Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Installing a JSA Console or Managed Host

Install JSA Console or a managed host on the JSA appliance that is FIPS enabled.

Software versions for all JSA appliances in a deployment must be same version and patch level. Deployments that use different versions of software is not supported.

Ensure that the following requirements are met:

  • The correct hardware is installed.

  • Create a bootable USB flash drive with Red Hat Linux. For more information, see Creating a Bootable USB Drive with Red Hat Linux.

  • Install JSA with a USB flash drive. For more information, see USB Drive Installations.

  • You have the required license key for your appliance.

  • A keyboard and monitor are connected by using the VGA connection.

  • There are no expired licenses on either the console or the managed hosts.

  • If you are installing JSA on a Unified Extensible Firmware Interface (UEFI) system, secure boot must

    be disabled.

  • FIPS mode only: After the FIPS installation is complete, you must migrate Docker Community Edition (CE) to Docker Enterprise Edition (EE) on your JSA Console and 4000 appliance. You must ensure you have a Docker EE license. For more information, see Migrating to Docker Enterprise Edition with FIPS.

Note:

FIPS mode only (For JSA 7.5.0 GA to JSA 7.5.0 Update Package 7): To install an appliance with FIPS enabled, add qradar.fips=1 to the vmlinuz.

  1. FIPS mode only (For JSA 7.5.0 GA to JSA 7.5.0 Update Package 7): On the Red Hat Enterprise Linux 7.9 installation page, press Tab to edit the vmlinuz.
  2. FIPS mode only (For JSA 7.5.0 GA to JSA 7.5.0 Update Package 7): Add qradar.fips=1 to the vmlinuz line and press Enter. The result might look similar to this example:

    vmlinuz initrd=initrd.img inst.stage2=hd:LABEl=QRadar-2020_11_0_20201210153453 quiet inst.text inst.gpt inst.ks=hd:LABEL=QRadar-2020_11_0_20201210153452console=ttyS0,9600 console=tty1 qradar.fips=1

  3. Use SSH to log in as the root user.
  4. Accept the End-User license Agreement.
  5. If you selected High Availability Appliance complete the following steps:
    1. Select HA appliance (All models) 500 as the functionality.

    2. Select whether the high-availability (HA) appliance is a standby for a console or non-console appliance.

    3. Select Next.

  6. If you did not choose High Availability Appliance, select the appliance assignment, and then select Next.
  7. For the type of setup, select Normal Setup (default) or HA Recovery Setup, and set up the time.
  8. If you selected HA Recovery Setup, enter the cluster virtual IP address.
  9. Select the Internet Protocol version:
    • Select ipv4 or ipv6.

  10. If you selected ipv6, select manual or auto for the Configuration type.
  11. If required, select the bonded interface setup,
  12. Select the management interface.
    Note:

    If the interface has a link (cable connected), a plus sign (+) is displayed before the description.

  13. In the wizard, enter a fully qualified domain name in the Hostname field.
    Note:

    The hostname must not contain only numbers.

  14. In the IP address field, enter a static IP address, or use the assigned IP address.
    Note:

    If you are configuring this host as a primary host for a high availability (HA) cluster, and you selected Yes for auto-configure, you must record the automatically-generated IP address. The generated IP address is entered during HA configuration.

    For more information, see the Juniper Secure Analytics High Availability Guide.

  15. If you are installing a Console, enter an admin password that meets the following criteria:
    • Contains at least 8 characters

    • Contains at least one uppercase character

    • Contains at least one lowercase character

    • Contains at least one digit

    • Contains at least one special character: @, #, ^, or *.

  16. Enter root password that meets the following criteria:
    • Contains at least 5 characters

    • Contains no spaces

    • Can include the following special characters: @, #, ^, and *.

  17. Click Finish.

    A series of messages appears as JSA continues with the installation. Based on the appliance ID selected, the installation process may take from several minutes to few hours to complete. When the JSA installation process is complete, the message window appears.

  18. Apply your license key.
    1. Log in to JSA:

      The default user name is admin. The password is the password of the admin user account.

    2. Click Login To JSA.

    3. Click the Admin tab.

    4. In the navigation pane, click System Configuration.

    5. Click the System and License Management icon.

    6. From the Display list box, select Licenses, and upload your license key.

    7. Select the unallocated license and click Allocate System to License.

    8. From the list of systems, select a system, and click Allocate System to License.

    9. Click Deploy License Changes.

  19. If you want to add managed hosts, see the Juniper Secure Analytics Administration Guide.
  20. FIPS mode only: Verify that FIPS mode is enabled by typing the following command.
    /opt/qradar/bin/myver -fips

    The output is 'true' on a FIPS mode enabled system and 'false' when FIPS mode is not enabled.

    If the result is false, try to reinstall with FIPS mode enabled.

  21. FIPS mode only (For JSA 7.5.0 Update Package 8): To enable FIPS mode, run the following command on each host in the deployment.
    /opt/qradar/bin/qradar_fips_toggle.sh enable

    Reboot the system when the script completes running.