Deploying the Brain image
Deploy the Vectra Brain VM in Azure using the Azure CLI, including required inputs, sizing, and post-deploy access steps.
Deployment Introduction
After validating that you have the information required for deployment (shown below), choose either the Interactive Deployment or the Parameter File-Based Deployment option.
Please Note:
Both the interactive and parameter file-based deployment options will utilize a -- aux-tenants option to specify Vectra’s tenant that houses the image you will deploy in your subscription.
Do not change this tenant!
The Vectra Brain for Azure is currently available in 2 sizes:
VM Type
CPU Cores
Memory
Approximate Throughput
Standard_E32s_v3 (Default)
32
256
~ 15 Gbps, up to 150,000 IPs monitored, 100 sensors
Standard_E16s_v3
16
128
~ 5 Gbps, up to 50,000 IPs monitored, 25 sensors
Vectra strives to make the Brain image available in the Azure regions needed by our customers. In some situations, Azure does not have these image types available in certain regions. When requesting the image from Vectra, work with your account team to ensure the region you wish to deploy in is supported. If you encounter Azure quota restrictions in a supported region, please see the following links for information regarding quota increase requests:
The Azure CLI az deployment group create command will be used for deployment. Additional information about deploying via the Azure CLI and that specific command is available here:
Information required before proceeding with Brain deployment via Azure CLI
Resource group – Name of the Azure resource group to deploy the Brain virtual machine into.
See Creating a Resource Group for more detail.
Template URI (template-uri) – Template URI location as provided by Vectra.
Example template URI (always use the current one that Vectra provided you before deployment):
https://cognito-public-deployment-tools.s3.us-west-2.amazonaws.com/AzureBrain/6.16/mainTemplate.json
Base Name (baseName) – Specifies the base name used for all resources created as part of this deployment.
Requirements:
May contain only letters (a–z, A–Z), numbers (0–9), and hyphens (-).
Must begin and end with a letter or number.
Must not contain spaces or the following characters:
` ~ ! @ # $ % ^ & * ( ) = + _ [ ] { } \ | ; : ' , < > / ? .This value is also used as the default GUI login password and should be changed immediately after deployment.
Brain Image (brainImage) – Resource ID for the Vectra Brain image. This will be provided by Vectra.
Example Brain Image (always use the current one that Vectra provided you before deployment):
/subscriptions/ac63f844-2350-4db1-9655-35817d1347a8/resourceGroups/vectra-dev-WestUS2/providers/Microsoft.Compute/galleries/Production/images/Cognito-6.16/versions/6.16.0
Provisioning Token (provisionToken) – Token that will allow the Brain to register with Vectra.
This will be provided by Vectra. Example shown below (non functional):
9442fd6d-f582-4e6f-9509-edf85f207589
Please note that provisioning tokens expire after 7 days. Vectra can provide a new one if you don’t have a chance to deploy before the initial token expires.
Public SSH Key (sshKey) – Generate an RSA SSH key pair using any standard tool.
Enter the public key in this field.
See Creating an SSH Key Pair above for more detail.
Subnet ID (subnetwork) – Azure ID of the subnet that you will deploy the Brain into.
See Creating a Virtual Network (VNET) and Subnet above for more detail.
Optional information for deployment when additional customization of options is desired
If you wish to deploy a Brain size other than the default or to provision without a public IP address, you must use the Parameter File-Based Deployment. You will be able to control the following in this method:
Creating a Public IP (createPublicAddress) – Whether or not to assign a public IP address to the instance.
This defaults to true when using an interactive deployment.
Brain Size (instanceSize) – Size of the Brain to deploy.
This defaults to
Standard_E32s_v3when using an interactive deployment.
Location (location) – Azure region where the resources are to be deployed.
This must be specified when using a parameter file-based deployment but defaults to the resource group location when using an interactive deployment.
Subscription – All resources in an Azure subscription are billed together
When running
az account listfrom the Azure CLI, if you have multiple subscriptions, one of them will be listed as"isDefault": trueDeployment will target this subscription unless the
–-subscription Subscription_IDargument is used when executing the Azure CLI.This can be specified using either the interactive or the parameter file-based deployment method.
Interactive Deployment
This deployment method can be used when you will deploy the larger (default) Standard_E16s_v3 size and desire to configure a public IP address. You can either specify the template URI or reference a local copy of the template file.
CLI command syntax using template URI:
CLI command syntax using locally downloaded template file:
Example:
Parameter File-Based Deployment
This deployment method can be used when you need to customize the VM size deployed or choose to not configure a public IP address. This method MUST use a locally available parameter file that will be passed as an argument to the CLI command.
