MicrosoftDocs
diff --git a/‎articles/defender-for-iot/organizations/TOC.yml
Lines changed: 16 additions & 2 deletions b/‎articles/defender-for-iot/organizations/TOC.yml
Lines changed: 16 additions & 2 deletions
diff --git a/‎articles/defender-for-iot/organizations/appliance-catalog/virtual-sensor-hyper-v.md
Lines changed: 0 additions & 126 deletions b/‎articles/defender-for-iot/organizations/appliance-catalog/virtual-sensor-hyper-v.md
Lines changed: 0 additions & 126 deletions
diff --git a/‎articles/defender-for-iot/organizations/appliance-catalog/virtual-sensor-vmware.md
Lines changed: 8 additions & 40 deletions b/‎articles/defender-for-iot/organizations/appliance-catalog/virtual-sensor-vmware.md
Lines changed: 8 additions & 40 deletions
@@ -39,8 +39,6 @@
         href: best-practices/understand-network-architecture.md
       - name: Plan your network connections
         href: best-practices/plan-network-monitoring.md
-      - name: Traffic mirroring methods
-        href: best-practices/traffic-mirroring-methods.md
       - name: Sample connectivity models
         href: best-practices/sample-connectivity-models.md
     - name: OT threat monitoring in enterprise SOCs
@@ -152,6 +150,22 @@
       items:
       - name: Set up OT network monitoring
         href: how-to-set-up-your-network.md
+      - name: Configure traffic mirroring
+        items:
+        - name: Overview
+          href: best-practices/traffic-mirroring-methods.md
+        - name: Configure a switch SPAN port
+          href: traffic-mirroring/configure-mirror-span.md
+        - name: Configure a remote SPAN (RSPAN)
+          href: traffic-mirroring/configure-mirror-rspan.md
+        - name: Configure active and passive aggregation (TAP)
+          href: traffic-mirroring/configure-mirror-tap.md
+        - name: Configure ERSPAN mirroring
+          href: traffic-mirroring/configure-mirror-erspan.md
+        - name: Configure mirroring with an ESXi vSwitch
+          href: traffic-mirroring/configure-mirror-esxi.md
+        - name: Configure mirroring with a Hyper-V vSwitch
+          href: traffic-mirroring/configure-mirror-hyper-v.md
       - name: Deploy OT certificates
         href: how-to-deploy-certificates.md
       - name: Install OT system software
 
@@ -84,132 +84,6 @@ This procedure describes how to create a virtual machine by using Hyper-V.
 1. Continue with the [generic procedure for installing sensor software](../how-to-install-software.md#install-ot-monitoring-software).
 
