Armis Hyper-V Virtual Appliance Deployment 

Armis Virtual Collector Network Requirements

The below network settings information will need to be provided to the Armis team to have a VM
generated for the network that will be monitored:
● IP Address, Subnet Mask, Gateway, Proxy Server, NTP Server(s), and DNS Server(s)
address
● Note that this will be needed for ​each​ VM that will be created and deployed. The above
network settings will be collected by means of a customer intake sheet provided
separately.

Additionally, please ensure that the following steps are taken to ensure seamless deployment of
the Armis VM:
● Outbound access to the internet on TCP port 443 (SSL) will be needed for the following
two destinations:
o https://<customer>-data.armis.com/
o https://<customer>-manage.armis.com/
o Note​ - SSL decryption should be disabled as it is known to tamper with the VM’s
connection to the Armis management environment.
● DNS available on the local network will need to be able to resolve the above two listed
cloud service destinations.
● Switch(es) integration:
o Direct connection to the switch SPAN port using a dedicated Virtual interface.
o Outbound connection to the core switch via SSH (TCP port 22) or SNMP (UDP
port 161). Please provide a user account/read-only community string for SNMP
and/or read-only SSH credentials to allow for ARP table collection (in the
absence of layer 2 traffic). 
 
 
 
 
 
 
 

Armis Hyper-V Deployment ​– ​©2020 ARMIS, INC ​ ​ ​– ​1 

Armis Collector Resource Requirements:
The Armis VM is pre-provisioned with minimal resource settings and will need the following spec
adjustments once the VM has been imported into the Hyper-V environment:
1. 8 CPU Cores
2. 16GB RAM
3. 40 GB HDD
4. Optional: each additional SPAN port beyond the first will require an additional CPU Core.

Note: This Virtual Appliance configuration will support up to 3 Gbps of wired network data
throughput. 
 

Armis Virtual Collector Logical Architecture:

The below diagram depicts the typical layout of communications from the Armis VM to the
AWS-hosted Armis management environment, as well as traffic flow from network traffic
sources (SPAN/ERSPAN/RSPAN).  

 
 
 
 
 
 
 
Armis Hyper-V Deployment ​– ​©2020 ARMIS, INC ​ ​ ​– ​2 
SPAN/ERSPAN Setup

For SPAN/ERSPAN setup please refer to the Span Port Configuration Considerations Guide for
in-depth detail on configuration options. 
 

Armis Collector Hyper-V Deployment Procedure: 

Prerequisites: 
1. Download and install 7zip. 7zip can be downloaded ​here 
 
2. Download and install Microsoft Virtual Machine Converter. MVMC can be downloaded 
here 
Deployment 
1. Download the OVA provided to you by your Technical Account Manager. 
 
2. Using 7zip copy the .vmdk file from the OVA file to a desired location  

 
 
3. Start a Windows PowerShell session as administrator 

Armis Hyper-V Deployment ​– ​©2020 ARMIS, INC ​ ​ ​– ​3 

  
4. Import the MVMC commands module 
 
Import-Module 'C:\Program Files\Microsoft Virtual Machine Converter\MvmcCmdlet.psd1' 

 
5. Convert .vmdk file to .vhdx 
 
ConvertTo-MvmcVirtualHardDisk -SourceLiteralPath C:\<source_folder>\armis_security_XXXX-disk1.vmdk 
-VhdType DynamicHardDisk -VhdFormat vhdx -destination C:\<destination_folder>\ 
 
For Azure 
ConvertTo-MvmcVirtualHardDisk -SourceLiteralPath C:\<source_folder>\armis_security_XXXX-disk1.vmdk 
-VhdType FixedHardDisk -VhdFormat vhd -destination C:\<destination_folder>\ 
 
Resize-VHD -Path C:\<destination_folder>\ armis_security_XXXX-disk1.vhd -SizeBytes 10GB 
 
Note: it takes a little while and there is not feedback until the process is completed 
 

 
6. Open Hyper-V manager 

 
Armis Hyper-V Deployment ​– ​©2020 ARMIS, INC ​ ​ ​– ​4 
 
7. Create Virtual Switches using Virtual Switch Manager 

 
 
