AlienVault® USM Anywhere™

Requirements for Hyper-V Sensor Deployment

Review the following prerequisites to ensure an efficient setup and configuration of a USM Anywhere Sensor on Microsoft Hyper-V.

Minimum Requirements

  • Operating system must be Windows Server 2012 R2 with either Hyper-V Manager or System Center Virtual Manager (SCVMM) 2012, or Windows Server 2016
  • Dedicated 4 CPUs and 12 GB of statically assigned memory
  • Dedicated 150 GB of disk space (100 GB data device and 50 GB root device)
  • Internet connectivity from the virtual machine

Recommended Requirements

Sensor Ports and Connectivity

Before you deploy a USM Anywhere Sensor, you must configure your firewallVirtual or physical device designed to defend against unauthorized access to data, resources, or a private network. A firewall’s primary purpose is to create segregation between two or more network resources, blocking undesirable traffic between them. permissions to enable the required connectivity for the new sensor. Initial deployment of a sensor requires that you open egress and outbound ports and protocols in the firewall for communication with USM Anywhere and AT&T Cybersecurity Secure Cloud resources. The sensor receives no inbound connections from outside the firewall.

Note: To launch the USM Anywhere Sensor web user interface (UI) during the initial setup, you need to allow inbound traffic to the sensor IP address through TCP port 80. You can remove access to this port after the sensor successfully connects to USM Anywhere. You do not need to allow inbound traffic to this port from the Internet.

Type Ports Inbound/Outbound Endpoints Purpose
TCP 443 Outbound update.alienvault.cloud Communication with AT&T Cybersecurity for initial setup and future updates of the Sensor
TCP 443 Outbound reputation.alienvault.com Ongoing communication with Open Threat Exchange® (OTX)
TCP 443 Outbound your USM Anywhere subdomain
.alienvault.cloud
Ongoing communication with USM Anywhere
SSL / TCP 7100 Outbound your USM Anywhere subdomain
.alienvault.cloud
Ongoing communication with USM Anywhere
UDP 53 Outbound DNS Servers (Google Default) Ongoing communication with USM Anywhere
UDP 123 Outbound

0.amazon.pool.ntp.org

1.amazon.pool.ntp.org

2.amazon.pool.ntp.org

3.amazon.pool.ntp.org

Sync with network time protocol (NTP) services in the AT&T Cybersecurity Secure Cloud
TCP 22 and 443 Outbound prod-usm-saas-tractorbeam.alienvault.cloud

SSHProgram to securely log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another through Secure Copy (SCP). communications with the USM Anywhere Remote Support server.

See Troubleshooting and Remote Sensor Support for more information about remote technical support through the USM Anywhere Sensor console.

Hyper-V Machine Deployment

You can deploy a Hyper-V virtual machine using either of the following management tools:

  • Microsoft Hyper-V Manager, which is an administrative tool for managing local and remote Hyper-V servers. For more information, see Create the VM with Hyper-V Manager.
  • System Center Virtual Machine Manager 2012, which is designed for managing large numbers of virtual servers, based on Microsoft Virtual Server and Hyper-V. For more information, see Create the VM with SCVMM 2012.