Accenture MDR Log Collection Platform (LCP) 4.0 EU Deployment Guide for Azure Environment
This guide will help Accenture MDR customers to set up the log collection for Azure Environment.
Pre-requisites(EU)
RAM | CPU | Managed Disk |
---|---|---|
32 GiB | 8 | 256 GiB (Default Performance Tier) |
LCP 4.0 has minimum 8x8 combination but all available (General Purpose and Memory Optimized) Azure VM size comes with 8 Core start with 32 GiB memory.
LCP Azure VM Size(EU)
Size | Family | Temp Storage | IOPS | Recommended Usage |
---|---|---|---|---|
D[8-416]s_v4 (VM with 0 GiB Temp storage) | General Purpose | 0 GiB | >= 12800 | We recommend this size when LCP will be work on low EPS/infrequent logging devices. |
E[8-416]s_v4 (VM with 0 GiB Temp storage) | Memory Optimised | 0 GiB | >= 12800 | We recommend this size when LCP will be work on high EPS logging devices. |
Note:
To achieve VM size provisioned IOPS, ensure that the selected Disk IOPS are less than the VM IOPS limit
>= (Greater than or Equal to) IOPS
Connectivity prerequisites(EU)
Source | Destination | Protocol/Port | Description |
52.214.249.130/32 213.156.166.0/24 | <LCP IP> | TCP/2222, TCP/443 | MDR management access and fault monitoring |
<LCP IP> | <Customer NTP> | UDP/123, TCP/123 | NTP - Network Time Protocol |
<LCP IP> | TCP/443 | RSIP- Remote Secure Import Protocol for log uploading | |
<LCP IP> | TCP/443 | LCP updates | |
<LCP IP> | TCP/443 | LCP Configurations | |
<LCP IP> | <Customer DNS Server> | UDP/53, TCP/53 | DNS resolution (TCP is used in case the message is longer than 512 Bytes) |
Configuration for Azure Environment(EU)
To enable log collection for Azure environment, follow the steps below:
Obtain the Azure LCP image (VHD) file from Accenture MDR(EU).
The installation disk image of an Azure LCP is in the form of a Virtual Hard Disk (VHD). To transfer the LCP VHD file to customer Azure storage, MDR requires the following information:
a. Azure storage blob name.
b. Storage Access Key.
2. In a web browser, open the Microsoft Azure portal and login with your Azure account credentials.
3. Create a new Resource groups. If you would like to deploy the LCP under an existing resource group then you can skip the below steps.
a. Create a resource > Search Resource group > Select Create
b. On the Resource groups page, click the Add button.
c. In the Resource group name text box, type a suitable name.
d. From the Subscription drop-down list, select your subscription.
e. From the Resource group location / Region drop-down list, select the location where you want the LCP deployed and then click Create.
Â
Azure Storage Setup for VHD(EU)
Create a Storage account. If you would like to deploy the LCP under an existing storage account, then you can skip the below steps.
Navigate to Resource > Search Storage account > select Create.   Â
2. Select correct subscription and resources group
3. Provide appropriate Storage account name and Region.
4. Add Instance Details
Select Performance as Standard or Premium
Select Redundancy as Geo-redundant storage (GRS)
Enable the checkbox for read access to data available Â
5. Navigate to next page > Advanced
Configure security settings
Configure Blob storage
6. Navigate to next page > Networking
Configure Network connectivity method and routing
7. Navigate to next page > Tags
Define appropriate tags.
8. Review all configuration and select Create.
9. Search for above created storage on the search bar and navigate to this created storage account.
10. Navigate to Data Storage > Containers and select New container.
11. Provide appropriate container name and set Public access level as Container
12. Review and select Create.
Â
Create a virtual network for the LCP(EU)
Create a Virtual network account. If you would like to deploy the LCP under an existing network account , then you can skip the below steps.
Create a resource > Search Virtual network > Select Create
2. On the Create virtual network page, fill the following information.
In the Name text box, type a name for your virtual network.Â
Under Resource group, select Use existing and then select the resource group name, which you created in step 3, from the drop-down list.
From the Location / Region drop-down list, select the same location which was used while creating the resource group name. Then, click Create.
In the Address space text box, assign the space you would like to use for the LCP.
In the Subnet name text box, type a subnet name.
In the Subnet address range text box, assign the subnet address range you would like to use for the LCP.
From the Subscription drop-down list, select your subscription.
Â
Create a public IP address for the LCP(EU)
Create a resource → Search Public IP address → Select Create
2. On the Create public IP address page, fill the following information.
3. In the Name text box, type a public IP address name.
4. Under IP Version, select IPv4.
5. Under IP address assignment, select Static.
6. Idle timeout has auto value by default, hence, no changes required..
7. In the DNS name label, enter a name.
8. From the Subscription drop-down list, select your subscription.
9. Under Resource group, select Use existing and then select the resource group name, which you created in step 3, from the drop-down list.
10. From the Location drop-down list, select the same location which was used while creating the resource group name. Then, click Create.
 Note:
Under Public IP address assignment, select Static. Static addresses do not change even if the virtual machine is placed under the stopped (deallocated) state. Â
Allocation method to static to ensure the IP address remains the same
Â
Create a network security group(EU)
Create a resource → Search Network security group→ Select Create
2. On the Create network security group page, fill the following information.
From the Subscription drop-down list, select your subscription.
Under Resource group, select Use existing and then select the resource group name, which you created in step 3, from the drop-down list.
Under Instance details, In the Name text box, type a network security group name.
From the Location / Region drop-down list, select the same location which was used while creating the resource group name.
Search for the Resource group and select the resource group name which you created in step 3.
After you select the resource group name you will see the network security group which was created in step 1.Â
3. On the left side, under network security group which was created by you, click
Inbound security rules and then click the Add button.  Â
On the Add inbound security rule page, fill the required information.
Select the Source as IP address , type the SOC IP: 192.251.86.32/32 in Source IP addresses/CIDR ranges
Enter the Source port ranges as *.
Select Destination as Any.
From the Service drop-down list, select Custom.
Enter the Destination port ranges as 2222.
Under protocol, select TCP.
Under Action, select Allow.
The field Priority has auto generated value by default, hence, no changes required.
In the Name text box, type an inbound rule name and click Add.
10. Repeat the above steps to allow inbound access for rest of the below SOC IP addresses. The below Inbound access IP address has allowed for MDR Management Access and Fault Monitoring.
              SOC Inbound access IP addresses
IP addresses | Port | Protocol |
192.251.86.32/32 | 2222 | TCP |
198.6.48.235/32 | 2222 | TCP |
199.43.188.10/32Â | 2222 | TCP |
213.156.160.99/32Â | 2222 | TCP |
192.251.86.32/32 | 443 | TCP |
198.6.48.235/32 | 443 | TCP |
199.43.188.10/32Â | 443 | TCP |
213.156.160.99/32 | 443 | TCP |
11. After adding all above SOC IP addresses, you will obtain a similar output as shown below.
Note: Along with the above rules, we might have to create inbound rules to allow the devices to send logs to the LCP during device onboarding (if required).Â
Under Network security group, click Outbound security rules and then click the Add button.
On the Add outbound security rule page, fill the required information.
Select the Source as Any, type the * in Source port ranges
Select Destination as IP Addresses.
Enter the Destination IP addresses/CIDR ranges as 0.0.0.0/0 .
From the Service drop-down list, select HTTPS.
Under Action, select Allow.
The field Priority has auto generated value by default, hence, no changes required.
In the Name text box, type an inbound rule name and click Add.