7.1 Create the DMZ virtual switch (Armis Collector interface to Console) 
(1) Select New virtual network switch and External type, click on Create Virtual Switch 

 
  
(2) Type the virtual switch name, select the adapter connected to the DMZ network 
and click on ok to accept changes 

Armis Hyper-V Deployment ​– ​©2020 ARMIS, INC ​ ​ ​– ​5 

  
 
(3) Click on yes to acknowledge that changes may disrupt network connectivity 

 
 
 
7.2 Create the SPAN virtual switch 
(1) Repeat previous steps, assigning the respective name and network adapter 

Armis Hyper-V Deployment ​– ​©2020 ARMIS, INC ​ ​ ​– ​6 

  
 
 
   

Armis Hyper-V Deployment ​– ​©2020 ARMIS, INC ​ ​ ​– ​7 

 7.3 Create Virtual Machine 
(1) Right click on the Hyper-V server select New>Virtual Machine 

 
 
(2) Click Next on the Before you begin page 

 
 
(3) Assign a name to the Virtual machine, optionally change the store location for the 
Virtual Machine. Click on Next to continue 

 
Armis Hyper-V Deployment ​– ​©2020 ARMIS, INC ​ ​ ​– ​8 
 (4) Select Generation 2 and press on next 

 
 
(5) Assign 16384MB for the Startup memory. Click on Next 

 
 
(6) Select DMZ network in the connection field. Click on Next 

 
Armis Hyper-V Deployment ​– ​©2020 ARMIS, INC ​ ​ ​– ​9 
 (7) Select use existing virtual hard disk and browse to the .vhdx virtual hard disk 
obtained from the conversion executed in previous steps. Click on Next 

 
 
(8) Review configuration and press on Finish to create virtual machine 

 
 
(9) Click on the newly created virtual machine and select Settings… 

 
 
   

Armis Hyper-V Deployment ​– ​©2020 ARMIS, INC ​ ​ ​– ​10 

 (10) Under Security, untick Enable Secure Boot 

 
 
(11) Under Processor, increase the number of processors to 8 

Armis Hyper-V Deployment ​– ​©2020 ARMIS, INC ​ ​ ​– ​11 

 (12) Add a network adapter for the SPAN port, Click on Add Hardware, select Network 
Adapter and click on Add 

 
 
(13) Select the newly created network adapter and select the SPAN virtual switch, 
Click on OK to accept all changes 

 
Armis Hyper-V Deployment ​– ​©2020 ARMIS, INC ​ ​ ​– ​12 
 (14) Click on the newly created virtual machine and select Connect… 

 
 
(15) Click on the start button to run the virtual machine 

 
 

Armis Hyper-V Deployment ​– ​©2020 ARMIS, INC ​ ​ ​– ​13 

 
The new virtual interface will show up under ‘eth1’ after running an ifconfig command. You can 
verify that SPAN traffic is coming in over this interface by running a dump of the interface with 
tcpdump -i eth1 -v. Be sure that you configure your sniff interface in the Armis console to target 
the eth1 interface. 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 

About Armis 
Armis  is  the  first  agentless,  enterprise-class  security  platform  to  address  the  new  threat  landscape  of 
unmanaged  and  IoT  devices.  Fortune  1000  companies  trust our unique out-of-band sensing technology to 
discover  and  analyze  all  managed,  unmanaged,  and  IoT devices—from traditional devices like laptops and 
smartphones  to  new  unmanaged  smart  devices  like  smart  TVs,  webcams,  printers,  HVAC  systems, 
industrial  robots,  medical  devices  and  more.  Armis  discovers devices on and off the network, continuously 
analyzes  endpoint  behavior  to  identify  risks  and  attacks,  and  protects  critical  information  and  systems  by 
identifying  suspicious  or  malicious  devices  and  quarantining  them.  Armis  is  a  privately  held  company  and 
headquartered in Palo Alto, California. 
 
armis.com  

Armis Hyper-V Deployment ​– ​©2020 ARMIS, INC ​ ​ ​– ​14