Enabling Integration with Azure Transformation Hub
For proper integration with Azure Transformation Hub, after you set up your Azure deployment architecture, you must perform the following additional procedures for the ArcSight product (ArcMC, SmartConnector, CTH, Logger, or ESM) you are integrating. You must complete the procedures before you can configure the product to consume events from or send events to Transformation Hub:
- Edit the
/etc/hostsfile. - Configure peering.
-
Configure health probes and load-balancing rules for ports 32080 and 9093.
Note: For ESM, this applies only to port 9093.
Editing the /etc/hosts File
You must add each Transformation Hub node in the cluster to the product's /etc/hosts file:
- On the jump host that you previously created, open the product's
/etc/hostsfile in a text editor. - Add the internal IP address and FQDN for each instance in the Azure Kubernetes service. You can obtain the instance IP address and FQDN by opening the AKS resource group that you previously created and then opening the aks-nodepool virtual machine scale set.
- Save the changes to the file. The saved changes should be similar to the following:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.1.1.4 aks-nodepool1-12400006-vmss000000
10.1.1.5 aks-nodepool1-12400006-vmss000001
10.1.1.6 aks-nodepool1-12400006-vmss000002
/etc/hosts file, ensure that the IP address specified each host is unique and not duplicated across hosts. A single IP address can be associated with multiple hostnames, but the same IP address may not be used for multiple hosts.Configuring Peering
If the Azure product and Azure Transformation Hub are on different VLANs, you must configure peering between the two VLANs. An example is provided in the section Peering Virtual Networks.
Configuring Health Probes
You must configure health probes and load balancing rules for ports 32080 and 9093.
root user privileges.You can now configure the product to consume events from or, if the functionality is available, send events to Transformation Hub: