Lumu Virtual Appliances

Introduction to Lumu Virtual Appliances

The Lumu Virtual Appliance (VA) is a pre-configured lightweight virtual machine solution that collects the network metadata of your entire enterprise and forwards it to the Lumu cloud with the lowest impact on the network operation. This document will help you get started and review the requirements to deploy Lumu VAs seamlessly.

As we show in our deployment and integration overview, Lumu Virtual Appliances are the lighthouses of Lumu within your organization.

Lumu VAs can act as conditional DNS forwarders within the enterprise's perimeter while providing detailed visibility into malicious activity in the network in real-time. In this scenario, all the network endpoints send their DNS queries to the Lumu VA, which will answer the clients’ DNS queries by forwarding public DNS queries to the internet, and local queries to your existing DNS servers. Additionally, you can set up the Virtual Appliance simultaneously for additional metadata collection, such as firewall logs, and proxy logs.


Lumu VA also provides Collectors for automatic ingestion of extensive metadata sources such as DNS, netflows, firewalls, and proxy logs. In the scenario, for example, where a network has a domain controller acting as a DNS, those assets can be monitored by a Lumu VA that can receive and process DNS metadata from multiple domain controllers. This approach does not require modifying the network configuration.


You have the option to enhance the compromise assessment of your Cloud infrastructure by deploying Lumu VA as a Cloud Collector in environments such as Amazon AWS, Google Cloud, and Microsoft Azure.


Please note that not all of these metadata Collectors are required for having a successful Lumu implementation, only the ones that work best for your specific network. Also, note that some features, such as endpoint-level visibility and netflow log collection are only available for Lumu Paid subscriptions, consult Lumu Offerings for more details.

Advantages of Virtual Appliances

Seamless Deployment

With the Lumu Virtual Appliances, no client-side application is required. 

Self-service and Cloud-based delivery

Lumu VAs can be easily downloaded from the Lumu Portal and come pre-configured to be deployed on your preferred hypervisor or cloud solution.

Asset-level Compromise Visibility

Depending on your subscription, the Lumu VA provides you with internal IP visibility, allowing you to monitor malicious traffic within your network to specific endpoints.

Requirements

The Lumu Virtual Appliance is a virtualized machine running Ubuntu. It is compatible with the most common hypervisors such as VMWare ESX/ESXi, Windows Hyper-V, and cloud solutions such as Microsoft Azure, Google Cloud Platform, and Amazon Web Services.

Consider the following as a reference for the minimum virtualized hardware requirements per VA collecting DNS metadata only:

  1. Dedicated CPU: 2
  2. RAM: 4GB
  3. Disk space: 30GB
For more details on using VA with additional collectors (firewall, proxy, etc.), consult our documentation about  sizing guidelines.
You will find specific requirements according to the hypervisor and selected collector in each of their respective documentations.

Deploy and Set Up Virtual Appliances

All detailed steps to create, download and install a virtual appliance on your preferred hypervisor or Cloud solution are available in our documentation:

  1. Deploy Virtual Appliances
  2. Configure Virtual Appliances and set up collectors
        • Related Articles

        • Deploy Virtual Appliances

          To get started and review requirements for Lumu Virtual Appliances, consult our document Introduction to Virtual Appliances. Follow these simple steps to create and download a pre-configured Virtual Appliance and start illuminating threats and ...
        • Lumu Virtual Appliance Collectors

          To get started with Lumu Virtual Appliances, consult our Introduction to Lumu Virtual Appliances article. The Lumu Virtual Appliance (VA) is a pre-configured lightweight virtual machine solution that collects the network metadata of your entire ...
        • Advanced Settings for Virtual Appliances

          The Lumu Virtual Appliance (VA) allows for full visibility into the compromises inside your network and is available for the most commom hypervisors. This document lists and describes procedures for managing advanced settings and troubleshooting for ...
        • Manage Virtual Appliances and Collectors

          You have the option to manage Lumu Virtual Appliances (VA) directly from the Lumu Portal. The virtual appliance allows for full visibility into the compromises inside your network and is available for the most commom hypervisors. This document lists ...
        • Configure Virtual Appliances

          Once the Virtual Appliance (VA) has been added to the Lumu Portal and imported into a hypervisor or cloud environment, it is time to configure the Lumu VA to collect network metadata to illuminate threats, attacks, and adversaries coming from your ...