Install and Configure the Virtual Appliances

Learn about Alert Logic appliances and how to install them to ensure that they run at peak performance.

Install an Alert Logic IDS virtual appliance

You must be running VMWare ESXi 6.5 or higher before installing or updating the Alert Logic IDS virtual appliance.

The main use for an Alert Logic virtual appliance is for network IDS analysis and scanning in VMWare deployments.

If you have experience with VMWare management tools and virtual machine installation, you can install a virtual appliance into your environment to collect network traffic and data.

The instructions below are not a complete guide to configure vSphere or virtual data centers. VMWare offers more information regarding vSphere.

Data Center deployments only

For Data Center deployments, you must locate and copy your Unique Registration Key, which you need to install the appliance.

Alert Logic uses the Unique Registration Key to specify where the appliance is located.

To access your Unique Registration Key:

  1. In the Alert Logic console, open the relevant Data Center deployment.
  2. Under Configuration Overview, click Installation Instructions.
  3. Copy your Unique Registration Key.

Download the Alert Logic IDS virtual appliance

Before you download the virtual appliance, review the virtual appliance requirements.

Link MD5 Type
Latest Virtual Appliance link c1d541b2e7c7c4cd08a9da32630a75a0 VMWare image
Latest Virtual Appliance link 1e33f60226b68d9e08995820d9603e27 Hyper-V

Install the Alert Logic IDS virtual appliance

The appliance is configured with a 60 GB virtual drive.

To install a virtual Alert Logic IDS appliance with vSphere:

  1. Save the virtual appliance image to your target machine.
  2. Import the file into vSphere.
  3. Power on the virtual machine.
  4. Configure your IP address. To manually assign an address, log into a serial console with the following credentials: setup/7739521
  5. In your browser, type: http://<YourVirtualApplianceIPAddress>.
  6. For Data Center deployments only, in Unique Registration ID, paste your unique registration key.
  7. Click Start Claim Process. A screen appears informing you that your appliance is provisioning. For status details, click Go To Detailed Status.

Install an Alert Logic Managed Web Application Firewall (WAF) virtual appliance

Alert Logic Managed Web Application Firewall (WAF) is an add-on implemented per website as a filtering gateway to validate all requests to web systems. The virtual appliance is for use in VMWare deployments.

Download the WAF virtual appliance

Click the download link in the customer onboarding email to download the ISO install image or create a ticket with Alert Logic Support to request a link to download.

Install the WAF virtual appliance

To install the WAF virtual appliance with vSphere:

  1. In the vSphere client, create a new virtual machine with the following minimum specifications:

    Components System Requirements
    Guest operating system CentOS 64-bit
    CPU 2 CPUs 64 bit
    RAM 4 GB
    Disk space 250 GB
    Virtual network interface(s) An interface with an external IP address for management
    An interface with access to the web servers to be protected
    NIC type em1000
    Encryption/decryption for SSL traffic AES-NI CPU instruction set for encryption/decryption of SSL traffic on VMs and host OS is recommended
    Clustering For clustering to work, ensure promiscuous mode, forged transmits, and MAC address changes are allowed on the VMware virtual switch (vSwitch) or the port group in the VMware ESX network configuration
  2. Mount the WAF install ISO image, start the appliance on the image, and then follow the on-screen instructions.
  3. Restart the appliance.
  4. Verify appliance connectivity
  5. In the console, log in with the credentials operator/changeme.
  6. Run the system backend verify command. This test verifies that the appliance can connect to the Alert Logic backend systems.

    Every test should report OK except the last test This test will time out because the appliance has not been fully provisioned.

  7. Call the Alert Logic Security Operations Center (SOC) at (877) 484-8383, option 2, and then request that a Managed WAF subject matter expert perform a connectivity test.