Skip to content

Nutanix — Prism GUI

Deploy the RTA entirely through the Prism web console (Prism Element or Prism Central). You upload both QCOW2 disks — the appliance root disk and the cidata seed disk — to the cluster's Image Service, then create a VM with both attached.

Before you start

Review the Nutanix overview. You will need the two QCOW2 disks (root + cidata) provided by your engagement lead, and access to Prism Element or Prism Central with permission to manage images and VMs.

1. Upload both images

Upload the root disk and the cidata seed disk as two separate images.

Prism Element — Settings → Image Configuration → Upload Image

Prism Central — Compute & Storage → Images → Add Image

For each disk, fill in the upload form:

  1. Name: rta-root for the root disk and rta-cidata for the seed disk (or any names you'll recognize)
  2. Image Type: Disk
  3. Storage Container: select an appropriate container (e.g. default, or as directed by your Nutanix administrator — placeholder: <CONTAINER>)
  4. Source: choose From URL and paste the disk's URL, or choose Upload a file and select the downloaded QCOW2.
  5. Click Save (Prism Element) or Next → Save (Prism Central).

Repeat for the second disk so you end up with two Active images.

Each import runs in the background. Wait for both images to show Active before proceeding.

Image reuse

You only need to upload the images once per cluster. Each RTA VM clones its disks from these images, so the sources are never consumed.

2. Create the VM

Prism Element — VM → + Create VM

Prism Central — Compute & Storage → VMs → Create VM

General settings

Field Value
Name rta (or your preferred name)
vCPU(s) 4
Cores per vCPU 1
Memory 8 GB

Disks

Add both disks — the root disk first (it becomes the boot disk), then the cidata seed disk.

  1. Under Disks, click + Add New Disk.
  2. Set Operation to Clone from Image Service.
  3. Select the root image you uploaded in step 1 (rta-root).
  4. Leave Bus Type as SCSI and capacity at 40 GiB (or adjust up — do not go below 40 GiB).
  5. Click Add.
  6. Click + Add New Disk again, set Operation to Clone from Image Service, and select the cidata image (rta-cidata). Leave Bus Type as SCSI. Click Add.

You should now have two SCSI disks on the VM: the 40 GiB root disk and the small cidata disk.

Attach both disks — the cidata disk carries the appliance identity

Without the cidata seed disk the appliance has no engagement identity and will not register. Make sure both disks are attached before you power on.

Prism Element: disk capacity is greyed out on first add

In Prism Element, the capacity field for a cloned disk is sometimes uneditable in the creation wizard. Create the VM first, then immediately edit it to resize the disk if needed. Do not attach the disk, resize it, and click Save all in one flow — that triggers a "Container UUID is required" error.

Boot / Firmware

In the VM creation wizard, locate the Boot Configuration section:

  • Set Boot Type to UEFI.
  • Leave Secure Boot unchecked / disabled.

Default is Legacy BIOS — you must change it

Nutanix defaults every new VM to Legacy BIOS. The RTA image will not boot on Legacy BIOS. Confirm UEFI is selected before saving.

Network

  1. Under Network Adapters (NIC), click + Add New NIC.
  2. Set Network to the VLAN or network that has Layer-2 access to the engagement targets (placeholder: <NETWORK> — provided by your engagement lead).
  3. Leave other settings at their defaults.
  4. Click Add.

Save and power on

Click Save to create the VM, then select it in the VM list and click Power On.

Verify

Once the VM powers on, open the VM console:

Select the VM → Launch Console (Prism Element) or Actions → Launch Console (Prism Central).

The appliance is customized for your engagement (the cidata disk carries its identity), so it boots already registered and connects to the Sophos headend over the outbound VPN tunnel automatically — there is no activation step. The console shows a live status and troubleshooting dashboard (network interface, VPN tunnel, connectivity health). You do not normally need to log in.

Default admin user

The local admin account is swag. Credentials are provided separately by your engagement lead if console or SSH access is required.

Network access

The appliance makes one connection to do its job: an outbound tunnel to the Sophos headend. Nothing inbound is ever required — you never open or forward any ports to the appliance.

Allow this outbound destination
Destination connect.remotetesting.secureworks.com
IP addresses 3.33.194.251 and 15.197.255.2 (static — these do not change)
Port / protocol TCP 443, carrying OpenVPN (not HTTPS)
Direction Outbound only

Allow egress on TCP/443 to that destination from the appliance's network. On a next-generation firewall or NAC-controlled network, an L3 "allow 443" rule is often not enough — Layer-7 application control, TLS/SSL decryption, or NAC can still drop the tunnel even when the port is open. See Connectivity Troubleshooting for the exact firewall and NAC exceptions to request.

Troubleshooting

Deployed but something isn't right?

See Nutanix troubleshooting for the most common issues on this platform and how to fix them.