Introduction
Field Effect MDR's appliances, both the primary and secondary device types, can de deployed physically within your network, or within a virtualized environment.
To learn more about our appliances; the difference between primary and secondary devices, overviews, and more, visit our Help Center content on appliances.
The virtual appliance installed in Azure acts as the primary appliance receiving telemetry from endpoint agents and secondary remote sensor. A virtual appliance may also act as a remote sensor, which would send data to an existing primary appliance.
Setting up the Virtual Appliance (Azure)
This section walks through the process of creating an Azure Virtual Appliance. The first step is to ensure that you have requested a self-hosted Azure virtual appliance. You will then be able to download a cloud-init user data YAML file provided by Field Effect in the Downloads page of the MDR Portal. Download this file and rename it to "cloud-init-covalence.txt."
This process uses the Azure CLI so the size of the disk used for the Operating System (OS) can be specified. The commands below assume a bash shell – either via the Azure Cloud Shell or local Linux/WSL environment using the Azure CLI.
The following commands are provided as an example, and as such, they will need to be tailored to your specific Azure tenant (specific subscriptions, etc.). In order for the appliance to function, it requires outbound internet access to connect back to Field Effect's services.
The virtual machine instance type and disk size (Standard_D4ds_v5 & 1024GB SSD) used in this example should be sufficient for a primary appliance servicing up to 400 agents and 1-2 remote sensors. If this virtual appliance is meant to be a remote sensor, Standard_D2ds_v5 and 512GB of storage should be sufficient. If you have requirements outside of this, please contact support@fieldeffect.com.
1. Open a command prompt and create a new working directory “covalence-setup”; “cd covalence-setup”
2. Copy the "cloud-init-covalence.txt" file from above to this directory as “cloud-init-covalence.txt”
3. Install Azure Command Line Interface (CLI) if not already installed (Installing Azure CLI)
4. Login: “az login”
5. Create a resource group, in your preferred region:
az group create \ --name covalenceResourceGroup \ --location eastus
6. Create the VM. The SSH keys and “admin-username” argument are superseded by the cloud-init configuration, but they need to be provided. Change the ‘os-disk-size’ argument and ‘size’ argument depending on guidance from Field Effect:
az vm create \ --resource-group covalenceResourceGroup \ --name Covalence \ --image Canonical:ubuntu-24_04-lts:server:latest \ --custom-data cloud-init-covalence.txt \ --size Standard_D4ds_v5 \ --admin-username covalence-admin \ --nsg-rule NONE \ --generate-ssh-keys \ --public-ip-sku Standard \ --os-disk-size-gb 1024
Traffic Monitoring Configuration in Azure
Please reach out to support@fieldeffect.com to configure traffic monitoring, as it requires custom configuration by our support and operations teams. There are some options available for traffic monitoring:
- Configure Traffic Montiroing in Azure
- Packet Capture via Azure Network Watcher. This functionality is limited to 10 VMs per region, per subscription.
NOTE: The virtual appliance does not act as a NAT gateway by default - this requires additional configuration and coordination with Field Effect.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article