How to Install Falcon in the Datacenter

The Falcon Platform has been built to provide best in class prevention, detection and response capabilities for the modern data center, via a lightweight agent for Windows, Linux or macOS servers. The Falcon high performance server platform SKU ensures complete, real-time and retrospective visibility into the servers that comprise the modern-day data center.

READY TO LEARN MORE?

Read Video Transcript

How to Install Falcon in the Datacenter

The Falcon platform is a perfect fit for the data center. It’s lightweight, low-impact sensor means there is no special need for a hypervisor version of the product or complicated deployment scenarios for those multiple environment types. In this demo, we’ll deploy the Falcon sensor in different types of data centers. The first two are cloud environments using AWS and Azure. The final scenario will cover a hybrid data center managed through vCenter.

In this AWS environment, we have a single EC2 Windows Server 2012 R2 instance. I’ll use RDP to connect to the host. In this scenario, we’ll log into the Falcon UI and download the installer. If you’re unfamiliar with how to install the sensor, all resources– including installers and user guides– are available in the support section of the UI.

In the download section, I’ll select the Windows installer by selecting the latest build, then clicking the Download icon. On this page is also your customer ID, or CID. I’ll copy this, as I’ll need it during the install process. Once the installer is finished downloading, I’ll launch it, accept the license agreement, and then paste my customer ID into the designated field.

Within seconds, the install process is complete. Now to verify the installation, I’ll use the Falcon UI by navigating to the host app. The hosts are listed alphabetically by hostname, but I’ll sort a host on last seen.

Since the system just checked in, it will be at or near the top. Here we see the latest host as WIN-0A2 dot, dot, dot. In our Windows 2012 instance, I’ll open the system information screen to verify the hostname and here we can see that it is the same.

CrowdStrike FalconĀ® can be installed on any supported system, whether that system is in a AWS cloud or on a desktop or in a data center. In the second scenario, we have a Windows 2016 instance in Microsoft Azure. Again, I’ll use remote desktop to log into the instance.

This time I’ve already downloaded the installer, but I’ll still need to grab the customer ID from the Falcon UI in the support app. Once I’ve copied the CID, I can open the installer, accept the license agreement, and install the sensor. Again, within a matter of seconds, the sensor has been installed.

To verify the installation, I’ll start by opening the system window and see the hostname– it is WIN2016-AZURE1. Then I’ll open the Falcon UI and the host app, and sort the database on most recently seen. Here we can see that the system is registered with the UI and the default policy has been applied.

As you can see, deployment on existing systems is quick and simple. You could also use an SCCM to manage this for larger deployments. In this last section, we’ll look at either on prem or hybrid-type scenario that is managed through vSphere. One of the advantages of data centers is the ability to quickly spin up pre-configured images.

This time, I’ll copy a pre-configured Windows 2012 server template from my data store to my resource pool. Once that is complete, you can see the newly deployed WINSERVER2012-DATACENTER demo in my resource pool. I’ll open the console to the new VM and browse to my shared folder, where I have save different Falcon sensor versions, and drag it to my desktop.

In the previous examples, I installed the sensor with a double-click. This time, I’m going to use the command line so that I can pass some additional arguments. The argument quite will install without the dialog window.

The next command, no start equals 1, will install the sensor without calling out to the cloud to get an agent ID until after a restart. This option is perfect for creating a template or standard deployment image with Falcon Prevent pre-installed. To finish the install, we still need the customer ID.

So we’ll paste that in and hit Enter to complete the install. At this point, I’ll restart my system so the sensor can get an agent ID. On reboot, the sensor checks into the cloud, acquires an ID, and gets assigned a policy based on your policy configuration.

We can verify the install in the UI. We see that our recently deployed WIN12-TEMPLATE is now listed in the host app in the Falcon UI. The Falcon Platform has been built to provide best-in-class prevention, detection, and response capabilities for the modern data center via a lightweight agent for Windows, Linux, or Mac OS servers. The Falcon high performance server platform ensures complete real-time and retrospective visibility into the servers that comprise the modern data center.

Tech Hub

  • OS icon
  • deployment icon
  • installation icon

For technical information on installation, policy configuration and more, please visit the CrowdStrike Tech Hub.

Visit Tech Hub