Merge pull request #221311 from yoninalmsft/split-ot-install

Split up OT install software doc

Author: v-ccolin

.openpublishing.redirection.defender-for-iot.json

@@ -1,5 +1,10 @@
 {
     "redirections": [
+        {
+            "source_path_from_root": "/articles/defender-for-iot/organizations/how-to-install-software.md",
+            "redirect_url": "/azure/defender-for-iot/organizations/ot-deploy/install-software-ot-sensor",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/defender-for-iot/organizations/how-to-create-and-manage-users.md",
             "redirect_url": "/azure/defender-for-iot/organizations/manage-users-overview",
@@ -117,7 +122,7 @@
         },
         {
             "source_path_from_root": "/articles/defender-for-iot/how-to-install-software.md",
-            "redirect_url": "/azure/defender-for-iot/organizations/how-to-install-software",
+            "redirect_url": "/azure/defender-for-iot/organizations/ot-deploy/install-software-ot-sensor",
             "redirect_document_id": false
         },
         {

articles/defender-for-iot/organizations/TOC.yml

@@ -182,8 +182,14 @@
       href: how-to-manage-subscriptions.md
     - name: Onboard OT sensors
       href: onboard-sensors.md
-    - name: Install OT system software
-      href: how-to-install-software.md
+    - name: Install OT monitoring software
+      items:
+      - name: Install OT sensor software
+        href: ot-deploy/install-software-ot-sensor.md
+      - name: Install on-premises management console software
+        href: ot-deploy/install-software-on-premises-management-console.md
+      - name: Validate after installation
+        href: ot-deploy/post-install-validation-ot-software.md
     - name: Activate and set up your sensor
       href: how-to-activate-and-set-up-your-sensor.md
     - name: Deploy OT certificates

articles/defender-for-iot/organizations/appliance-catalog/virtual-management-hyper-v.md

@@ -24,7 +24,7 @@ Before you begin the installation, make sure you have the following items:
 
 - Available hardware resources for the virtual machine. For more information, see [OT monitoring with virtual appliances](../ot-virtual-appliances.md).
 
-- The on-premises management console software [downloaded from Defender for IoT in the Azure portal](../how-to-install-software.md#download-software-files-from-the-azure-portal)
+- The on-premises management console software [downloaded from Defender for IoT in the Azure portal](../ot-deploy/install-software-on-premises-management-console.md#download-software-files-from-the-azure-portal).
 
 Make sure the hypervisor is running.
 
@@ -78,7 +78,7 @@ This procedure describes how to create a virtual machine for your on-premises ma
 
     The VM will start from the ISO image, and the language selection screen will appear.
 
-1. Continue with the [generic procedure for installing on-premises management console software](../how-to-install-software.md#install-ot-monitoring-software).
+1. Continue with the [generic procedure for installing on-premises management console software](../ot-deploy/install-software-on-premises-management-console.md).
 
 ## Next steps
 
@@ -88,4 +88,4 @@ Then, use any of the following procedures to continue:
 
 - [Purchase sensors or download software for sensors](../onboard-sensors.md#purchase-sensors-or-download-software-for-sensors)
 - [Download software for an on-premises management console](../how-to-manage-the-on-premises-management-console.md#download-software-for-the-on-premises-management-console)
-- [Install software](../how-to-install-software.md)
+- [Install Microsoft Defender for IoT on-premises management console software](../ot-deploy/install-software-on-premises-management-console.md)

articles/defender-for-iot/organizations/appliance-catalog/virtual-management-vmware.md

@@ -24,7 +24,7 @@ The on-premises management console supports both VMware and Hyper-V deployment o
 
 - Available hardware resources for the virtual machine. For more information, see [OT monitoring with virtual appliances](../ot-virtual-appliances.md).
 
-- The on-premises management console software [downloaded from Defender for IoT in the Azure portal](../how-to-install-software.md#download-software-files-from-the-azure-portal)
+- The on-premises management console software [downloaded from Defender for IoT in the Azure portal](../ot-deploy/install-software-on-premises-management-console.md#download-software-files-from-the-azure-portal).
 
 Make sure the hypervisor is running.
 
@@ -64,8 +64,7 @@ This procedure describes how to create a virtual machine for your on-premises ma
 
     The VM will start from the ISO image, and the language selection screen will appear.
 
-1. Continue with the [generic procedure for installing on-premises management console software](../how-to-install-software.md#install-ot-monitoring-software).
-
+1. Continue with the [generic procedure for installing on-premises management console software](../ot-deploy/install-software-on-premises-management-console.md).
 
