JSA Software Installations (applicable only for JSA 7.3.1 Patch 9, JSA 7.3.2 Patch 2, and JSA 7.3.2 Patch 3)
A software installation is a JSA installation on your hardware that uses an RHEL operating system that you provide. You must configure partitions and perform other RHEL preparation before a JSA software installation.
Important
Ensure that your hardware meets the system requirements for JSA deployments. For more information about system requirements, see "Prerequisites for Installing JSA on Your Hardware" and "Appliance Storage Requirements for Virtual and Software Installations".
Install no software other than JSA and RHEL on your hardware. Unapproved RPM installations can cause dependency errors when you upgrade JSA software and can also cause performance issues in your deployment.
Do not update your operating system or packages before or after JSA installation.
If you are installing JSA on a Unified Extensible Firmware Interface (UEFI) system, secure boot must be disabled.
Complete the following tasks in order:
Prerequisites for Installing JSA on Your Hardware
Before you install Red Hat Enterprise Linux (RHEL) operating system on your hardware, ensure that your system meets the system requirements.
JSA and RHEL version compatibility
The following table describes the version of Red Hat Enterprise Linux used with the JSA version.
Table 1: Red Hat Version
JSA Version | Red Hat Enterprise Linux Version |
---|---|
JSA 7.4.0 | Red Hat Enterprise Linux V7.6 64-bit |
JSA 7.4.1 | Red Hat Enterprise Linux V7.7 64-bit |
The following table describes the system requirements:
Table 2: System Requirements for RHEL Installations on your own Appliance
Requirements | Description |
---|---|
Kickstart disks | Not supported |
Network Time Protocol (NTP) package | Optional If you want to use NTP as your time server, ensure that you install the NTP package. |
Firewall configuration | WWW (http, https) enabled SSH-enabled |
Hardware | See the tables below for memory, processor, and storage requirements. |
Memory and processor requirements
The following table describes the memory and processor requirements for your hardware.
Table 3: Minimum and Suggested Memory Requirements for JSA Virtual Appliances
Appliance | Minimum memory requirement | Suggested memory requirement | Minimum number of CPU cores | Suggested number of CPU cores |
---|---|---|---|---|
JSA Event Processor 1605 | 12 GB | 48 GB | 16 | 24 |
JSA Event Processor 1629 | 128 GB | 128 GB | 40 | 40 |
JSA Event Processor 1648 | 128 GB | 128 GB | 56 | 56 |
JSA Flow Processor 1705 | 12 GB | 48 GB | 16 | 24 |
JSA Flow Processor 1729 | 128 GB | 128 GB | 48 | 48 |
JSA Flow Processor 1748 | 128 GB | 128 GB | 56 | 56 |
JSA Event and Flow Processor 1805 | 16 | 24 | ||
JSA Event and Flow Processor 1829 | 48 | 48 | ||
JSA Event and Flow Processor 1829 | 56 | 56 | ||
JSA 3105 “All-in-one” or Console | 32 GB | 48 GB | 16 | 24 |
JSA 3129 “All-in-one” or Console | ||||
JSA 3148 “All-in-one” or Console | 64 GB | 128 GB | 56 | 56 |
JSA Flow Processor 1202/1301 | 64 GB | 14 | ||
JSA Flow Processor 1310 | 64 GB | 14 | ||
JSA Flow Processor 1501 | 64 GB | 8 |
Storage requirements
Your appliance must have at least 256 GB of storage available.
The following table shows the storage requirements for installing JSA on your hardware.
Table 4: Minimum Storage Requirements for Appliances when you use the Virtual or Software Installation Option
System classification | Appliance Information | IOPS | Data transfer rate (MB/s) |
---|---|---|---|
Minimum performance | Supports XX05 licensing | 800 | 500 |
Medium performance | Supports XX29 licensing | 1200 | 1000 |
High Performance | Supports XX48 licensing | 10,000 | 2000 |
Small All-in-One or 1600 | Less than 500 EPS | 300 | 300 |
Event/Flow Processors | Events and flows | 300 | 300 |
Appliance Storage Requirements for Virtual and Software Installations
To install JSA using virtual or software options, the device must meet minimum storage requirements.
The following table shows the recommended minimum storage requirements for installing JSA by using the virtual or software only option.
The minimum required storage size will vary, based in factors such as event size, event per second (EPS), and retention requirements.
Table 5: Minimum Storage Requirements for Appliances When You Use the Virtual or Software Installation Option
System classification | Appliance Information | IOPS | Data transfer rate (MB/s) |
---|---|---|---|
Minimum performance | Supports XX05 licensing | 800 | 500 |
Medium performance | Supports XX29 licensing | 1200 | 1000 |
High Performance | Supports XX48 licensing | 10,000 | 2000 |
Small All-in-One or 1600 | Less than 500 EPS | 300 | 300 |
Event/Flow Processors | Events and flows | 300 | 300 |
Installing RHEL on Your System
You can install the Red Hat Enterprise Linux (RHEL) operating system on your own system to use with JSA.
Download the Red Hat Enterprise Linux Server ISO x86_64 Boot ISO from https://access.redhat.com.
Refer to the Red Hat version table to choose the correct version.
Table 6: Red Hat Version
JSA Version | Red Hat Enterprise Linux version |
---|---|
7.4.0 | Red Hat Enterprise Linux Server V7.6 x86_64 Boot ISO |
7.4.1 | Red Hat Enterprise Linux Server V7.7 x86_64 Boot ISO |
You can provide your own RHEL, or acquire entitlement to a JSA Software Node. To acquire entitlement to a JSA Software Node, contact your JSA Sales Representative.
If there are circumstances where you need install to RHEL separately, proceed with the following instructions.
- Map the ISO to a device for your appliance by using the
bootable USB flash drive with the ISO.
