Deploy NW Server Host

The following tasks must be performed to deploy a NetWitness Server (NW Server) on a virtual machine (VM) in the Azure Cloud environment.

Note: It is not mandatory to deploy the NW Server in the Azure Cloud environment . For more information on how to deploy other components, see Azure Deployment Scenarios.

Task 1. - Upload NW Server VHDs

To upload NW Server VHDs to Azure.

  1. Contact Customer Support ( to open a support case requesting the NW Server VHDs. A valid throughput license is required.

  2. Customer Support will update the case with VHD URI's.
  3. In the Azure Portal, open the Powershell CLI.



    You will need a storage account, blob service and container setup. This is where the VHD’s are copied. After these are in place, you can execute the following command within the Azure Portal Powershell CLI. Alternatively, you can also run these commands from the Powershell on your workstation:

    1. Run this command from Powershell to install AzureRM: Install-Module -Name AzureRM –AllowClobber
    2. Execute this command to verify the installation process has been successfully done: Import-Module -Name AzureRM
    3. If you find any error regarding execution policy, execute this command: - Set-ExecutionPolicy -ExecutionPolicy RemoteSigned (then repeat step b)
    4. (Optional) If you are running the commands from the Powershell on your workstation, log in to your Azure account using this command: Login-AzureRmAccount
    5. Select the Subscription: Select-AzureRmSubscription -SubscriptionId <subscriptionid>
    6. Create a target context: $targetStorageContext = (Get-AzureRmStorageAccount -ResourceGroupName <resource-group-name> –Name <storage-account-name>).Context
    7. Start the copy: Start-AzureStorageBlobCopy -AbsoluteUri “<SAS-URL>” -DestContainer <container-name> -DestBlob <destination-blob-name> -DestContext $targetStorageContext
    8. Obtain the Blob copy status by using the command: Get-AzureStorageBlobCopyState -Blob "< destination-blob-name>" -Container "<container-name> " –Context $targetStorageContext
  4. Once the VHD’s are successfully copied. You’ll must create an image and a VM.

  5. Verify if all the NW Server VHDs are uploaded into the Azure Cloud.

Note: Alternatively, you can use the Microsoft Azure Storage Explorer windows utility ( to verify that all the VHDs from the following location subscription exist. This utility helps you manage the contents of your storage.


  1. Log in to the Azure portal (
  2. From the right panel, click Storage accounts > netwitnessazurestorage1 > Blob service > nwazurevhdstore.

6. (Optional) In the Azure Explorer, go to the NetWitness group > Storage Accounts > netwitnessazurestorage1) > Blob Containers > nwazurevhdstore).

Task 2. - Create NW Server Image

To create a NW Server image in Azure from upload VHDs, perform the following steps:

  1. Log in to
  2. From the left panel, click All Services and filter by Images.
  3. Click Images.
  4. To create and configure the Image.
    1. Click Create.
    2. Enter an image Name, select the correct Resource Group, select a valid Region, and set the OS Disk to Linux.
      In the Storage blob, browse to the uploaded location of the VHDs .
    3. Make sure that Standard (HDD) is selected for Account Type.
      The following screen shot illustrates a completed Create Image view.
    4. Click Next : Tags > to add the tags for the Image (optional) and then Click Review + create.

      Azure does a validation check.

    5. Click Create to create the image.
      Check notifications on top right for the confirmation.

Task 3. Create Virtual Machine (VM)

To create a VM in Azure using the NW Server image:

  1. Go to Images and click Create VM.
    The Basics tab is displayed.
  2. Enter the values in following fields.
    1. In the Name field, enter a user-defined name (for example, ML-QE-DO.

      Caution: The username and password that you define is used to login to the system as a non-administrator user. Do not use the root user (the login does not have superuser permissions). You must change the root password the first time that you log in to the VM by executing the su passwd root command. This is a critical step and should not be missed. You cannot use root for a username (Azure-specific).

      Note: Make sure the values selected in the Subscription, Resource group, and Region fields are correct.

    2. Click See all sizes and select appropriate Size and Instance. The recommended instance for Concentrator is Standard F8.


      Note: The sizing is based upon the capacity requirements of your enterprise. For more information on NetWitness VM size recommendations based on log capture rates, see Azure Configuration Recommendations. The minimum size NetWitness recommends for the NW Server is F8 Standard.

    3. In the User name field, enter a valid username.
    4. In the Authentication type field, click Password and enter a strong password that is a combination of lowercase, uppercase, numeral and a symbol (for example, Password@123).
    1. Click Next : Disks >.
      The Disks tab is displayed.
  3. In the OS Disk type, select Standard HDD from the drop-down list and click Next : Networking >.

    The Networking tab is displayed.

  4. Click and define the fields.
    1. In the Networking tab, select:
      • A valid Virtual network and Subnet.
      • None for the Public IP address.
        NetWitness recommends None for the Public IP address (this is not mandatory). You can assign a public IP address, but it countermands Best Practices to assign a public IP to something that is based in the Azure Cloud.
    2. (Optional) In the Management tab, configure the details if required and click Review + create.


    3. In the Monitoring tab, under Diagnostics, select:
      • On for Boot Diagnostics
      • On for OS guest diagnostics
      • a valid Diagnostics storage account

    The following figure illustrates a completed Settings panel.

    Note: By default, the settings remain unchanged in the Advanced and Tags tab. Add any name and value pairs for tags based on requirement.



  5. Under Review + create tab, review the specified details and click Create.

    The NW Server VM Deployment is successful when you see the VM status as Running.

  6. Click Overview on the Virtual Machine to view all the required details such as VM status and IP Address.
  7. SSH to the VM using the username that you specified in Step 2d of Task 3 and reset the root password. Use the su passwd root command string to reset the root password.
  8. Close the current SSH session and open a new SSH session with root using the username and the password created in the previous step.

    Note: Step 8 is a critical, one-time step for a new deployment. If you do not complete this step, the NetWitness User Interface will not load.