Lumu Virtual Appliance (VA) is a virtualized machine that provides you with all the elements required to collect network metadata to provide you with maximum visibility when it comes to identifying compromised network endpoints within your infrastructure. This guide contains the necessary steps to deploy a Virtual Appliance as a cloud collector on Microsoft Azure.

Requirements

To ensure the successful deployment of a Lumu VA on Azure, you must meet the following minimum requirements:

1. Azure management rights.
   
2. Azure PowerShell ISE installed.
   
3. Virtualization support turned on in the BIOS or UEFI (Hyper-V).
   

To install Azure PowerShell and its prerequisites, consult the Microsoft documentation. For the full list of requirements, consult this document.

Azure Setup

To create a cloud collector, you need to download and import a Virtual Appliance into Microsoft Azure and create a Virtual Machine. This section walks you through using PowerShell to set up a Lumu VA on Azure.

1. Access the Lumu Portal and navigate to the Virtual Appliance menu and select ‘Hyper V’ from the ‘Download for’ drop-down list. Unzip the file that contains the appliance image.

2. Azure does not support the VHDX file system, you must convert the VHDX file you downloaded from the Lumu Portal to VHD format. You can use the Convert-VHD PowerShell command to do so. For example:

If for some reason it is not possible to use PowerShell, the Hyper-V Manager provides a functionality to transform VHDX disks to VHD. You can learn more about this process here.

Preparing Your Azure Storage

1. Access your Azure portal and open your Storage Browser.

2. Select the Subscription and Storage account in which you would like to store the disk created in the previous section. For the purposes of this guide, we will use the "lumudiag" Storage account.

3. The next step is to create a new Blob container. If you already have one, you can skip this step, and the next one. For a new Blob container, select the "Blob containers" tab in the left panel, and click the "Add container" button.

4. When you click on "Add container", a panel will open on the right-hand side where you must assign a name to the container, and set the container's anonymous access level. It is recommended to use the anonymous access level Private (no anonymous access), but you can set this as you wish. Click the "create" button and you should be able to see your container in the list of blob containers.

5. Now that we have a place to upload the VHD disk we created in the previous section, we need to generate an SAS token that AzCopy uses to upload our disk. For this, we must go to Storage accounts in our Azure portal.

6. In the Storage accounts section, select the account where we previously created the Blob container. In our case “lumudiag”.

7. In the Data storage section, select the Containers tab, and in the list, look for the container we created previously.

As you may have noticed, it is also possible to create containers directly from this section by clicking on the "+ Container" button.

8. In your container view, click on the Shared access tokens tab. Select the “Read”, "Add", "Create" and "Write" permissions; if your network configuration does not support HTTPs, you can enable the HTTP protocol for file uploads. Finally, click on the "Generate SAS token and URL" button.

9. When you click on the generate SAS token button, copy the string into the "Blob SAS URL" box.

Uploading Your Disk to Azure

1. Download the AzCopy v10 utility from the Microsoft website, unzip and put the files in the directory C:\Windows\System32.

2. Open a new PowerShell console, and with the help of AzCopy, upload the VHD disk we created at the start of this guide using this command:

azcopy.exe copy 'C:\Path\To\Lumu Virtual Appliance.vhd' 'YOUR BLOB SAS URL HERE'

It is important to enclose your SAS token in single quotes to prevent PowerShell from interpreting special characters.

You should see a summary from AzCopy indicating that a file was successfully uploaded. The upload time will depend on factors such as your internet speed, bandwidth, disk speed, etc.

Create and Deploy Managed Disk in Azure

1. Go to the 'Disks' section in your Azure portal.

2. Click on the "Create" button to create a new managed disk.

3. Select your subscription, resource group, enter a name for your managed disk, and select a region for the disk, and adjust the other settings as necessary. For added security, it is recommended to use Trusted Launch as your Security type. It is necessary that the region of your new disk and the region of the blob container we created in the previous section are the same in order so it shows up when searched for. For example, if my blob container is in the (US) West region, my disk needs to be created in the same region. When you're done, click the “Review + Create” button at the bottom

The Lumu Virtual Appliance supports the new generation of Microsoft virtual machines (Gen2). However, this new generation has some limitations when creating virtual machines; you can learn more about these limitations in the official Microsoft documentation.

4. Wait for your managed disk to be deployed. If everything went well, you should see a successful deployment as in the image:

Create Virtual Machine from Managed Disk in Azure

1. Find the managed disk that we created in the previous section and click on the "Create VM" button.

2. Give a descriptive name to your new virtual machine, select the image we created in the previous section and select the size of your virtual machine (be aware of Microsoft's size limitations), in the license type, select "Other". Configure other options to your liking and when you are ready click on the "Review + Create" button at the bottom.

It is necessary that the virtual machine has a minimum of 2 vCPUs and 4 GiB of RAM for optimal operation.

3. Wait for your new virtual machine to be deployed. You should see a successful deployment and a button to go to manage your virtual machine as in the image:

If you see an alert with the following message: "virtual machine agent status is not ready." do not worry. This is because the Microsoft status agent only works on Windows, and the Lumu Virtual Appliance works on Linux.

Activate and Configure the Virtual Appliance

Your new Lumu Virtual Appliance should be on by default, just give it a couple of minutes to finish loading and you can connect to it via SSH using the default credentials and IP assigned by Azure to your virtual machine.

Remember to change the default password for the lumuappliance user.

It's time to activate and configure your new Virtual Appliance; you can learn how to do it in this guide.

Azure Virtual Network Setup

Once you have the appliance activated and configured, set the Lumu VA as default DNS Server for name resolution.

1. Go to the "Virtual networks" section in your Azure portal.

2. In the list of virtual networks, select the virtual network for which you want to change DNS servers for, in this example “LUMUvnet935”.

3. Select “DNS servers” under “Settings” and add the internal IP Addresses of the Lumu Virtual Appliances you deployed on Azure as “Custom”.

Flush the DNS cache

If you change the DNS settings for a virtual network or virtual machine that is already deployed, the DHCP lease time may be longer than expected. The DHCP is responsible for allocating IP addresses and other information when requesting clients.

For the new DNS settings to take effect immediately on existing servers, you must perform a DHCP lease renewal on all affected VMs in the virtual network. See Flushing DNS Cache for guidance.

Validate your settings

The final step is to verify that your DNS connections are correctly routed through Lumu. See Validate your DNS Settings for more information.