Merge pull request #206490 from batamig/eiot-install

EIoT installation

Author: LJSpiller

articles/defender-for-iot/organizations/TOC.yml

@@ -154,6 +154,10 @@
         href: how-to-activate-and-set-up-your-on-premises-management-console.md
       - name: Add support for proprietary protocols
         href: resources-manage-proprietary-protocols.md
+    - name: Enterprise IoT system setup
+      items:
+      - name: Extra deployment steps and samples
+        href: extra-deploy-enterprise-iot.md
   - name: System maintenance
     items:
     - name: Manage sensors from the Azure portal

articles/defender-for-iot/organizations/extra-deploy-enterprise-iot.md

@@ -0,0 +1,105 @@
+---
+title: Extra deployment steps and samples for Enterprise IoT deployment - Microsoft Defender for IoT
+description: Describes additional deployment and validation procedures to use when deploying an Enterprise IoT network sensor.
+ms.topic: how-to
+ms.date: 08/08/2022
+---
+
+# Extra steps and samples for Enterprise IoT deployment
+
+This article provides extra steps for deploying an Enterprise IoT sensor, including a sample SPAN port configuration procedure, and CLI steps to validate your deployment or delete a sensor.
+
+For more information, see [Tutorial: Get started with Enterprise IoT monitoring](tutorial-getting-started-eiot-sensor.md).
+
+## Configure a SPAN monitoring interface for a virtual appliance
+
+While a virtual switch doesn't have mirroring capabilities, you can use *Promiscuous mode* in a virtual switch environment as a workaround for configuring a SPAN port.
+
+*Promiscuous mode* is a mode of operation and a security, monitoring, and administration technique that is defined at the virtual switch or portgroup level. When Promiscuous mode is used, any of the virtual machine’s network interfaces that are in the same portgroup can view all network traffic that goes through that virtual switch. By default, Promiscuous mode is turned off.
+
+This procedure describes an example of how to configure a SPAN port on your vSwitch with VMware ESXi. Enterprise IoT sensors also support VMs using Microsoft Hyper-V.
+
+**To configure a SPAN monitoring interface**:
+
+1. On your vSwitch, open the vSwitch properties and select **Add** > **Virtual Machine** > **Next**.
+
+1. Enter **SPAN Network** as your network label, and then select **VLAN ID** > **All** > **Next** > **Finish**.
+
+1. Select **SPAN Network** > **Edit** > **Security**, and verify that the **Promiscuous Mode** policy is set to **Accept** mode.
+
+1. Select **OK**, and then select **Close** to close the vSwitch properties.
+
+1. Open the **IoT Sensor VM** properties.
+
+1. For **Network Adapter 2**, select the **SPAN** network.
+
+1. Select **OK**.
+
+1. Connect to the sensor, and verify that mirroring works.
+
+If you've jumped to this procedure from the tutorial procedure for [Prepare a physical appliance or VM](tutorial-getting-started-eiot-sensor.md#prepare-a-physical-appliance-or-vm), continue with [step 2](tutorial-getting-started-eiot-sensor.md#sign-in) to continue preparing your appliance.
+
+## Validate your Enterprise IoT sensor setup
+
+If, after completing the Enterprise IoT sensor installation and setup, you don't see your sensor showing on the **Sites and sensors** page in the Azure portal, this procedure can help validate your installation directly on the sensor.
+
+Wait 1 minute after your sensor installation has completed before starting this procedure.
+
+**To validate the sensor setup from the sensor**:
+
+1. To process your system sanity, run:
+
+    ```bash
+    sudo docker ps
+    ```
+
+1. In the results that display, ensure that the following containers are up and listed as healthy.
+
+    - `compose_attributes-collector_1`
+    - `compose_cloud-communication_1`
+    - `compose_logstash_1`
+    - `compose_horizon_1`
+    - `compose_statistics-collector_1`
+    - `compose_properties_1`
+
+    For example:
+
+    :::image type="content" source="media/tutorial-get-started-eiot/validate-setup.png" alt-text="Screenshot of the validated containers listed." lightbox="media/tutorial-get-started-eiot/validate-setup.png":::
+
+1. Check your port validation to see which interface is defined to handle port mirroring. Run:
+
+    ```bash
+    sudo docker logs compose_horizon_1
+    ````
+
+    For example, the following response might be displayed: `Found env variable for monitor interfaces: ens192`
+
+1. Wait 5 minutes and then check your traffic D2C sanity. Run:
+
+    ```bash
+    sudo docker logs -f compose_attributes-collector_1
+    ```
+
+    Check the results to ensure that packets are being sent as expected.
+
+## Remove an Enterprise IoT network sensor (optional)
+
+Remove a sensor if it's no longer in use with Defender for IoT.
+
+**To remove a sensor**, run the following command on the sensor server or VM:
+
+```bash
+sudo apt purge -y microsoft-eiot-sensor
+```
+
+> [!IMPORTANT]
+> If you want to cancel your plan for Enterprise IoT networks only, do so from [Defender for Endpoint](/microsoft-365/security/defender-endpoint/enable-microsoft-defender-for-iot-integration).
+>
+> If you want to cancel your plan for both OT and Enterprise IoT networks together, you can use the [**Pricing**](how-to-manage-subscriptions.md) page in Defender for IoT in the Azure portal.
+>
+
+## Next steps
+
+For more information, see [Tutorial: Get started with Enterprise IoT monitoring](tutorial-getting-started-eiot-sensor.md) and [Manage sensors with Defender for IoT in the Azure portal](how-to-manage-sensors-on-the-cloud.md).
+
+<!--for example?-->

articles/defender-for-iot/organizations/how-to-manage-sensors-on-the-cloud.md

@@ -95,7 +95,7 @@ Make the downloaded activation file accessible to the sensor console admin so th
 
