USM Anywhere™

Create the Hyper-V Virtual Machine

The first task in deploying the Microsoft Hyper-V Sensor is to create, configure, and start the virtual machine (VM) using either the Microsoft System Center Virtual Manager (SCVMM) 2012 or Hyper-V Manager. Before you begin this task, download the Hyper-V sensor package from AT&T Cybersecurity.

To download the Hyper-V package

  1. Go to the USM Anywhere Sensor Downloads page and click the icon of your specific sensor.
    After clicking, your browser starts to download the USM Anywhere Sensor package. Depending on your Internet connection, the download can take 30 minutes or more.

  2. Extract the USM Anywhere Sensor package and place the files where they are accessible from your Hyper-V management tool.

Create the VM with SCVMM 2012

Follow these procedures to create and start the VM using Microsoft System Center Virtual Machine Manager (SCVMM) 2012.

To create a virtual machine with SCVMM 2012

  1. Connect to SCVMM 2012.
  2. Select Library > VM Templates.
  3. Select the AlienVault VM Template under VM Templates, and click Create Virtual Machine.

    4. Create a new VM for the USM Anywhere Sensor in SCVMM 2012

  4. Enter a name for the virtual machine and then click Next.
  5. In Configure Hardware, click Next.
  6. In Select Destination, choose whether to deploy or store the virtual machine and then click Next.
  7. In Select Host, select a destination for the virtual machine and then click Next.
  8. In Configure Settings, review the virtual machine settings and then click Next.
  9. In Add Properties, change the automatic actions, if needed, and then click Next.
  10. In Summary, confirm the settings and then click Next.

    11. The Jobs window opens and shows the virtual machines in the process of creation.

    Jobs window: view process for creating the virtual machine

When the process finishes, you can close the window.

To start the VM and connect

  1. Right-click the VM and select Power On.

    This process could take a few minutes. The Virtual Machine State will display as Running when this is complete.

  2. Right-click the VM and select Connect or View > Connect via Console.

    Connect to the console to start the VM

    Use the information in the Welcome screen to log in to the Sensor. This screen also displays the URL you can use to access USM Anywhere and register the Sensor.

Create the VM with Hyper-V Manager

Follow these procedures to create, configure, and start the virtual machine using Hyper-V Manager.

To create a new VM with Hyper-V Manager

  1. Open the Hyper-V Manager and connect to the server.
  2. From the Actions panel, go to New > Virtual Machine. The New Virtual Machine Wizard launches.
  3. Click Next.
  4. In Specify Name and Location, enter a name for the new virtual machine and then click Next.

    5. Enter a name for the new virtual machine

  5. In Specify Generation, choose Generation 1 for the virtual machine and then click Next.

  6. In Assign Memory, change the value of the Startup memory to 12288 MB.

    Important: Make sure that the Use Dynamic Memory option is not selected.

    Click Next when complete.

    Change the value of the Startup memory to 12288 MB

  7. In Configure Networking, connect the new VM to the desired network and then click Next.

  8. In Connect Virtual Hard Disk, select Use an existing virtual hard disk and then click Browse to locate the usm-os-disk.vhd file that was extracted from the USM Anywhere Sensor package download.

    Note: You will add the data disk later in another step because the wizard doesn't support this.

    Connect the Sensor virtual hard disk (usm-os-disk.vhd)

  9. In Complete the New Virtual Machine Wizard, click Next and then Finish.

To configure a VM using the Hyper-V Manager

  1. Select the VM you previously created, and then select Action > Settings.

  2. In left navigation menu of the dialog box, select Processor and set the number of virtual processors to 4.

    Configure four virtual processors for the Sensor VM

  3. Click Apply.
  4. In the left navigation menu, select IDE Controller 0.

  5. Select Hard Drive, click Add, and then click Browse to locate the usm-data-disk.vhdx file that was part of the USM Anywhere Sensor download.

    Select the usm-data-disk.vhdx file and click Apply.

  6. In the top-left corner of the dialog box, click Add Hardware, and then select Network Adapter External Network > Add to add additional network adapters.

    Add additional network adapters to the VM

    Repeat this function so that you have a total of five network adapters.

    Warning: The Hyper-V Sensor requires all five network interface cards (NICs) to be enabled, otherwise the USM Anywhere update will fail. The NICs can remain disconnected.

    See Configure Network Interfaces for On-Premises Sensors for more information about these interfaces.

    The VM should have five configured network adapters

  7. Click OK.

  8. Configure the ISO file for the datastore.

    Warning: You must complete this step to ensure that the ISO is mounted when you first start the sensor VM. If you see REPLACEME as the initial login password in the sensor welcome screen when you connect to the VM, it is most likely that the ISO was not correctly mounted before start. If this happens, you must shut down the VM, complete this step so that the ISO is configured for the datastore, and then complete the subsequent steps in the procedure to deploy and connect to the sensor.

    • Select IDE Controller 1 > DVD Drive.
    • Select Image file and click Browse to locate the deploy_config.iso image file that was extracted from the USM Anywhere Sensor package download.
    • Cick Apply.

    Select the deploy_config.iso file and click Apply.

  9. Click OK and close the dialog box.

To start the VM and connect

  1. Select the VM and select Action > Start.

    This process can take a few minutes. The Status displays as Running when this is complete.

  2. Select your virtual machine and select Action > Connect.

    Use the information in the Welcome screen to log in to the sensor. This screen also displays the URL you can use to access USM Anywhere and register the sensor.

Next...

See Set Up USM Anywhere on the Hyper-V Virtual Machine