Azure Deploy: Deploy NW Server Host in Azure

Document created by RSA Information Design and Development on Feb 2, 2018
Version 1Show Document
  • View in full screen mode

Complete the following tasks to deploy a NetWitness Server (NW Server) on a virtual machine (VM) in the Azure Cloud environment.

Note: It is not mandatory to deploy the SA Server in the Azure Cloud environment to deploy other components (see Azure Deployment Scenarios).

Task 1. - Upload NW Server VHDs

Complete the following steps to upload NW Server VHDs to Azure.

  1. Contact RSA Customer Support ( to open a support case requesting the NW Server VHDs. A valid throughput license will be required.

  2. Customer Support will update the case with VHD URI's.
  3. Via the Azure Portal, open the Powershell CLI.

  4. Once the VHD’s are successfully copied. You’ll need to create an image and VM.

  5. Verify that all the NW Server VHDs are uploaded in to the Azure Cloud.

Note: Alternatively, you can use the Microsoft Azure Storage Explorer windows utility ( to verify that all the VHDs from the following location subscription exist. This utility helps you manage the contents your storage.

  1. Log in to the Azure portal (
  2. In the right panel, click Storage accounts > netwitnessazurestorage1 > Blob service > nwazurevhdstore.

6. (Optional) In the Azure Explorer, go to the NetWitness group > Storage Accounts > netwitnessazurestorage1) > Blob Containers > nwazurevhdstore). The following screen shot shows you an example of the contents of a storage container.

Task 2. - Create NW Server Image

Complete the following steps to create an NW Server image in Azure from upload VHDs.

  1. Log in to
  2. In the left panel, click More Services and filter by Images.
  3. Click Images.

  4. Create and configure the Image.
    1. Click Add.
    2. Enter an Image Name, select the correct Resource Group, select a valid Location, and set the OS Disk to Linux.
      In the Storage blob, browse to where VHDs are uploaded.

    3. Select in the OS disk Storage blob field.

    4. Make sure that Standard (HDD) is selected for Account Type.
      The following screen shot illustrates a completed Create Image view.

    5. Click Create to create the Image.
      The following confirmation is displayed when the image is created.

Task 3. Create Virtual Machine (VM)

Complete the following steps to create a VM in Azure using the SA Server image.

  1. Go to Images and click Create VM.

    The 1 Basics - Configure basic settings section is in focus.
  2. Define values for all of the fields.
    1. In the Name field, enter a user-defined name (for example, NWServer1100).
    2. In the VM disk type field, select HDD from the drop-down list.

      Caution: The username and password that you define is used to login to the system as a non-administrator user. Do not use the root user (the login does not have superuser permissions). You must change the root password the first time that you log in to the VM by executing the su passwd root command. This is a critical step and should not be missed. You cannot use root for a username (Azure-specific).

    3. In the User name field, enter a valid username.
    4. In the Authentication type field, click Password and enter a strong password that is a combination of lowercase, uppercase, numeral and a symbol (for example, Netwitness@123).
    5. Make sure that the values selected in the Subscription, Resource group and Location fields are correct.
    1. Click OK.

      The 2 Size - Choose virtual machine size section is in focus.
  3. Click size-required-based-on-capacity (for example, F8 Standard), and click Select.

    Note: Sizing is based upon the capacity requirements of your enterprize (see Azure VM Configuration Recommendations for RSA VM size recommendations based on log capture rates. The minimum size RSA recommends for the SA Server is F8 Standard.

    The 3 Settings – Configure optional features section is in focus.

  4. Click and define the fields.
    1. In the Storage field, make sure that Use manage disks is set to Yes.
    2. In the Network field, select:
      • A valid Virtual network and Subnet.

      • None for the Public IP address.
        RSA recommends None for the Public IP address (this is not mandatory). You can assign a public IP address, but it countermands Best Practices to assign a public IP to something that is based in the Azure cloud.
    3. In the Monitoring field, select:
      • Enabled for Boot Diagnostics
      • Enabled for Guest OS diagnostics
      • a valid Diagnostics storage account

    The following screen shot illustrates a completed Settings panel.

    1. Click OK.
      The 4 Summary – SAServerStagingImage section is in focus.
  5. Verify that the Validation passed, and click OK.

    You know that the NW Server VM Deployment is successful when you see the VM status as Running.

  6. Click Properties to view the IP Address details.

  7. SSH to the VM using the username that you specified in Step 2d of Task 3 and reset the root password. Use the su passwd root command string to reset the root password as shown in the following screen shot.
  8. Close the current SSH session and open a new SSH session with root as the username and the password created in the previous step.

    Note: Step 8 is a critical, one-time step for a new deployment. If you do not complete this step, the Security Analytics User Interface will not load.


Copyright © 2010-2016 EMC Corporation All Rights Reserved. Published in the USA.

You are here
Table of Contents > Azure Deployment Rules and Checklist > Azure: Step 1. Deploy NW Server Host  in Azure