Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

JSA Software Installations

 

A software installation is a JSA installation on your hardware that uses an RHEL operating system that you provide. You must configure partitions and perform other RHEL preparation before a JSA software installation.

Important

Complete the following tasks in order:

Prerequisites for Installing JSA on Your Hardware

Before you install Red Hat Enterprise Linux (RHEL) operating system on your hardware, ensure that your system meets the system requirements.

The following table describes the system requirements:

Table 1: System Requirements for RHEL Installations on your own Appliance

Requirements

Description

Supported OS

V7.5

Bit version

64-bit

Kickstart disks

Not supported

Network Time Protocol (NTP) package

Optional

If you want to use NTP as your time server, ensure that you install the NTP package.

Memory (RAM) for Console systems

Minimum 32 GB

Important: You must upgrade your system memory before you install JSA.

Memory (RAM) for Event Processor

24 GB

Memory (RAM) for JSA Flow Processor

16 GB

Free disk space for Console systems

Minimum 256 GB

Important: For optimal performance, ensure that an extra 2-3 times of the minimum disk space is available.

JSA Flow Processor primary drive

Minimum 70 GB

Firewall configuration

WWW (http, https) enabled

SSH-enabled

Appliance Storage Requirements for Virtual and Software Installations

To install JSA using virtual or software options, the device must meet minimum storage requirements.

The following table shows the recommended minimum storage requirements for installing JSA by using the virtual or software only option.

Note

The minimum required storage size will vary, based in factors such as event size, event per second (EPS), and retention requirements.

Table 2: Minimum Storage Requirements for Appliances When You Use the Virtual or Software Installation Option

System classification

Appliance Information

IOPS

Data transfer rate (MB/s)

Minimum performance

Supports XX05 licensing

800

500

Medium performance

Supports XX29 licensing

1200

1000

High Performance

Supports XX48 licensing

10,000

2000

Small All-in-One or 1600

Less than 500 EPS

300

300

Event/Flow Processor

Events and flows

300

300

Installing RHEL on Your Hardware

You can install the Red Hat Enterprise Linux (RHEL) operating system on your own appliance hardware to use with security JSA.

You can provide your own RHEL, or acquire entitlement to a JSA Software Node, To acquire entitlement to a JSA Software Node, contact your JSA Sales Representative.

If there are circumstances where you need install to RHEL separately, proceed with the following instructions. Otherwise, proceed to Installing a JSA Appliance.

  1. Copy the Red Hat Enterprise Linux V7.5 minimal ISO to a DVD or a bootable USB flash drive.
  2. Insert the portable storage device into your appliance and restart your appliance.
  3. From the starting menu, do one of the following options:
    • Select the USB or DVD drive as the boot option.

    • To install on a system that supports Extensible Firmware Interface (EFI), you must start the system in legacy mode.

  4. When prompted, log in to the system as the root user.
  5. Follow the instructions in the installation wizard to complete the installation:
    1. Set the language to English (US).

    2. Click Date & Time and set the time for your deployment.

    3. Click Installation Destination and select the I will configure partitioning option.

    4. Select LVM in the drop-down list.

    5. Click the Add button to add the mount points and capacities for your partitions, and then click Done. For more information about RHEL7 partitions, see Linux Operating System Partition Properties for JSA Installations on Your Own Hardware.

    6. Click Network & Host Name.

    7. Enter the host name for your appliance.

    8. Select the interface in the list, move the switch to the ON position, and click Configure.

    9. On the General tab, select Automatically connect to this network when it is available option.

    10. On the IPv4 Settings or IPv6 Settings tab, select Manual in the Method list.

    11. Click Add.

      • For an IPv4 deployment, enter the IP address, Netmask, and Gateway for the appliance in the Addresses field.

      • For an IPv6 deployment, enter the IP address, Prefix, and Gateway in the Addresses field.

    12. Add two DNS servers.

    13. Click Save > Done > Begin Installation.

  6. Set the root password, and then click Finish configuration.
  7. Disable SELinux and restart the appliance after the installation finishes.

Linux Operating System Partition Properties for JSA Installations on Your Own Hardware

If you use your own appliance hardware, you can delete and re-create partitions on your Red Hat Enterprise Linux operating system rather than modify the default partitions.

