Run Magnet AXIOM Cyber in Microsoft Azure
With the release of AXIOM Cyber 5.0, you can now leverage your Microsoft Azure cloud environment to host Magnet AXIOM Cyber. By doing so, you’ll not only realize the benefits offered by an IaaS environment (check out our blog post 4 Reasons to Leverage IaaS for Your Lab to read up on those benefits), but you’ll now have a seamless way to perform remote collections of endpoints not connected to your corporate network—think computers, Windows or Mac, that aren’t at the office or connected to VPN.
While collecting data from off-network endpoints is a huge benefit, especially when many organizations have transitioned to a hybrid work force: a combination of working from the office and working remotely. Here are a few other benefits to running AXIOM Cyber in an IaaS cloud environment such as Microsoft Azure:
- Greater flexibility: Don’t rely on physical hardware that may be in use, simply inaccessible (e.g. on the other side of the world), or may not have the performance specs that are up to the task at hand. By spinning up an Azure instance, you immediately have access to as much compute power as you need.
- Be anywhere in the world: You can create your Azure instance wherever you need it to be, and more often than not, you’re going to want that Azure instance as geographically close to your target endpoint. This means your remote collection will be faster since you’re not having to send data potentially halfway across the world through Internet cables on the ocean floor.
Supported Azure VM Configurations
Magnet Forensics completed testing of AXIOM Cyber in an Azure virtual machine on both Windows 10 Pro and Windows Server 2019 operating systems. Please choose the VM that meets your computing and budget requirements. For guidance, we recommend either of the following configurations:
Virtual machine | Operating system | Instance | vCPU(s) | RAM | Temporary storage |
D2ds – D64ds v4 (latest generation) | Windows 10 Pro, Windows Server 2019 | D8ds v4 | 8 | 32 GiB | 300 GiB |
D2s – D64s v4 (latest generation without temporary storage) | Windows 10 Pro, Windows Server 2019 | D8s v4 | 8 | 32 GiB | N/A |
For more information about these instance types, including pricing, visit azure.microsoft.com/en-us/pricing/details/virtual-machines/windows/.
Lastly, before you get started with running AXIOM Cyber in Microsoft Azure, you’ll want to make sure that:
- Your virtual machine must meet the minimum requirements for Magnet AXIOM Cyber listed in the System Requirements: Magnet AXIOM Cyber article.
- You have CLS licensing of AXIOM Cyber in place. To learn more about licensing AXIOM Cyber in the cloud, read this blog post: Three Reasons to License AXIOM Cyber in the Cloud.
Technical Advice Disclaimer
Magnet Forensics is dedicated to engaging with the DFIR community through our blogs and whitepapers. However, properly addressing technological issues often includes numerous variables that require independent assessment and strategies designed for each specific circumstance. Since Magnet Forensics cannot have complete insight into all variables involved in a specific situation, this blog/whitepaper is for informational purposes and should not be read as professional advice recommending techniques or technologies to address your specific situation. We do not accept responsibility for any omission, error, or inaccuracy in this blog/whitepaper or any action taken in reliance thereon.