>
    Strata Copilot
    Deploy Universal Agent on Virtual Machines
    Focus
    Download PDF
    Focus
    1. Home
    2. Autonomous DEM
    3. Deploy Universal Agent to Monitor SD-WAN
    4. Deploy Universal Agent on Virtual Machines
    Download PDF
    Autonomous DEM

    Deploy Universal Agent on Virtual Machines

    Table of Contents

    Deploy Universal Agent on Virtual Machines

    Deploy ADEM Universal Agent VMs on VMware, Hyper-V, VirtualBox, or KVM for flexible, consistent network monitoring across diverse environments managed by Strata™ Cloud Manager.
    Where Can I Use This?What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • ADEM or Strata Cloud Manager Pro license
    • Prisma Access license
    • Access to the Palo Alto Networks® image store
    • Access to Palo Alto Networks® image repository
    • Recommended host hardware specifications- 2 virtual CPUs, 1GB RAM, 2GB storage after installation
    The ADEM Universal Agent can be deployed on Virtual Machines (VMs) in addition to current container deployments. You can deploy Universal Agent on VMs running on-premises or hypervisor-based infrastructure. The supported hypervisors are Vmware ESXi, Oracle VirtualBox, Microsoft Hyper-V, and KVM. The Universal Agent deployment procedure varies based on the hypervisor types. The first step to the Universal Agent deployment is to generate and download deployment assets required to install the agent on your hypervisor.
    Generate and Download Deployment Assets
    1. Login to Strata Cloud ManagerSettingsAccess Experience ManagementUniversal AgentAdd Agent
    2. Select Virtual Machine as the installation type to enable VM-specific configuration options.
    3. Select your VM Type from the dropdown menu, for example, ESXi. This ensures the system provides the appropriate base VM image and configuration options for your hypervisor.
    4. Select the Quantity as Single for single agent deployment or Bulk for multiple agents.
    5. Configure Network Settings; select In-band or Out-of-band Management. These settings define how the agent VM communicates with your network.
      • In-band Management (Single NIC): Use this if you want application traffic and management data to share the same interface.
      • Out-band Management (Dual NICs): This separates management traffic on NIC1 and application/CPE traffic on NIC2 for better security and performance.
    6. Enter a Hostname Prefix to be assigned to the VM (for example, Appliance-srv-). This helps in identifying the machine within your local DNS or DHCP logs.
    7. Enter the IP addresses of the DNS servers the agent should use.
    8. Choose DHCP to automatically assign network settings to the agent, or Static IP to manually configure a fixed IP address, Subnet Mask, and Gateway.
    9. Click Generate Deployment Assets. This triggers the download of the bootstrap.iso file and the base VM image (for example, an .ova file for ESXi, vhdx file for Hyper V).
      The bootstrap token embedded in the ISO typically expires after 12 hours.
      The VM image file contains the pre-packaged containerized agent, while the bootstrap.iso contains dynamic configuration specific to your template.
      Note: When you click Generate Deployment Assets, the ISO file downloads first, followed by the OVA file. Because the OVA file is significantly larger, it will take longer to download. Note that the user interface does not show a progress indicator, but the download should complete within a few minutes.
    10. Confirm any browser prompts for multiple downloads.

    © 2026 Palo Alto Networks, Inc. All rights reserved.