Accenture MDR Log Collection Platform (LCP) 4.0 EU Deployment Guide for Azure Environment

Owned by KS
Last updated: Dec 19, 2023
10 min read

This guide will help Accenture MDR customers to set up the log collection for Azure Environment.

Pre-requisites(EU)

RAM

CPU

Managed Disk

RAM

CPU

Managed Disk

32 GiB

8

256 GiB (Default Performance Tier)

LCP 4.0 has minimum 8x8 combination but all available (General Purpose and Memory Optimized) Azure VM size comes with 8 Core start with 32 GiB memory.

LCP Azure VM Size(EU)

Size

Family

Temp Storage

IOPS

Recommended Usage

Size

Family

Temp Storage

IOPS

Recommended Usage

D[8-416]s_v4

(VM with 0 GiB Temp storage)

General Purpose

0 GiB

>= 12800

We recommend this size when LCP will be work on low EPS/infrequent logging devices.

E[8-416]s_v4

(VM with 0 GiB Temp storage)

Memory Optimised

0 GiB

>= 12800

We recommend this size when LCP will be work on high EPS logging devices.

Note:

  • To achieve VM size provisioned IOPS, ensure that the selected Disk IOPS are less than the VM IOPS limit

  • >= (Greater than or Equal to) IOPS

Connectivity prerequisites(EU)

Source

Destination

Protocol/Port

Description

52.214.249.130/32

213.156.166.0/24

<LCP IP>

TCP/2222,

TCP/443

MDR management 

access and fault

monitoring

<LCP IP>

<Customer NTP>

UDP/123,

TCP/123

NTP - Network Time Protocol

<LCP IP>

eu-west-1.import.monitoredsecurity.com

TCP/443

RSIP- Remote Secure Import Protocol for log uploading

<LCP IP>

updates.monitoredsecurity.com

TCP/443

LCP updates

<LCP IP>

lcp-cfg.eu-west-1.apis.monitoredsecurity.com

TCP/443

LCP Configurations

<LCP IP>

<Customer DNS Server>

UDP/53,

TCP/53

DNS resolution (TCP is used in case the message is longer than 512 Bytes)

Configuration for Azure Environment(EU)

To enable log collection for Azure environment, follow the steps below:

Obtain the Azure LCP image (VHD) file from Accenture MDR(EU).

  1. The installation disk image of an Azure LCP is in the form of a Virtual Hard Disk (VHD). To transfer the LCP VHD file to customer Azure storage, MDR requires the following information:

a. Azure storage blob name.

b. Storage Access Key.

2. In a web browser, open the Microsoft Azure portal and login with your Azure account credentials.

3. Create a new Resource groups. If you would like to deploy the LCP under an existing resource group then you can skip the below steps.

a. Create a resource > Search Resource group > Select Create

b. On the Resource groups page, click the Add button.

c. In the Resource group name text box, type a suitable name.

d. From the Subscription drop-down list, select your subscription.

e. From the Resource group location / Region drop-down list, select the location where you want the LCP deployed and then click Create.

 

Azure Storage Setup for VHD(EU)

Create a Storage account. If you would like to deploy the LCP under an existing storage account, then you can skip the below steps.

  1. Navigate to Resource > Search Storage account > select Create.    

2. Select correct subscription and resources group

3. Provide appropriate Storage account name and Region.

4. Add Instance Details

  • Select Performance as Standard or Premium

  • Select Redundancy as Geo-redundant storage (GRS)

  • Enable the checkbox for read access to data available   

5. Navigate to next page > Advanced

  • Configure security settings

  • Configure Blob storage

6. Navigate to next page > Networking

  • Configure Network connectivity method and routing

7. Navigate to next page > Tags

  • Define appropriate tags.

8. Review all configuration and select Create.

9. Search for above created storage on the search bar and navigate to this created storage account.

10. Navigate to Data Storage > Containers and select New container.

11. Provide appropriate container name and set Public access level as Container

12. Review and select Create.

 

Create a virtual network for the LCP(EU)

Create a Virtual network account. If you would like to deploy the LCP under an existing network account , then you can skip the below steps.

