The Lumu Virtual Appliance (VA) is a pre-configured lightweight virtual machine solution that collects the network metadata of your entire enterprise and forwards it to the Lumu cloud with the lowest impact on the network operation. This document will help you get started and review the requirements to deploy Lumu VAs seamlessly.
Lumu VAs can act as conditional DNS forwarders within the enterprise's perimeter while providing detailed visibility into malicious activity in the network in real-time. In this scenario, all the network endpoints send their DNS queries to the Lumu VA, which will answer the clients’ DNS queries by forwarding public DNS queries to the internet, and local queries to your existing DNS servers. Additionally, you can set up the Virtual Appliance simultaneously for additional metadata collection, such as firewall logs, and proxy logs.
You have the option to enhance the compromise assessment of your Cloud infrastructure by deploying Lumu VA as a Cloud Collector in environments such as Amazon AWS, Google Cloud, and Microsoft Azure.
With the Lumu Virtual Appliances, no client-side application is required.
Lumu VAs can be easily downloaded from the Lumu Portal and come pre-configured to be deployed on your preferred hypervisor or cloud solution.
Depending on your subscription, the Lumu VA provides you with internal IP visibility, allowing you to monitor malicious traffic within your network to specific endpoints.
The Lumu Virtual Appliance is a virtualized machine running Ubuntu. It is compatible with the most common hypervisors such as VMWare ESX/ESXi, Windows Hyper-V, and cloud solutions such as Microsoft Azure, Google Cloud Platform, and Amazon Web Services.
Consider the following as a reference for the minimum virtualized hardware requirements per VA collecting DNS metadata only:
All detailed steps to create, download and install a virtual appliance on your preferred hypervisor or Cloud solution are available in our documentation: