Академический Документы
Профессиональный Документы
Культура Документы
Copyright 2015 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any
electronic medium without the written consent of Blue Coat Systems, Inc. Blue Coat, ProxySG, PacketShaper, CacheFlow, IntelligenceCenter and
BlueTouch are registered trademarks of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the
property of their respective owners.
This document is intended to help you install Security Analytics Software on a Dell PowerEdge
R720xd or R620 Rack Server, either as a standalone appliance or connected to Dell PowerVault
MD1200 Direct Attached Storage arrays.
For the Dell PowerEdge R730xd or R630 Rack Server or the PowerVault MD1400 Direct Attached
Storage, see the Security Analytics Software Installation Guide for Gen13 Dell Hardware.
This document is not intended as a guide to policies or procedures for network security or network
forensics.
This document attempts to provide the best information possible; however, this information is
provided AS-IS and without warranty of any kind for accuracy, completeness, or currency. All
references and links to Web sites are valid as of the date of publication, but the content and nature
of those Web sites and pages is subject to change without our knowledge or control.
Copyrights, Trademarks, and Intellectual Property
A trademark symbol () denotes a trademark of Blue Coat Systems, Inc. A degree sign () denotes
a third-party trademark. All third-party trademarks are the property of their respective owners. All
other marks referenced herein are the property of their respective owners.
Copyright 2015 Blue Coat Systems, Inc. All rights reserved. No portion may be copied or
reproduced without express written consent.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You
may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing
permissions and limitations under the License.
Blue Coat Systems will provide a machine-readable copy of the GPL open-source code on a CD.
To obtain a copy, send a written request, along with a certified check or money order in the
amount of U.S. $25.00, payable to Blue Coat Systems, Inc. to:
ATTN: Customer Support
GPL Source Code Request, Security Analytics
Blue Coat Systems
Suite 400
25 E Scenic Pointe Drive
Draper, UT 84020
USA
2 of 28
This guide describes the installation and initial configuration of Security Analytics Software on a
Dell PowerEdge R720xd or R620 Rack Server, with or without additional storage modules (Dell
PowerVault MD1200 Direct Attached Storage arrays).
This document assumes that you have purchased the Dell hardware off the rack rather than
through Blue Coat Systems, Inc., and therefore that the initial server configuration has not been
performed.
For assistance with the installation of this software:
3 of 28
Requirements
Table of Contents
1
Requirements ...............................................................................................................................................................5
Installation ...................................................................................................................................................................8
1.1
1.2
2.1
2.2
2.3
2.4
2.5
2.6
2.7
2.8
3.2
3.3
3.4
3.5
3.6
4 of 28
Requirements
1 Requirements
This installation requires the following:
R620 only
1 RAID controller
R720xd only
2 RAID controllers
16 Dell PowerVault MD1200 (12 x 2TB or 12 x 4TB) Direct Attached Storage arrays
USB keyboard
Cat5 cable
Workstation with Ethernet port and one of the following supported browsers:
o
Firefox 18+
Safari 5+
Chrome 24+
5 of 28
Requirements
1.1
IMPORTANT
The location of the management port in the figures below is valid only after Security Analytics Software
has been installed. Generally, the software will enumerate the copper ports from right to left and the
fiber ports from left to right.
6 of 28
Requirements
Note
1.2
The 4-port Ethernet card may be located in slot 1 or slot 3 without affecting port enumeration. The fiber ports
are always eth8 and eth9, and the rightmost port on the Ethernet card is always eth4.
7 of 28
Installation
2 Installation
2.1
IMPORTANT
You must connect the storage arrays to the host controller BEFORE continuing to the next step.
One-RAID-Controller Setup
Two-RAID-Controller Setup
8 of 28
Installation
2.2
IMPORTANT
2.3
If you have attached storage modules, power them on first, then power on the host controller.
2.3.2. When the menu items are displayed, press F2 to enter the system setup.
2.3.3. From the System Setup Main Menu, select iDRAC Settings and configure the settings as
follows:
Page
Attribute
Value
Network Settings
Enable NIC
Enabled
NIC Selection
LOM4
Failover Network
LOM3
Enable DHCP
[as desired]
IP Address
[as desired]
Gateway
[as desired]
User Name
[as desired]
Change Password
[as desired]
Disabled
User Configuration
Lifecycle Controller
Note
If you choose to enable DHCP, it is recommended that you use the DHCP reservation feature of your DHCP
server to statically map the MAC address of the iDRAC interface to an IP address.
2.3.4. Click Finish at the lower-right of the screen and follow the prompts to save and exit.
9 of 28
Installation
2.4
Note
2.4.2. When you see this screen, press Ctrl+R to enter the RAID configuration utility.
2.4.3. If you have external RAID controllers installed, you see a menu of RAID controllers similar to
the following:
PERC BIOS Configuration Utility 4.00-0014
Controller 0:PERC H710 Mini
Controller 1:PERC H810 Adapter
Controller 2:PERC H810 Adapter
Notes
Controller 0 always refers to the internal RAID controller. All other RAID controllers are connected to the
external storage arrays.
The internal RAID controller for the R620 and the R720xd is configured using the PERC H710 Mini BIOS
Configuration Utility.
The external RAID controllers for all host controllers are configured using the PERC H810 Adapter BIOS
Configuration Utility.
The screen shots that follow are from the PERC H710; the steps for the H810 are the same.
10 of 28
Installation
2.4.4. Select Controller 0 and press Enter.
2.4.5. On the Virtual Disk Management screen, select PERC H710 Mini (Bus 0x02, Dev 0x00) >
Clear Config and press Enter.
2.4.6. When you return to the Virtual Disk Management screen, select PERC H710 Mini
(Bus 0x02, Dev 0x00) > Create New VD and press Enter.
11 of 28
Installation
Notes
Physical DisksScroll down and select the Disk IDs for the system arrays.
2.4.8. Select OK. Are you configuring a Central Manager Console (CMC)?
YesGo to step 2.4.15.
12 of 28
Installation
Configure the Indexing Arrays
2.4.9. Follow the prompts to return to the Virtual Disk Management screen.
2.4.10. Are you configuring an R720xd with 4, 5, or 6 MD1200s of 12x4TB Drives?
YesConfigure disks 021 as a RAID-5 array.
Exit the PERC H710 utility and launch the PERC H810 utility
for Controller 1.
Go to step 2.4.12.
NoContinue the
procedure.
2.4.11. On the Virtual Disk Management screen, select PERC H710 Mini (Bus 0x02, Dev 0x00) >
Create New VD and press Enter.
Physical DisksScroll down and select the Disk IDs for the indexing arrays. Consult
Appendix A: RAID Array Configurations for your configuration type to see which virtual disk
groups to assign to the indexing array
Advanced SettingsUnder Write Policy, select Force WB with no battery and Initialize.
13 of 28
Installation
Configure the Capture Arrays
2.4.13. Select OK and follow the prompts to return to the Virtual Disk Management screen.
2.4.14. Are you configuring a standalone device, or did you configure your indexing array on
Controller 1?
YesContinue the
procedure.
NoExit the PERC H710 utility and launch the PERC H810 utility
for Controller 1.
Physical DisksScroll down and select the Disk IDs for the capture arrays.
Advanced SettingsUnder Write Policy, select Force WB with no battery and Initialize.
2.4.16. Repeat step 2.4.15 for each capture array. Consult Appendix A: RAID Array Configurations for
your configuration type to see which virtual disk groups to configure for each RAID
controller. Where applicable, select the PERC H810 utility for Controller 2 and configure
accordingly.
2.4.17. Select OK and follow the prompts to return to the Virtual Disk Management screen.
14 of 28
Installation
2.4.18. The initialization progress is displayed in the upper-right quadrant of the screen.
Note
Before disk initialization is complete, you can perform the rest of the configuration tasks. However, it is not
recommended that you begin capture until after initialization is complete. In most cases, initialization time
for all disks will be in the 56 hour range.
2.4.19. Press ESC to save the settings and exit the RAID configuration utility.
15 of 28
Installation
2.5
Configure BIOS
2.5.1. Reboot the host controller by pressing the power button or by pressing Ctrl+Alt+Delete.
F2 = System Setup
F10 = Lifecycle Controller
F11 = BIOS Boot Manager
F12 = PXE Boot
2.5.2. When these menu items are displayed, press F2 to enter the system setup and configure
the settings as follows:
Page
Attribute
Value
Memory Settings
Optimizer Mode
Processor Settings
Virtualization Technology
Disabled
System Profile
Performance
Serial Communication
2.5.3. Press ESC to return to the main menu, then save and exit.
2.6
16 of 28
Installation
2.6.5. When the Welcome screen is displayed, select Install Solera and press Enter. The
installation begins.
2.6.6. When the Complete screen is displayed, remove the drive and press Enter to reboot. Now
that the Security Analytics Software has been installed on your server, it will now be called
Security Analytics Appliance or appliance in the documentation.
Note
On a Dell server, selecting an external driver in the BIOS Boot Manager affects one boot event only; it is
therefore not essential that you remove the drive at this point, because by default, the server will boot from
its internal drive.
17 of 28
Installation
2.7
HOW TO
Assign a
temporary IP
address
a. Launch a Web browser and navigate to the IP address for eth0. You can use either HTTP or HTTPS.
b. At the Login page, type the default username and password, both of which are case-sensitive:
Username: admin
Password: Solera
c. Click Log In.
d. The Solera Networks End User License Agreement (EULA) for this appliance is displayed. Select I
accept these terms to accept the Solera Networks EULA and click Submit. The Initial Configuration
page is displayed.
e. Select Settings ( ) > About > Help > English.
f. Consult the "Initial Setup" page for instructions on initial appliance configuration.
2.8
Next Steps
After your Security Analytics Appliance is set up, use the web interface to configure the appliance
to start capturing network traffic. For instructions, select Settings > About > Help > English.
For assistance with your appliance, contact:
18 of 28
Disk Gp.
Disk ID
RAID
Purpose
Device
Model
Position
03
System
Central Manager
R620
n/a
RAID Cont.
Disk Gp.
Disk ID
RAID
Purpose
Device
Model
Position
01
System
Appliance
R620
n/a
23
Index
Appliance
R620
n/a
49
Capture
Appliance
R620
n/a
Total Index
Total Capture
R620 Standalone
Index-to-Capture Ratio
19 of 28
0.20
3.2
Disk Gp.
Disk ID
RAID
Purpose
Device
Model
Position
01
System
Host Controller
R620
29
Index
Host Controller
R620
011
Capture
Storage Module
MD1200
20
Total Index
Total Capture
20
Index-to-Capture Ratio
0.35
Disk Gp.
Disk ID
RAID
Purpose
Device
Model
Position
01
System
Host Controller
R620
29
Index
Host Controller
R620
011
Capture
Storage Module
MD1200
20
011
Capture
Storage Module
MD1200
20
Total Index
Total Capture
40
Index-to-Capture Ratio
0.18
Disk Gp.
Disk ID
RAID
Purpose
Device
Model
Position
01
System
Host Controller
R620
29
Index
Host Controller
R620
011
Capture
Storage Module
MD1200
20
011
Capture
Storage Module
MD1200
20
011
Capture
Storage Module
MD1200
20
Total Index
Total Capture
60
Index-to-Capture Ratio
20 of 28
0.12
3.3
Disk Gp.
Disk ID
RAID
Purpose
Device
Model
Position
01
System
Host Controller
R620
29
Index
Host Controller
R620
011
Capture
Storage Module
MD1200
40
Total Index
Total Capture
40
Index-to-Capture Ratio
3.4
0.18
R720xd Standalone
RAID Cont.
Disk Gp.
Disk ID
RAID
Purpose
Device
Model
Position
2425
System
Appliance
R720xd
n/a
04
Index
Appliance
R720xd
n/a
523
Capture
Appliance
R720xd
n/a
18
Total Index
Total Capture
18
Index-to-Capture Ratio
21 of 28
0.22
3.5
Disk Gp.
Disk ID
RAID
Purpose
Device
Model
Position
2225
System
Host Controller
R720xd
021
Index
Host Controller
R720xd
21
011
Capture
Storage Module
MD1200
20
Total Index
21
Total Capture
20
Index-to-Capture Ratio
1.05
Disk Gp.
Disk ID
RAID
Purpose
Device
Model
Position
2225
System
Host Controller
R720xd
021
Index
Host Controller
R720xd
21
011
Capture
Storage Module
MD1200
20
011
Capture
Storage Module
MD1200
20
Total Index
21
Total Capture
40
Index-to-Capture Ratio
22 of 28
0.53
Disk Gp.
Disk ID
RAID
Purpose
Device
Model
Position
2225
System
Host Controller
R720xd
021
Index
Host Controller
R720xd
21
011
Capture
Storage Module
MD1200
20
011
Capture
Storage Module
MD1200
20
011
Capture
Storage Module
MD1200
20
Total Index
21
Total Capture
60
Index-to-Capture Ratio
0.35
Disk Gp.
Disk ID
RAID
Purpose
Device
Model
Position
2225
System
Host Controller
R720xd
021
Index
Host Controller
R720xd
21
011
Capture
Storage Module
MD1200
20
011
Capture
Storage Module
MD1200
20
011
Capture
Storage Module
MD1200
20
011
Capture
Storage Module
MD1200
20
Total Index
21
Total Capture
80
Index-to-Capture Ratio
0.26
Disk Gp.
Disk ID
RAID
Purpose
Device
Model
Position
2225
System
Host Controller
R720xd
021
Index
Host Controller
R720xd
21
011
Capture
Storage Module
MD1200
20
011
Capture
Storage Module
MD1200
20
011
Capture
Storage Module
MD1200
20
011
Capture
Storage Module
MD1200
20
011
Capture
Storage Module
MD1200
20
Total Index
21
Total Capture
100
Index-to-Capture Ratio
0.21
23 of 28
Disk Gp.
Disk ID
RAID
Purpose
Device
Model
Position
2225
System
Host Controller
R720xd
021
Index
Host Controller
R720xd
21
011
Capture
Storage Module
MD1200
20
011
Capture
Storage Module
MD1200
20
011
Capture
Storage Module
MD1200
20
011
Capture
Storage Module
MD1200
20
011
Capture
Storage Module
MD1200
20
011
Capture
Storage Module
MD1200
20
Total Index
21
Total Capture
120
Index-to-Capture Ratio
0.18
24 of 28
3.6
Disk Gp.
Disk ID
RAID
Purpose
Device
Model
Position
2225
System
Host Controller
R720xd
021
Index
Host Controller
R720xd
21
011
Capture
Storage Module
MD1200
40
Total Index
21
Total Capture
40
Index-to-Capture Ratio
0.53
Disk Gp.
Disk ID
RAID
Purpose
Device
Model
Position
2225
System
Host Controller
R720xd
021
Index
Host Controller
R720xd
21
011
Capture
Storage Module
MD1200
40
011
Capture
Storage Module
MD1200
40
Total Index
21
Total Capture
80
Index-to-Capture Ratio
25 of 28
0.26
Disk Gp.
Disk ID
RAID
Purpose
Device
Model
Position
2225
System
Host Controller
R720xd
021
Index
Host Controller
R720xd
21
011
Capture
Storage Module
MD1200
40
011
Capture
Storage Module
MD1200
40
011
Capture
Storage Module
MD1200
40
Total Index
21
Total Capture
120
Index-to-Capture Ratio
0.18
Disk Gp.
Disk ID
RAID
Purpose
Device
Model
Position
2225
System
Host Controller
R720xd
021
Index
Host Controller
R720xd
21
011
[variable]*
Storage Module
MD1200
40
011
Capture
Storage Module
MD1200
40
011
Capture
Storage Module
MD1200
40
011
Capture
Storage Module
MD1200
40
Total Index
21/61
Total Capture
160/120
Index-to-Capture Ratio
0.13/0.50
*The purpose of the storage module in Position 1 should be decided in conjunction with professional services. The indexto-capture ratio should be customized according to your organization's needs.
26 of 28
Disk Gp.
Disk ID
RAID
Purpose
Device
Model
Position
2225
System
Host Controller
R720xd
021
Index
Host Controller
R720xd
21
05
Index
Storage Module
MD1200
20
611
Index
Storage Module
MD1200
20
011
Capture
Storage Module
MD1200
40
011
Capture
Storage Module
MD1200
40
011
Capture
Storage Module
MD1200
40
011
Capture
Storage Module
MD1200
40
Total Index
61
Total Capture
160
Index-to-Capture Ratio
0.38
Disk Gp.
Disk ID
RAID
Purpose
Device
Model
Position
2225
System
Host Controller
R720xd
021
Index
Host Controller
R720xd
21
05
Index
Storage Module
MD1200
20
611
Index
Storage Module
MD1200
20
011
Capture
Storage Module
MD1200
40
011
Capture
Storage Module
MD1200
40
011
Capture
Storage Module
MD1200
40
011
Capture
Storage Module
MD1200
40
011
Capture
Storage Module
MD1200
40
Total Index
61
Total Capture
200
Index-to-Capture Ratio
0.30
27 of 28
2 GB Appliance
$0.14 kWh
1013.4 Btu/h
Sound Power
Current
297 W
10 GB Appliance
$0.14 kWh
1211.3 Btu/h
355 W
20 TB Storage
$0.14 kWh
2200.8 Btu/h
645 W
$0.14 kWh
1003.5 Btu/h
294.1 W
6 bels
6.5 bels
6.5 bels
7 bels
2.7 amps
3.2 amps
5.9 amps
2.7 amps
Air Flow
10.2 l/s
21.5 CFM
9 l/s
19.2 CFM
18.7 l/s
39.6 CFM
13.7 l/s
29.1 CFM
Total Weight
19.8 kg
43.6 lbs
19.8 kg
43.6 lbs
29.2 kg
64.4 lbs
28.4 kg
62.6 lbs
24.8 C
44.7 C
33.4 C
60 F
29.3 C
52.8 F
18.2 C
32.7 F
28 of 28