enVision_hardware_guide.pdf

RSA enVisionHardware Setup and Maintenance Guide

60 Series

Contact InformationGo to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com

TrademarksRSA, the RSA Logo, RSA enVision, RSA Event Explorer and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective Copyright 2012 EMC Corporation. All Rights Reserved. Published in the USA.June 2012

owners. For a list of EMC trademarks, go to www.rsa.com/legal/trademarks_list.pdf.

License agreementThis software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.This software is subject to change without notice and should not be construed as a commitment by EMC.

Third-party licensesThis product may include software developed by parties other than RSA. The text of the license agreements applicable to third-party software in this product may be viewed in the thirdpartylicenses.pdf file.Portions of this application include technology used under license from Visual Mining, Inc. 2000 - 2010.Portions of this application include iAnywhere technology, 2001 - 2010.

Note on encryption technologiesThis product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption technologies, and current use, import, and export regulations should be followed when using, importing or exporting this product.

DistributionUse, copying, and distribution of any EMC software described in this publication requires an applicable software license.

EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

RSA enVision Hardware Setup and Maintenance GuideContentsPreface................................................................................................................................... 7

About This Guide................................................................................................................ 7Terminology Used in this Document .................................................................................. 7RSA enVision Documentation............................................................................................ 7Related Documentation....................................................................................................... 8Support and Service ............................................................................................................ 9

Before You Call Customer Support............................................................................. 9

Chapter 1: Overview of the RSA enVision Platform ................................11RSA enVision Sites............................................................................................................11

Chapter 2: Appliance Layout................................................................................. 13Front Panel ........................................................................................................................ 13

LCD Panel Features ................................................................................................... 15Hard Drive Indicators ................................................................................................ 16

Back Panel......................................................................................................................... 17Power Indicator Codes............................................................................................... 19

Chapter 3: Single Appliance Site ........................................................................ 21Single Appliance Site Overview ....................................................................................... 21Setup and Configuration Tasks - Single Site .................................................................... 21Set Up a Single Appliance Site ......................................................................................... 22Configure the RSA DAS 2000.......................................................................................... 24Configure Free Space on the RSA enVision DAS-2000 .................................................. 25

Chapter 4: Multiple Appliance Site .................................................................... 27Multiple Appliance Site Overview ................................................................................... 27Setup and Configuration Tasks - Multiple Appliance Site ............................................... 28Set Up a Multiple Appliance Site ..................................................................................... 28Cabling Examples ............................................................................................................. 32Enhanced Availability....................................................................................................... 38

Chapter 5: Remote Collector Site ....................................................................... 39Remote Collector Site Overview ...................................................................................... 39Setup and Configuration Tasks - Remote Collector Site .................................................. 39Set Up a Remote Collector Site ........................................................................................ 40

Chapter 6: Adding an Appliance to an Existing Site .............................. 43Prepare to Add an Appliance ............................................................................................ 43

Determine Whether to Update Files on the D-SRV1 ................................................ 44Update Files on the D-SRV1 ..................................................................................... 44

Add an LC, A-SRV, or D-SRV to a Site .......................................................................... 45Add an RC to a Site........................................................................................................... 47

Chapter 7: NAS Configuration .............................................................................. 49Supported NAS Storage for RSA enVision ...................................................................... 49Contents 3

RSA enVision Hardware Setup and Maintenance GuideStorage Specifications....................................................................................................... 50NAS Configuration Values for VNX................................................................................ 51

Creation of Storage Pools .......................................................................................... 52Network Interface Configuration............................................................................... 52Creation of the File Systems...................................................................................... 52Creation of the Standalone CIFS Server.................................................................... 54Creation of the CIFS Shares ...................................................................................... 55iSCSI Configuration Settings..................................................................................... 57Enable E-mail Connect Home ................................................................................... 60Proxy Address Resolution Protocol ........................................................................... 61

NAS Configuration Values for Celerra............................................................................. 62Creation of Storage Pools .......................................................................................... 62Network Interface Configuration............................................................................... 63Creation of the File Systems...................................................................................... 63Creation of the Standalone CIFS Server.................................................................... 65Creation of the CIFS Shares ...................................................................................... 67iSCSI Configuration Settings..................................................................................... 68Enable Celerra Connect Home .................................................................................. 71Proxy Address Resolution Protocol ........................................................................... 71

Chapter 8: Factory Reimaging and Typing................................................... 73Factory Reimaging and Typing an Appliance .................................................................. 73

Disable Virtual Drives ............................................................................................... 73Reimage the Appliances ............................................................................................ 74Factory Type the Appliances ..................................................................................... 74

Appendix A: Hardware Specifications............................................................. 77Hardware Location Requirements .................................................................................... 77ES Appliance Specifications ............................................................................................. 78LS Appliance Specifications ............................................................................................. 79Appliance Specifications................................................................................................... 80ES Storage Array Specifications....................................................................................... 82LS Storage Array Specifications....................................................................................... 83

Rack Specifications for ENV-NAS53-1 and ENV-NAS53-2 ................................... 86Rack Specifications for RSA NAS 3500 and RSA NAS 7000.................................. 87

LS Network Switch Specifications ................................................................................... 88Appliance Rack Specifications ......................................................................................... 89Safety and Regulatory Statements .................................................................................... 90

Caution....................................................................................................................... 90

Appendix B: Changing Passwords ................................................................... 91Passwords for the RSA enVision Platform and the NAS ................................................. 91Change Passwords on the NAS......................................................................................... 92Change Passwords on the enVision Appliance Using the Password Manager Utility ..... 93Verify Remote Collector Connectivity ............................................................................. 95Change the DRAC (root) Password .................................................................................. 954 Contents

RSA enVision Hardware Setup and Maintenance GuideVerify Read/Write Permissions After Changing Passwords............................................. 95Verify Permissions on D-SRVs ................................................................................. 95Verify Permissions on Collectors .............................................................................. 96Verify Permissions on A-SRVs ................................................................................. 96

Additional Passwords........................................................................................................ 98Troubleshooting ................................................................................................................ 99

Change Passwords that were Accidentally Updated Manually ................................. 99

Glossary ........................................................................................................................... 101Contents 5

RSA enVision Hardware Setup and Maintenance GuidePreface

About This GuideThis guide contains information on setting up and maintaining your RSA enVision hardware appliance. Use this guide in conjunction with the Configuration Guide. It is intended for system administrators who need to setup an enVision appliance.

Terminology Used in this Document

GB versus INF

This document uses the Gigabit ethernet switches convention (GB) for all references to network switches. The operating system naming convention of INF is not used in this document.

NAS (Network Attached Storage)

The following naming convention is used in this document:

RSA enVision DocumentationFor information about the RSA enVision platform, see the following documentation:

Release Notes. Provides information about what is new and changed in this release, as well as workarounds for known issues. The latest version of the Release Notes is available on RSA SecurCare Online at https://knowledge.rsasecurity.com.Overview Guide. Provides an introduction to RSA enVision platform features and capabilities.

Term Description

NAS Any supported network attached storage, or third-party network attached storage that meets minimum requirements.

RSA NASRSA NAS 3500RSA NAS 7000

Celerra NS-120

ENV-NAS53-1ENV-NAS53-2

VNX 5300 with 15 disksVNX 5300 with 30 disks Preface 7

RSA enVision Hardware Setup and Maintenance GuideHardware Setup and Maintenance Guide. Provides instructions on setting up and maintaining RSA enVision appliances. Intended audience is the system administrator.Configuration Guide. Provides instructions on configuring an RSA enVision site. Intended audience is the system administrator.Migration Guide. Provides instructions on migrating data from a previous version of the RSA enVision platform to the current version.Virtual Deployment Guide. Provides instructions on installing an RSA enVision single appliance site or Remote Collector on a virtual infrastructure.Administrators Guide. Provides instructions on the basic setup and maintenance of the RSA enVision platform. Includes instructions for the most common administrator tasks.Users Guide. Provides information that helps users to get started using the RSA enVision platform. Includes instructions for the most common user tasks.Backup and Recovery Guide. Provides instructions on backing up an RSA enVision system and recovering from a hardware failure.Security Configuration Guide. Provides an overview of security configuration settings in the RSA enVision platform.Universal Device Support Guide. Describes how to add log collection and analysis support for event sources that the RSA enVision platform does not support.RSA enVision Help. Provides comprehensive instructions on setting up RSA enVision processing options and using RSA enVision analysis tools.

RSA continues to assess and improve the documentation. Check RSA SecurCare Online for the latest documentation.

Related DocumentationFor information about the RSA enVision Event Explorer module, see the following documentation:

Release Notes. Provides information about what is new and changed in this release, as well as workarounds for known issues.Installation Guide. Provides instructions on installing the RSA enVision Event Explorer module on your client machine in separate guides for Microsoft Windows and Apple Macintosh operating systems. Intended audience is the end user.RSA enVision Event Explorer Help. Provides comprehensive instructions on setting up and using the RSA enVision Event Explorer module.

For information about the RSA enVision EventSource Integrator, see the following documentation:

Release Notes. Provides information about what is new and changed in this release, as well as workarounds for known issues.8 Preface

RSA enVision Hardware Setup and Maintenance GuideOverview Guide. Provides an introduction to RSA enVision EventSource Integrator features and capabilities.RSA enVision EventSource Integrator Help. Provides comprehensive instructions on using RSA enVision Event Source Integrator.

Support and Service

RSA SecurCare Online offers a knowledgebase that contains answers to common questions and solutions to known problems. SecureCare Online also offers information on new releases, important technical news, and software downloads.The RSA Secured Partner Solutions Directory provides information about third-party hardware and software products that have been certified to work with RSA products. The directory includes Implementation Guides with step-by-step instructions and other information about interoperation of RSA products with these third-party products.

Before You Call Customer SupportMake sure that you have direct access to the computer running the RSA enVision software. Please have the following information available when you call: One of the following:

On a 60-series appliance, the serial number of the appliance.You can find the seven-character serial number on the chassis tag on the back of the appliance, or open a Dell Openmanage Server Administrator session, and click System > Properties > Summary to find the serial number in the chassis service tag field.

On a virtual appliance, the serial number of the RSA enVision software.Open the C:\WINDOWS\system32\drivers\etc\Nie-oe.dat file, and locate the line that begins with S/N=.

RSA enVision software version number. The name and version of the operating system under which the problem occurs. On a virtual appliance, the VMware ESX or ESXi server details.

RSA SecurCare Online https://knowledge.rsasecurity.com

Customer Support Information www.rsa.com/support

RSA Secured Partner Solutions Directory www.rsasecured.com Preface 9

RSA enVision Hardware Setup and Maintenance Guide1 Overview of the RSA enVision PlatformThe RSA enVision platform is a feature-rich compliance and security application. It allows you to capture and analyze log information automatically from your network, security, application, operating, and storage environments. The enVision LogSmart Internet Protocol Database (IPDB) collects and protects all the data from any network device automatically, without filtering. The enVision platform gives you an accurate picture of how your network is being used, and by whom. It independently monitors your network to verify security policies, generates alerts for possible compliance breaches, and analyzes and reports on network performance.The enVision platform is tightly coupled with its underlying appliance operating system and hardware, and together they make up a highly scalable platform that provides guaranteed levels of performance.The enVision platform is made up of three components:

Application Server. Supports interactive users and runs the suite of analysis tools.Collector. Captures incoming events.Data Server. Manages access and retrieval of captured events.

RSA enVision SitesThe RSA enVision platform is deployed on a site basis. The enVision components are deployed based on the type of site that you have. The two types of sites are:

Single appliance site. The ES series appliances are designed to operate in a stand-alone, non-distributed mode. They have all three enVision componentsApplication, Collector, and Databaseinstalled on one appliance. The single appliance is a site. Some single appliance sites have an external storage system.For information on single appliance sites, see Chapter 3, Single Appliance Site. 1: Overview of the RSA enVision Platform 11

RSA enVision Hardware Setup and Maintenance GuideMultiple appliance site. The LS series appliances are designed to operate in a distributed installation. Each enVision componentApplication Server, Collector, and Data Serveris on its own appliance. The appliances together form a site. Distributed multiple appliance sites allow multiple installations of any of the three appliance types to be deployed to manage the variety of network infrastructures found in production environments. All multiple appliance sites have external storage systems.For information on multiple appliance sites, see Multiple Appliance Site on page 27.For information on connecting a remote collector site with a multiple appliance site, see Remote Collector Site on page 39.12 1: Overview of the RSA enVision Platform

RSA enVision Hardware Setup and Maintenance Guide2 Appliance LayoutThe appliance layouts of the ES and LS series appliance hardware types are the same. The internal specifications of the ES and LS series appliance hardware differ. The following topics provide information on the appliance layout, and briefly describe the function of buttons on the: Front Panel Back PanelFor information on hardware specifications, see Hardware Specifications on page 77.

Front PanelThe following figure shows the front panel of the RSA enVision appliance.

21 4 5 6 7 983

10

ItemIndicator, Button, or Connector

Icon Description

1 Information tag Slide-out label panel for system information, including the enVision appliance model number.

2 Power-on indicator, power button

Lights when the system power is on.The power button is configured to disable accidental power down of the appliance.2: Appliance Layout 13

RSA enVision Hardware Setup and Maintenance Guide3 NMI button Use to troubleshoot software and device driver errors.Use this button only if directed to do so by Customer Support or by the operating system documentation. (Use the end of a paper clip to press this button.)

4 USB connectors (2)

Use to connect USB 2.0-compliant devices to the system.

5 Video connector

Use to connect a monitor to the system.

6 LCD menu buttons

Allows you to navigate the control panel LCD menu.

7 LCD panel Provides system ID, status information, and system error messages. The LCD lights blue during normal system operation. The LCD lights amber when the system needs attention, and the LCD panel displays an error code followed by descriptive text.

Note: If the system is connected to AC power and an error has been detected, the LCD lights amber regardless of whether the system has been powered on.

8 System identification button

Use to locate a particular system within a rack. When you push this button, the LCD panel on the front and the system status indicator on the back flash blue until you push the button again. There is also a system identification button on the back panel.

9 Optical drive (CD/DVD)

One CD/DVD drive.

10 Hard Drive Bays (6)

Six 3.5-inch hot-swappable hard drive bays. The LS series Application Server (A-SRV) is fully populated with six hard drives while all other appliance types contain only two hard drives.


Icon Description14 2: Appliance Layout

RSA enVision Hardware Setup and Maintenance GuideLCD Panel FeaturesThe LCD panel provides system information and status messages to indicate that the system is operating correctly or that the system needs attention.The LCD backlight lights blue during normal operating conditions and lights amber to indicate an error condition. When the system is in standby mode, the LCD backlight is off. To turn on the LCD backlight, press the Select button on the LCD panel.The following figure shows the LCD panel.

1 2 3 4

Item Description

1 Moves the cursor back in one-step increments.

2 Selects the menu item highlighted by the cursor.

3 Moves the cursor forward in one-step increments.During message scrolling: Press once to increase scrolling speed. Press again to stop. Press again to return to default scrolling speed.

4 Use to locate a particular system within a rack. When you push this button, the LCD panel on the front and the system status indicator on the back flash blue until you push the button again. There is also a system identification button on the back panel.2: Appliance Layout 15

RSA enVision Hardware Setup and Maintenance GuideHard Drive IndicatorsThe hard drive carriers have two indicators: Drive-activity indicator Drive-status indicatorThe following figure shows the hard drive indicators.

In RAID configurations, the drive-status indicator lights display different patterns as drive events occur in the system. The drive indicator patterns for RAID hard drives are shown in the following table.

Item Description

1 Drive-status indicator (green and amber)

2 Drive-activity indicator (green)

Drive-Status Indicator Pattern Drive Condition

Blinks green two times per second Identify drive/preparing for removal

Off Drive ready for insertion or removal

Blinks green, amber, and off Drive predicted failure

Blinks amber four times per second Drive failed

Blinks green slowly Drive rebuilding

Steady green Drive online

Blinks green three seconds, amber three seconds, and off six seconds

Rebuild aborted16 2: Appliance Layout

RSA enVision Hardware Setup and Maintenance GuideBack PanelThe following figure shows the back panel of the RSA enVision appliance.

1

8 9 10 11 13 14 15127

2 3 4 5 6


Icon Description

1 PCIe slot1 PCI Express x4-link (Generation 2) expansion slot (2.881 inch full-height, 12.2 inch length)

2 PCIe slot 2 PCI Express x4-link (Generation 2) expansion slot (2.881 inch low-profile, 9.5 inch length)

3 PCIe slot 3 PCI Express x8-link (Generation 2) expansion slot (4.376 inch full-height, 9.5 inch length)

4 PCIe slot 4 PCI Express x8-link (Generation 2) expansion slot (4.376 inch full-height, 9.5 inch length)

5 Power supply 1 570-W power supply

6 Power supply 2 570-W power supply

7 VFlash media slot

Use to connect an external secure digital (SD) memory for the optional iDRAC6 enterprise card.

8 iDRAC6 enterprise port

Dedicated management port for the iDRAC6 Enterprise card.

9 Serial connector

Use to connect a serial device to the system.

10 Video connector

Use to connect a VGA display to the system.

11 USB connectors (2)

Use to connect USB 2.0-compliant devices to the system.2: Appliance Layout 17

RSA enVision Hardware Setup and Maintenance Guide12 Ethernet connectors (4)

Integrated 10/100/1000 NIC connectors labeled GB1, GB2, GB3, GB4 from left to right.

13 System status indicator connector

Use to attach a system indicator extension cable that is used on a cable management arm.

14 System status indicator

Power-on indicator.

15 System identification button

Use to locate a particular system within a rack. When you push this button, the LCD panel on the front and the system status indicator on the back flash blue until you push the button again. There is also a system identification button on the front panel.


Icon Description18 2: Appliance Layout

RSA enVision Hardware Setup and Maintenance GuidePower Indicator CodesAn LED indicator on the power button indicates when power is supplied to the system and the system is operational.The power supplies have an indicator that shows whether power is present or whether a power fault has occurred.The following figure shows the power supply and the power supply status button.

Power supply status The power supply statuses are as follows: Not litAC power is not connected. GreenPower supply is operational. AmberProblem with power supply.Green and amber (alternating)Power supply is mismatched with the other power supply (a high-output 870-W power supply and an Energy Smart 570-W power supply are installed in the same system). Replace the power supply that has the flashing indicator with a power supply that matches the capacity of the other installed power supply.2: Appliance Layout 19

RSA enVision Hardware Setup and Maintenance Guide3 Single Appliance SiteThe RSA enVision platform can be deployed in different ways based on the type of site that you have planned. The following topics provide information on the single appliance site: Single Appliance Site Overview Setup and Configuration Tasks - Single Site Set Up a Single Appliance Site Configure the RSA DAS 2000 Configure Free Space on the RSA enVision DAS-2000

Single Appliance Site OverviewThe ES series appliances are designed to operate in a stand-alone, non-distributed mode. The ES appliances have all three RSA enVision componentsApplication, Collector, and Databaseinstalled on one appliance. The single appliance is a site.The two enVision appliance series used for single appliance sites are:

ES series with local storage. The ES series appliances can manage up to 2,500 sustained events per second (EPS) from up to 400 event sources without sacrificing any of the real-time or historical analysis.ES series with external storage. Designed for the enterprise where large numbers of event sources are often deployed to enforce, monitor, and manage security.

There are different models within each of these series. The appliance model that you use depends on your needs. For more information, see ES Appliance Specifications on page 78.

Note: Starting with the enVision 4.1 platform, you can deploy a single appliance site on a virtual infrastructure. For information, see the Virtual Deployment Guide.

Setup and Configuration Tasks - Single SiteYou must perform the following tasks to set up and configure a single appliance site.

Task Reference

1. Plan the installation. Complete the planning worksheet.

Configuration Wizard Planning Worksheet - Single Appliance Site in the Configuration Guide3: Single Appliance Site 21

RSA enVision Hardware Setup and Maintenance GuideSet Up a Single Appliance Site

Important: Before you set up your hardware, review Safety and Regulatory Statements on page 90.

To set up a single appliance site:

1. Plan the installation. Complete the Configuration Wizard Planning Worksheet - Single Appliance Site in the chapter Single Appliance Site in the Configuration Guide.

2. Select a hardware setup location that meets the requirements for the current installation and for future growth. For location requirements, see Hardware Specifications on page 77. For information on installing the appliance, see the manufacturers documentation.

2. Set up the RSA enVision appliance hardware.

Set Up a Single Appliance Site on page 22

3. Connect to the appliance remotely using DRAC or using a KVM switch.

Dell Remote Access Controller Utility in the Configuration Guide

Connect to the Appliance Using a Keyboard, Monitor, and Mouse in the Configuration Guide

4. Configure the single appliance site. Configure a Single Appliance Site in the Configuration Guide

5. Install content updates. Content Updates in the Configuration Guide

Task Reference22 3: Single Appliance Site

RSA enVision Hardware Setup and Maintenance Guide3. Connect the ES appliance to the LAN (through ethernet connector GB1).

4. If your ES appliance has an external DAS storage, connect the storage system to the ES appliance (through ethernet connector GB2). Connect a cable from GB2 on the ES appliance to the MGMT port on the RSA DAS 2000. For instructions, see Configure the RSA DAS 2000 on page 24.

Note: You can connect to the management UI on the RSA DAS 2000 at http://10.203.2.90.

5. Connect each of the power cords to a different power circuit for increased reliability and availability.

6. If you are using external storage, power on the storage appliance. For instructions, refer to the storage system documentation. Wait five minutes until the external storage is powered on.

7. Power on the ES appliance.8. Complete the enVision site configuration, using the enVision Configuration

Wizard. For instructions, see Single Appliance in the Configuration Guide.3: Single Appliance Site 23

RSA enVision Hardware Setup and Maintenance GuideConfigure the RSA DAS 2000If your ES appliance has a DAS 2000 external storage array, perform the following steps to configure the external DAS.

Note: This configuration deletes the existing data on the DAS 2000.

To configure the DAS 2000:

1. Connect the network and power cables as follows: LAN to the public network SWITCH (GB1) to the 0-iSCSI port on the attached storage array GB2 to the Management LAN port on the attached storage array

2. Configure the following network interfaces: SWITCH (GB1) address:

IP Address: 10.203.2.11 Subnet Mask: 255.255.255.0 Gateway: Leave blank DNS: Leave blank

GB2 address: IP Address: 10.203.3.11 Subnet Mask: 255.255.255.0 Gateway: Leave blank DNS: Leave blank24 3: Single Appliance Site

RSA enVision Hardware Setup and Maintenance Guide3. Follow these steps to run the iSCSI setup script:a. Open a command prompt, and change directories to C:\Program Files

(x86)\EMC\Navisphere CLI.b. Type:

ax150-iscsi-setup NIC 10.203.2.103

4. Follow these steps to configure the drives on the storage array:a. To scan for drives and configure two logical partitions, at a command prompt,

type:disk-init.bat

b. When prompted to format G: and H: drives, type Y. Formatting could take up to one hour per drive.

5. Continue the setup of the single appliance site, as described in the preceding section, Set Up a Single Appliance Site.

Configure Free Space on the RSA enVision DAS-2000The DAS 2000 has additional free space that has not been pre-configured. You can configure and use the storage as needed for use with the RSA enVision appliance.

To configure free space on RSA enVision DAS-2000:

1. Log into the DAS-2000 from the enVision appliance by performing the following steps:a. Open a web browser and navigate to http://10.203.3.90.b. Answer Yes to the Security Alert message.c. Login to the DAS management console. For instructions, see the

corresponding DAS documentation.2. On the left navigation window, click on Disk Pools and check the total free space

for each pool. 3. Create new Logical Unit Numbers (LUNs) from the available free space by

performing the following steps:a. On the left navigation window, click on Virtual Disks.b. Select the number of virtual disks for the new LUN.c. Enter a name and the desired capacity for the new LUN.d. Select NICAPPLIANCE as the server to assign the new LUN. e. Click Apply and wait for the process to complete.

4. Verify that the new LUN has been created by performing the following steps:a. To view the new LUN, click the link View all virtual disks that have been

created so far.b. Click on the LUN name to view details about the LUN.3: Single Appliance Site 25

RSA enVision Hardware Setup and Maintenance Guidec. Review the properties of the LUN and ensure that it is assigned to NIC.5. You must format the new LUN for use with the enVision platform. Perform the

following steps on the enVision appliance:a. Open the disk management window. Click Start > Run, type diskmgmt.msc

and press Enter. The new LUN appears as Unallocated in the lower pane of the disk management window.

b. Before partition, run the Initialize and Convert Disk Wizard by following the instructions in the wizard.

c. Right-click on the unallocated disk and select New Partition.d. Specify the following settings in the New Partition wizard:

Partition type: Primary partition Partition size in MB: Leave default size Drive letter: Select desired drive letter File system: NTFS Allocation unit size: 64K Volume label: NIC4

e. Click Next.f. Click Finish.

6. Add the new partition as an additional storage for use with the enVision platform. Perform the following steps:a. Log into the enVision application GUI at https://:443.b. Click System Configuration > Directories > Manage Storage Locations.c. Click the Add button and point to the path of the newly created drive, for

example, K:\The new drive appears in the Manage Storage Locations window.26 3: Single Appliance Site

RSA enVision Hardware Setup and Maintenance Guide4 Multiple Appliance SiteThe RSA enVision platform can be deployed in different ways based on the type of site that you have planned. The following topics provide information on the multiple appliance site: Multiple Appliance Site Overview Setup and Configuration Tasks - Multiple Appliance Site Set Up a Multiple Appliance Site Cabling Examples Enhanced Availability

Multiple Appliance Site OverviewThe LS series appliances are designed to operate in a distributed installation. Each RSA enVision componentApplication, Collector, and Databaseis on its own appliance. The appliances together form a site. Distributed multiple appliance sites allow multiple installations of any of the three appliance types to be deployed to manage the variety of network infrastructures found in production environments. All multiple appliance sites use external storage systems.Each multiple appliance site contains the following hardware items: RSA enVision appliances Storage system Network switch Appliance rackFor a complete explanation of multiple appliance sites and multiple site deployments, and for instructions on configuring enVision on these sites, see the chapter Multiple Appliance Site in the Configuration Guide. For information on the hardware items, see Hardware Specifications on page 77.4: Multiple Appliance Site 27

RSA enVision Hardware Setup and Maintenance GuideSetup and Configuration Tasks - Multiple Appliance SiteYou must perform the following tasks to set up and configure a multiple appliance site.In a multiple site domain, you must repeat the first three tasks on each site except for Task 5. Also task 4 only needs to be performed once in a NIC domain.

Set Up a Multiple Appliance Site


Task Reference

1. Plan the installation. Complete the Configuration Wizard Planning Worksheet.

Configuration Wizard Planning Worksheet - Multiple Appliance Site in the Configuration Guide


Set Up a Multiple Appliance Site on page 28

3. Connect to the Data Sever (D-SRV or DS1 if there are multiple D-SRVs) appliance remotely using DRAC or using a KVM switch.

Dell Remote Access Controller Utility in the Configuration Guide


4. Configure the multiple appliance site.

Configure a Multiple Appliance Site in the Configuration Guide

5. (Optional) Configure the additional D-SRVs to handle specific service requests.

Preferred or Dedicated D-SRVs for Reports or Event Data Interchange in the Configuration Guide

6. Verify that replication is working correctly within the NIC domain.

NIC DB Replication in the Configuration Guide

7. (Optional) Install the Task Triage database.

Task Triage Database Setup in the Configuration Guide

8. Install content updates. Content Updates in the Configuration Guide28 4: Multiple Appliance Site

RSA enVision Hardware Setup and Maintenance GuideTo set up a multiple appliance site:

1. Plan the installation. Complete the Configuration Wizard Planning Worksheet - Multiple Appliance Site in the chapter Multiple Appliance Site in the Configuration Guide.

2. Select a hardware setup location that meets the requirements for the current installation and for future growth. For location requirements, see Hardware Specifications on page 77. For information on installing the appliance, see the manufacturers documentation.

3. Connect the storage system. Note the IP address for the storage device in the Identify External Storage section of the Configuration Wizard Planning Worksheet - Multiple Appliance Site in Multiple Appliance Site in the Configuration Guide.

4. Connect each LS appliance in the site to the LAN (through ethernet connector GB1) and the switch (through ethernet connector GB2).

Note: Ignore any warning messages that you receive about IP conflicts when you are making the physical connections to the LAN.4: Multiple Appliance Site 29

RSA enVision Hardware Setup and Maintenance Guide5. Connect each of the power cords to a different power circuit for increased reliability and availability. For powerline redundancy, the appliance and the switch have dual power supplies.

6. Power on the storage system. For instructions, refer to the storage system documentation. Wait five minutes.

7. Power on the network switch and LS appliances.The LS Typing Wizard starts automatically on the appliances.If you click Cancel at any time while using the wizard, you must restart the wizard to type the appliance. To restart the wizard, double-click the lsconfigurationwizard.exe file in the C:\windows\installations directory.

8. On each appliance in the site, follow these steps to assign the LS appliance type:30 4: Multiple Appliance Site

RSA enVision Hardware Setup and Maintenance Guidea. Connect to the appliance.b. Select the LS checkbox.c. Select one of the following LS types for the appliance:

AS1 (Application Server) AS2 (Application Server) AS3 (Application Server) DS1 (Database Server) DS2 (Database Server) DS3 (Database Server) DS4 (Database Server) RC (Remote Collector) LC1 (Local Collector) LC2 (Local Collector) LC3 (Local Collector)

d. Click Next.e. Verify that the information is correct, and click Finish.

If the information is not correct, click Cancel.9. Apply the appropriate labels for the appliance type to the front and back of the

appliance to identify it.10. Repeat step 8 to step 9 for each appliance in your site.11. Complete the enVision site configuration using the enVision Configuration

Wizard. For instructions, see Multiple Appliance Site in the Configuration Guide.4: Multiple Appliance Site 31

RSA enVision Hardware Setup and Maintenance GuideCabling ExamplesThis section shows examples of cabled multiple appliance sites.The following figure shows an example of a multiple appliance site with a Local Collector (LC), an Application Server (A-SRV), and a Database Server (D-SRV). The site is connected to the switch. The switch is connected to the ENV-NAS53-1 or ENV-NAS53-2 (external storage).32 4: Multiple Appliance Site

RSA enVision Hardware Setup and Maintenance GuideThe following figure shows an example of a multiple appliance site with a Local Collector (LC), an Application Server (A-SRV), and a Database Server (D-SRV). The site is connected to the switch. The switch is connected to the RSA NAS 3500 or RSA NAS 7000 (external storage).

DO NOTREMOVE

DO NOTREMOVE

DO NOTREMOVE

DO NOTREMOVE

0

1

2

3

0

1

2

3

0

1

0

1

B E 0 B E 1

cge 0 cge 1

B E 0 B E 1

B

A

SP

Aux 0 Aux 1 Aux 0 Aux 1

10/ 10010/ 100 cge 2 cge 3 cge 0 cge 1 cge 2 cge 3

3210

7654

046-002-567_A02

046-002-567_A02

B

A

2 MIN

2 M

IN

No Serviceable Parts W

ithinNe contient pas de pieces reparablesNo contiene piezas reparablesEnthalt keine reparierbaren TeileNon contlene parti riparabili

No S

ervic

eabl

e Pa

rts W

ithin

Ne c

ontie

nt p

as d

e pi

eces

repa

rabl

esNo

con

tiene

pie

zas

repa

rabl

esEn

thal

t kei

ne re

parie

rbar

en Te

ileNo

n co

ntle

ne p

arti

ripar

abili

3210

7654

4567

0123

4567

EXP PRI

PRIEXP

0123

EXP PRI

PRIEXP

046-002-000

A

C S

M G M TB

A-SRV

D-SRV

LC

Switch

Disk Array Enclosure

Control Station

Second Power Supply

Storage Processor

Data Movers4: Multiple Appliance Site 33

RSA enVision Hardware Setup and Maintenance GuideThe following figure shows an example of a cabled multiple appliance site with one D-SRV, two A-SRVs, and three LCs. The site is connected to the switch. The switch is connected to the ENV-NAS53-1 or ENV-NAS53-2 (external storage).34 4: Multiple Appliance Site

RSA enVision Hardware Setup and Maintenance GuideThe following figure shows an example of a cabled multiple appliance site with one D-SRV, two A-SRVs, and three LCs. The site is connected to the switch. The switch is connected to the RSA NAS 3500 or NAS 7000 (external storage).4: Multiple Appliance Site 35

RSA enVision Hardware Setup and Maintenance GuideThe following figure shows an example of a cabled multiple appliance site with three D-SRVs, two A-SRVs, and three LCs. The site is connected to the switch. The switch is connected to the ENV-NAS 53-1 or ENV-NAS53-2 (external storage).36 4: Multiple Appliance Site

RSA enVision Hardware Setup and Maintenance GuideThe following figure shows an example of a cabled multiple appliance site with three D-SRVs, two A-SRVs, and three LCs. The site is connected to the switch. The switch is connected to the RSA NAS 3500 or NAS 7000 (external storage).

DO NOTREMOVE

DO NOTREMOVE

DO NOTREMOVE

DO NOTREMOVE

0

1

2

3

0

1

2

3

0

1

0

1

B E 0 B E 1

cge 0 cge 1

B E 0 B E 1

B

A

SP

Aux 0 Aux 1 Aux 0 Aux 1

10/ 10010/ 100 cge 2 cge 3 cge 0 cge 1 cge 2 cge 3

3210

7654

046-002-567_A02

046-002-567_A02

B

A

2 MIN

2 M

IN

No Serviceable Parts Within

Ne contient pas de pieces reparables

No contiene piezas reparables

Enthalt keine reparierbaren Teile

Non contlene parti riparabili

No Se

rvice

able

Pa

rts

With

inNe

con

tient

pas

de p

ieces

repa

rabl

esNo

con

tiene

piez

as re

para

bles

Enth

alt k

eine

repa

rierb

aren

Teile

Non

con

tlene

par

ti rip

arab

ili

3210

7654

4567

0123

4567

EXP PRI

PRIEXP

0123

EXP PRI

PRIEXP

046-002-000

A

C S

M G M TB

D-SRV1

LC1

A-SRV2

A-SRV1

LC2

LC3

Switch

Disk Array Enclosure

Control Station

Second Power Supply

Storage Processor

Data Movers

D-SRV2

D-SRV34: Multiple Appliance Site 37

RSA enVision Hardware Setup and Maintenance GuideEnhanced AvailabilityOptionally, you can set up enhanced availability (EA) for the Local Collectors (LCs). This allows you to define up to six cluster appliances (CAs) for a site to perform the LC roles.Contact RSA Professional Services to set up EA.38 4: Multiple Appliance Site

RSA enVision Hardware Setup and Maintenance Guide5 Remote Collector SiteThe LS series appliances, used in multiple appliance sites, are designed to operate in a distributed installation. You can also connect a remote collector in such a distributed installation. The following topics describe this process in detail: Remote Collector Site Overview Setup and Configuration Tasks - Remote Collector Site Set Up a Remote Collector Site

Remote Collector Site OverviewRemote Collectors (RCs) capture incoming events remotely and forward the data collected to the D-SRV1 in an RSA enVision multiple appliance site using the NIC Forwarder Service. All RCs must be connected to the D-SRV1.The RCs use the LS series appliances. For specifications for the LS series appliance, see Hardware Specifications on page 77.

Note: Starting with the enVision 4.1 platform, you can deploy an RC on a virtual infrastructure. For information, see the Virtual Deployment Guide.

A multiple appliance site can have up to 16 RCs including both physical and virtual appliances. The total events per second (EPS) for all Collectors per site cannot exceed 30,000 EPS.

Setup and Configuration Tasks - Remote Collector SiteYou must perform the following tasks to set up and configure a Remote Collector (RC) site.

Task Reference

1. Plan the installation. Complete the planning worksheet.

Configuration Wizard Planning Worksheet - Remote Collector Site in the Configuration Guide


Set Up a Remote Collector Site on page 40

3. Connect to the RC appliance using a KVM switch.


4. Configure the Remote Collector site.

Configure a Remote Collector Site in the Configuration Guide5: Remote Collector Site 39

RSA enVision Hardware Setup and Maintenance GuideSet Up a Remote Collector Site


Before You Begin

Ensure that the D-SRV1 to which the RC connects is configured and is running.

To set up a remote collector site:

1. Plan the installation. Complete the Configuration Wizard Planning Worksheet - Remote Collector Site in the chapter Remote Collector Site in the Configuration Guide.

2. Select a hardware setup location that meets the requirements for the current installation and for future growth. For information on installing the appliance, see the manufacturers documentation.

3. Connect the RC appliance to the LAN (through ethernet connector GB1).

5. Verify the RC configuration through the GUI.

Verify the Remote Collector Configuration in the Configuration Guide

6. Configure the data forwarding scheduled task on the A-SRV for the master site of the RC.

Configure the Data Forwarding Task in the Configuration Guide

7. Test the configuration. Test the Configuration in the Configuration Guide

Task Reference40 5: Remote Collector Site

RSA enVision Hardware Setup and Maintenance Guide4. Connect each of the power cords to a different power circuit for increased reliability and availability.

5. If you are using external storage, power on the storage appliance. Wait five minutes.

6. Power on the network switch and RC appliance.7. Complete the enVision site configuration using the enVision Configuration

Wizard. For complete information, see the chapter Remote Collector Site in the Configuration Guide.5: Remote Collector Site 41

RSA enVision Hardware Setup and Maintenance Guide6 Adding an Appliance to an Existing SiteThis chapter describes how to add an LC, A-SRV, D-SRV, or RC to an existing RSA enVision multiple appliance site that uses 60 series appliances. The following topics describe in detail the tasks that you must perform to add an appliance: Prepare to Add an Appliance Add an LC, A-SRV, or D-SRV to a Site Add an RC to a SiteThe implementation of the Enhanced Availability feature for the Local Collectors is a Professional Service package. To add a cluster appliance (CA) to perform the LC role in a site, contact RSA Professional Services.

Prepare to Add an ApplianceBefore you add a new appliance to an existing multiple appliance site, you must complete the following tasks.

To prepare to add an appliance:

1. Connect a mouse, keyboard, and monitor to each of the new appliances and the D-SRV1 appliance in a site. You can also use a Dell remote Access Controller (DRAC) utility, if it is installed. See the Configuration Guide for more information.

2. On each appliance in the multiple appliance site, install the latest service pack for your version of the RSA enVision platform.

3. Determine Whether to Update Files on the D-SRV14. Update Files on the D-SRV1 if needed.6: Adding an Appliance to an Existing Site 43

RSA enVision Hardware Setup and Maintenance GuideDetermine Whether to Update Files on the D-SRV1Depending on the model numbers of the D-SRV1 appliance and the appliance that you are adding, you may need to download and install a new set of files on D-SRV1 before adding a new appliance to the site.

To determine if you must update files on the D-SRV1:

1. On the D-SRV1 appliance, open the nie-oe.dat file in the C:\WINDOWS\system32\drivers\etc directory, and locate the line that begins with Hardware= to determine the model number of the D-SRV1 appliance.

2. On the appliance that you are adding, open the nie-oe.dat file in the C:\WINDOWS\system32\drivers\etc directory, and locate the line that begins with Hardware= to determine the model number of the new appliance.

3. Determine from the following table whether you must update files on the D-SRV1.

Update Files on the D-SRV1If you determined that you must update files on the D-SRV1 appliance, use this procedure to download and install the required files.

To update the files on the D-SRV1:

1. To download the files, follow these steps:a. Go to https://knowledge.rsasecurity.com/, and log on to RSA SecurCare

Online.b. Click Products > RSA enVision.c. On the Version Upgrade tab, enter your RSA enVision maintenance serial

number, and click Submit.d. Select the version of enVision that you are running, and click Submit.e. Click Download Software > RSA enVision Version Upgrades.f. Click the version of enVision that you are running.g. Click Download Manager, and download the file to the D-SRV1 desktop.

Model Number of D-SRV1 Appliance

Model Number of New Appliance Action Needed

Hardware=60(SYS-G-RSA400)


None


Hardware=RSA5xx(SYS-G-RSA500)

Update the files on D-SRV1



None44 6: Adding an Appliance to an Existing Site

RSA enVision Hardware Setup and Maintenance Guide2. Extract the following file to the specified location on the D-SRV1.

Add an LC, A-SRV, or D-SRV to a Site

To add an LC, A-SRV, or D-SRV:

1. Install the new appliance in the rack.2. Connect the new appliance to the LAN (through Ethernet connector GB1) and the

switch (through Ethernet connector GB2).

Note: Ignore any warning messages that you receive about IP conflicts when you are making the physical connections to the LAN.

The following figure shows the connections for a model SYS-G-RSA400.

RSA enVision Version

Files to Extract Directory to Which to Extract Files

4.1 SP1 RSA_enVisionAPP4101b.exe E:\nic\installables6: Adding an Appliance to an Existing Site 45

RSA enVision Hardware Setup and Maintenance GuideThe following figure shows the connections for a model SYS-G-RSA500.

3. Connect each of the power cords to a different power circuit for increased reliability and availability.

4. Power on the new appliance.5. To reimage and type the new appliance, follow the instructions in Factory

Reimaging and Typing on page 73. When you are typing the appliance, use the following parameters:

Note: You must change the passwords on the new appliance to match the passwords on the existing appliances in the site.

Select LS for the license type. If you are typing an LC, select LC1, LC2, or LC3 for the appliance type

(select the next LC in the site in the sequence of LC1, LC2, and LC3). If you are typing an A-SRV, select AS1, AS2, or AS3 for the appliance type

(select the next A-SRV in the site in the sequence of AS1, AS2, and AS3). If you are typing a D-SRV, select DS2, DS3, or DS4 for the appliance type

(select the next D-SRV in the site in the sequence of DS2, DS3, and DS4).6. On the D-SRV1, configure the new appliance as follows:

a. To start the RSA enVision Configuration Wizard, double-click the lsconfigurationwizard.exe file in the C:\Windows\installations directory.

b. When prompted, enter the master password.c. Follow the on-screen instructions to complete the configuration.d. When the wizard displays the Review Page window, verify that the

information is correct, and click Finish.If the information is not correct, click Cancel.

e. Wait until the wizard successfully completes the configuration and automatically restarts the new appliance.46 6: Adding an Appliance to an Existing Site

RSA enVision Hardware Setup and Maintenance Guide7. Apply the appropriate label to the front and back of the new appliance to identify it.

Note: RSA recommends that you install the latest RSA enVision service pack on the new appliances that you have added.

Add an RC to a Site

To add an RC:

1. Install the new appliance in the rack.2. Connect the RC appliance to the LAN (through Ethernet connector GB1).

The following figure shows the connections for a model SYS-G-RSA400.

The following figure shows the connections for a model SYS-G-RSA500.6: Adding an Appliance to an Existing Site 47

RSA enVision Hardware Setup and Maintenance Guide3. Connect each of the power cords to a different power circuit for increased reliability and availability.

4. Power on the new appliance.5. To reimage and type the new appliance, follow the instructions in Factory

Reimaging and Typing on page 73. When you are typing the appliance, use the following parameters: Select LS for the license type. Select RC1 for the appliance type.

6. On the RC, configure the appliance as follows:a. To start the enVision Configuration Wizard, double-click the

lsconfigurationwizard.exe file in the C:\Windows\installations directory.b. Follow the on-screen instructions. Configure the RC to connect to the

D-SRV1.c. When the wizard displays the Review Page window, verify that the

information is correct, and click Finish.If the information is not correct, click Cancel.

d. Wait until the wizard successfully completes the configuration. The wizard automatically restarts the new appliance.

7. Apply the appropriate label to the front and back of the new appliance to identify it.

Note: RSA recommends that you install the latest RSA enVision service pack on the new RC that you have added.48 6: Adding an Appliance to an Existing Site

RSA enVision Hardware Setup and Maintenance Guide7 NAS ConfigurationThe storage options available for an RSA enVision site depend on the type of setup. RSA enVision multiple appliance sites (using LS series appliances) and high-end single appliance sites (ES 3060, ES 5060, and ES 7560) require external storage. The following topics explain in detail the external storage options available: Supported NAS Storage for RSA enVision Storage Specifications NAS Configuration Values for VNX NAS Configuration Values for Celerra

Important: The ENV-NAS and the RSA NAS series storage arrays are preconfigured and ready to use with the enVision platform. If you are using a third-party NAS, use the information in the topics listed above to configure the NAS for use with the enVision platform.

Supported NAS Storage for RSA enVisionFor single appliance sites, RSA recommends using the RSA DAS 2000. For multiple appliance sites, recommended and supported storage arrays are listed below:

If you use a storage system other than as listed above, the storage system must meet the specifications defined in Storage Specifications on page 50. RSA preconfigures the NAS. If you want to make changes to the preconfigured system, or use another storage system, you must configure the storage system with the same features and values described in NAS Configuration Values for VNX on page 51 or NAS Configuration Values for Celerra on page 62.

Note: RSA does not provide support for installing or configuring third-party storage systems. For information on configuring third-party storage, see the vendor documentation.

Name Description

ENV-NAS53-1 Based on EMC VNX 5300. This has 15 disks.

ENV-NAS53-2 Based on EMC VNX 5300. This has 30 disks.

RSA NAS 3500 Based on the EMC Celerra NS-120.

RSA NAS 7000 Based on the EMC Celerra NS-120.7: NAS Configuration 49

RSA enVision Hardware Setup and Maintenance GuideYou must install and configure the storage system before you install the RSA enVision appliances and configure the enVision site. For information on configuring the enVision site, see the Configuration Guide.The complete VNX documentation is available to EMC Powerlink users at the Powerlink site.The complete Celerra NS-120 documentation is available to EMC Powerlink users at http://powerlink.emc.com/km/appmanager/km/secureDesktop?_nfpb=true&_pageLabel=image6b&internalId=0b014066803bc36d&_irrt=true.

Storage SpecificationsThe NAS must support local user authentication and a standalone CIFS server. The RSA enVision appliance includes four predefined local user accounts. The enVision appliance is designed to integrate with a NAS that includes the same four local users.

Note: If you use a third-party storage system with your enVision appliance site, the storage must meet these specifications.

This minimum specification information for the ENV-NAS53 series is based on the EMC VNX 5300. The full specification sheet can be found at:http://www.emc.com/collateral/software/specification-sheet/h8514-vnx-series-ss.pdf

The minimum required specifications for the NAS 3500 and the NAS 7000 are based on an EMC NS-120 unified storage platform. For the full specification sheet, go to www.emc.com/collateral/hardware/specification-sheet/h5804-celerra-ns120-ss.pdf.

Component Specifications

Drives (Min/Max) 4/125

Raw Capacity 6.5 TB when packaged with 15 disks13 TB when packaged with 30 disks

Disk Processor Enclosure Content

10K RPM 15 x3.5'' 600 GB drives (when packaged with 15 disks) 10K RPM 30 x3.5'' 600 GB drives (when packaged with 30 disks) 1.6 GHz, four-core Xeon 5600 processor with 8 GB RAM

Data Movers (1 minimum 2 recommended, x + 1 required for redundancy)

2.13 GHz, four-core Xeon 5600 processor with 6 GB RAM Four 10/100/1000 Base T Ethernet ports50 7: NAS Configuration

RSA enVision Hardware Setup and Maintenance GuideThe following table lists the specifications for the Celerra NS-120 that must be met by any third-party storage system.

NAS Configuration Values for VNX

Note: Refer to this section if your RSA enVision setup uses the ENV-NAS53 series.

This section describes, at a high level, the tasks that are involved in configuring the NAS to work with the enVision platform. For each task, this section provides the specific values that must be configured. Use the default values for settings that are not described in this document.For information on secure deployment of your NAS, see the Security Configuration Guide.

Note: RSA recommends that you configure the NAS to send logs to the enVision platform. For information on how to configure the NAS to send logs to the enVision platform, see RSA enVision Device Configurations on RSA SecurCare Online at https://knowledge.rsasecurity.com.

Configuration of the VNX involves the following high-level tasks:1. Creation of Storage Pools2. Network Interface Configuration3. Creation of the File Systems4. Creation of the Standalone CIFS Server5. Creation of the CIFS Shares

Component Specifications

Data Movers (1 minimum, 2 recommended, x + 1 required for redundancy)

Dual 2.8 GHz Intel Xeon CPU 4GB DDR800 (266 MHz) RAM Four 10/100/1000 BaseT Ethernet ports

Storage Processors (2 minimum)

Dual 2.8 GHz Intel Xeon CPU 4GB DDR800 (266 MHz) RAM Four 10/100/1000 BaseT Ethernet ports

Storage (Hard Drives) 10K RPM 450GB Fibre Channel hard drivesThe number of drives depends on the number of event sources from which the enVision platform collects: Up to 3,072 event sources - 15 hard drives Up to 6,144 event sources - 30 hard drives

Note: You must use Fibre Channel drives. Other types of drives are not fast enough.7: NAS Configuration 51

RSA enVision Hardware Setup and Maintenance Guide6. iSCSI Configuration Settings7. Enable E-mail Connect Home8. Proxy Address Resolution ProtocolThis section describes the information required to complete each of the above tasks.

Creation of Storage PoolsYou must create the following system-defined storage pool: clarsas_archive. This storage pool is a 4+1 RAID 5 configuration.For the Disk Type, use CLSAS (Standard CLARiiON disk volumes). System-defined storage pools are set to extend automatically.

Network Interface ConfigurationYou must configure an interface to which the copper media can connect. You can configure the values in the following table through the command line or in the Unisphere Manager.

Creation of the File SystemsYou must create the file systems required by your configuration of the RSA enVision platform. The D-SRV1 requires vol0, and the first Local Collector (LC1) requires vol1. A second Local Collector (LC2) would require vol2, and a third Local Collector would require vol3.

Setting Value

Data Mover server_2

Device Name cge-1-0By default, Copper Gigabit Interface zero (CGE-1-0) is the first port available. Creating a Fail Safe Network (FSN) using the Copper Ethernet interface provides a medium through which to connect to the VNX.

IP Address 10.203.2.101Configure this IP address for the physical port (CGE-1-0) on the data mover.

Name 10-203-2-101 (optional)

Subnet Mask (Netmask in the Unisphere Manager)

255.255.255.0

Broadcast Address 10.203.2.255 (read-only)

Other values MTU: 1500 VLAN ID: 0

State Informational Only52 7: NAS Configuration

RSA enVision Hardware Setup and Maintenance GuideFour volumes are used by default. If no LC2 or LC3 is in place, those volumes are not needed, but you can choose to create these volumes as placeholders. You can create vol2 and vol3, and give each volume 1 GB or less of space. If you decide to add additional Local Collectors to your deployment, it is much easier to expand an existing volume than it is to configure another volume.Create the file system using either the command line interface or the Unisphere Manager.

Important: Do not create the file systems with performance tuning options.

Ensure that the file systems appear as shown in the following figure, with no additional options. Performance tuning settings can cause problems with the enVision platform.

Setting Value

Vol0 Vol3

Data Mover server_2

Storage Pool clarsas_archive

Name vol0, vol1, vol2, or vol3

Slice Volumes Yes7: NAS Configuration 53

RSA enVision Hardware Setup and Maintenance GuideCreation of the Standalone CIFS ServerThe RSA enVision platform requires a NAS that supports local user authentication and a standalone CIFS server. The enVision platform contains log data from many sensitive event sources on your network that must be protected.RSA recommends the following best practices for creating the CIFS server:

Create a standalone CIFS server. The enVision platform contains log data from many sensitive event sources on your network, which must be protected.Give the CIFS server a unique name. The CIFS server is a Windows file server.Do not bind to all network interfaces. Ensure that you bind the CIFS server to the 10.203.2.101 interface only. When enVision multiple appliance sites share a VNX, the enVision platform requires that the share names be the same. If your sites are sharing a VNX, or if you have only one multiple appliance site but want to allow for further expansion, do not bind to all. Bind to all is not reversible. Select only the 10.203.2.101 interface. You can then add a second multiple appliance site to the existing VNX.

Note: Ensure that the DNS is appropriately configured.

Create the CIFS Server using the settings in the following table.

Note: The CIFS server IP address must be the same as the enVision default switch schema. If your enVision setup does not use the default 10.203.2.101, the CIFS server IP address must be changed to match the address specified in the enVision setup.

Setting Value

CIFS Server

Data Mover server_2

Interface 10.203.2.101 (cge-1-0)

Server Type Standalone

Administrator Password tempAfter you complete the initial configuration, you must change the administrator password to the value that you entered in the Password Manager page while installing the enVision platform. For more information, see the following section, Local Users and Passwords.

Workgroup WORKGROUP

NetBIOS Name RSAVNX

Interfaces 10.203.2.10154 7: NAS Configuration

RSA enVision Hardware Setup and Maintenance GuideLocal Users and PasswordsYou must create the following users and passwords on the CIFS server to allow the RSA enVision platform to access the CIFS shares. master NIC_System NIC_sshd NIC_sftp For information on changing NAS passwords, refer to Changing Passwords on page 91.

Creation of the CIFS SharesDepending on your RSA enVision platform configuration, you must create the following CIFS shares. The enVision Configuration Wizard, lsconfigwizard.exe, is hard-coded to expect these values: vol0 used by the D-SRV vol1 used by LC1 vol2 used by LC2 (if part of the deployment) vol3 used by LC3 (if part of the deployment)7: NAS Configuration 55

RSA enVision Hardware Setup and Maintenance GuideEnsure that you select the CIFS server on which to make the share available, and do not let the system select ALL.

Setting Value

Vol0

Data Mover server_2

File System vol0

CIFS Server RSAVNX

CIFS Share Name vol0

Vol1

Data Mover server_2

File System vol1

CIFS Server RSAVNX


Vol2

Data Mover server_2

File System vol2

CIFS Server RSAVNX

CIFS Share Name vol256 7: NAS Configuration

RSA enVision Hardware Setup and Maintenance GuideiSCSI Configuration Settings

Note: This configuration is optional and required only if your setup uses enhanced availability.

If your RSA enVision site uses Enhanced Availability (EA), you must configure iSCSI.Configure iSCSI with the settings in the following table.

Vol3

Data Mover server_2

File System vol3

CIFS Server RSAVNX


Setting Value

Setting Value

Creation of RAID Group and LUN assignment

Note: You must use unbound disks for this configuration.

RAID Group Type 1/0

LUN 0

Size 1 GB

Configuration of SP A and SP B iSCSI IP Addresses

SP A 10.203.2.110

SP B 10.203.2.111

Gateway 10.203.2.11

Subnet Mask 255.255.255.0

Addition of Host Initiators7: NAS Configuration 57

RSA enVision Hardware Setup and Maintenance GuideiSCSI Configuration VerificationVerify that your configuration is correct by comparing the screens to the following examples.Compare your iSCSI LUN properties to the properties shown in the following figure.

Host Initiators iqn.2006-01.nic.niceacluster:CA1.niceacluster.niciqn.2006-01.nic.niceacluster:CA2.niceacluster.niciqn.2006-01.nic.niceacluster:CA3.niceacluster.niciqn.2006-01.nic.niceacluster:CA4.niceacluster.niciqn.2006-01.nic.niceacluster:CA5.niceacluster.niciqn.2006-01.nic.niceacluster:CA6.niceacluster.niciqn.2006-01.nic.niceacluster:CA7.niceacluster.niciqn.2006-01.nic.niceacluster:CA8.niceacluster.niciqn.2006-01.nic.niceacluster:DS1.niceacluster.niciqn.2006-01.nic.niceacluster:DS2.niceacluster.nic

Creation of Storage group and addition of LUN and Host Initiators

Storage Group StorageGroup_enVision

Setting Value58 7: NAS Configuration

RSA enVision Hardware Setup and Maintenance Guide7: NAS Configuration 59

RSA enVision Hardware Setup and Maintenance GuideCompare your iSCSI storage group properties to the properties shown in the following figure.

Enable E-mail Connect HomeRSA recommends that you enable the E-mail Connect Home feature on the VNX (or an equivalent feature for other NAS types). This feature automatically notifies EMC Customer Support (or another storage provider) if a failure occurs or if a failure is predicted.

To enable the E-mail Connect Home feature using SMTP or FTP, you must move the control station to the public network. After you have confirmed that the LAN can communicate with the control station, you can configure E-mail Connect Home.

Note: You must ensure that the DNS is appropriately configured for the E-mail Connect Home feature to work.

To enable E-mail Connect Home:

1. Log on as the sysadmin user.2. Select System.3. From the task list, under Service Tasks, click on Manage Connect Home4. Complete the fields with required information.5. Select a delivery method from the Test Type drop-down box and click Test. 60 7: NAS Configuration

RSA enVision Hardware Setup and Maintenance GuideProxy Address Resolution ProtocolRSA recommends that you configure the proxy Address Resolution Protocol (ARP). The proxy ARP allows EMC to use your network and the VNX control station to access the VNX storage processors. The proxy ARP provides EMC with the ability to view the storage configuration, such as RAID groups and the number of LUNs.

Important: The proxy ARP does not allow EMC to access data on the storage array. EMC uses this feature for upgrading the code level on the back-end storage. For more information, contact Customer Support.7: NAS Configuration 61

RSA enVision Hardware Setup and Maintenance GuideNAS Configuration Values for Celerra

Note: Refer to this section if your RSA enVision setup uses RSA NAS 3500 or RSA NAS 7000.

This section describes, at a high-level, the tasks that are involved in configuring the NAS to work with the RSA enVision platform. For each task, this section provides the specific values that must be configured. Use the default values for settings that are not described in this document.For information on secure deployment of your NAS, see the Security Configuration Guide.

Important: These settings must be implemented by advanced technical users. RSA does not provide support for installing the NAS. RSA recommends that you engage EMC to install the NAS storage array.

Configuration of the NAS involves the following high-level tasks: 1. Creation of Storage Pools2. Network Interface Configuration3. Creation of the File Systems4. Creation of the Standalone CIFS Server5. Creation of the CIFS Shares6. iSCSI Configuration Settings7. Enable Celerra Connect Home8. Proxy Address Resolution ProtocolThis section describes the information required to complete each of the above tasks.

Creation of Storage PoolsYou must create the following system-defined storage pools: Performance Pool clar_r5_performance template. This is a 4+1 RAID 5

configuration. 1.1TB Minimum for 15 Fibre Channel drives 2.3TB Minimum for 30 Fibre Channel drives

Economy Pool clar_r5_economy template. This is an 8+1 RAID 5 configuration. 2.9TB Minimum for 15 Fibre Channel drives 5.8TB Minimum for 30 Fibre Channel drives

For the Disk Type, use CLSTD (Standard CLARiiON disk volumes). System-defined storage pools are set to extend automatically.62 7: NAS Configuration

RSA enVision Hardware Setup and Maintenance GuideNetwork Interface ConfigurationYou must configure an interface to which the copper media can connect. You can configure the values in the following table through the command line or in the Celerra Manager.

Creation of the File SystemsYou must create the file systems required by your configuration of the RSA enVision platform. The D-SRV1 requires vol0, and the first Local Collector (LC1) requires vol1. The second Local Collector (LC2) requires vol2, and a third Local Collector requires vol3.Four volumes are used by default. If no LC2 or LC3 is in place, those volumes are not needed, but you might choose to create these volumes as placeholders. You can create vol2 and vol3, and give each volume 1 GB or less. If you decide to add additional Local Collectors to your deployment, it is much easier to expand an existing volume, than it is to configure another volume.Vol0 uses the Performance storage pool, and vol1, vol2, and vol3 use the Economy storage pool.

Setting Value

Data Mover server_2

Device Name cge0By default Copper Gigabit Interface zero (CGE0) is the first port available. Creating a Fail Safe Network (FSN) using the Copper Ethernet interface provides a medium through which to connect to the NAS.

IP Address 10.203.2.101Configure this IP address for the physical port (CGE0) on the data mover. The second IP address that the Celerra requires is configured by default. The Celerra ships with the default Control Station IP address 10.203.2.100 for connecting to the Celerra Manager UI.

Name 10-203-2-101 (optional)

Subnet Mask (Netmask in the Celerra Manager)

255.255.255.0

Broadcast Address 10.203.2.255 (read-only)

Other values MTU: 1500 VLAN ID: 0

State Informational Only7: NAS Configuration 63

RSA enVision Hardware Setup and Maintenance GuideCreate the file system using the Celerra command line mode. Use the nas_fs command to create the file systems, and the server_mountpoint and server_mount commands to mount them.

Important: Do not create the file systems with performance tuning options.

Setting Value

Vol0

Data Mover server_2

Storage Pool clar_r5_performance

Name vol0

Size (15 Fibre Channel drives) 1363148 MB

Size (30 Fibre Channel drives) 2936012 MB

Slice Volumes Yes

Vol1 Vol3

Data Mover server_2

Storage Pool clar_r5_economy

Name vol1, vol2, or vol3

Size (15 Fibre Channel drives) 1048576MB

Size (30 Fibre Channel drives) 2202009MB

Slice Volumes Yes64 7: NAS Configuration

RSA enVision Hardware Setup and Maintenance GuideAfter you have created all of the file systems that you require, use server_mount server_2 to list the file systems. Ensure that the file systems appear exactly as shown in the following figure, with no additional options. Performance tuning settings can cause problems with the enVision platform.

Creation of the Standalone CIFS ServerThe RSA enVision platform requires a NAS that supports local user authentication and a standalone CIFS server. RSA enVision contains log data from many sensitive event sources on your network that must be protected.RSA recommends the following best practices for creating the CIFS server:

Create a standalone CIFS server. The enVision platform contains log data from many sensitive event sources on your network, which must be protected.Give the CIFS server a unique name. The CIFS server is a Windows file server.Do not bind to all network interfaces. When enVision multiple appliance sites share a NAS, the enVision platform requires that the share names be the same. If your sites are sharing a NAS, or if you have only one multiple appliance site but want to allow for further expansion, do not use bind to ALL. Bind to all is not reversible. Instead, select specific network interfaces for the CIFS server. You can then add a second multiple appliance site to the existing NAS.

Create the CIFS Server using the settings in the following table.

Setting Value

Services

Unicode Enabled Yes7: NAS Configuration 65

RSA enVision Hardware Setup and Maintenance GuideLocal Users and PasswordsYou must create the following users and passwords on the CIFS server to allow the enVision platform to access the CIFS shares. master NIC_System NIC_sshd NIC_sftp For information on changing NAS passwords, see Changing Passwords on page 91.

Data Mover DNS 10.203.2.11 (Default back-end IP address of enVision D-SRV)

NTP 10.203.2.11 (Default back-end IP address of enVision D-SRV)

CIFS Services Running Yes

CIFS Server

Data Mover server_2

Interface 10.203.2.101 (cge0)

Server Type Standalone

Administrator Password temp After you complete the initial configuration, you must change the administrator password to the value that you entered in the Password Manager page while installing the enVision platform. For more information, see the following section, Local Users and Passwords.)

Workgroup WORKGROUP

NetBIOS Name NICELERRA

Local Users Enabled Yes

Interfaces 10.203.2.101

Setting Value66 7: NAS Configuration

RSA enVision Hardware Setup and Maintenance GuideCreation of the CIFS SharesDepending on your RSA enVision configuration, you must create the following CIFS shares. The RSA enVision Configuration Wizard, lsconfigwizard.exe, is hard-coded to expect these values: vol0 used by the D-SRV vol1 used by LC1 vol2 used by LC2 (if part of the deployment) vol3 used by LC3 (if part of the deployment)Ensure that you select the CIFS server on which to make the share available, and do not let the system select ALL.

Setting Value

Vol0

Data Mover server_2

File System vol0

CIFS Server NICELERRA


Vol1

Data Mover server_2

File System vol1



Vol2

Data Mover server_2

File System vol2


CIFS Share Name vol27: NAS Configuration 67

RSA enVision Hardware Setup and Maintenance GuideiSCSI Configuration SettingsIf your RSA enVision site uses Enhanced Availability (EA), you must configure iSCSI.Configure iSCSI with the settings in the following table.

Vol3

Data Mover server_2

File System vol3



Setting Value

Setting Value

LUN

Data Mover server_2

Target Alias Name quorum

Auto Generate Alias Name Yes

Interface 10.203.2.101 (cge0)

iSCSI File System

Storage Pool clar_r5_economy

Name iscsi_quorum_fs

Size 1024MB

LUN Info

LUN 0

Size 1007 MB68 7: NAS Configuration

RSA enVision Hardware Setup and Maintenance GuideiSCSI Configuration VerificationVerify that your configuration is correct by comparing your Windows to the examples that follow.Compare your iSCSI LUN properties to the properties shown in the following figure.

Grant List for LUN Access (Set Enable Multiple Access)

iqn.2006-01.nic.niceacluster:CA1.niceacluster.niciqn.2006-01.nic.niceacluster:CA2.niceacluster.niciqn.2006-01.nic.niceacluster:CA3.niceacluster.niciqn.2006-01.nic.niceacluster:CA4.niceacluster.niciqn.2006-01.nic.niceacluster:CA5.niceacluster.niciqn.2006-01.nic.niceacluster:CA6.niceacluster.niciqn.2006-01.nic.niceacluster:CA7.niceacluster.niciqn.2006-01.nic.niceacluster:CA8.niceacluster.niciqn.2006-01.nic.niceacluster:DS1.niceacluster.niciqn.2006-01.nic.niceacluster:DS2.niceacluster.nic

Setting Value7: NAS Configuration 69

RSA enVision Hardware Setup and Maintenance GuideCompare your iSCSI target properties to the properties shown in the following figure.

Compare your iSCSI LUN Mask to the properties shown in the following figure.70 7: NAS Configuration

RSA enVision Hardware Setup and Maintenance GuideEnable Celerra Connect HomeRSA recommends that you enable the Celerra Connect Home feature on the NAS (or an equivalent feature for other NAS types). This feature automatically notifies EMC Customer Support (or another storage provider) if a failure occurs or if a failure is predicted.

By default, the NAS system has the non-routable control station IP address of 10.203.2.100. To enable the Connect Home feature using SMTP or FTP, you must move the control station to the public network. After you have confirmed that the LAN can communicate with the control station, you can configure Connect Home.

To enable Celerra Connect Home:

1. Log on as Root.2. Click Celerras > Celerras Name > Support.3. On the Connect Home tab, complete the fields.4. Click Test to test the feature.

Proxy Address Resolution ProtocolRSA recommends that you configure the proxy Address Resolution Protocol (ARP). The proxy ARP allows EMC to use your network and the NAS control station to access the Celerra storage processors. The proxy ARP provides EMC with the ability to view the storage configuration, such as RAID groups and the number of LUNs.

Important: The proxy ARP does not allow EMC to access data on the storage array. EMC uses this feature for upgrading the code level on the back-end storage. For more information, contact Customer Support.7: NAS Configuration 71

RSA enVision Hardware Setup and Maintenance Guide8 Factory Reimaging and TypingRSA enVision appliances are shipped ready to use. If you want to restore an appliance to factory default values, you must reimage the appliance. Reimaging an appliance erases any prior data that may exist in the hardware drive array of the appliance.Before performing this procedure, contact RSA Customer Support.

Factory Reimaging and Typing an ApplianceYou can reimage the appliance by using the DVD that was shipped to you along with the appliance. If the DVD is not compatible with your hardware, contact RSA Customer Support to obtain the correct version.

CAUTION: Reimaging your appliance restores the factory defaults. You will lose any existing data.

To reimage and type an appliance, you must complete the following tasks:1. Disable Virtual Drives.2. Reimage the Appliances.3. Factory Type the Appliances.

Disable Virtual Drives

Before You Begin

Complete these tasks: Set up either a keyboard, video, and mouse (KVM) or Dell Remote Access

Controller (DRAC) utility to connect to the appliances. See either Connect to the Appliance Using a Keyboard, Monitor, and Mouse or Dell Remote Access Controller Utility in the Configuration Guide.

Ensure that you have physical access to the appliance to use the DVD drive.

To disable a virtual drive:

1. Restart the RSA enVision appliance.2. During the initial boot phase, press CTRL+E to access the Remote Access

Configuration utility.3. When prompted for a password, type rsabios, and press ENTER.4. Use the up and down cursor keys to select Virtual Media Configuration, and

press ENTER.5. Use the left and right cursor keys to set Virtual Media to Detached.8: Factory Reimaging and Typing 73

RSA enVision Hardware Setup and Maintenance Guide6. Use the left and right cursor keys to set Virtual Flash to Disabled.7. Press ESC twice, and select Save Changes and Exit.Repeat this procedure for each appliance in the multiple appliance site.

Reimage the AppliancesFor multiple appliance sites, reimage the appliances in the following order:1. LC32. LC23. L

enVision_hardware_guide.pdf

Documents

Transcript of enVision_hardware_guide.pdf