Installation Steps for ArcSight Proof of Concept Equipment

Summary:

The document provides a step-by-step guide for setting up HP ArcSight Appliances and Logger Virtual Machine (VM) at Canaccord, focusing on DNS entries, system requirements, version control, and specific information related to HP ArcSight Logger 6.0 deployment. Key points include configuring static IP addresses in the corporate DNS server, using the First Boot Wizard for ArcSight Express 4.0 configuration, setting up HP ArcSight Logger VM with specific CPU, memory, and disk space configurations, downloading the VM package from HP SSO or FTP, and configuring Integrated Lights Out (iLO)3 on HP ArcSight appliances for remote management. The document also outlines methods for accessing iLO 3 via a web interface and discusses the installation and uninstallation of RepSM software.

Details:

The document outlines initial setup steps for HP ArcSight Appliances and Logger Virtual Machine (VM) at Canaccord, focusing on version control and specific information related to DNS entries and system requirements. Key points include: 1. **DNS Entries**: Before configuring the ArcSight systems, ensure that two static IP addresses are added to Canaccord’s corporate DNS server as specified in Table 1. 2. **ArcSight Express 4.0 Configuration**: The appliance is configured using the First Boot Wizard, which auto-logs in as the "root" user upon initial boot or factory restore. The wizard runs while logged in as root. 3. **HP ArcSight Logger VM Deployment**: HP ArcSight Logger 6.0 on a VMware ESX server requires specific CPU, memory, and disk space configurations:

• For Trial Logger and VM Instances: 1-2 CPUs, 4-12 GB RAM, 10 GB minimum in the Logger installation directory, with 1 GB for temp storage.

• For Enterprise Version of Software Logger: Requires 2 x Intel Xeon Quad Core, 12-24 GB RAM (recommended up to 24 GB), and at least 65 GB disk space including 400 GB root partition, with a temp directory of 1 GB. Note that using NFS for event storage is not recommended.

4. **Downloading the VM Package**: Obtain the VM-based package from HP SSO or an FTP link provided (ftp://h). This document provides detailed guidance on setting up and configuring the ArcSight systems, tailored to Canaccord's requirements and environment specifics. To summarize this information, here's a step-by-step guide for installing ArcSight Logger 6.0 on VMware ESX: 1. **Download and Unzip the Package:** Download the package from the given URL and unzip it once downloaded. 2. **Deploy the OVA File in VMware ESX:** Use the VMware vSphere Client to deploy the OVA file into your VMware environment. 3. **Initial Configuration: DO NOT BOOT THE VM YET!** Do not start the virtual machine immediately. Instead, focus on initial hardware and network configuration of the Logger 6.0 VM, including OS-level settings like user information, date/time, IP address, and hostname. Note that you do not need to format or mount a new secondary disk; it will be auto-partitioned, auto-formatted, and auto-mounted as /opt/arcsight/logger/data. 4. **Start the Installation of Logger 6.0:** Proceed with installing the software according to the provided instructions. 5. **Start the Logger Service & Perform Initial Configuration:** Once installed, start the logger service and configure it initially. **Appendix - A: Integrated Lights Out (iLO)3 Configuration for HP ArcSight Appliances**

• iLO 3 is a standard feature on selected ArcSight appliances that allows secure remote management via web interface. It enables access to hardware status even when power switch is off, providing network security administrators with enhanced capabilities.

• The feature is supported only on specific ArcSight models: L7400-SAN, N5400, C5400, C3400 L7400, M7400, E7400, E7400, and L3400.

• The HP iLO 3 provides secure remote management regardless of server status or location, accessible via a web interface after following the outlined procedures.

The document outlines methods for accessing iLO3, with Arcsight recommending using the Web via a GUI. It provides quick steps for setting up iLO 3 for remote KVM connection, including configuring a static IP address if DHCP is disabled. The iLO 3 has a separate LAN port labeled 'ilo', and its IP address acquisition depends on DHCP settings. A user needs to configure this network interface with a valid network configuration and protect access using a username/password combination. The default credentials are Administrator (login) and a randomly generated password found on the iLO Network Information Tag. Once configured, iLO 3 offers power management and remote console features relevant for ArcSight appliances, which Arcsight recommends configuring during initial deployment for troubleshooting purposes. To configure HP iLO 3 on an appliance for initial setup, follow these steps: 1. **Reboot the Appliance**: Start by rebooting the appliance as per the product documentation instructions. 2. **Monitor POST**: Watch the monitor for the POST (Power On Self Test) and look out for a prompt to press F8 to launch the Integrated Lights Out menu. 3. **Disable DHCP**:

• In the Integrated Lights Out menu, go to Set network > DNS/DHCP.

• Set DHCP Enable to OFF by hitting the space bar from ON to OFF.

• Save the setting by pressing Enter (F10).

4. **Configure Network Settings**:

• Navigate to Network NIC and TCP/IP options in the menu.

• Enter the IP address, subnet mask, and gateway details.

• Press Enter (F10) to save these settings.

5. **Add User for Access**:

• Optional unless additional users are needed: Go to User > Add > Add user.

• Set all administrator privileges to Yes for the new user.

6. **Exit Configuration**: Exit the configuration by selecting File > exit. Confirm the exit with Enter when prompted. 7. **Access iLO 3 Web GUI**: Use a web browser to access the IP address configured for HP iLO 3. Confirm SSL Security Warning and log in using assigned credentials or default admin account. This passage discusses two methods for accessing and controlling a system's KVM (Keyboard, Video, Mouse) remotely via a web console. The options are as follows: a) Integrated Remote Console - Allows access to the system's KVM and control over Virtual Power & Media using Microsoft Internet Explorer or Mozilla Firefox. It requires the installation of Microsoft .NET Framework 3.5, which can be downloaded through Windows Update. b) Java Integrated Remote Console - Utilizes a Java applet-based console that depends on the availability of a Java Virtual Machine (JVM). This method provides access to the system's KVM. In practice, one would select option b) Java Integrated Remote Console to initiate a KVM session in a Java applet environment. Appendix B discusses the installation and uninstallation of RepSM software:

• To upgrade from version 1.0 to 1.53, follow the specific solution guide for RepSM 1.5 (do not use guides for versions 1.51, 1.52, or 1.53). This involves uninstalling the current version (RepSM 1.0) using its respective uninstallation instructions before proceeding with the installation of RepSM 1.53.