  1. Create a resource > Search Virtual network > Select Create

2. On the Create virtual network page, fill the following information.

  • In the Name text box, type a name for your virtual network. 

  • Under Resource group, select Use existing and then select the resource group name, which you created in step 3, from the drop-down list.

  • From the Location / Region drop-down list, select the same location which was used while creating the resource group name. Then, click Create.

  • In the Address space text box, assign the space you would like to use for the LCP.

  • In the Subnet name text box, type a subnet name.

  • In the Subnet address range text box, assign the subnet address range you would like to use for the LCP.

  • From the Subscription drop-down list, select your subscription.

 

Create a public IP address for the LCP(EU)

  1. Create a resource → Search Public IP address → Select Create

2. On the Create public IP address page, fill the following information.

3. In the Name text box, type a public IP address name.

4. Under IP Version, select IPv4.

5. Under IP address assignment, select Static.

6. Idle timeout has auto value by default, hence, no changes required..

7. In the DNS name label, enter a name.

8. From the Subscription drop-down list, select your subscription.

9. Under Resource group, select Use existing and then select the resource group name, which you created in step 3, from the drop-down list.

10. From the Location drop-down list, select the same location which was used while creating the resource group name. Then, click Create.

 Note:

  • Under Public IP address assignment, select Static. Static addresses do not change even if the virtual machine is placed under the stopped (deallocated) state.  

  • Allocation method to static to ensure the IP address remains the same

 

Create a network security group(EU)

  1. Create a resource → Search Network security group→ Select Create

2. On the Create network security group page, fill the following information.

  • From the Subscription drop-down list, select your subscription.

  • Under Resource group, select Use existing and then select the resource group name, which you created in step 3, from the drop-down list.

  • Under Instance details, In the Name text box, type a network security group name.

  • From the Location / Region drop-down list, select the same location which was used while creating the resource group name.

  • Search for the Resource group and select the resource group name which you created in step 3.

  • After you select the resource group name you will see the network security group which was created in step 1. 

3. On the left side, under network security group which was created by you, click

Inbound security rules and then click the Add button.   

  • On the Add inbound security rule page, fill the required information.

  1. Select the Source as IP address , type the SOC IP: 192.251.86.32/32  in Source IP addresses/CIDR ranges

  2. Enter the Source port ranges as *.

  3. Select Destination as Any.

  4. From the Service drop-down list, select Custom.

  5. Enter the Destination port ranges as 2222.

  6. Under protocol, select TCP.

  7. Under Action, select Allow.

  8. The field Priority has auto generated value by default, hence, no changes required.

  9. In the Name text box, type an inbound rule name and click Add.

10. Repeat the above steps to allow inbound access for rest of the below SOC IP addresses. The below Inbound access IP address has allowed for MDR Management Access and Fault Monitoring.

                            SOC Inbound access IP addresses

IP addresses

Port

Protocol

192.251.86.32/32

2222

TCP

198.6.48.235/32

2222

TCP

199.43.188.10/32 

2222

TCP

213.156.160.99/32 

2222

TCP

192.251.86.32/32

443

TCP

198.6.48.235/32

443

TCP

199.43.188.10/32 

443

TCP

213.156.160.99/32

443

TCP

11. After adding all above SOC IP addresses, you will obtain a similar output as shown below.

Note: Along with the above rules, we might have to create inbound rules to allow the devices to send logs to the LCP during device onboarding (if required). 

  • Under Network security group, click Outbound security rules and then click the Add button.

  • On the Add outbound security rule page, fill the required information.

  1. Select the Source as Any, type the * in Source port ranges

  2. Select Destination as IP Addresses.

  3. Enter the Destination IP addresses/CIDR ranges as 0.0.0.0/0 .

  4. From the Service drop-down list, select HTTPS.

  5. Under Action, select Allow.

  6. The field Priority has auto generated value by default, hence, no changes required.

  7. In the Name text box, type an inbound rule name and click Add.

8. Repeat the above steps to allow outbound access for the rest of the below SOC IP addresses.

SOC Outbound access IP addresses

IP addresses

Port

Protocol

Description

0.0.0.0/0

443

TCP

For RSIP, LCP updates and LCP Configurations

Local NTP

123

UDP

For NTP  - Network Time Protocol server

Preferred DNS

53

UDP and TCP

For DNS Resolution.

