Juniper Secure Analytics Installing JSA Using a Bootable USB Flash Drive Release 2014.2 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408-745-2000 www.juniper.net Published: 2014-07-15
Copyright Notice Copyright 2014 Juniper Networks, Inc. All rights reserved. Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. The following terms are trademarks or registered trademarks of other companies: Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. FCC Statement The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. The equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense. The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it is not installed in accordance with Juniper Networks installation instructions, it may cause interference with radio and television reception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver. Consult the dealer or an experienced radio/tv technician for help. Connect the equipment to an outlet on a circuit different from that to which the receiver is connected. Caution: Changes or modifications to this product could void the user's warranty and authority to operate this device. Disclaimer THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT, SUBJECT TO THE MODIFICTAIONS SET FORTH BELOW ON THIS PAGE, ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR JUNIPER NETWORKS REPRESENTATIVE FOR A COPY. Release 2014.2 Copyright 2014, Juniper Networks, Inc. All rights reserved. Printed in USA. Revision History July 2014 The information in this document is current as of the date listed in the revision history. END USER LICENSE AGREEMENT The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement ( EULA ) posted at http://www.juniper.net/support/eula.html, as modified by the following text, which shall be treated under the EULA as an Entitlement Document taking precedence over any conflicting provisions of such EULA as regards such software: As regards software accompanying the STRM products (the Program ), such software contains software licensed by Q1 Labs and is further accompanied by third-party software that is described in the applicable documentation or materials provided by Juniper Networks. 2
For the convenience of Licensee, the Program may be accompanied by a third party operating system. The operating system is not part of the Program, and is licensed directly by the operating system provider (e.g., Red Hat Inc., Novell Inc., etc.) to Licensee. Neither Juniper Networks nor Q1 Labs is a party to the license between Licensee and the third party operating system provider, and the Program includes the third party operating system AS IS, without representation or warranty, express or implied, including any implied warranty of merchantability, fitness for a particular purpose or non-infringement. For an installed Red Hat operating system, see the license file: /usr/share/doc/redhat-release-server-6server/eula. By downloading, installing or using such software, you agree to the terms and conditions of that EULA as so modified. 3
4
CONTENTS 1 INSTALLING JSA USING A BOOTABLE USB FLASH DRIVE Using JSA to Create a Bootable USB Flash Drive............................ 7 2 CREATE A BOOTABLE USB FLASH DRIVE WITH MICROSOFT WINDOWS Before You Begin..................................................... 9 Creating a Bootable USB Flash Drive in Windows.......................... 10 3 CREATE A BOOTABLE USB FLASH DRIVE WITH REDHAT LINUX Before You Begin.................................................... 13 Creating a Bootable USB Flash Drive From a RedHat Linux System............ 13 4 JSA SOFTWARE INSTALLATION Configuring a USB Flash Drive for Serial-Only Appliances.................... 15 Installing JSA with a USB Flash Drive.................................... 15
1 INSTALLING JSA USING A BOOTABLE USB FLASH DRIVE This technical note provides information on how to create a USB flash drive capable of completing a new installation of any Juniper Secure Analytics (JSA) product software. NOTE This document only applies to full installations; it does not apply to upgrades or patches. Information for patches is available in the release note documentation for your product. Using JSA to Create a Bootable USB Flash Drive Step 1 Step 2 Step 3 You can use Juniper Secure Analytics (JSA) appliances from your deployment to create a bootable USB flash drive. If the system you want to install resides in a JSA deployment in which other JSA systems are available, you can create a bootable USB flash drive on another JSA system. To create a bootable USB flash drive: Download the 2014.2.r1 ISO file to your JSA system: a Access the Juniper Customer Support website (www.juniper.net/support/). b Locate the 2014.2.r1 ISO file on the Juniper Customer Support website. c Copy the ISO image to a directory on your JSA system. For example, /tmp. Using SSH, log in to your JSA system as the root user: Username: root Password: <password> Insert your USB flash drive into the USB port on your system. Note: Depending on your system, it might take up to 30 seconds for the USB flash drive to be recognized.
8 INSTALLING JSA USING A BOOTABLE USB FLASH DRIVE Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Run the following command to mount the ISO image: mount -o loop /tmp/<name of the iso image>.iso /media/cdrom Where <name of the iso image> is the ISO image downloaded from the Juniper Customer Support website in Step 1. Run the following command to copy the USB creation script from the mounted ISO image to the /tmp directory: cp /media/cdrom/post/create-usb-install-key.py /tmp/ Run the following command to start the USB creation script: /tmp/create-usb-install-key.py Press Enter. Press 1, and type the path to the ISO image. For example, /tmp/<name of the iso image>.iso Press 2, and select the drive containing your USB flash drive. Press 3 to create your USB key. The process of writing the ISO image to your USB flash drive takes several minutes to complete. When the ISO is loaded onto the USB flash drive, a confirmation message appears. Press q to quit the USB key script. Remove the USB flash drive from your JSA system. You are now ready to use your USB flash drive to install JSA on your appliance.
2 CREATE A BOOTABLE USB FLASH DRIVE WITH MICROSOFT WINDOWS You can use a desktop or laptop system with Microsoft Windows to create a bootable USB flash drive that is capable of installing or reinstalling JSA products. Before You Begin Before you can create a bootable USB flash drive with Microsoft Windows, you must have access to the following: A 2 GB (or larger) USB flash drive The Create USB Install Key (CUIK) software A desktop or laptop system with one the following operating systems: - Windows 7 - Windows Vista - Windows 2008 - Windows 2008R2 PeaZip Portable 4.8.1 Syslinux 4.06 CAUTION CAUTION: When you create a bootable USB flash drive, the contents of the USB flash drive are deleted.
