Fidelis Enterprise Collector Cluster QUICK START GUIDE. Rev-H Collector Controller2 (HP DL360-G9) and Collector XA2 (HP DL360-G9) Platforms

Similar documents
Fidelis Enterprise Collector Cluster QUICK START GUIDE. Rev-I Collector Controller2 (HP DL360-G10) and Collector XA2 (HP DL360-G10) Platforms

Fidelis Network High Capacity Collector QUICK START GUIDE. Rev-H Collector Controller Appliances Based on HP DL360-G9 and DL380-G9 Platforms

Fidelis Network High Capacity Collector QUICK START GUIDE. Rev-I Collector Controller Appliances Based on HP DL360-G9 and DL380-G9 Platforms

QUICK START GUIDE. Fidelis Collector SA. Rev-I Collector SA (HP DL360-G10) Platforms.

QUICK START GUIDE. Fidelis Network K2 Appliances. Rev-I K2 (HP DL360-G10) Platforms.

Fidelis Network Sensor Appliances QUICK START GUIDE

Fidelis Network Sensor Appliances QUICK START GUIDE

Dell FluidFS Version 6.0 FS8600 Appliance Deployment Guide

Appliance Guide. Version 1.0

Cascade Sensor Installation Guide. Version 8.2 March 2009

Deploy the ExtraHop Discover 3000, 6000, or 8000 Appliances

Installation and Configuration Guide

ForeScout CounterACT. Single CounterACT Appliance. Quick Installation Guide. Version 8.0

Deploy the ExtraHop Discover 3100, 6100, 8100, or 9100 Appliances

Cisco MCS 7825-I1 Unified CallManager Appliance

Manager Appliance Quick Start Guide

Installation of Cisco Business Edition 6000H/M

Configure the Cisco DNA Center Appliance

Installing Cisco StadiumVision Director Software from a DVD

Juniper Secure Analytics Quick Start Guide

Cisco MCS 7835-H2 Unified Communications Manager Appliance

CounterACT 7.0 Single CounterACT Appliance

Deploying the Cisco Tetration Analytics Virtual

Networking Guide for Redwood Manager

Citrix CloudBridge CB User Manual

Dell Storage Center. Getting Started Guide. SCv2000 and SCv2020 Storage System. Regulatory Model: E09J, E10J Regulatory Type: E09J001, E10J001

Cisco MCS 7845-H1 Unified CallManager Appliance

Installation and Configuration Guide

GigaStor Upgradeable 2U. User Guide

Installing VMware vsphere 5.1 Components

Deploy the ExtraHop Explore 5100 Appliance

Release Notes for Cisco Application Policy Infrastructure Controller Enterprise Module, Release x

G3-APEX-ENT-32T. Apex technical specifications. Parts list

Cisco MCS 7815-I2 Unified CallManager Appliance

[ Quick Start Guide ]

Avid ISIS 1000 Quick Start

The list below shows items not included with a SmartVDI-110 Server. Monitors Ethernet cables (copper) Fiber optic cables Keyboard and mouse

Stealthwatch System Hardware Installation Guide. (for Stealthwatch System v6.9.1)

Deploy the ExtraHop Discover Appliance 1100

Installation. Power on and initial setup. Before You Begin. Procedure

Forescout. Quick Installation Guide. Single Appliance. Version 8.1

<Insert Picture Here> Exadata Hardware Configurations and Environmental Information

Plexxi Control Installation, Upgrade and Administration Guide Release 3.2.0

Deploy the ExtraHop Trace 6150 Appliance

CISCO MEDIA CONVERGENCE SERVER 7825-I1

Dell EMC XC Xpress Hyper-Converged Appliance Deployment Guide for AHV

Configure the Cisco DNA Center Appliance

Appliance Specifications

HyTrust CloudControl Installation Guide

Deploy the ExtraHop Trace 6150 Appliance

Cisco TelePresence VCS CE1000 Appliance

Cascade Express Installation Guide. Version 8.2 March 2009

ASA5525-FPWR-K9 Datasheet. Overview. Check its price: Click Here. Quick Specs

VelaSync HIGH-SPEED TIME SERVER. Quick Reference Guide

Clustered Data ONTAP 8.2

Equalizer Quick Start Guide

Stealthwatch System Hardware

Table of Contents. Course Introduction. Table of Contents Getting Started About This Course About CompTIA Certifications. Module 1 / Server Setup

Deploy the ExtraHop Discover EDA 6100, EDA 8100, or EDA 9100 Appliances

Cisco Stealthwatch. Installation and Configuration Guide 7.0

Configure the Cisco DNA Center Appliance

Appliance Specifications

SUSE Cloud Admin Appliance Walk Through. You may download the SUSE Cloud Admin Appliance the following ways.