 
-## Configure a monitoring interface (SPAN)
-
-While a virtual switch doesn't have mirroring capabilities, you can use *Promiscuous mode* in a virtual switch environment as a workaround for configuring a SPAN port.
-
-*Promiscuous mode* is a mode of operation and a security, monitoring, and administration technique that is defined at the virtual switch or portgroup level. When promiscuous mode is used, any of the virtual machine’s network interfaces in the same portgroup can view all network traffic that goes through that virtual switch. By default, promiscuous mode is turned off.
-
-For more information, see [Purdue reference model and Defender for IoT](../best-practices/understand-network-architecture.md#purdue-reference-model-and-defender-for-iot).
-
-### Prerequisites
-
-Before you start:
-
-- Ensure that there's no instance of a virtual appliance running.
-
-- Enable Ensure SPAN on the data port, and not the management port.
-
-- Ensure that the data port SPAN configuration is not configured with an IP address.
-
-### Configure a SPAN port with Hyper-V
-
-1. Open the Virtual Switch Manager.
-
-1. In the Virtual Switches list, select **New virtual network switch** > **External** as the dedicated spanned network adapter type.
-
-    :::image type="content" source="../media/tutorial-install-components/new-virtual-network.png" alt-text="Screenshot of selecting new virtual network and external before creating the virtual switch.":::
-
-1. Select **Create Virtual Switch**.
-
-1. Under connection type, select **External Network**.
-
-1. Ensure the checkbox for **Allow management operating system to share this network adapter** is checked.
-
-   :::image type="content" source="../media/tutorial-install-components/external-network.png" alt-text="Select external network, and allow the management operating system to share the network adapter.":::
-
-1. Select **OK**.
-
-#### Attach a SPAN Virtual Interface to the virtual switch
-
-You are able to attach a SPAN Virtual Interface to the Virtual Switch through Windows PowerShell, or through Hyper-V Manager.
-
-**To attach a SPAN Virtual Interface to the virtual switch with PowerShell**:
-
-1. Select the newly added SPAN virtual switch, and add a new network adapter with the following command:
-
-    ```bash
-    ADD-VMNetworkAdapter -VMName VK-C1000V-LongRunning-650 -Name Monitor -SwitchName vSwitch_Span
-    ```
-
-1. Enable port mirroring for the selected interface as the span destination with the following command:
-
-    ```bash
-    Get-VMNetworkAdapter -VMName VK-C1000V-LongRunning-650 | ? Name -eq Monitor | Set-VMNetworkAdapter -PortMirroring Destination
-    ```
-
-    | Parameter | Description |
-    |--|--|
-    |**VK-C1000V-LongRunning-650** | CPPM VA name |
-    |**vSwitch_Span** |Newly added SPAN virtual switch name |
-    |**Monitor** |Newly added adapter name |
-
-1. Select **OK**.
-
-These commands set the name of the newly added adapter hardware to be `Monitor`. If you're using Hyper-V Manager, the name of the newly added adapter hardware is set to `Network Adapter`.
-
-**To attach a SPAN Virtual Interface to the virtual switch with Hyper-V Manager**:
-
-1. Under the Hardware list, select **Network Adapter**.
-
-1. In the Virtual Switch field, select **vSwitch_Span**.
-
-    :::image type="content" source="../media/tutorial-install-components/vswitch-span.png" alt-text="Screenshot of selecting the following options on the virtual switch screen.":::
-
-1. In the Hardware list, under the Network Adapter drop-down list, select **Hardware Acceleration** and disable "Virtual Machine Queue" for the monitoring (SPAN) network interface.
-
-1. In the Hardware list, under the Network Adapter drop-down list, select **Advanced Features**. Under the Port Mirroring section, select **Destination** as the mirroring mode for the new virtual interface.
-
-    :::image type="content" source="../media/tutorial-install-components/destination.png" alt-text="Screenshot of the selections needed to configure mirroring mode.":::
-
-1. Select **OK**.
-
-#### Enable Microsoft NDIS capture extensions for the virtual switch
-
-Microsoft NDIS Capture Extensions will need to be enabled for the new virtual switch.
-
-**To enable Microsoft NDIS capture extensions for the newly added virtual switch**:
-
-1. Open the Virtual Switch Manager on the Hyper-V host.
-
-1. In the Virtual Switches list, expand the virtual switch name `vSwitch_Span` and select **Extensions**.
-
-1. In the Switch Extensions field, select **Microsoft NDIS Capture**.
-
-    :::image type="content" source="../media/tutorial-install-components/microsoft-ndis.png" alt-text="Screenshot of enabling the Microsoft NDIS by selecting it from the switch extensions menu.":::
-
-1. Select **OK**.
-
-#### Set the Mirroring Mode on the external port
-
-Mirroring mode will need to be set on the external port of the new virtual switch to be the source.
-
-You will need to configure the Hyper-V virtual switch (vSwitch_Span) to forward any traffic that comes to the external source port, to the virtual network adapter that you configured as the destination.
-
-Use the following PowerShell commands to set the external virtual switch port to source mirror mode:
-
-```bash
-$ExtPortFeature=Get-VMSystemSwitchExtensionPortFeature -FeatureName "Ethernet Switch Port Security Settings"
-$ExtPortFeature.SettingData.MonitorMode=2
-Add-VMSwitchExtensionPortFeature -ExternalPort -SwitchName vSwitch_Span -VMSwitchExtensionFeature $ExtPortFeature
-```
-
-| Parameter | Description |
-|--|--|
-|**vSwitch_Span** | Newly added SPAN virtual switch name. |
-|**MonitorMode=2** | Source |
-|**MonitorMode=1** | Destination |
-|**MonitorMode=0** | None |
-
-Use the following PowerShell command to verify the monitoring mode status:
-
-```bash
-Get-VMSwitchExtensionPortFeature -FeatureName "Ethernet Switch Port Security Settings" -SwitchName vSwitch_Span -ExternalPort | select -ExpandProperty SettingData
-```
-| Parameter | Description |
-|--|--|
-|**vSwitch_Span** | Newly added SPAN virtual switch name |
-
 
 ## Next steps
 
 
@@ -26,6 +26,8 @@ Before you begin the installation, make sure you have the following items:
 
 - The OT sensor software [downloaded from Defender for IoT in the Azure portal](../how-to-install-software.md#download-software-files-from-the-azure-portal).
 
+- Traffic mirroring configured on your vSwitch. For more information, see [Configure traffic mirroring with a ESXi vSwitch](../traffic-mirroring/configure-mirror-esxi.md).
+
 Make sure the hypervisor is running.
 
 ## Create the virtual machine
@@ -69,46 +71,12 @@ This procedure describes how to create a virtual machine by using ESXi.
 1. Continue with the [generic procedure for installing sensor software](../how-to-install-software.md#install-ot-monitoring-software).
 
 
-## Configure a monitoring interface (SPAN)
-
-While a virtual switch doesn't have mirroring capabilities, you can use *Promiscuous mode* in a virtual switch environment as a workaround for configuring a SPAN port.
-
-*Promiscuous mode* is a mode of operation and a security, monitoring, and administration technique that is defined at the virtual switch or portgroup level. When promiscuous mode is used, any of the virtual machine’s network interfaces that are in the same portgroup can view all network traffic that goes through that virtual switch. By default, promiscuous mode is turned off.
-
-For more information, see [Purdue reference model and Defender for IoT](../best-practices/understand-network-architecture.md#purdue-reference-model-and-defender-for-iot).
-
-**To configure a SPAN port with ESXi**:
-
-1. Open vSwitch properties.
-
-1. Select **Add**.
-
-1. Select **Virtual Machine** > **Next**.
-
-1. Insert a network label **SPAN Network**, select **VLAN ID** > **All**, and then select **Next**.
-
-1. Select **Finish**.
-
-1. Select **SPAN Network** > **Edit*.
-
-1. Select **Security**, and verify that the **Promiscuous Mode** policy is set to **Accept** mode.
-
-1. Select **OK**, and then select **Close** to close the vSwitch properties.
-
-1. Open the **OT Sensor VM** properties.
-
-1. For **Network Adapter 2**, select the **SPAN** network.
-
-1. Select **OK**.
-
-1. Connect to the sensor, and verify that mirroring works.
-
 ## Next steps
 
-Continue understanding system requirements for physical or virtual appliances. For more information, see [Which appliances do I need?](../ot-appliance-sizing.md) and [OT monitoring with virtual appliances](../ot-virtual-appliances.md).
-
-Then, use any of the following procedures to continue:
+For more information, see:
 
-- [Purchase sensors or download software for sensors](../onboard-sensors.md#purchase-sensors-or-download-software-for-sensors)
-- [Download software for an on-premises management console](../how-to-manage-the-on-premises-management-console.md#download-software-for-the-on-premises-management-console)
-- [Install software](../how-to-install-software.md)
+- [Which appliances do I need?](../ot-appliance-sizing.md)
+- [OT monitoring with virtual appliances](../ot-virtual-appliances.md)
+- [On-premises management console (VMware ESXi)](virtual-management-vmware.md)
+- [OT network sensor VM (Microsoft Hyper-V)](virtual-sensor-hyper-v.md)
+- [On-premises management console (Microsoft Hyper-V hypervisor)](virtual-management-hyper-v.md)