JSA Software Installations (applicable only for JSA 7.3.1 Patch 9, JSA 7.3.2 Patch 2, and JSA 7.3.2 Patch 3)

A software installation is a JSA installation on your hardware that uses an RHEL operating system that you provide. You must configure partitions and perform other RHEL preparation before a JSA software installation.

Important

Ensure that your hardware meets the system requirements for JSA deployments. For more information about system requirements, see "Prerequisites for Installing JSA on Your Hardware" and "Appliance Storage Requirements for Virtual and Software Installations".
Install no software other than JSA and RHEL on your hardware. Unapproved RPM installations can cause dependency errors when you upgrade JSA software and can also cause performance issues in your deployment.
Do not update your operating system or packages before or after JSA installation.
If you are installing JSA on a Unified Extensible Firmware Interface (UEFI) system, secure boot must be disabled.

Complete the following tasks in order:

Prerequisites for Installing JSA on Your Hardware

Before you install Red Hat Enterprise Linux (RHEL) operating system on your hardware, ensure that your system meets the system requirements.

JSA and RHEL version compatibility

The following table describes the version of Red Hat Enterprise Linux used with the JSA version.

Table 1: Red Hat Version

JSA Version	Red Hat Enterprise Linux Version
JSA 7.4.0	Red Hat Enterprise Linux V7.6 64-bit
JSA 7.4.1	Red Hat Enterprise Linux V7.7 64-bit

The following table describes the system requirements:

Table 2: System Requirements for RHEL Installations on your own Appliance

Requirements	Description
Kickstart disks	Not supported
Network Time Protocol (NTP) package	Optional If you want to use NTP as your time server, ensure that you install the NTP package.
Firewall configuration	WWW (http, https) enabled SSH-enabled
Hardware	See the tables below for memory, processor, and storage requirements.

Memory and processor requirements

The following table describes the memory and processor requirements for your hardware.

Table 3: Minimum and Suggested Memory Requirements for JSA Virtual Appliances

Appliance	Minimum memory requirement	Suggested memory requirement	Minimum number of CPU cores	Suggested number of CPU cores
JSA Event Processor 1605	12 GB	48 GB	16	24
JSA Event Processor 1629	128 GB	128 GB	40	40
JSA Event Processor 1648	128 GB	128 GB	56	56
JSA Flow Processor 1705	12 GB	48 GB	16	24
JSA Flow Processor 1729	128 GB	128 GB	48	48
JSA Flow Processor 1748	128 GB	128 GB	56	56
JSA Event and Flow Processor 1805			16	24
JSA Event and Flow Processor 1829			48	48
JSA Event and Flow Processor 1829			56	56
JSA 3105 “All-in-one” or Console	32 GB	48 GB	16	24
JSA 3129 “All-in-one” or Console
JSA 3148 “All-in-one” or Console	64 GB	128 GB	56	56
JSA Flow Processor 1202/1301	64 GB		14
JSA Flow Processor 1310	64 GB		14
JSA Flow Processor 1501	64 GB		8

Storage requirements

Your appliance must have at least 256 GB of storage available.

The following table shows the storage requirements for installing JSA on your hardware.

Table 4: Minimum Storage Requirements for Appliances when you use the Virtual or Software Installation Option

System classification	Appliance Information	IOPS	Data transfer rate (MB/s)
Minimum performance	Supports XX05 licensing	800	500
Medium performance	Supports XX29 licensing	1200	1000
High Performance	Supports XX48 licensing	10,000	2000
Small All-in-One or 1600	Less than 500 EPS	300	300
Event/Flow Processors	Events and flows	300	300

Appliance Storage Requirements for Virtual and Software Installations

To install JSA using virtual or software options, the device must meet minimum storage requirements.

The following table shows the recommended minimum storage requirements for installing JSA by using the virtual or software only option.

Note

The minimum required storage size will vary, based in factors such as event size, event per second (EPS), and retention requirements.

Table 5: Minimum Storage Requirements for Appliances When You Use the Virtual or Software Installation Option

System classification	Appliance Information	IOPS	Data transfer rate (MB/s)
Minimum performance	Supports XX05 licensing	800	500
Medium performance	Supports XX29 licensing	1200	1000
High Performance	Supports XX48 licensing	10,000	2000
Small All-in-One or 1600	Less than 500 EPS	300	300
Event/Flow Processors	Events and flows	300	300

Installing RHEL on Your System

You can install the Red Hat Enterprise Linux (RHEL) operating system on your own system to use with JSA.

Download the Red Hat Enterprise Linux Server ISO x86_64 Boot ISO from https://access.redhat.com.

Refer to the Red Hat version table to choose the correct version.

Table 6: Red Hat Version

JSA Version	Red Hat Enterprise Linux version
7.4.0	Red Hat Enterprise Linux Server V7.6 x86_64 Boot ISO
7.4.1	Red Hat Enterprise Linux Server V7.7 x86_64 Boot ISO

You can provide your own RHEL, or acquire entitlement to a JSA Software Node. To acquire entitlement to a JSA Software Node, contact your JSA Sales Representative.

If there are circumstances where you need install to RHEL separately, proceed with the following instructions.

Map the ISO to a device for your appliance by using the bootable USB flash drive with the ISO.
For information about creating a bootable USB flash drive, see USB Flash Drive Installations.
Insert the portable storage device into your appliance and restart your appliance.
From the starting menu, do one of the following options:
- Select the device that you mapped the ISO to, or the USB drive, as the boot option.
- To install on a system that supports Extensible Firmware Interface (EFI), you must start the system in legacy mode.
When prompted, log in to the system as the root user.
Follow the instructions in the installation wizard to complete the installation:
1. Set the language to English (US).
2. Click Date & Time and set the time for your deployment.
3. Click Software selection and select Minimal Install.
4. Click Installation Destination and select the I will configure partitioning option.
5. Select LVM from the list.
6. Click the Add button to add the mount points and capacities for your partitions, and then click Done. For more information about RHEL7 partitions, see "Linux Operating System Partition Properties for JSA Installations on Your Own Hardware".
7. Click Network & Host Name.
8. Enter a fully qualified domain name for your appliance host name.
9. Select the interface in the list, move the switch to the ON position, and click Configure.
10. On the General tab, select Automatically connect to this network when it is available option.
11. On the IPv4 Settings tab, select Manual in the Method list.
12. Click Add to enter the IP address, Netmask, and Gateway for the appliance in the Addresses field.
13. Add two DNS servers.
14. Click Save > Done > Begin Installation.
Set the root password, and then click Finish configuration.
After the installation finishes, disable SELinux by modifying the /etc/selinux/config file, and restart the appliance.

Linux Operating System Partition Properties for JSA Installations on Your Own System

If you use your own appliance hardware, you can delete and re-create partitions on your Red Hat Enterprise Linux operating system rather than modify the default partitions.

Use the values in the following table as a guide when you re-create the partitioning on your Red hat Enterprise Linux Operating system.

The file system for each partition is XFS.

Table 7: Partitioning Guide for RHEL

Mount Path	LVM Supported?	Exists on Software Installation	Size
`/boot`	No	Yes	1 GB
`/boot/efi`	No	Yes	200 MB
`/recovery`	No	No	8 GB
`/var`	Yes	Yes	5 GB
`/var/log`	Yes	Yes	15 GB
`/var/log/audit`	Yes	Yes	3 GB
`/opt`	Yes	Yes	13 GB
`/home`	Yes	Yes	1 GB
`/storetmp`	Yes	Yes	15 GB
`/tmp`	Yes	Yes	3 GB
swap	N/A	Yes	swap formula: Configure the swap partition size to be 75 percent of RAM, with a minimum value of 12 GB and a maximum value of 24 GB
/	Yes	Yes	Upto 15 GB
/store	Yes	Yes	80% of remaining space
/transient	Yes	Yes	20 % of remaining space

Console Partition Configurations for Multiple Disk Deployments

For systems with multiple disks, configure the following partitions for JSA.

Disk 1

boot, swap, OS, JSA temporary files, and log files

Remaining Disks

Use the default storage configurations for JSA appliances as a guideline to determine what RAID type to use.
Mounted as /store
Store JSA data

The following table shows the default storage configuration for JSA appliances.

Table 8: Default Storage Configurations for JSA Appliances

JSA host role	Storage Configuration
Flow processor QRadar Network Insights (QNI)	RAID1
Data Node Event processor Flow processor Event and flow processor All-in-one console	RAID6
Event collector	RAID10

JSA host role

Storage Configuration

Flow processor

QRadar Network Insights (QNI)

RAID1

Data Node

Event processor

Flow processor

Event and flow processor

All-in-one console

RAID6

Event collector

RAID10

Installing JSA After the RHEL Installation

Install Security JSA on your own device after you install RHEL.

A fresh software install erases all data in /store as part of the installation process. If you want to preserve the contents of /store when performing a software install (such as when performing a manual retain), back up the data you want to preserve apart from the host where the software is to be installed.

Copy the JSA ISO to /root or /storetmp directory of the device.
Create the media/cdrom directory by typing the following command:
mkdir/media/cdrom
Mount the JSA ISO by using the following command:
mount - o loop <path_to_iso>/<qradar.iso> / media/cdrom
Run the JSA setup by using the following command:
/media/cdrom/setup
Note
A new kernel might be installed as part of the installation, which requires a system restart. Repeat the commands in steps 3 and 4 after the system restart to continue the installation.
Select the appliance type:
- Software Install
- High Availability Appliance
Select the appliance assignment, and then select Next.
If you selected an appliance for high-availability (HA), select whether the appliance is a console.
For the type of setup, select Normal Setup (default) or HA Recovery Setup, and set up the time.
If you selected HA Recovery Setup, enter the cluster virtual IP address.
Select the Internet Protocol version.
If you selected ipv6, select manual or auto for the Configuration type.
Select the bonded interface setup, if required.
Select the management interface.
In the wizard, enter a fully qualified domain name in the Hostname field.
In the IP address field, enter a static IP address, or use the assigned IP address.Note
If you are configuring this host as primary host for a high availability (HA) cluster, and you selected Yes for auto-configure, you must record the automatically-generated IP address. The generated IP address is entered during HA configuration.
For more information, see Juniper Security Analytics High Availability Guide.
If you do not have a email server, enter localhost in the Email server name field.
Leave the root password as it is.
If you are installing a Console, enter an admin password that meets the following criteria:
- Contains at least 5 characters
- Contains no spaces
- Can include the following special characters: @, #, ^, and *.
Click Finish.
Follow the instructions in the installation wizard to complete the installation.
The installation process might take several minutes.
If you are installing a Console, apply your license key.
1. Log in to JSA as the admin user:
2. Click Login.
3. In the navigation menu, click Admin.
4. In the navigation pane, click System configuration.
5. Click the System and License Management icon.
6. From the Display list box, select Licenses, and upload your license key.
7. Select the unallocated license and click Allocate System to License.
8. From the list of systems, select a system, and click Allocate System to License.
If you want to add managed hosts, see Juniper Security Analytics Administration Guide.