 ## Next steps
 
@@ -75,4 +74,4 @@ Then, use any of the following procedures to continue:
 
 - [Purchase sensors or download software for sensors](../onboard-sensors.md#purchase-sensors-or-download-software-for-sensors)
 - [Download software for an on-premises management console](../how-to-manage-the-on-premises-management-console.md#download-software-for-the-on-premises-management-console)
-- [Install software](../how-to-install-software.md)
+- [Install Microsoft Defender for IoT on-premises management console software](../ot-deploy/install-software-on-premises-management-console.md)

articles/defender-for-iot/organizations/appliance-catalog/virtual-sensor-hyper-v.md

@@ -27,7 +27,7 @@ The on-premises management console supports both VMware and Hyper-V deployment o
 
 - Available hardware resources for the virtual machine. For more information, see [OT monitoring with virtual appliances](../ot-virtual-appliances.md).
 
-- The OT sensor software [downloaded from Defender for IoT in the Azure portal](../how-to-install-software.md#download-software-files-from-the-azure-portal).
+- The OT sensor software [downloaded from Defender for IoT in the Azure portal](../ot-deploy/install-software-ot-sensor.md#download-software-files-from-the-azure-portal).
 
 Make sure the hypervisor is running.
 
@@ -53,7 +53,7 @@ This procedure describes how to create a virtual machine by using Hyper-V.
 
 1. Select **Specify Generation** > **Generation 1**.
 
-1. Specify the memory allocation [according to your organization's needs](../ot-appliance-sizing.md), in standard RAM denomination (eg. 8192, 16384, 32768). Do not enable **Dyanmic Memory**.
+1. Specify the memory allocation [according to your organization's needs](../ot-appliance-sizing.md), in standard RAM denomination (eg. 8192, 16384, 32768). Do not enable **Dynamic Memory**.
 
 1. Configure the network adaptor according to your server network topology. Under the "Hardware Acceleration" blade, disable "Virtual Machine Queue" for the monitoring (SPAN) network interface.
 
@@ -81,7 +81,7 @@ This procedure describes how to create a virtual machine by using Hyper-V.
 
     The VM will start from the ISO image, and the language selection screen will appear.
 
-1. Continue with the [generic procedure for installing sensor software](../how-to-install-software.md#install-ot-monitoring-software).
+1. Continue with the [generic procedure for installing sensor software](../how-to-install-software.md).
 
 
 
@@ -93,4 +93,4 @@ Then, use any of the following procedures to continue:
 
 - [Purchase sensors or download software for sensors](../onboard-sensors.md#purchase-sensors-or-download-software-for-sensors)
 - [Download software for an on-premises management console](../how-to-manage-the-on-premises-management-console.md#download-software-for-the-on-premises-management-console)
-- [Install software](../how-to-install-software.md)
+- [Install OT monitoring software on OT sensors](../ot-deploy/install-software-ot-sensor.md)

articles/defender-for-iot/organizations/appliance-catalog/virtual-sensor-vmware.md

@@ -24,7 +24,7 @@ Before you begin the installation, make sure you have the following items:
 
 - Available hardware resources for the virtual machine. For more information, see [OT monitoring with virtual appliances](../ot-virtual-appliances.md).
 
-- The OT sensor software [downloaded from Defender for IoT in the Azure portal](../how-to-install-software.md#download-software-files-from-the-azure-portal).
+- The OT sensor software [downloaded from Defender for IoT in the Azure portal](../ot-deploy/install-software-ot-sensor.md#download-software-files-from-the-azure-portal).
 
 - Traffic mirroring configured on your vSwitch. For more information, see [Configure traffic mirroring with a ESXi vSwitch](../traffic-mirroring/configure-mirror-esxi.md).
 
@@ -68,7 +68,7 @@ This procedure describes how to create a virtual machine by using ESXi.
 
     The VM will start from the ISO image, and the language selection screen will appear.
 
-1. Continue with the [generic procedure for installing sensor software](../how-to-install-software.md#install-ot-monitoring-software).
+1. Continue with the [generic procedure for installing sensor software](../ot-deploy/install-software-ot-sensor.md).
 
 
 ## Next steps

articles/defender-for-iot/organizations/faqs-ot.md

@@ -61,7 +61,7 @@ For more information, see [Activate and set up your sensor](how-to-activate-and-
 
 ## How do I check the sanity of my deployment
 
-After installing the software for your sensor or on-premises management console, you'll want to perform the [Post-installation validation](how-to-install-software.md#post-installation-validation).
+After installing the software for your sensor or on-premises management console, you'll want to perform the [Post-installation validation](ot-deploy/post-install-validation-ot-software.md).
 
