server-10.6.4.0-03-Gold-disk3.vhd, and SA-Server-10.6.4.0-03-Gold-disk4.vhd).
- Make sure that Standard (HDD) is selected for Account Type.
The following screen shot illustrates a completed Create Image view.
- Click Create to create the Image.
The following confirmation is displayed when the image is created.
Complete the following steps to create a VM in Azure using the SA Server image.
- Go to Images and click Create VM.
The 1 Basics - Configure basic settings section is in focus.
- Define values for all of the fields.
- In the Name field, enter a user-defined name (for example, SAServer1064).
- In the VM disk type field, select HDD from the drop-down list.
- In the User name field, enter a valid username.
- In the Authentication type field, click Password and enter a strong password that is a combination of lowercase, uppercase, numeral and a symbol (for example, Netwitness@123).
- Make sure that the values selected in the Subscription, Resource group and Location fields are correct.
- Click size-required-based-on-capacity (for example, F8 Standard), and click Select.
- Click and define the fields.
- In the Storage field, make sure that Use manage disks is set to Yes.
- In the Network field, select:
- A valid Virtual network and Subnet.
- None for the Public IP address.
RSA recommends None for the Public IP address (this is not mandatory). You can assign a public IP address, but it countermands Best Practices to assign a public IP to something that is based in the Azure cloud.
- A valid Network security group.
For information on Network security groups, see the Microsoft Azure documentation (https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-nsg).
- A valid Virtual network and Subnet.
- In the Monitoring field, select:
- Enabled for Boot Diagnostics
- Enabled for Guest OS diagnostics
- a valid Diagnostics storage account
- Click OK.
The 4 Summary – SAServerStagingImage section is in focus.
- Verify that the Validation passed, and click OK.
You know that the SA Server VM Deployment is successful when you see the VM status as Running.
- Click Properties to view the IP Address details.
- SSH to the VM using the username that you specified in Step 2d of Task 3 and reset the root password. Use the su passwd root command string to reset the root password as shown in the following screen shot.
Close the current SSH session and open a new SSH session with root as the username and the password created in the previous step.