Prepare an on-premises management console appliance (Legacy)
Important
Defender for IoT now recommends using Microsoft cloud services or existing IT infrastructure for central monitoring and sensor management, and plans to retire the on-premises management console on January 1st, 2025.
For more information, see Deploy hybrid or air-gapped OT sensor management.
This article is one in a series of articles describing the deployment path for a Microsoft Defender for IoT on-premises management console for air-gapped OT sensors.
Just as you'd prepared an on-premises appliance for your OT sensors, prepare an appliance for your on-premises management console.
Prepare a virtual appliance
If you're using a virtual appliance, ensure that you have the relevant resources configured.
For more information, see OT monitoring with virtual appliances.
Prepare a physical appliance
If you're using a physical appliance, ensure that you have the required hardware. You can buy pre-configured appliances, or plan to install software on your own appliances.
To buy pre-configured appliances, email hardware.sales@arrow.com request your appliance.
For more information, see Which appliances do I need?
Prepare ancillary hardware
If you're using physical appliances, make sure that you have the following extra hardware available for each physical appliance:
- A monitor and keyboard
- Rack space
- AC power
- A LAN cable to connect the appliance's management port to the network switch
- LAN cables for connecting mirror (SPAN) ports and network terminal access points (TAPs) to your appliance
Prepare CA-signed certificates
While the on-premises management console is installed with a default, self-signed SSH/TLS certificate, we recommend using CA-signed certificates in production deployments.
SSH/TLS certificate requirements are the same for on-premises management consoles as they are for OT network sensors.
If you want to deploy a CA-signed certificate during initial deployment, make sure to have the certificate prepared. If you decide to deploy with the built-in, self-signed certificate, we recommend that you still deploy a CA-signed certificate in production environments later on.
For more information, see: