Install OT monitoring software on OT sensors

Article
03/30/2023
6 minutes to read

This article is one in a series of articles describing the deployment path for OT monitoring with Microsoft Defender for IoT, and describes how to install Defender for IoT software on OT sensors.

Use the procedures in this article when installing Microsoft Defender for IoT software on your own appliances. You might be reinstalling software on a pre-configured appliance, or you may be installing software on your own appliance.

If you're using pre-configured appliances, skip this step and continue directly with activating and setting up your OT network sensor instead.

Caution

Only documented configuration parameters on the OT network sensor and on-premises management console are supported for customer configuration. Do not change any undocumented configuration parameters or system properties, as changes may cause unexpected behavior and system failures.

Prerequisites

Before installing Microsoft Defender for IoT, make sure that you have:

A plan for your OT site deployment with Defender for IoT, including the appliance you'll be using for your OT sensor.
Access to the Azure portal as a Security Reader, Security Admin, Contributor, or Owner user.
Performed extra procedures per appliance type. Each appliance type also comes with its own set of instructions that are required before installing Defender for IoT software.

Make sure that you've completed any specific procedures required for your appliance before installing Defender for IoT software.

For more information, see:

This step is performed by your deployment teams.

Download software files from the Azure portal

Download the OT sensor software from Defender for IoT in the Azure portal.

In Defender for IoT on the Azure portal, select Getting started > Sensor, and then select the software version you want to download.

Important

If you're updating software from a previous version, use the options from the Sites and sensors > Sensor update menu. For more information, see Update Defender for IoT OT monitoring software.

Install Defender or IoT software on OT sensors

This procedure describes how to install OT monitoring software on an OT network sensor.

Note

Towards the end of this process you will be presented with the usernames and passwords for your device. Make sure to copy these down as these passwords will not be presented again.

To install your software:

Mount the ISO file onto your hardware appliance or VM using one of the following options:
- Physical media – burn the ISO file to your external storage, and then boot from the media.
  - DVDs: First burn the software to the DVD as an image
  - USB drive: First make sure that you’ve created a bootable USB drive with software such as Rufus, and then save the software to the USB drive. USB drives must have USB version 3.0 or later.
  Your physical media must have a minimum of 4-GB storage.
- Virtual mount – use iLO for HPE appliances, or iDRAC for Dell appliances to boot the ISO file.
When the installation boots, you're first prompted to select the hardware profile you want to use. For example:

For more information, see Which appliances do I need?.

After you've selected the hardware profile, the following steps occur, and can take a few minutes:
- System files are installed
- The sensor appliance reboots
- Sensor files are installed
When the installation steps are complete, the Ubuntu Package configuration screen is displayed, with the Configuring iot-sensor wizard, showing a prompt to select your monitor interfaces.

In the Configuring iot-sensor wizard, use the up or down arrows to navigate, and the SPACE bar to select an option. Press ENTER to advance to the next screen.
In the wizard's Select monitor interfaces screen, select the interfaces you want to monitor.

By default, eno1 is reserved for the management interface and we recommend that you leave this option unselected.

For example:

Important

Make sure that you select only interfaces that are connected.

If you select interfaces that are enabled but not connected, the sensor will show a No traffic monitored health notification in the Azure portal. If you connect more traffic sources after installation and want to monitor them with Defender for IoT, you can add them via the CLI.
In the Select erspan monitor interfaces screen, select any ERSPAN monitoring ports that you have. The wizard lists available interfaces, even if you don't have any ERSPAN monitoring ports in your system. If you have no ERSPAN monitoring ports, leave all options unselected.

For example:
In the Select management interface screen, we recommend keeping the default eno1 value selected as the management interface.

For example:
In the Enter sensor IP address screen, enter the IP address for the sensor appliance you're installing.
In the Enter path to the mounted backups folder screen, enter the path to the sensor's mounted backups. We recommend using the default path of /opt/sensor/persist/backups. For example:
In the Enter Subnet Mask screen, enter the IP address for the sensor's subnet mask. For example:
In the Enter Gateway screen, enter the sensor's default gateway IP address. For example:
In the Enter DNS server screen, enter the sensor's DNS server IP address. For example:
In the Enter hostname screen, enter the sensor hostname. For example:
In the Run this sensor as a proxy server (Preview) screen, select <Yes> only if you want to configure a proxy, and then enter the proxy credentials as prompted.

The default configuration is without a proxy.

For more information, see Connect Microsoft Defender for IoT sensors without direct internet access by using a proxy (version 10.x).
The installation process starts running and then shows the credentials screen. For example:

Save the usernames and passwords listed, as the passwords are unique and this is the only time that the credentials are shown. Copy the credentials to a safe place so that you can use them when signing into the sensor for the first time.

For more information, see Default privileged on-premises users.

Select <Ok> when you're ready to continue.

The installation continues running again, and then reboots when the installation is complete. Upon reboot, you're prompted to enter credentials to sign in. For example:
Enter the credentials for one of the users that you'd copied down in the previous step.
- If the iot-sensor login: prompt disappears, press ENTER to have it shown again.
- When you enter your password, the password characters don't display on the screen. Make sure you enter them carefully.
When you've successfully signed in, the following confirmation screen appears:

Configure network adapters for a VM deployment

After deploying an OT sensor on a virtual appliance, configure at least two network adapters on your VM: one to connect to the Azure portal, and another to connect to traffic mirroring ports.

On your virtual machine:

Open your VM settings for editing.
Together with the other hardware defined for your VM, such as memory, CPUs, and hard disk, add the following network adapters:
- Network adapter 1, to connect to the Azure portal for cloud management.
- Network adapter 2, to connect to a traffic mirroring port that's configured to allow promiscuous mode traffic. If you're connecting your sensor to multiple traffic mirroring ports, make sure there's a network adapter configured for each port.

For more information, see:

Your virtual machine software documentation
OT network sensor VM (VMware ESXi)
OT network sensor VM (Microsoft Hyper-V)
Networking requirements

Note

If you're working with an air-gapped sensor and are deploying an on-premises management console, configure Network adapter 1 to connect to the on-premises management console UI instead of the Azure portal.

Next steps

For more information, see Troubleshoot the sensor.

« Provision OT sensors for cloud management

Validate after installing software »