Syntax for the parameter file (use any filename you wish):
Example populated file:
CLI command syntax for parameter file-based deployment:
Example of a successful command string using this deployment type:
The above example also used a --debug switch that instructs the Azure CLI to output much more information during execution. This may be useful in troubleshooting.
Completing the Brain Deployment
It can take 5-10 minutes for Azure to complete the initial deployment. Both the interactive and the parameter file-based deployment will output some information at the CLI after completion that details the various resources that have been created. You may wish to save this information for later reference.
Once the deployment is complete at the CLI, you can now monitor the rest of the deployment using your web browser. Browsing to the public IP, if assigned during deployment, will be blocked initially. You can also connect to the private IP that was assigned if you have private connectivity in place. In the resource group that you deployed in, modify the inbound security group to allow HTTPS (TCP/443) and SSH (TCP/22) inbound from where you will connect to the Brain from.
Once you bypass a warning for the self-signed certificate that is created by default on the Brain, you will be presented with information relaying the status of the Brain’s progress as it continues through the deployment process. It will proceed through the following stages:
Authenticating and verifying the file system of the virtual Brain appliance.
Rebooting.
Decryption of the file system.
Connecting to the Vectra provisioning server and provisioning.
Example screenshots:
If a proxy is required to access Vectra in your Azure environment, this can be configured during this time by clicking on the Set Proxy Configuration link on any of these status screens.
Please Note:
This proxy configuration screen is only used to communicate with Vectra’s provisioning server and must utilize an HTTPS proxy. HTTP only proxies are not supported for this use.
Other proxy configuration in the main Vectra UI after deployment accepts HTTP proxies and is used by non-provisioning related services and integrations.
Configuration → COVERAGE → Data Sources > Network > Brain Setup > Proxy & Status
Please Note:
If you are doing a Respond UX deployment and require a proxy for non-provisioning related services and integrations (this includes linking to Vectra’s cloud for use with the Respond UX), you should configure that proxy at the CLI of your Brain AFTER you progress through this initial configuration and get to the Success! message at the end of this section. Please see the Respond UX Deployment Guide in the Deployment > Proxy Support section for more detail.
Once complete, you will see the following:
Clicking on the blue Login button will take you to the login page of the Brain (Quadrant UX). If you are doing a Respond UX deployment, you should NOT login to the local GUI (which is the Quadrant UX) before linking your Brain with Vectra. Once linked with Vectra per the Respond UX Deployment Guide, your Brain will no longer show a Quadrant UX login screen when you browse to its IP or hostname and it will instead show a page the instructs you to login to the Respond UX in Vectra’s cloud or a status page.
Please Note:
The Brain may require several updates to become current with Vectra’s latest generally available version.
Please do not power off the Brain during the initial Azure deployment prior to login or during the updating process as the Brain becomes current.
If powered off during initial deployment the Brain may become unresponsive and require redeployment.
During this time the UI may become unresponsive, or you may be disconnected but it is safe to configure platform settings.
Periodically, the Brain image is updated and when deploying a new Brain, always check with Vectra for the latest base image available for your deployment.
Default login credentials
The default credentials to login to the Vectra Brain GUI (Quadrant UX only) over HTTPs in Azure are
Username:
adminPassword: Virtual Machine Name (visible in Azure after deployment)
Logging in at the CLI can be done via SSH using the private key corresponding to the public key that was assigned to this stack and the vectra username. Login to the CLI is supported for both Quadrant UX and Respond UX deployment types. Please see SSH login process for CLI for more details.
Please ensure Security Groups are updated to allow CLI and GUI access as per earlier guidance.
Public IP Address Options
Vectra can create a Basic SKU dynamically assigned public IP address during deployment if the user chooses to do so. That IP will remain consistent through any reboots but can change when a virtual machine is stopped (deallocated), then started again. If you wish to change this to a static assignment, please do the following:
Dissociate the assigned public IP from the NIC of the Brain.
Modify the configuration of the IP to static assignment.
Associate the IP with the NIC of the Brain.
This will very likely be a new IP that is different from the last assignment.
You may also wish to upgrade the Basic SKU to a Standard SKU public IP address. Some links from Microsoft explain the differences and give more information about public IPs in general:
Public IP pricing:
Public IP information and difference between Basic and Standard SKUs:
Dissociating a public IP:
Associating a public IP:
Resizing the Brain
In some environments, you may wish to start with a smaller Brain instance and then later move to a larger Brain instance to handle additional load (metadata coming from paired sensors or additional paired sensors).
Please see: Resizing virtual appliances for details
Configuring Initial Brain Settings
For more details around initial settings for the Brain after successfully deploying it in Azure, see the Vectra Respond UX Deployment Guide or Vectra Quadrant UX Deployment Guide that is available on the Vectra Support portal.
Last updated
Was this helpful?