For information about creating a bootable USB flash drive, see USB Flash Drive Installations.
- Insert the portable storage device into your appliance and restart your appliance.
- From the starting menu, do one of the following options:
Select the device that you mapped the ISO to, or the USB drive, as the boot option.
To install on a system that supports Extensible Firmware Interface (EFI), you must start the system in
legacy
mode.
- When prompted, log in to the system as the root user.
- Follow the instructions in the installation wizard to
complete the installation:
Set the language to English (US).
Click Date & Time and set the time for your deployment.
Click Software selection and select Minimal Install.
Click Installation Destination and select the I will configure partitioning option.
Select LVM from the list.
Click the Add button to add the mount points and capacities for your partitions, and then click Done. For more information about RHEL7 partitions, see "Linux Operating System Partition Properties for JSA Installations on Your Own Hardware".
Click Network & Host Name.
Enter a fully qualified domain name for your appliance host name.
Select the interface in the list, move the switch to the ON position, and click Configure.
On the General tab, select Automatically connect to this network when it is available option.
On the IPv4 Settings tab, select Manual in the Method list.
Click Add to enter the IP address, Netmask, and Gateway for the appliance in the Addresses field.
Add two DNS servers.
Click Save > Done > Begin Installation.
- Set the root password, and then click Finish configuration.
- After the installation finishes, disable SELinux by modifying
the
/etc/selinux/config
file, and restart the appliance.
Linux Operating System Partition Properties for JSA Installations on Your Own System
If you use your own appliance hardware, you can delete and re-create partitions on your Red Hat Enterprise Linux operating system rather than modify the default partitions.
Use the values in the following table as a guide when you re-create the partitioning on your Red hat Enterprise Linux Operating system.
The file system for each partition is XFS.
Table 7: Partitioning Guide for RHEL
Mount Path | LVM Supported? | Exists on Software Installation | Size |
---|---|---|---|
| No | Yes | 1 GB |
| No | Yes | 200 MB |
| No | No | 8 GB |
| Yes | Yes | 5 GB |
| Yes | Yes | 15 GB |
| Yes | Yes | 3 GB |
| Yes | Yes | 13 GB |
| Yes | Yes | 1 GB |
| Yes | Yes | 15 GB |
| Yes | Yes | 3 GB |
swap | N/A | Yes | swap formula: Configure the swap partition size to be 75 percent of RAM, with a minimum value of 12 GB and a maximum value of 24 GB |
/ | Yes | Yes | Upto 15 GB |
/store | Yes | Yes | 80% of remaining space |
/transient | Yes | Yes | 20 % of remaining space |
Console Partition Configurations for Multiple Disk Deployments
For systems with multiple disks, configure the following partitions for JSA.
Disk 1
boot, swap, OS, JSA temporary files, and log files
Remaining Disks
Use the default storage configurations for JSA appliances as a guideline to determine what RAID type to use.
Mounted as
/store
Store JSA data
The following table shows the default storage configuration for JSA appliances.
Table 8: Default Storage Configurations for JSA Appliances
JSA host role | Storage Configuration |
---|---|
Flow processor QRadar Network Insights (QNI) | RAID1 |
Data Node Event processor Flow processor Event and flow processor All-in-one console | RAID6 |
Event collector | RAID10 |
Installing JSA After the RHEL Installation
Install Security JSA on your own device after you install RHEL.
A fresh software
install erases all data in /store
as part of the installation process. If you want to preserve the
contents of /store
when performing
a software install (such as when performing a manual retain), back
up the data you want to preserve apart from the host where the software
is to be installed.
- Copy the JSA ISO to
/root
or/storetmp
directory of the device. - Create the
media/cdrom
directory by typing the following command:mkdir/media/cdrom
- Mount
the JSA ISO by using the following command:
mount - o loop <path_to_iso>/<qradar.iso> / media/cdrom
- Run
the JSA setup by using the following command:
/media/cdrom/setup
Note A new kernel might be installed as part of the installation, which requires a system restart. Repeat the commands in steps 3 and 4 after the system restart to continue the installation.
- Select the appliance type:
Software Install
High Availability Appliance
- Select the appliance assignment, and then select Next.
- If you selected an appliance for high-availability (HA), select whether the appliance is a console.
- For the type of setup, select Normal Setup (default) or HA Recovery Setup, and set up the time.
- If you selected HA Recovery Setup, enter the cluster virtual IP address.
- Select the Internet Protocol version.
- If you selected ipv6, select manual or auto for the Configuration type.
- Select the bonded interface setup, if required.
- Select the management interface.
- In the wizard, enter a fully qualified domain name in the Hostname field.
- In the IP address field, enter a static IP address, or
use the assigned IP address.
Note If you are configuring this host as primary host for a high availability (HA) cluster, and you selected Yes for auto-configure, you must record the automatically-generated IP address. The generated IP address is entered during HA configuration.
For more information, see Juniper Security Analytics High Availability Guide.
- If you do not have a email server, enter
localhost
in the Email server name field. - Leave the
root
password as it is. - If you are installing a Console, enter an
admin
password that meets the following criteria:Contains at least 5 characters
Contains no spaces
Can include the following special characters: @, #, ^, and *.
- Click Finish.
- Follow the instructions in the installation wizard to
complete the installation.
The installation process might take several minutes.
- If you are installing a Console, apply your license key.
Log in to JSA as the
admin
user:Click Login.
In the navigation menu, click Admin.
In the navigation pane, click System configuration.
Click the System and License Management icon.
From the Display list box, select Licenses, and upload your license key.
Select the unallocated license and click Allocate System to License.
From the list of systems, select a system, and click Allocate System to License.
- If you want to add managed hosts, see Juniper Security Analytics Administration Guide.