5nine Cloud Security for Hyper-V Prerequisites

Topic

This article covers the prerequisites for 5nine Cloud Security (Hyper-V).

 

Environment

  • 5nine Cloud Security (Hyper-V).

 

Prerequisites

Generic Requirements

  • All networks/connections in the environment should be set up and be stable
  • All servers, hosts, and clusters (and all applicable systems) that are involved in the installation must be fully set up and be stable. Windows updates/patches should be done prior to the installation, if applicable. Ensure that there are no issues related to those updates.
  • SQL data source should be available, accessible and set up. If the TCP port is different than default one (1433) then the connection string must be specified in format: sql-server\instance, port.
  • Hosts will require a reboot after the installation of the 5nine Cloud Security host agent prior to it becoming fully active.

 

Supported Operating Systems (64-bit)

Management Server: Windows 10, Server 2012R2, 2016

Hyper-V Hosts (with Hyper-V role enabled): Windows 8, 8.1, 10, 2012 R2, 2016

 

Software Prerequisites 

  • .NET Framework 4.5. or higher
  • MS SQL Server
  • MS PowerShell
  • Hyper-V Module for PowerShell should be installed. It can be installed from GUI with Add Roles and Features Wizard (can be launched from Server Manager). The component path is as follows: Features -> Remote Server Administration Tools -> Role Administration Tools -> Hyper-V Management Tools -> Hyper-V Module for Windows PowerShell. It can also be installed with following PS command: Install-WindowsFeature -Name Hyper-V-PowerShell
  • Visual C++ Redistributable for Visual Studio 2012 x86 needs to be installed on prior to Management Server installation, found at this link.

 

Port Requirements

Management Server

Inbound from Hyper-V hosts: TCP 8939, 8534, 8790, 8183 (if using Kaspersky AV)

Inbound from Consoles (including SCVMM plugin and Azure Pack Portal): TCP 8789

Outbound to SQL Server: TCP 1433 (default)

Outbound to Internet: TCP 80 (Snort IDS / AV updates)

Outbound to DHCP Server: UDP 80 (if applicable)

Outbound to Syslog/Splunk Server: UDP 514 (if applicable)

Outbound to additional Management Services: TCP 8790 (if applicable)

Outbound to Hyper-V hosts: TCP 8788, 8533

 

Hyper-V Hosts

Inbound from Management Server: TCP 8533, 8788

Outbound to Management Server: TCP 8534, 8790, 8183

Outbound to Internet: TCP 80 (if using Bitdefender or ThreatTrack AV)

 

Console

Outbound to management server: TCP 8789

 

Service Account Permissions

Management Service Account

 

Host Service Account

It is best practice to use the same account for service for the host service account and in the Server Settings in the 5nine Cloud Security management console.

  • Host Service user should have local administrator’s privileges. This requirement is usually met when the user is a member of local administrators group on the Hyper-V host or Administrators group in Active directory in the case of domain environment.
  • If the host is managed remotely from the centralized management console, there should also be an account with similar permissions used in Server Settings.
  • Logon as a service privilege (https://technet.microsoft.com/enus/library/dn221981(v=ws.11).aspx)

For workgroup or mixed domain environments:

  • The Account for workgroup environment should also have similar permissions for current managed host
  • Managed and management servers should be marked as trusted hosts

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.