Arctic Wolf Appliances


vSensor Installation in a VMware vSphere Environment

Updated Feb 16, 2024

Install a vSensor in a VMware vSphere environment

Notes:

  • Each vSensor virtual machine (VM) supports one network interface. If more network interfaces are necessary, deploy more vSensor VMs.
  • If you are deploying multiple vSensor instances, Arctic Wolf recommends that you use the same OVA file, and then complete the installation and activation process again for each vSensor.
  • Cloning a vSensor instance is not supported because it creates operational errors in the original vSensor and in the cloned instance.

You can install an Arctic Wolf® Virtual Sensor (vSensor) in a VMware vSphere® environment.

Requirements

Before you begin

Steps

  1. Download the vSensor image.
  2. Deploy the vSensor.
  3. Verify that the vSensor deployed correctly.
  4. Configure the vSensor.
  5. Activate the vSensor.

Step 1: Download the vSensor image

Note: The virtual appliance image file must be downloaded on or after June 14, 2023. For appliance images downloaded before June 14, 2023, see Legacy vSensor Installation.

  1. Sign in to the MDR Dashboard.
  2. Click Account > Downloads.
  3. In the Virtual Network Appliances section, click Download Virtual Network Appliance to start the OVA file download.

    Tip: If your browser downloads the OVA file in .ovf format, rename the file to change the file extension to .ova.

Step 2: Deploy the vSensor

  1. Sign in to your vSphere client.

  2. Right-click your resource pool, and then select Deploy OVF Template.

  3. On the Select an OVF template page:

    1. Select Local file.
    2. Click UPLOAD FILES.
    3. Select the downloaded OVA file, and then click Open.
    4. Click Next.
  4. On the Select a name and folder page:

    1. In the Virtual machine name field, enter a name for the vSensor.
    2. Select the location for the virtual machine, and then click Next.
    3. Click Next.
  5. On the Select a compute resource page:

    1. Select a destination compute resource.
    2. Click Next.
  6. On the Review details page, click Next.

  7. On the Configuration page, select one of these options:

    • AWNv100 Virtual Sensor
    • AWNv200 Virtual Sensor
    • AWNv1000 Virtual Sensor

    Note: To view your available vSensor models, sign in to the MDR Dashboard, and then click Accounts > Arctic Wolf Appliance Management.

  8. On the Select storage page:

    1. (Optional) Select Encrypt this virtual machine. See the VMware vSphere product documentation for steps to encrypt an existing virtual machine or virtual disk.

      Tip: While optional, Arctic Wolf recommends that you encrypt the vSensor to make sure all data stored and flowing through the appliance has an added layer of protection.

    2. Select the storage location for the configuration and disk files.

    3. Click Next.

  9. On the Select networks page:

    1. Select the appropriate Destination Network.

      Log traffic is sent to the vSensor across this network.

    2. Click Next.

  10. On the Ready to complete page, click Finish.

    Note: The OVA image can take some time to upload. In the vSphere Client, on the Recent Tasks tab, you can view the progress of the upload.

Step 3: Verify that the vSensor deployed correctly

  1. If the vSensor power is off, right-click your VM in the vSphere Client, and then click Power > Power On.
  2. Verify that the vSensor VM power is on.
  3. Verify that the VM IP address appears in the VM summary.

Step 4: Configure the vSensor

  1. In the vSphere web UI, right-click your VM, and then click Power > Power On.

  2. Right-click your VM, and then click Console > Open Console.

  3. When prompted, press Enter three times to initiate the serial console session.

  4. At the Select an option to configure your management interface with prompt, select DHCP or enter a static IP address for the vSensor management interface.

    Note: If you select DHCP, you must use a DHCP reservation to prevent log collection and connection errors.

  5. Click Next.

  6. At the Use a proxy? prompt, do one of these actions:

    • If your vSensor traffic goes through a proxy server, select Yes, and then configure these settings:
      • Server IP address — Enter the proxy server IP address for your appliance.
      • Server port — Enter the proxy server port.
    • If your vSensor traffic does not go through a proxy server, select No.
  7. Click Next.

  8. At the Do you want to verify your network connection? prompt, select one of these options:

    • Yes

      A series of connectivity tests run.

    • No

  9. Click Next.

  10. At the Tell us about the application you are configuring prompt, configure these settings:

    • In the Shorthand field, enter the shorthand name for the vSensor.

    • Select Mirroring.

  11. Click Next.

  12. When prompted, do one of these actions to connect the vSensor to the Arctic Wolf Platform:

    • On a mobile device — Scan the QR code displayed in the console window, and then follow the on-screen prompts.

      Note: QR codes expire after 15 minutes. A new code appears in the console if the QR code expires.

    • In a web browser — Enter the displayed URL into the URL field, and then follow the on-screen prompts.

    After the vSensor successfully connects to the Arctic Wolf Platform, a prompt replaces the QR code, asking you to sign in to the MDR Dashboard, and then click Accounts > Arctic Wolf Appliance Management.

Step 5: Activate the vSensor

Note: Only the user who completed Configure the vSensor can activate the vSensor.

  1. Sign in to the MDR Dashboard.

  2. Click Account > Arctic Wolf Appliance Management.

  3. Find the appliance that you want to activate.

  4. In the Actions column, click Activate <appliance>, and then click Activate <appliance> when prompted.

    The console displays Appliance activation in progress, please wait.

  5. When prompted, press Enter three times to activate the console.

See also