vScanner Deployment on a Standalone ESXi Server
Updated Sep 20, 2023Install a vScanner on a standalone ESXi server
Arctic Wolf® supports vScanner installation in a standalone VMware ESXi® server environment.
Requirements
-
ESXi version 6.5 or higher
-
The appropriate Arctic Wolf permissions to complete the virtual scanner deployment. Contact your Concierge Security® Team (CST) to confirm who in your organization has these permissions.
-
These system resources:
Note: Reducing or limiting resource allocations below the specified requirements impacts vLC performance.
- 8 vCPUs
- 16 GB RAM
- 40 GB storage
Before you begin
- Add all necessary IP addresses, ports, and services to your allowlist for full vScanner functionality.
Tip: To see the complete list of IP addresses that you must allowlist, go to the Arctic Wolf Unified Portal, and then click Help > Allowlist Requirements. The IP addresses that must be allowlisted are listed under Scanners.
- If you rate-limit the vScanner with Quality of Service (QoS), remove this for best performance.
- If your firewall provides SSL/TLS inspection, do not perform this inspection on the vScanner management IP address.
- If you are using an application proxy or layer 7 filter on your firewall, allow outbound traffic over OpenVPN for the vScanner management IP address.
Steps
- Download the virtual appliance image.
- Deploy the virtual appliance.
- Configure the virtual appliance.
- Activate the vScanner.
Step 1: Download the virtual appliance image
Note: The virtual appliance image file must be downloaded on or after June 14, 2023. For appliance images downloaded prior to June 14, 2023, see Legacy vScanner Installation.
-
Sign in to the Risk Dashboard.
Note: The Risk Dashboard is only compatible with Google Chrome.
-
In the navigation menu, click Downloads.
-
In the Download a Scanner Virtual Machine image for your virtualization infrastructure list, select VMware ESXi.
-
Click Download Scanner VM.
A new Arctic Wolf Portal web page opens.
-
In the Virtual Network Appliances section, click Download Virtual Network Appliance to download the OVA file.
Tip: If your browser downloads the OVA file in
.ovf
format, rename the file to change the file extension to.ova
.
Step 2: Deploy the virtual appliance
- Sign in to your ESXi web UI.
- Click Create / Register VM.
- On the Select creation type page, select Deploy a virtual machine from an OVF or OVA file, and then click Next.
- On the Select OVF and VMDK files page, in the Enter a name for the virtual machine field, enter a name for the virtual machine (VM).
Note: You must provide a unique name for the VM. Re-using a current or past name may prevent activation in the management portal.
- Click Click to select files or drag/drop.
- Select the OVA file you downloaded, and then click Open.
- Click Next.
- On the Deployment options page, in Deployment type, select AWN Risk Scanner.
- Click Next.
- On the Additional setting page, click Next.
- On the Ready to complete page, click Finish.
Step 3: Configure the virtual appliance
-
In the ESXi web UI, right-click your virtual machine, and then click Power > Power On.
-
Right-click your virtual machine, and then click Console > Open Console.
-
When prompted, press Enter three times to initiate the serial console session.
-
At the Select an option to configure your management interface with prompt, select DHCP or enter a static IP address for the vScanner management interface.
Note: If you select DHCP, you must use a DHCP reservation to prevent log collection and connection errors.
-
Click Next.
-
At the Use a proxy? prompt, do one of these actions:
- If your vScanner traffic needs to go through a proxy server, select Yes, and then configure these fields:
- Server IP address — Enter the proxy server IP address for your appliance.
- Server port — Enter the proxy server port.
- If your vScanner traffic does not need to go through a proxy server, select No.
- If your vScanner traffic needs to go through a proxy server, select Yes, and then configure these fields:
-
Click Next.
-
At the Do you want to verify your network connection? prompt, select one of these options:
-
Yes
A series of connectivity tests run.
-
No
-
-
Click Next.
-
At the Tell us about the application you are configuring prompt, configure these settings:
-
In the Shorthand field, enter the shorthand name for the vScanner.
-
Select Scanner.
-
-
Click Next.
-
When prompted, do one of these actions to connect the vScanner to the Arctic Wolf Platform:
- Using a mobile device — Scan the QR code displayed in the console window, and then follow the on-screen prompts.
- Using a web browser — Enter the displayed URL into a web browser, and then follow the on-screen prompts.
Note: QR codes expire after 15 minutes. A new code appears in the console if the QR code expires.
After the vScanner successfully connects to the Arctic Wolf Platform, a prompt replaces the QR code, asking you to go to the Arctic Wolf Appliance Management.
Step 4: Activate the virtual appliance
-
In the Arctic Wolf Portal, click Account > Arctic Wolf Appliance Management.
-
Locate the name or the serial number of the vScanner you want to activate.
-
In the Actions column, click Activate virtual appliance, and then click Activate Virtual Network Appliance when prompted.
The console displays Appliance activation in progress, please wait.
-
When prompted, press Enter three times to activate the console.
Uninstall a virtual appliance
- Decommission the virtual appliance:
-
In the Arctic Wolf Portal, click Account > Arctic Wolf Appliance Management.
A list of deployed virtual appliances appear on this page.
-
Locate the name or serial number of the virtual appliance that you want to decommission.
-
Under Actions, select the Trash icon, and then click Decommission Virtual Appliance when prompted.
-
- In the ESXi web UI, right-click your virtual appliance, and then click Power > Power Off.
- Delete the virtual appliance:
- In the ESXi web UI, select the virtual appliance.
- Click Actions, and then select Delete.
- Click Delete.
Reconfigure a virtual appliance
- In the ESXi web UI, select the virtual appliance.
- Open the virtual console.
- When prompted, press Enter three times to initiate the serial console session.
- Change the required settings.