Review the following prerequisites to ensure an efficient setup and configuration of a USM Anywhere Sensor on Microsoft Hyper-V.
- Operating system must be Windows Server 2012 R2 with either Hyper-V Manager or System Center Virtual Manager (SCVMM) 2012, or Windows Server 2016
- Dedicated 4 CPUs and 12 GB of statically assigned memory
- Dedicated 150 GB of disk space (100 GB data device and 50 GB root device)
- Internet connectivity from the virtual machine
If DHCPNetwork protocol used to dynamically distribute network configuration parameters, such as IP addresses, for interfaces and services. is unavailable, a static IP for the management interface and local DNS information
Important: AT&T Cybersecurity strongly recommends assigning a static IP to deploy the USM Anywhere Sensor. If DHCP changes the IP address of the Sensor, you must update all the IP addresses on all the devices that are forwarding logs to the Sensor through syslog.
- Network topology information to run asset discovery
- Port mirroringMethod of network monitoring in which a system passively collects network traffic on the same ports as other network devices. setup for network monitoring (see Configure Windows Server 2012 R2 or Windows Server 2016 Hyper-V Virtual Machines for Port Mirroring for more information)
- Administrative credentials for remote hosts to support authenticated asset scans
- Administrative credentials for devices that require configuration to forward logs to the Hyper-V sensor
- (Optional) A span port to monitor network traffic for IDS
For USM Anywhere Sensor deployment in the Google Cloud Platform (GCP), the Cloud Deployment Manager template automatically creates the firewall rules needed for network connectivity between the instances within the virtual private Cloud (VPC).
Note: The required firewall rules are outlined below.
|TCP||443||Outbound||update.alienvault.cloud||Communication with AT&T Cybersecurity for initial setup and future updates of the Sensor|
|TCP||443||Outbound||reputation.alienvault.com||Ongoing communication with Open Threat Exchange® (OTX)|
|TCP||443||Outbound||your USM Anywhere subdomain
|Ongoing communication with USM Anywhere|
|SSL / TCP||7100||Outbound/
||your USM Anywhere subdomain
|UDP||53||Outbound||DNS Servers (Google Default)||Ongoing communication with USM Anywhere|
|Synch with network time protocol (NTP) services in the AT&T Cybersecurity Secure Cloud|
|TCP||22 and 443||Outbound||prod-usm-saas-tractorbeam.alienvault.cloud||
SSHProgram to securely log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another through Secure Copy (SCP). communications with the USM Anywhere Remote Support server.
See Troubleshooting and Remote Sensor Support for more information about remote technical support through the USM Anywhere Sensor console.
Hyper-V Machine Deployment
You can deploy a Hyper-V virtual machine using either of the following management tools:
- Microsoft Hyper-V Manager, which is an administrative tool for managing local and remote Hyper-V servers. For more information, see Create the VM with Hyper-V Manager.
- System Center Virtual Machine Manager 2012, which is designed for managing large numbers of virtual servers, based on Microsoft Virtual Server and Hyper-V. For more information, see Create the VM with SCVMM 2012.