Use the values in the following table as a guide when you re-create the partitioning on your Red hat Enterprise Linux Operating system.

The file system for each partition is XFS.

Table 3: Partitioning Guide for RHEL

Mount Path

LVM Supported?

Exists on Software Installation

Size

/boot

No

Yes

1 GB

/boot/efi

No

Yes

200 MB

/recovery

No

No

8 GB

/var

Yes

Yes

5 GB

/var/log

Yes

Yes

15 GB

/var/log/audit

Yes

Yes

3 GB

/opt

Yes

Yes

10 GB

/home

Yes

Yes

1 GB

/storetmp

Yes

Yes

15 GB

/tmp

Yes

Yes

3 GB

swap

N/A

Yes

swap formula:

Configure the swap partition size to be 75 percent of RAM, with a minimum value of 12 GB and a maximum value of 24 GB

/

Yes

Yes

Upto 15 GB

/store

Yes

Yes

80% of remaining space

/transient

Yes

Yes

20 % of remaining space

Console Partition Configurations for Multiple Disk Deployments

For hardware with multiple disks, configure the following partitions for JSA.

Disk 1

boot, swap, OS, JSA temporary files, and log files

Remaining Disks

  • Use the default storage configurations for JSA appliances as a guideline to determine what RAID type to use.

  • Mounted as /store

  • Store JSA data

The following table shows the default storage configuration for JSA appliances.

Table 4: Default Storage Configurations for JSA Appliances

JSA host role

Storage Configuration

Flow processor

RAID1

Data Node

Event processor

Flow processor

Event and flow processor

All-in-one console

RAID6

Event collector

RAID10

Installing JSA After the RHEL Installation

Install Security JSA on your own device after you install RHEL.

  1. Copy the JSA ISO to the device.
  2. Create the media/cdrom directory by typing the following command:

    mkdir/media/cdrom

  3. Mount the JSA ISO by using the following command:

    mount - o loop <qradar.iso> / media/cdrom

  4. Run the JSA setup by using the following command:

    /media/cdrom/setup

    Note

    A new kernel may be installed as part of the installation, which requires a system restart. Repeat the commands in steps 3 and 4 after the system restart to continue the installation.

  5. Select the appliance type:
    • Software Install

    • High Availability Appliance

  6. Select the appliance assignment, and then select Next.
  7. If you selected an appliance for high-availability (HA), select whether the appliance is a console.
  8. For the type of setup, select Normal Setup (default) or HA Recovery Setup, and set up the time.
  9. If you selected HA Recovery Setup, enter the cluster virtual IP address.
  10. Select the Internet Protocol version:
    • Select ipv4 or ipv6.

  11. If you selected ipv6, select manual or auto for the Configuration type.
  12. Select the bonded interface setup, if required.
  13. Select the management interface.
  14. In the wizard, enter a fully qualified domain name in the Hostname field.
  15. In the IP address field, enter a static IP address, or use the assigned IP address.Note

    If you are configuring this host as primary host for a high availability (HA) cluster, and you selected Yes for auto-configure, you must record the automatically-generated IP address. The generated IP address is entered during HA configuration.

    For more information, see Juniper Security Analytics High Availability Guide.

  16. If you do not have a email server, enter localhost in the Email server name field.
  17. Leave the root password as it is.
  18. If you are installing a Console, enter an admin password that meets the following criteria:
    • Contains at least 5 characters

    • Contains no spaces

    • Can include the following special characters: @, #, ^, and *.

  19. Click Finish.
  20. Follow the instructions in the installation wizard to complete the installation.

    The installation process might take several minutes.

  21. If you are installing a Console, apply your license key.
    1. Log in to JSA as the admin user:

    2. Click Login.

    3. In the navigation menu, click Admin.

    4. In the navigation pane, click System configuration.

    5. Click the System and License Management icon.

    6. From the Display list box, select Licenses, and upload your license key.

    7. Select the unallocated license and click Allocate System to License.

    8. From the list of systems, select a system, and click Allocate System to License.

  22. If you want to add managed hosts, see Juniper Security Analytics Administration Guide.