Σημείωση
Η πρόσβαση σε αυτήν τη σελίδα απαιτεί εξουσιοδότηση. Μπορείτε να δοκιμάσετε να εισέλθετε ή να αλλάξετε καταλόγους.
Η πρόσβαση σε αυτήν τη σελίδα απαιτεί εξουσιοδότηση. Μπορείτε να δοκιμάσετε να αλλάξετε καταλόγους.
Important
Defender for IoT now recommends using Microsoft cloud services or existing IT infrastructure for central monitoring and sensor management, and plans to retire the on-premises management console on January 1st, 2025.
For more information, see Deploy hybrid or air-gapped OT sensor management.
This article is one in a series of articles describing the deployment path for a Microsoft Defender for IoT on-premises management console for air-gapped OT sensors.
After you've installed and configured your OT network sensors, you can connect them to your on-premises management console for central management and network monitoring.
Prerequisites
To perform the procedures in this article, make sure that you have:
An on-premises management console installed, activated, and configured
One or more OT sensors installed, configured, and activated. To assign your OT sensor to a site and zone, make sure that you have at least one site and zone configured.
Access to both your on-premises management console and OT sensors as an Admin user. For more information, see On-premises users and roles for OT monitoring with Defender for IoT.
To configure access to your OT sensors via proxy tunneling, make sure that you have access to the on-premises management console's CLI as a privileged user.
Connect OT sensors to the on-premises management console
To connect OT sensors to the on-premises management console, copy a connection string from the on-premises management console and paste it as needed in your OT sensor console.
On your on-premises management console:
Sign into your on-premises management console and select System Settings and scroll down to see the Sensor Setup - Connection String area. For example:
Copy the string in the Copy Connection String box to the clipboard.
On your OT sensor:
Sign into your OT sensor and select System settings > Basic > Sensor Setup > Connection to management console.
In the Connection String field, paste the connection string you'd copied from the on-premises management console, and select Connect.
After you've connected your OT sensors to your on-premises management console, you'll see those sensors listed on the on-premises management console's Site Management page as Unassigned sensors.
Tip
When you create sites and zones, assign each sensor to a zone to monitor detected data segmented separately.
Configure OT sensor access via tunneling
You might want to enhance your system security by preventing the on-premises management console to access OT sensors directly.
In such cases, configure proxy tunneling on your on-premises management console to allow users to connect to OT sensors via the on-premises management console. No configuration is needed on the sensor.
While the default port used to access OT sensors via proxy tunneling is 9000, modify this value to a different port as needed.
To configure OT sensor access via tunneling:
Sign into the on-premises management console's CLI via Telnet or SSH using a privileged user.
Run:
sudo cyberx-management-tunnel-enableAllow a few minutes for the connection to start.
When tunneling access is configured, the following URL syntax is used to access the sensor consoles: https://<on-premises management console address>/<sensor address>/<page URL>
To customize the port used with proxy tunneling:
Sign into the on-premises management console's CLI via Telnet or SSH using a privileged user.
Run:
sudo cyberx-management-tunnel-enable --port <port>Where
<port>is the value of the port you want to use for proxy tunneling.
To remove the proxy tunneling configuration:
Sign into the on-premises management console's CLI via Telnet or SSH using a privileged user.
Run:
cyberx-management-tunnel-disable
To access proxy tunneling log files:
Proxy tunneling log files are located in the following locations:
- On the on-premises management console: /var/log/apache2.log
- On the OT sensors: /var/cyberx/logs/tunnel.log