Install OT monitoring software on OT sensors
This article is one in a series of articles describing the deployment path for OT monitoring with Microsoft Defender for IoT, and describes how to install Defender for IoT software on OT sensors.
Use the procedures in this article when installing Microsoft Defender for IoT software on your own appliances. You might be reinstalling software on a pre-configured appliance, or you may be installing software on your own appliance.
If you're using pre-configured appliances, skip this step and continue directly with activating and setting up your OT network sensor instead.
Caution
Only documented configuration parameters on the OT network sensor and on-premises management console are supported for customer configuration. Do not change any undocumented configuration parameters or system properties, as changes may cause unexpected behavior and system failures.
Prerequisites
Before installing Microsoft Defender for IoT, make sure that you have:
A plan for your OT site deployment with Defender for IoT, including the appliance you'll be using for your OT sensor.
Access to the Azure portal as a Security Reader, Security Admin, Contributor, or Owner user.
Performed extra procedures per appliance type. Each appliance type also comes with its own set of instructions that are required before installing Defender for IoT software.
Make sure that you've completed any specific procedures required for your appliance before installing Defender for IoT software.
For more information, see:
This step is performed by your deployment teams.
Download software files from the Azure portal
Download the OT sensor software from Defender for IoT in the Azure portal.
In Defender for IoT on the Azure portal, select Getting started > Sensor, and then select the software version you want to download.
Important
If you're updating software from a previous version, use the options from the Sites and sensors > Sensor update menu. For more information, see Update Defender for IoT OT monitoring software.
Install Defender or IoT software on OT sensors
This procedure describes how to install OT monitoring software on an OT network sensor.
Note
Towards the end of this process you will be presented with the usernames and passwords for your device. Make sure to copy these down as these passwords will not be presented again.
To install your software:
Mount the ISO file onto your hardware appliance or VM using one of the following options:
Physical media – burn the ISO file to your external storage, and then boot from the media.
- DVDs: First burn the software to the DVD as an image
- USB drive: First make sure that you’ve created a bootable USB drive with software such as Rufus, and then save the software to the USB drive. USB drives must have USB version 3.0 or later.
Your physical media must have a minimum of 4-GB storage.
Virtual mount – use iLO for HPE appliances, or iDRAC for Dell appliances to boot the ISO file.
When the installation boots, you're first prompted to select the hardware profile you want to use. For example:
For more information, see Which appliances do I need?.
After you've selected the hardware profile, the following steps occur, and can take a few minutes:
- System files are installed
- The sensor appliance reboots
- Sensor files are installed
When the installation steps are complete, the Ubuntu Package configuration screen is displayed, with the
Configuring iot-sensor
wizard, showing a prompt to select your monitor interfaces.In the
Configuring iot-sensor
wizard, use the up or down arrows to navigate, and the SPACE bar to select an option. Press ENTER to advance to the next screen.In the wizard's
Select monitor interfaces
screen, select the interfaces you want to monitor.By default,
eno1
is reserved for the management interface and we recommend that you leave this option unselected.For example:
Important
Make sure that you select only interfaces that are connected.
If you select interfaces that are enabled but not connected, the sensor will show a No traffic monitored health notification in the Azure portal. If you connect more traffic sources after installation and want to monitor them with Defender for IoT, you can add them via the CLI.
In the
Select erspan monitor interfaces
screen, select any ERSPAN monitoring ports that you have. The wizard lists available interfaces, even if you don't have any ERSPAN monitoring ports in your system. If you have no ERSPAN monitoring ports, leave all options unselected.For example:
In the
Select management interface
screen, we recommend keeping the defaulteno1
value selected as the management interface.For example:
In the
Enter sensor IP address
screen, enter the IP address for the sensor appliance you're installing.In the
Enter path to the mounted backups folder
screen, enter the path to the sensor's mounted backups. We recommend using the default path of/opt/sensor/persist/backups
. For example:In the
Enter Subnet Mask
screen, enter the IP address for the sensor's subnet mask. For example:In the
Enter Gateway
screen, enter the sensor's default gateway IP address. For example:In the
Enter DNS server
screen, enter the sensor's DNS server IP address. For example:In the
Enter hostname
screen, enter the sensor hostname. For example:In the
Run this sensor as a proxy server (Preview)
screen, select<Yes>
only if you want to configure a proxy, and then enter the proxy credentials as prompted.The default configuration is without a proxy.
For more information, see Connect Microsoft Defender for IoT sensors without direct internet access by using a proxy (version 10.x).
The installation process starts running and then shows the credentials screen. For example:
Save the usernames and passwords listed, as the passwords are unique and this is the only time that the credentials are shown. Copy the credentials to a safe place so that you can use them when signing into the sensor for the first time.
For more information, see Default privileged on-premises users.
Select
<Ok>
when you're ready to continue.The installation continues running again, and then reboots when the installation is complete. Upon reboot, you're prompted to enter credentials to sign in. For example:
Enter the credentials for one of the users that you'd copied down in the previous step.
- If the
iot-sensor login:
prompt disappears, press ENTER to have it shown again. - When you enter your password, the password characters don't display on the screen. Make sure you enter them carefully.
When you've successfully signed in, the following confirmation screen appears:
- If the
Configure network adapters for a VM deployment
After deploying an OT sensor on a virtual appliance, configure at least two network adapters on your VM: one to connect to the Azure portal, and another to connect to traffic mirroring ports.
On your virtual machine:
Open your VM settings for editing.
Together with the other hardware defined for your VM, such as memory, CPUs, and hard disk, add the following network adapters:
- Network adapter 1, to connect to the Azure portal for cloud management.
- Network adapter 2, to connect to a traffic mirroring port that's configured to allow promiscuous mode traffic. If you're connecting your sensor to multiple traffic mirroring ports, make sure there's a network adapter configured for each port.
For more information, see:
- Your virtual machine software documentation
- OT network sensor VM (VMware ESXi)
- OT network sensor VM (Microsoft Hyper-V)
- Networking requirements
Note
If you're working with an air-gapped sensor and are deploying an on-premises management console, configure Network adapter 1 to connect to the on-premises management console UI instead of the Azure portal.
Next steps
For more information, see Troubleshoot the sensor.
Feedback
Submit and view feedback for