Lumu Virtual Appliance (VA) is a virtualized machine that provides you with all the elements required to collect network metadata to provide you with maximum visibility when it comes to identifying compromised network endpoints within your infrastructure. This guide contains the necessary steps to deploy a Virtual Appliance as a cloud collector on Microsoft Azure.
To ensure the successful deployment of a Lumu VA on Azure, you must meet the following minimum requirements:
To create a cloud collector, you need to download and import a Virtual Appliance into Microsoft Azure and create a Virtual Machine. This section walks you through using PowerShell to set up a Lumu VA on Azure.
1. Access the Lumu Portal and navigate to the Virtual Appliance menu and select ‘Hyper V’ from the ‘Download for’ drop-down list. Unzip the file that contains the appliance image.
2. Azure does not support the VHDX file system, you must convert the VHDX file you downloaded from the Lumu Portal to VHD format. You can use the Convert-VHD PowerShell command to do so. For example:
1. Access your Azure portal and open your Storage Browser.
2. Select the Subscription and Storage account in which you would like to store the disk created in the previous section. For the purposes of this guide, we will use the "lumudiag" Storage account.
3. The next step is to create a new Blob container. If you already have one, you can skip this step, and the next one. For a new Blob container, select the "Blob containers" tab in the left panel, and click the "Add container" button.
4. When you click on "Add container", a panel will open on the right-hand side where you must assign a name to the container, and set the container's anonymous access level. It is recommended to use the anonymous access level Private (no anonymous access), but you can set this as you wish. Click the "create" button and you should be able to see your container in the list of blob containers.
5. Now that we have a place to upload the VHD disk we created in the previous section, we need to generate an SAS token that AzCopy uses to upload our disk. For this, we must go to Storage accounts in our Azure portal.
6. In the Storage accounts section, select the account where we previously created the Blob container. In our case “lumudiag”.
7. In the Data storage section, select the Containers tab, and in the list, look for the container we created previously.
8. In your container view, click on the Shared access tokens tab. Select the “Read”, "Add", "Create" and "Write" permissions; if your network configuration does not support HTTPs, you can enable the HTTP protocol for file uploads. Finally, click on the "Generate SAS token and URL" button.
9. When you click on the generate SAS token button, copy the string into the "Blob SAS URL" box.
1. Download the AzCopy v10 utility from the Microsoft website, unzip and put the files in the directory C:\Windows\System32.
2. Open a new PowerShell console, and with the help of AzCopy, upload the VHD disk we created at the start of this guide using this command:
You should see a summary from AzCopy indicating that a file was successfully uploaded. The upload time will depend on factors such as your internet speed, bandwidth, disk speed, etc.
1. Go to the 'Disks' section in your Azure portal.
2. Click on the "Create" button to create a new managed disk.
3. Select your subscription, resource group, enter a name for your managed disk, and select a region for the disk, and adjust the other settings as necessary. For added security, it is recommended to use Trusted Launch as your Security type. It is necessary that the region of your new disk and the region of the blob container we created in the previous section are the same in order so it shows up when searched for. For example, if my blob container is in the (US) West region, my disk needs to be created in the same region. When you're done, click the “Review + Create” button at the bottom
4. Wait for your managed disk to be deployed. If everything went well, you should see a successful deployment as in the image:
1. Find the managed disk that we created in the previous section and click on the "Create VM" button.
2. Give a descriptive name to your new virtual machine, select the image we created in the previous section and select the size of your virtual machine (be aware of Microsoft's size limitations), in the license type, select "Other". Configure other options to your liking and when you are ready click on the "Review + Create" button at the bottom.
Your new Lumu Virtual Appliance should be on by default, just give it a couple of minutes to finish loading and you can connect to it via SSH using the default credentials and IP assigned by Azure to your virtual machine.
Once you have the appliance activated and configured, set the Lumu VA as default DNS Server for name resolution.
1. Go to the "Virtual networks" section in your Azure portal.
2. In the list of virtual networks, select the virtual network for which you want to change DNS servers for, in this example “LUMUvnet935”.
3. Select “DNS servers” under “Settings” and add the internal IP Addresses of the Lumu Virtual Appliances you deployed on Azure as “Custom”.
If you change the DNS settings for a virtual network or virtual machine that is already deployed, the DHCP lease time may be longer than expected. The DHCP is responsible for allocating IP addresses and other information when requesting clients.
For the new DNS settings to take effect immediately on existing servers, you must perform a DHCP lease renewal on all affected VMs in the virtual network. See Flushing DNS Cache for guidance.
The final step is to verify that your DNS connections are correctly routed through Lumu. See Validate your DNS Settings for more information.