Exciting news! We are redesigning the Arctic Wolf Help Documentation site to provide a better user experience. Our new site will launch on May 1, 2024.

Legacy Managed Risk Scanner Installation in a vCenter Environment

Updated Apr 4, 2024

Legacy vScanner Installation in a vCenter Environment

This procedure is for Arctic Wolf® virtual appliance images that were downloaded before June 14, 2023. For appliance images that were downloaded on or after June 14, 2023, see Install a vScanner on a standalone ESXi server.

Virtual scanner installation on vCenter

You can install a Virtual Scanner (vScanner) in a VMware vCenter environment.

Note: Verify that you have the appropriate Arctic Wolf permissions to complete the virtual scanner deployment. Contact your Concierge Security® Team (CST) at security@arcticwolf.com to confirm who in your organization has these permissions.

Requirements

Steps

  1. Deploy a vScanner VM using vCenter.
  2. Connect a deployed vScanner to the Arctic Wolf platform.
  3. Activate a deployed vScanner.

Step 1: Deploy a vScanner VM using vCenter

  1. In VMware vCenter, start the Deploy OVF Template wizard.

  2. In the Select an OVF template section, select the scanner .ova file that you downloaded in the previous task, and then click Next.

  3. In the Select a name and folder section, enter a name for the VM of the virtual appliance and the VM folder that it will deploy to, such as <site_name>_Arctic-Wolf, and then click Next.

  4. In the Select a compute resource section, select the vCenter host or cluster that you want to deploy the virtual appliance to, and then click Next.

  5. In the Review details section, verify the VM template details that you set, and then click Next.

  6. In the Configuration section, select AWN Risk Scanner, and then click Next.

  7. In the Select storage section, choose the virtual disk format and the storage volume that you want to deploy the virtual appliance to, and then click Next.

  8. In the Select networks section, choose the Management Network to connect the virtual appliance to, and then click Next.

    Log traffic is sent to the virtual appliance over this network.

    Note: If your firewall performs SSL/TLS inspection, add the scanner management IP address to your allowlist and verify that your firewall allows outbound access from that IP address over port 443.
    To see the IP addresses that you must allowlist, sign in to the Arctic Wolf Unified Portal, click > Allowlist Requirements, and then view the IP addresses in the section for your product.

  9. If you are configuring a proxy server, in the Customize template section:

    1. Select the Use Proxy checkbox.
    2. Enter the proxy server IP address in the Proxy Server IP field.
    3. Enter the proxy server port number in the Proxy server port field.
    4. Fill in any other fields as necessary.
    5. Click Next.
  10. In the Additional settings section, set values for these fields:

    Tip: You might need to expand these fields to set the corresponding values.

    • Identification — Enter a short name to identify the virtual appliance instance in the MDR Dashboard.

    • Network Configuration — Select DHCP or enter a static IP address for the virtual appliance network interface configuration.

      Note: If you select DHCP, you must use a DHCP reservation to prevent log collection and connection errors. Alternatively, assign a static IP address.

  11. Click Next.

  12. In the Ready to complete section, review the summary of the virtual appliance deployment

  13. Click Finish to start the deployment.

  14. After the deployment is complete, power on the virtual appliance VM.

Step 2: Connect a deployed vScanner to the Arctic Wolf platform

  1. Select one of these options to open the newly deployed virtual appliance VM console:

    • Launch Web Console — Opens the VM console in a web browser window.
    • Launch Remote Console — Launches the VMware Remote Console application.

    A QR code appears. The QR code expires after 15 minutes. A new code appears in the console if the QR code expires.

    Tip: If a QR code does not appear, the virtual appliance is unable to access the services required to connect, likely due to internet connectivity.

  2. Connect the virtual appliance to the Arctic Wolf Platform in one of these ways:

    • Using a mobile device — Scan the QR code displayed in the console window, and then follow the on-screen prompts.

      You might be prompted to sign in to your Arctic Wolf account on your mobile device.

    • In a web browser — Enter the URL that appears under the QR code. Alternatively, go to https://auth.arcticwolf.com/activate, and then enter the eight-character device activation code displayed in the console window in this hyphenated format: AAAA-AAAA.

After the virtual appliance successfully connects to the Arctic Wolf Platform, the Arctic Wolf logo replaces the QR code in the virtual appliance VM console. The logo might take up to five minutes to appear.

Note: If the logo does not appear after five minutes, contact your CST.

Step 3: Activate a deployed vScanner

Activating a deployed vScanner enables data ingestion and log collection.

Note: Only the user who completed the steps to Connect a deployed vScanner to the Arctic Wolf platform can activate a deployed vScanner. The vScanner might take up to 20 minutes to display in the portal.

  1. Sign in to the MDR Dashboard.
  2. Click Account > Arctic Wolf Appliance Management.
  3. Find the appliance that you want to activate.
  4. In the Actions section, select the Power icon, and then select Activate Virtual Network Appliance when prompted.

Next steps

Reconfigure a vScanner via vApp for platformized VMs

You can change these network settings for a deployed Arctic Wolf :

To change these settings:

  1. Shut down the virtual appliance that you want to reconfigure.

  2. Wait for the VM to shut down.

  3. In vCenter Server or vSphere Client, select the Configure tab.

  4. Select vApp Options from the navigation pane.

    Note: Do not disable vApp Options for a deployed virtual appliance. Disabling this functionality removes all properties used to configure the network settings of the VM.

  5. For each network setting you want to configure, complete these steps:

    1. In the Properties section, select the virtual appliance item that you want to reconfigure.

      For example, select the option that lets you reconfigure the network interface.

    2. Above the table, click Set Value and enter the new value for the property.

      Note: Do not click Edit. The Edit option lets you edit the name of the property, not the value assigned to it.

  6. Restart the virtual appliance VM.

Uninstall a vScanner using vApp for platformized VMs

  1. Decommission the sensor:

    1. Sign in to the MDR Dashboard.
    2. Click Account > Arctic Wolf Appliance Management.
    3. Find the appliance that you want to decommission.
    4. In the Actions column, click Decommission Virtual Appliance, and then select Decommission Virtual Appliance when prompted.
  2. Power down the virtual appliance VM.

  3. In the vCenter Server or vSphere Client, select the virtual appliance deployment, and then select Delete from Disk.

See also