 You can also use our [UI and CLI tools](how-to-troubleshoot-the-sensor-and-on-premises-management-console.md#check-system-health) to check system health and review your overall system statistics.
 

articles/defender-for-iot/organizations/how-to-activate-and-set-up-your-on-premises-management-console.md

@@ -139,22 +139,22 @@ Ensure that sensors send information to the on-premises management console. Make
 
 Two options are available for connecting Microsoft Defender for IoT sensors to the on-premises management console:
 
-- Connect from the sensor console.
-- Connect by using tunneling.
+- [Connect from the sensor console](#connect-sensors-to-the-on-premises-management-console-from-the-sensor-console)
+- [Connect sensors by using tunneling](#connect-sensors-by-using-tunneling)
 
-After connecting, you must set up a site with these sensors.
+After connecting, you must [set up a site](#set-up-a-site) with these sensors.
 
 ### Connect sensors to the on-premises management console from the sensor console
 
-To connect sensors to the on-premises management console from the sensor console:
+**To connect sensors to the on-premises management console from the sensor console**:
 
-1. On the on-premises management console, select **System Settings**.
+1. In the on-premises management console, select **System Settings**.
 
 1. Copy the string in the **Copy Connection String** box.
 
    :::image type="content" source="media/how-to-manage-sensors-from-the-on-premises-management-console/connection-string.png" alt-text="Screenshot that shows copying the connection string for the sensor.":::
 
-1. On the sensor, go to **System Settings** and select **Connection to Management Console** :::image type="icon" source="media/how-to-manage-sensors-from-the-on-premises-management-console/connection-to-management-console.png" border="false":::
+1. On the sensor, go to **System Settings** > **Connection to Management Console**.
 
 1. Paste the copied connection string from the on-premises management console into the **Connection string** box.
 
@@ -164,55 +164,55 @@ To connect sensors to the on-premises management console from the sensor console
 
 ### Connect sensors by using tunneling
 
-Enable a secured tunneling connection between organizational sensors and the on-premises management console. This setup circumvents interaction with the organizational firewall. As a result, it reduces the attack surface.
+Enhance system security by preventing direct user access to the sensor. Instead of direct access, use proxy tunneling to let users access the sensor from the on-premises management console with a single firewall rule. This technique narrows the possibility of unauthorized access to the network environment beyond the sensor. The user's experience when signing in to the sensor remains the same.
 
 Using tunneling allows you to connect to the on-premises management console from its IP address and a single port (9000 by default) to any sensor.
 
-:::image type="content" source="media/how-to-activate-and-set-up-your-on-premises-management-console/tunneling-diagram.png" alt-text="Screenshot that shows a tunneling diagram for connecting sensors to the on-premises management console.":::
+For example, the following image shows a sample architecture where users access the sensor consoles via the on-premises management console.
 
-To set up tunneling at the on-premises management console:
+:::image type="content" source="media/tutorial-install-components/sensor-system-graph.png" alt-text="Screenshot that shows access to the sensor." border="false":::
 
-1. Sign in to the on-premises management console and run the following command:
+**To set up tunneling at the on-premises management console**:
+
+1. Sign in to the on-premises management console's CLI with the *cyberx* or the *support* user credentials and run the following command:
 
       ```bash
-      cyberx-management-tunnel-enable
+      sudo cyberx-management-tunnel-enable
 
       ```
 
+    For more information on users, see [Default privileged on-premises users](roles-on-premises.md#default-privileged-on-premises-users).
+
 1. Allow a few minutes for the connection to start.
+   
+    When tunneling access is configured, the following URL syntax is used to access the sensor consoles: `https://<on-premises management console address>/<sensor address>/<page URL>`
 
 You can also customize the port range to a number other than 9000. An example is 10000.
 
-To use a new port:
-
-1. Sign in to the on-premises management console and run the following command:
+**To use a new port**:
 
-      ```bash
-      sudo cyberx-management-tunnel-enable --port 10000
-      
-      ```
+Sign in to the on-premises management console and run the following command:
 
-1. Disable the connection, when required.
+```bash
+sudo cyberx-management-tunnel-enable --port 10000
+          
+```
 
-To disable:
+**To disable the connection**:
 
 Sign in to the on-premises management console and run the following command:
 
-  ```bash
-  cyberx-management-tunnel-disable
+```bash
+cyberx-management-tunnel-disable
   
-  ```
+```
 
 No configuration is needed on the sensor.
 
-To view log files:
-
-Review log information in the log files.
-
-To access log files:
+**To access the tunneling log files**:
 
-1. Sign in to the on-premises management console and go to */var/log/apache2.log*.
-1. Sign in to the sensor and go to */var/cyberx/logs/tunnel.log*.
+1. **From the on-premises management console**: Sign in and go to */var/log/apache2.log*.
+1. **From the sensor**: Sign in and go to */var/cyberx/logs/tunnel.log*.
 
 ## Set up a site