Prerequisites for the Illumio and Armis Integration
Make sure that you have the following before you begin installing the Armis integration:
The user who onboards the connector must have an Armis account with administrator privileges
An instance of the Illumio PCE with administrator privileges
You must have set up and configured Flowlink to forward traffic from OT devices. See Flowlink Configuration and Usage.
You must add the following two new fields to your Flowlink configuration's YAML file at the root level, at the same indentation level as
pce_addr,api_key, and so forth:Add
org_id: 12345 (example)Add
pce_kafka:installation_id: armis-sitekafka_info: kafka_info.json
Note the following about the configuration file:
In the Armis configuration file, the installation_id value is now under the eventhub configuration entry. The eventhub entry also allows you to specify a path to an eventhub JSON file, such as:
pce_kafka: installation_id: armis-site kafka_info: kafka_info.json
The kafka_info field is optional for Kafka connectivity. The connection details in kafka_info.json will only be used if your PCE version does not support Flowlink configurations.
The format of kafka_info is as follows:
{
"bootstrap_servers": "coreflows-kafka-eventhub-dev-1-ns.servicebus.windows.net:9093",
"connection_string": "<connection_string>",
"max_flows_per_message": 8000,
"topic": "flowlink-flows-proto-v1"
}Note
Maintain the max_flows_per_message value at or under 8000 or your Flowlink instance might fail to send flows to Kafka.