8. Repeat the above steps to allow outbound access for the rest of the below SOC IP addresses.
SOC Outbound access IP addresses
IP addresses | Port | Protocol | Description |
0.0.0.0/0 | 443 | TCP | For RSIP, LCP updates and LCP Configurations |
Local NTP | 123 | UDP | For NTPÂ - Network Time Protocol server |
Preferred DNS | 53 | UDP and TCP | For DNS Resolution. |
9. After adding all above SOC IP addresses, you will obtain a similar output as shown below. Â Â Â Â Â Â Â Â Â Â Â Â
Note: Along with the above rules, we might have to create outbound rules to allow access from the LCP to the devices which we might have to onboard (If required).
Example: Allow outbound access to Database IP address and port/protocol from the LCP.
Â
 Create a Managed disk for the LCP VHD(EU)
Navigate a resource > Search Managed Disk > Select Create.      Â
Select correct Subscription and Resources group.
Provide appropriate disk name. This disk will be used later to create LCP VM.
Select region and availability zone if needed.
Select source type Storage blob and browse source blob field to select storage container where you have stored LCP 4.0 vhd.
6. Select OS Type as Linux and VM generation as Gen1. Select Premium SSD 256 GiB (Default Performance Tier) as minimum recommended disk size. Please refer for Pre-requisites.
7. Navigate to the next page > Encryption and select Encryption type > (Default)
Â
8. Navigate to the next page > Networking and choose appropriate connectivity method.
9. Navigate to the next page > Advanced and select enabled shared disk as No.
10. Navigate to the next page > Tags
11. Please define appropriate tags for VM.
12. Review all configuration and select create.
Â
Create LCP VM from above created managed disk(EU)
Search for Disks on the search bar and navigate to the managed disk created in Step 1.
Select Disk and Go to Overview page. Disk will be in unattached state.
3. Select Create VM option from Overview page.
4. Select correct subscription and resources group.
5. Provide appropriate virtual machine name for LCP VM.
6. Region will be pre-populated.
7. Select Availability options as No redundancy required.
8. Image option will be pre-populated and it will be selected to LCP managed disk created in
9. Uncheck Azure spot instance.
10. Selected correct VM size . Recommended is E-Series Memory Optimised Family type with minimum 32 Memory and 8 CPUs. Please refer for Pre-requisites.
11. Select Public inbound ports → None and License type → Other.
12. Navigate to next page → Disks
13. Navigate to next page → Networking.
This will setup Network Interface for VM
Please select appropriate Virtual network, Subnet, Public IP, NIC network security group, Public inbound ports
Please choose Advanced option under NIC network security group and configure security group created in above steps.
14. Navigate to next page → Management.
15. This will configure monitor options for VM.
Set Boot Diagnostics as managed storage account
Uncheck the OS guest diagnostics
Uncheck the System Managed identity
Uncheck the Login with Azure AD
Uncheck auto shutdown
Set Patch orchestration option as Image default.
16. Skip Navigate to next page > Advanced. We don't provide custom and user data to VM.
17. Review all details and select Create.
Note:
VM is created with private IP allocation as dynamic by default. Once assigned, dynamic private IP addresses are released if a network interface is:
Deleted
Reassigned to a different subnet within the same virtual network.
The allocation method is changed to static, and a different IP address is specified.
If you want to change private IP assignment to static or to specific private IP, use following steps.
Select Networking in Settings of LCP VM.
In Networking, select the name of the primary network interface next to Network interface.
In the network interface properties, select IP configurations in Settings.
Select ipconfig1 (config to which Private IP assigned) in the IP configurations page
Go to Private IP address settings , change assignment to Static , provide private IP or retain same IP and Click Save.
Share the Public IP address details to Accenture MDR to proceed with the LCP qualification process.
Â
Â
Legal Notice
Copyright © 2021 Accenture. All rights reserved.
Accenture, the Accenture Logo, and DeepSight Intelligence are trademarks or registered trademarks of Accenture in the U.S. and other countries. Other names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Accenture and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ACCENTURE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Accenture as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.