Install a vScanner in Nutanix Prism Central

You can install an Arctic Wolf® Virtual Scanner (vScanner) in a Nutanix Prism Central® environment.

Note:
  • For information about installing a vScanner in Nutanix Prism Element, see Install a vScanner in Nutanix Prism Element.
  • During connectivity tests, appliances may communicate with external IP addresses behind a cloud service that Arctic Wolf hosts.

These resources are required:

  • These system resources:
    • 8 vCPUs
    • 16 GB RAM
    • 40 GB storage
    Note: Reducing or limiting resource allocations below the specified requirements affects virtual appliance performance. If the appliance's CPU is throttled, security observations can be lost. Do not configure the Reservation, Limit, or Shares settings to throttle the appliance's CPU.

These actions are required:

  • Make sure you have the appropriate Arctic Wolf permissions to install the appliance. Contact your Concierge Security® Team (CST) at security@arcticwolf.com to identify who in your organization has these permissions.
  • Add all necessary IP addresses, ports, and services to your allowlist for full appliance functionality.
    Tip: To see the IP addresses that you must allowlist, sign in to the Arctic Wolf Unified Portal, click Resources > Allowlist Requirements, and then view the IP addresses in the section for your product.
  • If you rate-limit the appliance with Quality of Service (QoS), remove this for best performance.
  • If your firewall provides SSL/TLS inspection, do not do this inspection on the appliance management IP address.
  • If you use an application proxy or layer 7 filter on your firewall, allow outbound traffic for the appliance management IP address.
  • Schedule host identification and vulnerability scans. For more information, see Configure a scanner.

Download the vScanner image

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Resources > Downloads.
  3. In the Virtual Network Appliances section, click the VMWare/Nutanix tab.
  4. Click Download.
    Tip:

    If your browser downloads the OVA file in .ovf format, rename the file to change the file extension to .ova.

  5. Click to copy the SHA-256 value.

Deploy the vScanner

  1. Sign in to Nutanix Prism Central.
  2. Click Compute & Storage > OVAs.
  3. Upload the OVA:
    1. Click Uploads OVAs.
    2. In the OVA Source section, make sure that OVA File is selected.
    3. In the Name field, enter a name for the vScanner.
    4. In the Checksum field, enter the SHA-256 value that you copied in Download the vScanner image.
    5. In the Choose OVA File section, click Select File.
    6. Select the OVA file that you downloaded in Download the vScanner image.
      The OVA uploads.
      Tip: You can click Continue in Background to leave this screen and continue the upload.
  4. Click the OVAs tab.
  5. Select the OVA that you uploaded.
  6. Click Actions > Deploy as VM.
  7. Optional: In the Description field, enter a description for the vScanner.
  8. In the VM Properties section, complete these fields:
    • CPU — Enter 8.
    • Cores Per CPU — Enter 1.
    • Memory — Enter 16.
  9. Click Next.
  10. Select the subnet for the vScanner:
    1. In the Networks section, click Edit.
    2. In the Subnet section, select the subnet for the vScanner.
    3. Click Save.
    4. In the Networks section, next to any unused network rows, click Delete.
  11. Click Next.
  12. In the Categories and Timezone fields, set a category or timezone for the vScanner.
  13. Click Next.
  14. Click Create VM.

Connect to the serial console

  1. In Nutanix Prism Central, click Compute & Storages > VMs.
  2. Click the vScanner that you deployed.
  3. Click More > Power On.
  4. Click Launch Console.

Configure the vScanner

Use the serial console to configure the vScanner. For more information on using the serial console, see Serial console.

  1. When prompted, press Enter three times to initiate the serial console session.
  2. At the Select an option to configure your management interface with prompt, select DHCP or enter a static IP address for the virtual appliance management interface.
    Note: If you select DHCP, you must use a DHCP reservation to prevent log collection and connection errors.
  3. Select Next.
  4. At the Use a proxy? prompt, select No. Proxy cannot be configured for scanners.
  5. Select Next.
  6. At the Do you want to verify your network connection? prompt, select one of these options:
    • Yes

      A series of connectivity tests run. If a connectivity check fails, edit your network settings as needed, and then complete the connectivity checks again.

    • No
  7. Select Next.
  8. At the Tell us about the application you are configuring prompt, configure these settings:
    1. In the Shorthand field, enter a shorthand name for the virtual appliance.
    2. Select Scanner.
  9. Select Next.
  10. When prompted, do one of these actions to connect the virtual appliance to Arctic Wolf:
    Note: Make sure you have the appropriate Arctic Wolf permissions to install the vScanner. You can view the permissions in the Contacts page of the Unified Portal or contact your Concierge Security® Team (CST) at security@arcticwolf.com to identify who in your organization has these permissions.
    • On a mobile device — Scan the QR code displayed in the console window, and then follow the on-screen prompts.
      Note: QR codes expire after 15 minutes. A new code appears in the console if the QR code expires.
    • In a web browser — Enter the displayed URL into the URL field, and then follow the on-screen prompts.

    After the virtual appliance successfully connects to Arctic Wolf, a prompt replaces the QR code.

Activate the vScanner

Note: Only the user who configured the vScanner can activate the vScanner.
  1. Sign in to the Arctic Wolf Unified Portal.
  2. If you are a Managed Service Provider (MSP), verify that you are viewing the correct customer organization.
  3. In the navigation menu, click Data Collection > Scanners.
  4. Find the virtual appliance that you want to activate, and then click Configure.
    Tip: Virtual appliances that are not activated have the Awaiting Activation status.
  5. Click Activate.
    The console displays Appliance activation in progress, please wait.
  6. If you are an MSP, select the same customer organization that you are currently viewing in the Unified Portal, and then Activate Virtual Appliance.
    Note: To activate the virtual appliance for a different customer, switch to that customer organization before completing this step.
    The serial console displays Appliance activation in progress, please wait.
  7. In the serial console, when prompted, press Enter three times to activate the console.