9. After adding all above SOC IP addresses, you will obtain a similar output as shown below.                        

Note: Along with the above rules, we might have to create outbound rules to allow access from the LCP to the devices which we might have to onboard (If required).

Example: Allow outbound access to Database IP address and port/protocol from the LCP.

 

 

Create a Managed disk for the LCP VHD(EU)

  1. Navigate a resource > Search Managed Disk > Select Create.       

  2. Select correct Subscription and Resources group.

  3. Provide appropriate disk name. This disk will be used later to create LCP VM.

  4. Select region and availability zone if needed.

  5. Select source type Storage blob and browse source blob field to select storage container where you have stored LCP 4.0 vhd.

6. Select OS Type as Linux and VM generation as Gen1. Select Premium SSD 256 GiB (Default Performance Tier) as minimum recommended disk size. Please refer for Pre-requisites.

7. Navigate to the next page > Encryption and select Encryption type > (Default)

 

8. Navigate to the next page > Networking and choose appropriate connectivity method.

9. Navigate to the next page > Advanced and select enabled shared disk as No.

10. Navigate to the next page > Tags

11. Please define appropriate tags for VM.

12. Review all configuration and select create.

 

Create LCP VM from above created managed disk(EU)

  1. Search for Disks on the search bar and navigate to the managed disk created in Step 1.

  2. Select Disk and Go to Overview page. Disk will be in unattached state.

3. Select Create VM option from Overview page.

4. Select correct subscription and resources group.

5. Provide appropriate virtual machine name for LCP VM.

6. Region will be pre-populated.

7. Select Availability options as No redundancy required.

8. Image option will be pre-populated and it will be selected to LCP managed disk created in

Step 1.

9. Uncheck Azure spot instance.

10. Selected correct VM size . Recommended is E-Series Memory Optimised Family type with minimum 32 Memory and 8 CPUs. Please refer for Pre-requisites.

11. Select Public inbound ports → None and License type → Other.

12. Navigate to next page → Disks

13. Navigate to next page → Networking.

This will setup Network Interface for VM

  • Please select appropriate Virtual network, Subnet, Public IP, NIC network security group, Public inbound ports

  • Please choose Advanced option under NIC network security group and configure security group created in above steps.

14. Navigate to next page → Management.

15. This will configure monitor options for VM.

  • Set Boot Diagnostics as managed storage account

  • Uncheck the OS guest diagnostics

  • Uncheck the System Managed identity

  • Uncheck the Login with Azure AD

  • Uncheck auto shutdown

  • Set Patch orchestration option as Image default.

16. Skip Navigate to next page > Advanced. We don't provide custom and user data to VM.

17. Review all details and select Create.

Note:

VM is created with private IP allocation as dynamic by default. Once assigned, dynamic private IP addresses are released if a network interface is:

  1. Deleted

  2. Reassigned to a different subnet within the same virtual network.

  3. The allocation method is changed to static, and a different IP address is specified.

If you want to change private IP assignment to static or to specific private IP, use following steps.

  1. Select Networking in Settings of LCP VM.

  2. In Networking, select the name of the primary network interface next to Network interface.

  3. In the network interface properties, select IP configurations in Settings.

  4. Select ipconfig1 (config to which Private IP assigned) in the IP configurations page

  5. Go to Private IP address settings , change assignment to Static , provide private IP or retain same IP and Click Save.

  • Share the Public IP address details to Accenture MDR to proceed with the LCP qualification process.

 

 

Legal Notice

Copyright © 2021 Accenture. All rights reserved.

Accenture, the Accenture Logo, and DeepSight Intelligence are trademarks or registered trademarks of Accenture in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Accenture and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ACCENTURE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Accenture as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.