     :::image type="content" source="media/tutorial-get-started-eiot/successful-registration.png" alt-text="Screenshot of the successful registration of an Enterprise I O T sensor.":::
 
-1. Copy the command to a safe location, and continue with installing the sensor. For more information, see [Install the sensor](tutorial-getting-started-eiot-sensor.md#install-the-sensor).
+1. Copy the command to a safe location, and continue with installing the sensor. For more information, see [Tutorial: Get started with Enterprise IoT monitoring](tutorial-getting-started-eiot-sensor.md#install-the-sensor-software).
 
 > [!NOTE]
 > As opposed to OT sensors, where you define your sensor's site, all Enterprise IoT sensors are automatically added to the **Enterprise network** site.
@@ -116,7 +116,7 @@ Use the options on the **Sites and sensor** page and a sensor details page to do
 |:::image type="icon" source="media/how-to-manage-sensors-on-the-cloud/icon-export.png" border="false"::: **Export sensor data**     |  Available from the **Sites and sensors** toolbar only, to download a CSV file with details about all the sensors listed.       |
 |:::image type="icon" source="media/how-to-manage-sensors-on-the-cloud/icon-export.png" border="false"::: **Download an activation file**     |   Individual, OT sensors only. <br><br>Available from the **...** options menu or a sensor details page.      |
 |:::image type="icon" source="media/how-to-manage-sensors-on-the-cloud/icon-edit.png" border="false"::: **Edit a sensor zone**     |    For individual sensors only, from the **...** options menu or a sensor details page.  <br><br>Select **Edit**, and then elect a new zone from the **Zone** menu or select **Create new zone**. Select **Submit** to save your changes.    |
-|:::image type="icon" source="media/how-to-manage-sensors-on-the-cloud/icon-edit.png" border="false":::  **Create an activation command**     | Individual, Enterprise IoT sensors only. <br><br>Available from the **...** options menu or a sensor details page.  Select **Edit** and   then select **Create activation command**. <br><br>For more information, see [Install an Enterprise IoT sensor](tutorial-getting-started-eiot-sensor.md#install-the-sensor).        |
+|:::image type="icon" source="media/how-to-manage-sensors-on-the-cloud/icon-edit.png" border="false":::  **Create an activation command**     | Individual, Enterprise IoT sensors only. <br><br>Available from the **...** options menu or a sensor details page.  Select **Edit** and   then select **Create activation command**. <br><br>For more information, see [Install an Enterprise IoT sensor](tutorial-getting-started-eiot-sensor.md#install-the-sensor-software).        |
 |:::image type="icon" source="media/how-to-manage-sensors-on-the-cloud/icon-edit.png" border="false":::  **Edit automatic threat intelligence updates**     | Individual, OT sensors only. <br><br>Available from the **...** options menu or a sensor details page.  <br><br>Select **Edit** and then toggle the **Automatic Threat Intelligence Updates (Preview)** option on or off as needed. Select **Submit** to save your changes. |
 |:::image type="icon" source="media/how-to-manage-sensors-on-the-cloud/icon-delete.png" border="false"::: **Delete a sensor**    |   For individual sensors only, from the **...** options menu or a sensor details page.      |
 | **Download SNMP MIB file** | Available from the **Sites and sensors** toolbar **More actions** menu. <br><br>For more information, see [Set up SNMP MIB monitoring](how-to-set-up-snmp-mib-monitoring.md).|

articles/defender-for-iot/organizations/how-to-manage-subscriptions.md

@@ -161,17 +161,15 @@ Business considerations may require that you apply your existing IoT sensors to
 
 **To switch to a new subscription**:
 
-1. Onboard a new plan to the new subscription you want to use. For more information, see: 
+1. Onboard a new plan to the new subscription you want to use. For more information, see:
 
     [Onboard a plan for OT networks](#onboard-a-defender-for-iot-plan-for-ot-networks) in the Azure portal
 
     [Onboard a plan for Enterprise IoT networks](#onboard-a-defender-for-iot-plan-for-enterprise-iot-networks) in Defender for Endpoint
 
-1. Register your sensors under the new subscription. For more information, see [Set up an Enterprise IoT sensor](tutorial-getting-started-eiot-sensor.md#set-up-an-enterprise-iot-sensor).
+1. Onboard your sensors again under the new subscription. For OT sensors, [upload a new activation](how-to-manage-individual-sensors.md#upload-new-activation-files) file for your sensors.
 
-1. [Upload a new activation](how-to-manage-individual-sensors.md#upload-new-activation-files) file for your sensors.
-
-1. Delete the sensor identities from the legacy subscription. For more information, see [Sensor management options from the Azure portal](how-to-manage-sensors-on-the-cloud.md#sensor-management-options-from-the-azure-portal)..
+1. Delete the sensor identities from the legacy subscription. For more information, see [Sensor management options from the Azure portal](how-to-manage-sensors-on-the-cloud.md#sensor-management-options-from-the-azure-portal).
 
 1. If relevant, [cancel the Defender for IoT plan](#cancel-a-defender-for-iot-plan-from-a-subscription) from the legacy subscription.