10 CREATE A BOOTABLE USB FLASH DRIVE WITH MICROSOFT WINDOWS Creating a Bootable USB Flash Drive in Windows Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 The Create-USB-Install-Key (CUIK) tool is a guided command-line tool for Microsoft Windows that allows you to create a bootable USB flash drive for JSA. Procedure Download the JSA ISO file: a Access the Juniper Customer Support website www.juniper.net/support/. b Locate the JSA 2014.2 ISO file on the Juniper Customer Support website. c Save the ISO file to your Windows system. Download the Create-USB-Install-Key (CUIK) tool from the Juniper Customer Support website. cuik.<version>.zip Extract the Create-USB-Install-Key (CUIK) tool to a directory. For example, C:\cuik From the Internet, download the following required files to the CUIK/deps folder: PeaZip Portable 4.8.1 For example, c:\cuik\deps\peazip_portable-4.8.1.windows.zip Syslinux 4.06 For example, c:\cuik\deps\syslinux-4.06.zip You are not required to extract the zip files. The files only need to be available in the cuik/deps directory. Insert a blank USB flash drive into the USB port on your computer. Verify that the USB flash drive is be listed by drive letter and accessible in Windows. Right-click cuik.exe and select Run as administrator. Press Enter to continue. Press 1 to select your JSA ISO file. Select your ISO image and click Open. Press 2 to select your USB drive letter. Select the number that corresponds to your USB flash drive letter. Press 3 to create your USB flash drive. Press Enter to confirm you are aware that the contents of the USB flash drive are deleted. Type create to create a bootable USB flash drive from the ISO image. This process takes several minutes to complete and the software tool informs you if the process was successful.
Creating a Bootable USB Flash Drive in Windows 11 Step 16 Step 17 Press Enter, then type q to exit the Create-USB-Install-Key tool. Safely eject the USB flash drive from the your desktop system. The USB stick is configured to install JSA software. What to do next If your connection to the appliance is a serial connection, see Configuring a USB Flash Drive for Serial-Only Appliances.
3 CREATE A BOOTABLE USB FLASH DRIVE WITH REDHAT LINUX You can use a Linux desktop or laptop system with RedHat 6.3 to create a bootable USB flash drive that is capable of installing Juniper Secure Analytics (JSA) software. Before You Begin Before you can create a bootable USB flash drive for JSA with Linux system, you must have access to the following items: 2 GB (or larger) USB flash drive A JSA 2014.2 ISO image file A Linux system that is installed with the following software: - RedHat 6.3 - Python 2.6 or above CAUTION CAUTION: When you create a bootable USB flash drive, the contents of the USB flash drive are deleted. Creating a Bootable USB Flash Drive From a RedHat Linux System Step 1 Step 2 You can use a Linux RedHat 6.3 system to create a bootable USB flash drive for JSA 2014.2. Procedure To obtain the JSA software: a Go the Juniper Customer Support website, www.juniper.net/support/downloads b Select Juniper Secure Analytics under Security. c Click on any of the JSA series. d Select Software > 2014.2 ISO. Log in to your Linux-based system as the root user. Username: root Password: <password>
14 CREATE A BOOTABLE USB FLASH DRIVE WITH REDHAT LINUX Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Insert your USB flash drive into the USB port on your system. Depending on your system, it might take up to 30 seconds to recognize a USB flash drive. Type the following command to mount the ISO image: mount -o loop /tmp/<name of the iso image>.iso /media/cdrom Type the following command to copy the create usb key script from the mounted ISO to the /tmp directory of your Linux system: cp /media/cdrom/post/create-usb-install-key.py /tmp/ Type the following command to start the USB creation script: /tmp/create-usb-install-key.py Press Enter. Press 1 and type the path to the ISO file. For example, /tmp/jsa2014.2.r1.iso Press 2 and select the drive containing your USB flash drive. Press 3 to create your USB key. The process of writing the ISO image to your USB flash drive takes several minutes to complete. When the ISO is loaded onto the USB flash drive, a confirmation message is displayed. Press q to quit the USB key script. Remove the USB flash drive from your JSA system. The USB stick is configured to install JSA software. What to do next If your connection to the appliance is a serial connection, see Configuring a USB Flash Drive for Serial-Only Appliances.
4 JSA SOFTWARE INSTALLATION Installation procedures vary depending the product you are attempting to install. For the full installation procedure, you must read the installation guide written for your Juniper Secure Analytics (JSA) product. Configuring a USB Flash Drive for Serial-Only Appliances Step 1 Step 2 Step 3 Step 4 Bootable USB flash drives created to install JSA software on appliances that use a serial connection must complete an additional configuration procedure before you being your installation. If you have a keyboard and mouse connected (VGA) to your appliance, then this procedure is optional. Procedure Insert the bootable USB flash drive into the USB port of your appliance. On your USB flash drive, locate the syslinux.cfg file. Edit the syslinux configuration file to change the default installation from default linux to default serial. Save the changes to the syslinux configuration file. You are now ready to install your software. What to do next Installing JSA with a USB Flash Drive Installing JSA with a USB Flash Drive Step 1 Step 2 Step 3 Step 4 Step 5 This installation procedure provides a generic outline for installing JSA from a bootable USB flash drive. Procedure Restart the appliance. If you are overwriting an existing JSA installation, type FLATTEN when prompted. When the login prompt is displayed, type root. Type SETUP to begin the installation. Follow the prompts to install JSA.
16 JSA SOFTWARE INSTALLATION The remaining steps are documented in the installation guide for your software product. Note: If the USB is not detected, perform the following steps after restarting the appliance and then continue with the remaining steps: 1 Press the key required to load the boot menu for your appliance. 2 Select USB as the boot option.