Azure: Step 1. Deploy NW Server Host in Azure

Document created by RSA Information Design and Development on Feb 2, 2018Last modified by RSA Information Design and Development on Sep 12, 2018
Version 5Show Document
  • View in full screen mode

Complete the following tasks to deploy a NetWitness Server (NW Server) on a virtual machine (VM) in the Azure Cloud environment.

Note: It is not mandatory to deploy the NetWitness Server in the Azure Cloud environment to deploy other components (see Azure Deployment Scenarios).

Task 1. - Upload NW Server VHDs

Complete the following steps to upload NW Server VHDs to Azure.

  1. Contact RSA Customer Support ( to open a support case requesting the NW Server VHDs. A valid throughput license will be required.

  2. Customer Support will update the case with VHD URI's.
  3. In the Azure Portal, open the Powershell CLI.

    Powershell CLI

    You will need a storage account, blob service and container setup. This is where the VHD’s will be copied to. After these are in place, you can execute the following command within the Azure Portal Powershell CLI. Alternatively, you can also run these commands from the Powershell in your workstation:

    1. Run this command from Powershell to install AzureRM: Install-Module -Name AzureRM –AllowClobber
    2. Execute this command to verify the installation process has been successfully done: Import-Module -Name AzureRM
    3. If you find any error regarding execution policy, execute this command: - Set-ExecutionPolicy -ExecutionPolicy RemoteSigned (then repeat step b)
    4. (Optional) If you are running the commands from the Powershell in your workstation, login to your Azure account using this command: Login-AzureRmAccount
    5. Select the Subscription: Select-AzureRmSubscription -SubscriptionId <subscriptionid>
    6. Create a target context: $targetStorageContext = (Get-AzureRmStorageAccount -ResourceGroupName <resource-group-name> –Name <storage-account-name>).Context
    7. Start the copy: Start-AzureStorageBlobCopy -AbsoluteUri “<SAS-URL>” -DestContainer <container-name> -DestBlob <destination-blob-name> -DestContext $targetStorageContext
    8. You can get the Blob copy status by executing this command: Get-AzureStorageBlobCopyState -Blob "< destination-blob-name>" -Container "<container-name> " –Context $targetStorageContext
  4. Once the VHD’s are successfully copied. You’ll need to create an image and VM.

  5. Verify that all the NW Server VHDs are uploaded into the Azure Cloud.

    Note: Alternatively, you can use the Microsoft Azure Storage Explorer windows utility ( to verify that all the VHDs from the following location subscription exist. This utility helps you manage the contents your storage.

    1. Log in to the Azure portal (
    2. In the right panel, click Storage accounts > netwitnessazurestorage1 > Blob service > nwazurevhdstore.
  6. (Optional) In the Azure Explorer, go to the NetWitness group > Storage Accounts > netwitnessazurestorage1) > Blob Containers > nwazurevhdstore). The following screen shot shows you an example of the contents of a storage container.

    Blob Containers

Task 2. - Create NW Server Image

Complete the following steps to create an NW Server image in Azure from upload VHDs.

  1. Log in to
  2. In the left panel, click More Services and filter by Images.
  3. Click Images.

  4. Create and configure the Image.
    1. Click Add.
    2. Enter an Image Name, select the correct Resource Group, select a valid Location, and set the OS Disk to Linux.
      In the Storage blob, browse to where VHDs are uploaded.

    3. Make sure that Standard (HDD) is selected for Account Type.
      The following screen shot illustrates a completed Create Image view.

    4. Click Create to create the Image.
      The following confirmation is displayed when the image is created.

Task 3. Create Virtual Machine (VM)

Complete the following steps to create a VM in Azure using the NetWitness Server image.

  1. Go to Images and click Create VM.

    The 1 Basics - Configure basic settings section is in focus.
  2. Define values for all of the fields.
    1. In the Name field, enter a user-defined name (for example, NWServer1100).
    2. In the VM disk type field, select HDD from the drop-down list.

      Caution: The username and password that you define is used to login to the system as a non-administrator user. Do not use the root user (the login does not have superuser permissions). You must change the root password the first time that you log in to the VM by executing the su passwd root command. This is a critical step and should not be missed. You cannot use root for a username (Azure-specific).

    3. In the User name field, enter a valid username.
    4. In the Authentication type field, click Password and enter a strong password that is a combination of lowercase, uppercase, numeral and a symbol (for example, Password@123).
    5. Make sure that the values selected in the Subscription, Resource group and Location fields are correct.
    1. Click OK.

      The 2 Size - Choose virtual machine size section is in focus.
  3. Click size-required-based-on-capacity (for example, F8 Standard), and click Select.

    Note: Sizing is based upon the capacity requirements of your enterprize (see VM Configuration Recommendations for RSA VM size recommendations based on log capture rates. The minimum size RSA recommends for the NetWitness Server is F8 Standard.

    The 3 Settings – Configure optional features section is in focus.

  4. Click and define the fields.
    1. In the Storage field, make sure that Use manage disks is set to Yes.
    2. In the Network field, select:
      • A valid Virtual network and Subnet.

      • None for the Public IP address.
        RSA recommends None for the Public IP address (this is not mandatory). You can assign a public IP address, but it countermands Best Practices to assign a public IP to something that is based in the Azure Cloud.
    3. In the Monitoring field, select:
      • Enabled for Boot Diagnostics
      • Enabled for Guest OS diagnostics
      • Valid Diagnostics storage account

    The following figure illustrates a completed Settings panel.

    1. Click OK.
  5. Verify that the Validation passed, and click OK.

    You know that the NW Server VM Deployment is successful when you see the VM status as Running.

  6. Click Properties to view the IP Address details.

  7. SSH to the VM using the username that you specified in Step 2d of Task 3 and reset the root password. Use the su passwd root command string to reset the root password as shown in the following screen shot.
  8. Close the current SSH session and open a new SSH session with root as the username and the password created in the previous step.

    Note: Step 8 is a critical one-time step for a new deployment. If you do not complete this step, the NetWitness User Interface will not load.


You are here
Table of Contents > Deployment Rules and Checklist > Step 1. Deploy NW Server Host  in Azure