Installation Steps for ArcSight Proof of Concept Equipment

Summary:

The document provides detailed instructions for setting up HP ArcSight appliances and a VM, with specific emphasis on FirstNet of Georgia Authority (FNHA) requirements. It covers initial DNS configuration before configuring ArcSight systems, detailing the use of ArcSight Express 4.0 as a SIEM system collecting data from heterogeneous devices, configured via auto-login setup. For HP ArcSight Logger 6.0 VM deployment on VMware ESX, it specifies hardware and network requirements based on software versions (Trial or Enterprise). The installation process involves downloading an OVA file and deploying it into the VM environment without immediate booting; the new disk is automatically partitioned, formatted, and mounted at /opt/arcsight/logger/data. The document also covers configuring HP Integrated Lights Out (iLO) 3 for remote management through a web interface, including setting up network settings, creating an administrator account, and managing users securely. The setup process involves accessing the iLO 3 via a web browser using specific procedures for supported models. Additionally, it includes a guide for configuring HP Integrated Lights-Out (iLO) 3 for troubleshooting and debugging appliances, focusing on setting up network settings, creating an administrator account, and managing users securely. The setup process involves accessing the iLO 3 via a web browser using specific procedures for supported models.

Details:

The document outlines initial setup steps for HP ArcSight appliances and a VM, focusing on FNHA-specific information. It begins by emphasizing the importance of DNS entries in the corporate DNS server before configuring ArcSight systems. For environments using ArcSight Express 4.0, it details that this solution is a SIEM system collecting data from heterogeneous devices, configured via the First Boot Wizard which auto-logins as "root" user for setup. For HP ArcSight Logger 6.0 VM deployment, the document specifies requirements such as CPU, memory, and disk space based on software versions (Trial or Enterprise). It clarifies that certain settings are pre-configured from a VM template install due to italicized sections not applying in their specific scenario. Overall, this guide is crucial for setting up these ArcSight tools within FNHA's infrastructure. This document outlines the steps for installing ArcSight Logger 6.0 on a VMware ESX platform, focusing on hardware and network configuration, initial setup, and HP Integrated Lights Out (iLO) management tool configuration specifics. The installation process involves downloading and deploying an OVA file into the VM environment, but not booting it immediately. It also explains that the new disk will be auto-partitioned, formatted, and mounted at /opt/arcsight/logger/data without manual intervention. Additionally, the document provides information about HP iLO 3, a management tool included with certain ArcSight appliances, which is enabled via its web interface using specific procedures for supported models. This document outlines how to set up iLO 3 for remote KVM (Keyboard, Video, Mouse) connection regardless of server status or location. It emphasizes using the Web interface with a graphical user interface (GUI) for management. The setup involves assigning a static IP address if DHCP is disabled on the server and configuring an 'ilo' network interface separate from the system LAN port. The iLO 3 provides several functionalities relevant to ArcSight appliances, including power management allowing users to control the power state of the appliance (on, off, or reboot) and remote console access for accessing the system remotely. It is important to set up a user name/password combination for security purposes and follow specific steps for IP configuration as per the provided example. The setup includes creating an administrator account with default settings and recommending generating additional admin users for better security. The document can be accessed in more detail at the given link: http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c02111169/c02111169.pdf This summary provides a step-by-step guide on how to configure HP Integrated Lights Out (iLO) 3 for troubleshooting and debugging an appliance, as recommended by ArcSight. The process involves configuring network settings through the iLO 3 web interface using a keyboard and monitor attached to the appliance. Here’s what you need to do: 1. **Initial Setup**: Reboot the appliance following your product's documentation instructions. Monitor the POST (Power On Self Test) for the "Press F8" prompt, which will allow you to access the Integrated Lights Out menu. 2. **Network Configuration**:

• Disable DHCP by navigating to Set network > DNS/DHCP and pressing space bar to set OFF. Save with .

3. **Static IP Setup**: Set a static IP address: enter your preferred IP, subnet mask, and gateway. Save with

. 4. **User Management**: Optionally create an administrator user by navigating User > Add > Add user, setting all privileges to Yes. 5. **Exit Configuration**: Exit the settings menu using File > exit, confirming with

when prompted. 6. **Accessing the Web GUI**: Use Mozilla Firefox or Microsoft Internet Explorer to access the remote console through the iLO 3 web interface. This setup ensures that you can troubleshoot and debug the appliance remotely via the web interface once configured. The text provides a guide for accessing and using an Integrated Lights-Out (iLO) feature on an HP server, which allows remote system management through a web browser. Here's a summary of the steps outlined in the text: 1. Accessing the HP iLO 3: Open a web browser and enter the IP address assigned to the HP iLO 3. Confirm the SSL security warning and proceed to log in using the provided username and password, or use the default administrator account. 2. Using Remote Console Options: Within the remote console section, two options are available for accessing the system KVM - Integrated Remote Console (accessible via Microsoft Internet Explorer or Mozilla Firefox, requiring .NET Framework 3.5) or Java Integrated Remote Console (accessible through a Java applet-based console). 3. Example Selection: As an example, select "Java Integrated Remote Console" to launch the console KVM session in a Java environment. 4. Appendix B - Install RepSM 1.53: Uninstall previous versions like RepSM 1.0 following the specific solution guide (not specifying RepSM 1.51, 1.52, or 1.53) and proceed with installation of RepSM 1.53. 5. Appendix C - HP ArcSight Express 4.0: This appendix details deploying ArcSight Express on a server with VMware ESXi. It requires significant memory (12 GB) and disk space (~2 TB), recommended to pre-allocate resources like disk space and assign maximum CPU for optimal performance. Download the OVA file from specified FTP or direct URL, then deploy using VMware vSphere Client after configuration through the First Boot Wizard. The provided information outlines the steps to install ES (Enterprise Security) Manager version 6.8c on an HP ArcSight Express 4.0 virtual appliance (VA). To perform this installation, follow these instructions: 1. Boot into the ArcSight Express 4.0 Virtual Appliance (VA): Begin by powering on the VA and logging in to it. 2. Automatically login as root: Upon successful boot-up, you will be logged in automatically as the root user. 3. Close the Configuration Wizard: Navigate to the configuration menu and close or exit the initial configuration wizard that appears after login. These steps are essential for setting up and installing ES Manager 6.8c on an ArcSight Express 4.0 VA, ensuring a smooth first-time setup process.