Review the following prerequisites to ensure an efficient setup and configuration of a USM Anywhere Sensor on Microsoft Hyper-V.
- Operating system must be Windows Server 2012 R2 with either Hyper-V Manager or System Center Virtual Manager (SCVMM) 2012, or Windows Server 2016
- Dedicated 4 CPUs and 12 GB of statically assigned memory
- Dedicated 150 GB of disk space (100 GB data device and 50 GB root device)
- Internet connectivity from the virtual machine
If DHCPNetwork protocol used to dynamically distribute network configuration parameters, such as IP addresses, for interfaces and services. is unavailable, a static IP for the management interface and local DNS information
Important: AT&T Cybersecurity strongly recommends assigning a static IP to deploy the USM Anywhere Sensor. If DHCP changes the IP address of the sensor, you must update all the IP addresses on all the devices that are forwarding logs to the sensor through syslog.
- Network topology information to run asset discovery
- Port mirroringMethod of network monitoring in which a system passively collects network traffic on the same ports as other network devices. setup for network monitoring (see Configure Windows Server 2012 R2 or Windows Server 2016 Hyper-V Virtual Machines for Port Mirroring for more information)
- Administrative credentials for remote hosts to support authenticated asset scans
- Administrative credentials for devices that require configuration to forward logs to the Hyper-V Sensor
- To access NIDS functionality on the sensor, an ethernet port on the host must be available to receive data from a SPAN or TAP port.
Before you deploy a USM Anywhere Sensor, you must configure your firewallVirtual or physical device designed to defend against unauthorized access to data, resources, or a private network. A firewall’s primary purpose is to create segregation between two or more network resources, blocking undesirable traffic between them. permissions to enable the required connectivity for the new sensor. Initial deployment of a sensor requires that you open egress and outbound ports and protocols in the firewall for communication with USM Anywhere and AT&T Cybersecurity Secure Cloud resources. The sensor receives no inbound connections from outside the firewall.
Note: To launch the USM Anywhere Sensor web user interface (UI) during the initial setup, you need to allow inbound traffic to the sensor IP address through TCP port 80. You can remove access to this port after the sensor successfully connects to USM Anywhere. You do not need to allow inbound traffic to this port from the Internet.
|TCP||443||Outbound||update.alienvault.cloud||Communication with AT&T Cybersecurity for initial setup and future updates of the Sensor|
|TCP||443||Outbound||reputation.alienvault.com||Ongoing communication with Open Threat Exchange® (OTX)|
|TCP||443||Outbound||your USM Anywhere subdomain
|Ongoing communication with USM Anywhere|
|SSL / TCP||7100||Outbound||your USM Anywhere subdomain
|Ongoing communication with USM Anywhere|
|UDP||53||Outbound||DNS Servers (Google Default)||Ongoing communication with USM Anywhere|
|Sync with network time protocol (NTP) services in the AT&T Cybersecurity Secure Cloud|
|TCP||22 and 443||Outbound||prod-usm-saas-tractorbeam.alienvault.cloud||
SSHProgram to securely log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another through Secure Copy (SCP). communications with the USM Anywhere Remote Support server.
See Troubleshooting and Remote Sensor Support for more information about remote technical support through the USM Anywhere Sensor console.
Hyper-V Machine Deployment
You can deploy a Hyper-V virtual machine using either of the following management tools:
- Microsoft Hyper-V Manager, which is an administrative tool for managing local and remote Hyper-V servers. For more information, see Create the VM with Hyper-V Manager.
- System Center Virtual Machine Manager 2012, which is designed for managing large numbers of virtual servers, based on Microsoft Virtual Server and Hyper-V. For more information, see Create the VM with SCVMM 2012.