Installing or Upgrading ANM Virtual Appliance

Dell Storage Manager 2016 R3 Installation Guide

Integrated Ultra320 Smart Array 6i Redundant Array of Independent Disks (RAID) Controller with 64-MB read cache plus 128-MB batterybacked

UDP Director Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)

Deployment of a new M-Lab site

StorNext M440 Site Planning Guide

Cisco UCS C-Series. Installation Guide

IBM Security QRadar SIEM Version 7.2. Installation Guide

NetApp HCI. Deployment Guide. Version July _A0

Clustered Data ONTAP 8.2

Cisco MCS 7828-I5 Unified Communications Manager Business Edition 5000 Appliance

G3-GSP-2P100-8TSSD Hardware Installation

HyTrust Appliance Installation Guide

Active Fabric Manager Installation Guide 1.5

Product Version 1.1 Document Version 1.0-A

Cisco MCS 7815-I2. Serviceable SATA Disk Drives

Supermicro Unified Storage Appliance powered by Nexenta

CommandCenter Secure Gateway

Scrutinizer Virtual Appliance Deployment Guide Page i. Scrutinizer Virtual Appliance Deployment Guide. plixer

CHAPTER 2 ACTIVITY

Artico NAS Storage Appliance Site Planning Guide

Deploy a Customer Site

TECHNICAL SPECIFICATIONS + TECHNICAL OFFER

iosafe BDR515 Hardware Guide

Express Setup. System Requirements. Express Setup CHAPTER

MT LoadMaster - Dell R-Series. Multi-Tenant LoadMaster for the Dell R-Series. Installation Guide

Pinnacle 3 SmartEnterprise

24-Port Gigabit + 4-Port 10G SFP+ Slot. Layer 3 Stackable Managed Switch XGS Quick Installation Guide

Dell R740 Backup Solution Deployment Guide

Suggested use: infrastructure applications, collaboration/ , web, and virtualized desktops in a workgroup or distributed environments.

Cisco Connected Safety and Security UCS C220

Management Security Switch SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P. Quick Installation Guide

STRM Hardware Installation Guide

Install the Cisco DNA Center Appliance

Installing the Cisco Nexus 1000V Software Using ISO or OVA Files

Managing the Mobility Express Network

Altos R320 F3 Specifications. Product overview. Product views. Internal view

Transcription:

Fidelis Enterprise Collector Cluster Rev-H Collector Controller2 (HP DL360-G9) and Collector XA2 (HP DL360-G9) Platforms

1. System Overview The Fidelis Collector is the security analytics database for Fidelis Network. The Fidelis Collector receives network metadata from Fidelis Network sensors (e.g., Direct, Internal, and Mail Sensors) and stores it for ongoing analysis. A Fidelis Collector is a cluster of appliances consisting of one or two Collector Controller(s) and typically three or more Collector XA database nodes. Figure 1: Fidelis Network Collector Controller 2 (Rev-H) Figure 2: Fidelis Network Collector XA2 Appliance (Rev-H) 2. Documentation & References Fidelis Network product documentation, appliance specifications, and instructions can be found at http://fidelisssecurity.com/customer-support/login or through the icon in the CommandPost GUI. Appliance Default Passwords System Account Default Password SSH / Appliance Console fidelis fidelispass CommandPost GUI admin root ILO administrator (printed on label, top of server) Technical Support For all technical support related to this product, check with your site administrator to determine support contract details. For support of your product, contact your reseller. If you have a direct support contract with Fidelis Cybersecurity, contact the Fidelis Cybersecurity support team at: Phone: +1 301.652.7190 Toll-free in the US: 1.800.652.4020 Use the customer support option. Email: support@fidelissecurity.com Web: http:///customer-support/login Fidelis Cybersecurity 2

Collector Setup Checklist Check Fidelis Network Sensor Appliance Requirements Appropriate rack space, power, and cooling (Appendix B) Rack tools, rails, and connectors Keyboard and video monitor / KVM switch for temporary appliance setup Power cables two per appliance, appropriate for power source and region Ethernet cables (cat5 and optical) for Admin, DB, SYNC and ilo ports (Section 3) Network switches with enough physical ports (Section 4) Logical network information: IP addresses, hostnames (Section 5, Appendix A) Fidelis Licenses for Collector Controller(s) For Fidelis Network Software version 8.3.4 and later, the appliance system type (Appendix D) 3. Collector: Network Port and Cabling Requirements Each component must be connected to the various networks with appropriate cables. The tables below describe the physical connection and cable type associated with each port. Collector Controller2 Appliance Port Label Physical Connection Type (default) Cable Type Admin GbE RJ45 (copper) Cat 5 patch cable DB Net GbE RJ45 (copper) Cat 5 patch cable ILO GbE RJ45 (copper) Cat 5 patch cable Figure 3: Network Port Assignments Collector Controller (Rev-H) Fidelis Cybersecurity 3

Collector XA3 Database Node Port Label Physical Connection Type (Default) Cable Type Admin GbE RJ45 (copper) Cat 5 patch cable DB Net GbE RJ45 (copper) Cat 5 patch cable SYNC net GbE RJ45 (copper) Cat 5 patch cable ILO GbE RJ45 (copper) Cat 5 patch cable Figure 4: Network Port Assignments Collector XA2 4. Collector Networking Environment he Collector components use multiple networks for service and inter-node communication. Networks may be deployed as three independent physical switches or as multiple independent VLANs on the same switch fabric. The ADMIN, DB, and SYNC switches or VLANs must be different broadcast domains. ilo and ADMIN networks may intersect. Use the tables below to identify the count and type of switch ports necessary to support the number of Collector components for your deployment. Admin Network The ADMIN Network connects the Collector Controller2 to the Fidelis Network Sensors and CommandPost systems. Also connects the Collector XA2 nodes to the CommandPost. Appliance Switch Port Type Qty. Collector Controller2 Collector XA2 GbE - RJ45/Cat5+ (copper twisted pair) GbE - RJ45/Cat5+ (copper twisted pair) DB Network The DB Network allows communication between Collector Controller and Controller XA nodes. This network must be independent from other networks. Only IPv4 addresses are supported. Appliance Switch Port Type Qty. Collector Controller2 Collector XA2 GbE - RJ45/Cat5+ (copper twisted pair) GbE - RJ45/Cat5+ (copper twisted pair) Fidelis Cybersecurity 4

SYNC Network The SYNC Network provides transport for database node synchronization. This network must be independent from other networks. Only IPv4 addresses are supported. Appliance Switch Port Type Qty. Collector Controller2 Collector XA2 n/a GbE - RJ45/Cat5+ (copper twisted pair) ILO / IPMI Network Optional network for remote/out-of-band server administration. Appliance Switch Port Type Qty. Collector Controller2 Collector XA2 GbE - RJ45/Cat5+ (copper twisted pair) GbE - RJ45/Cat5+ (copper twisted pair) 5. Appliance Logical Network Configuration Each physical connection must be assigned logical network information. Build a table of the logical information for each appliance (example below & table in Appendix A) that you can reference during configuration. You will reference this table multiple times during the cluster setup. Sample Network Configuration Table Network Setting Assignments Interface Admin/eth0 DB/eth1 SYNC/eth2 ilo/imm Hostname (FQDN) collector-xa1.organization.net. Static IP Address 10.1.2.3 192.168.1.3 172.16.1.3 10.2.3.4 Subnet Mask 255.255.252.0 255.255.255.0 255.255.255.0 255.255.252.0 Gateway 10.1.2.1 Proxy Server 10.5.6.7 DNS Servers 8.8.4.4, 8.8.8.8 NTP Servers pool.ntp.org. Time Zone UTC (+0) Fidelis Cybersecurity 5

6. Appliance Installation Rack Installation Install each appliance in an enclosure/location that has necessary power and cooling. Power Connect power cables to the power supplies in the back of the appliance. Appliance Network Cabling Using the connectors and cables described in sections 3 and 4, begin to connect the appliances to the networks. Reference the Collector Cluster network diagram for this section. Cable the Collector Controller 2 appliance(s) to the switches: 1. Connect Admin (eth0) port to the ADMIN switch port. 2. Connect DB (eth1) port to the DB switch port. 3. (optional) Connect the ilo port to the ADMIN (or ILO) switch port. 4. Repeat for each Collector Controller. Cable the Collector XA2 Node appliances to the switches: 1. Connect Admin (eth0) port to the ADMIN switch port. 2. Connect DB (eth1) port to the DB switch port. 3. Connect SYNC (eth2) port to the SYNC switch port. 4. (optional) Connect the ilo port to the ADMIN (or ILO) switch port. 5. Repeat for each Collector XA2 component. Fidelis Cybersecurity 6

Figure 5: Collector Network Diagram 7. Appliance Network Configuration 1. Power on the Appliance(s). 2. Connect to the component CLI using one of the following methods: Via SSH: Directly attach an Ethernet cable from a client system such as a laptop to the Admin/eth0 port on the appliance. The default IP address is 192.168.42.11/24. Assign a static IP from the same subnet to the network interface on the client system and connect to the appliance using SSH. Via KVM Console: Connect a keyboard and monitor to the appliance. For Fidelis Network appliances version 8.3.4 or later, the screen on the right is displayed: Fidelis Cybersecurity 7

3. If you see the screen above, perform the following steps to apply the software. Otherwise skip to step 4. a. With [Perform Initial Install or Factory Reset] selected, press Enter. b. Use the Up and Down arrow keys to select the system type, and press Enter. If you need help determining the system type, see Appendix D. The system displays a screen with the message Congratulations, your CentOS installation is complete. c. Click Reboot. 4. Use these credentials at the login prompt: user: fidelis default password: fidelispass 5. From the command line, run: sudo /FSS/bin/setup You will be prompted for the SU (fidelis) password 6. Within Setup, select Network Settings. 7. Configure the network parameters for the system and each active network interface. a. Use the Network Configuration table you prepared earlier. b. When complete, return to the top menu. 8. When complete, select [OK] to leave Setup. 9. From command line, reboot the system: sudo /fss/bin/shutdown.pl --user admin --reboot Repeat steps for all appliances being added to the Collector cluster. 10. Use the PING command to verify connectivity between the XAs on their SYNC/eth2 interfaces. 8. Cluster Setup On the Final Collector XA2 Component If you have not completed setup for the XA2 components in section 6 above, or you are adding an XA2 component to the cluster, follow these steps: 1. On the last XA node of the cluster, log in to the appliance console as user fidelis. 2. Change user account to root: su root 3. Start the Fidelis Setup program. /FSS/bin/setup 4. At the XA2 count, configure the number of XA2 appliances, and select [Ok]. 5. Review the list of IP addresses. Select [Confirm] if these are correct, else [Edit] to correct them. Fidelis Cybersecurity 8

9. Fidelis Network Integration Register Collector Controller2 with CommandPost Note: If you are installing a failover set of Collector Controllers, register only the primary Collector Controller. Configure Collector Controller failover unit IP address in the Primary Controller s configuration page within the CommandPost GUI. 1. Log into the CommandPost GUI from a web browser. 2. Add the Collector to the CommandPost at the System>Components page. Click [Add Component]. 3. Select Collector from the pick list. Complete the form: name this is a friendly name for the Collector Cluster, not the FQDN of the Controller. IP address of the ADMIN interface of the primary Collector Controller2 appliance (optional) description e.g. location, business unit, etc. Click Save. 4. Register the Collector to CommandPost. Click Register and accept the End User License Agreement (EULA). CommandPost will then communicate with the Collector at the specified IP address. Link Collector Controller(s) to Fidelis Sensors 1. Log into the CommandPost GUI from a web browser. 2. Select the appropriate Direct, Internal, or Mail sensor and click Config. 3. Click the Advanced page for the sensor and select a Collector at the drop down box. 4. Repeat for each Fidelis sensor. 10. Fidelis Licensing The CommandPost GUI shows the Host ID for the Fidelis Network hardware, the current license key, and the expiration date. To access the License page: 1. Log into the CommandPost. 2. Click System / Components / [component name] / Config. 3. Click the License tab. If your license key shows <no license> or <invalid>. Refer to Request a License for more information. Fidelis Cybersecurity 9

Request a License 1. Click Request License or click the Host ID to start an email to license@fidelissecurity.com that includes the product type, serial number, and Host ID. 2. Include in the body of the email: contact name and phone number organization name and site location Fidelis Cybersecurity will respond within one business day with a license key. Enter a License Key After receiving a response to a license request: 1. Copy the license key exactly into the textbox. 2. Click Save. When complete, Fidelis Collector and Collector appliances will be operational and ready to store and analyze network metadata. Appendix A: Network Configuration Worksheet Collector Controller (Primary) Network Setting Assignments Interface Admin/eth0 DB/eth1 ilo/imm Hostname (FQDN) Static IP Address Subnet Mask Gateway Proxy Server DNS Servers NTP Servers Time Zone Fidelis Cybersecurity 10

Collector Controller (Failover) Network Setting Assignments Interface Admin/eth0 DB/eth1 ilo/imm Hostname (FQDN) Static IP Address Subnet Mask Gateway Proxy Server DNS Servers NTP Servers Time Zone Collector XA2 (A) Network Setting Assignments Interface Admin/eth0 DB/eth1 SYNC/eth2 ilo/imm Hostname (FQDN) Static IP Address Subnet Mask Gateway Proxy Server DNS Servers NTP Servers Time Zone Fidelis Cybersecurity 11

Collector XA2 (B) Network Setting Assignments Interface Admin/eth0 DB/eth1 SYNC/eth2 ilo/imm Hostname (FQDN) Static IP Address Subnet Mask Gateway Proxy Server DNS Servers NTP Servers Time Zone Collector XA2 (C) Network Setting Assignments Interface Admin/eth0 DB/eth1 SYNC/eth2 ilo/imm Hostname (FQDN) Static IP Address Subnet Mask Gateway Proxy Server DNS Servers NTP Servers Time Zone Fidelis Cybersecurity 12

Appendix B: System Specifications Component Configuration and Resources (Rev-H) Enterprise Collector Cluster Hardware Specifications (Rev-H) Collector Controller2 Collector XA2 Storage Capacity & Configuration Integrated 6Gbps hardware RAID 300GB* on 2x HDD in RAID-1 Integrated 6Gbps hardware RAID 4.8TB* on 6x HDD in RAID-10 (DB) 300GB* on 2x HDD in RAID-1 (OS CPU Dual - 2.6Ghz 10c v3 (20 cores total) Dual - 3.2Ghz 8c v3 (16 cores total) Memory 128GB (ECC DDR3 1866Mhz) 128GB (ECC DDR3 1866Mhz) Network Adapters 4x 1GbE (copper) Optional Network Adapters Out of Band Management Performance Power Supply Up to two additional network interface cards supported: 2x 1GbE (copper) 1x 1GbE (fiber SR) 2x 10GbE (fiber SR Integrated Lights Out (ILO) Management Dual hot-swap 550w High Efficiency AC power supplies (80+ Platinum Certified) 1U Rack-mount chassis Dual hot-swap 750w High Efficiency AC power supplies (80+ Platinum Certified) Form Factor Dimensions Width: 440 mm (17.3 in) Depth: 734 mm (28.9 in) Height: 43 mm (1.7 in) Weight 15.6 kg (35.5 lb) Operating Temperature 5 C to 40 C (41 F to 104 F) Altitude: 0 to 915 m (3,000 ft) *Raw capacity listed. A portion of the storage capacity is dedicated to the operating system. Power Consumption and Heat Output Collector Controller2 (Blacktip) Idle Load Factor @ 85% Maximum Input Power (W): 80.82 286.41 321.90 Input Current (A): 0.41 1.40 1.56 Apparent Power (VA): 85.95 290.43 325.51 Heat Generation (BTU/Hr): 275.25 976.66 1097.70 Collector XA2 (Blacktip) Idle Load Factor @ 85% Maximum Input Power (W): 100.1 354.41 410.65 Input Current (A): 0.51 1.77 1.99 Apparent Power (VA): 105.72 367.63 413.57 Heat Generation (BTU/Hr): 341.32 1242.65 1400.32 Fidelis Cybersecurity 13

Appendix C: Collector Internet Socket Communication Ports (TCP, UDP) Network Admin DB Ports TCP: 22 (SSH), 443 (HTTPS), 5556 TLS, 5556 TLS UDP: 123 (NTP), 5560 (IP2ID) TCP: 22 (SSH), 5433, 5556 TLS SYNC TCP: 22 (SSH), 5433, 5434, 5444, 5450, 4803, UDP: 4803, 4804, 4805, 5433 Appendix D: System Types For Fidelis Network Software version 8.3.4 and later, the table below shows the software to apply based on the appliance SKU. You can find the SKU in the following locations: (Note that the SKU starts with FSS.) Appliance lid UID decal (see sample on right) Shipping carton UID decal (see sample on right) Packing list Purchase Order Appliance SKU starts with: FSS-CSA2 FSS-CXA2 FSS-CCC2 System Type Collector Collector Collector Controller QSC_Fidelis_CE_20170524 Fidelis Cybersecurity 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback