Installation Steps for ArcSight Proof of Concept Equipment v1.3.1

Summary:

The document provides a step-by-step guide for setting up HP ArcSight appliances and Logger VM on Canaccord's PoC environment. Key points include configuring DNS settings, deploying ArcSight Express 4.0 and Logger VM, specifying resource requirements, downloading the package, and configuring HP iLO 3 for remote management. Instructions cover network configuration, user access, and troubleshooting tools provided by iLO 3. The setup process involves setting up static IP addresses, adding administrator users, accessing iLO 3 via a web interface, and using either Integrated Remote Console or Java Integrated Remote Console for KVM access.

Details:

To summarize, this document outlines initial setup steps for deploying HP ArcSight appliances and Logger VM on a Canaccord PoC environment. Here's a condensed version of key points mentioned in the text: 1. **DNS Configuration**: Ensure that two static IP addresses used by ArcSight appliances are added to Canaccord’s corporate DNS server before configuring the systems. 2. **ArcSight Express 4.0 and Logger VM Setup**:

• **Appliance Configuration**: Use the First Boot Wizard accessible via auto-login as root user after initial boot or factory restore.

• **Logger VM Deployment**: HP ArcSight Logger 6.0 is available in a VMware ESX-based version, suitable for deployment on a supported VMware ESX server.

3. **Resource Requirements**:

• For the Trial Logger and VM Instances:

• CPU: 1 to 2 x Intel Xeon Quad Core or equivalent.

• Memory: 4 to 12 GB (recommended 12 GB).

• Disk Space: 10 GB in the installation directory, with a Temp directory of 1 GB.

• For Enterprise Version Logger:

• CPU: 2 x Intel Xeon Quad Core or equivalent.

• Memory: 12 to 24 GB (recommended 24 GB).

• Disk Space: 65 GB in the installation directory, with a root partition of 400 GB and Temp directory of 1 GB. Note that using NFS for event storage is not recommended.

4. **Downloading the Package**: The VM-based package can be obtained either from HP SSO or via an FTP link (ftp://han). This summary captures the essential steps and requirements necessary to set up these systems as per Canaccord PoC guidelines, ensuring compatibility and optimal performance. This text outlines the steps for installing and configuring the ArcSight Logger 6.0 on a VMware ESX environment. After downloading and unzipping the package, deploy the OVA file into VMware ESX using the VMware vSphere Client. It is crucial not to boot the virtual machine yet. The document then details the initial hardware and network configuration of the Logger 6.0 VM, including OS-level settings such as user information, date/time, IP address, and hostname. The installation process involves starting the Logger Service & Performing Initial Configuration after deployment. Additionally, it provides instructions for configuring HP iLO 3 on ArcSight appliances, which is crucial for remote management with security features like secure remote access even when the appliance's main power switch is off. The feature is supported only on specific ArcSight models: L7400-SAN, N5400, C5400, C3400 L7400, M7400, E7400, E7400, and L3400. The document provides methods for accessing iLO3, particularly via a Web interface using a GUI, as recommended by Arcsight. It outlines steps to set up iLO 3 for remote KVM (keyboard, video, mouse) connection, including setting up a static IP address if DHCP is not enabled. Key points include: 1. **Network Configuration**: The 'ilo' LAN port on the server is used for iLO 3, which can obtain an IP address via DHCP or static configuration. A static IP example is provided in the document. 2. **Access and Security**: Access to iLO 3 requires a username/password combination, with default credentials being Administrator: Randomly generated password found on the iLO Network Information Tag (located on the front panel). Additional user accounts can be created for enhanced security. 3. **Functional Features Relevant to ArcSight Appliances**: The document highlights two main functionalities provided by iLO 3 for use in troubleshooting and debugging, which are particularly useful for ArcSight appliances:

• **Power Management**: Allows control over power operations such as turning on, off, or rebooting the appliance.

• **Remote Console**: Enables remote access to the system console, allowing tasks that usually require physical attachments of keyboard, monitor, and mouse to be performed remotely.

4. **Setup Recommendation**: Arcsight recommends configuring iLO 3 when setting up an ArcSight appliance, as it facilitates troubleshooting and debugging capabilities essential for maintaining the operational performance of the system. To configure the HP iLO 3 on an appliance for initial setup, follow these steps: 1. **Reboot the Appliance**: Start by rebooting your appliance as per the product documentation instructions. 2. **Monitor POST**: Watch the monitor during the Power On Self Test (POST) phase to identify when to press F8 to launch the Integrated Lights Out (iLO) menu. 3. **Disable DHCP**:

• In the iLO menu, go to "Set network" > "DNS/DHCP".

• Set DHCP Enable to OFF by pressing the space bar and then enter to save the setting.

4. **Configure Network Settings**:

• Select "Network NIC" and "TCP/IP" from the menu.

• Enter the IP address, subnet mask, and gateway details, then press to save.

5. **Add Administrator User** (Optional if using default admin):

• Go to "User" > "Add" > "Add user".

• Set all administrator privileges to Yes for the new user.

6. **Exit Configuration**:

• From the menu, select "File" > "exit". Confirm exit with .

7. **Access iLO 3 Web GUI**:

• Open a web browser and enter the assigned IP address for the HP iLO 3.

• Accept the SSL Security Warning if prompted.

• Log in using the assigned username and password or default admin credentials.

This process sets up the network settings and initial user access for remote management of the appliance through the HP iLO 3 web interface. The remote console section provides two options for accessing and controlling systems remotely: A) Integrated Remote Console: This allows users to access the system's KVM (Keyboard, Video, Mouse) through a single console interface using Microsoft Internet Explorer or Mozilla Firefox. To utilize this option, ensure that Microsoft .NET Framework 3.5 is installed, as it can be obtained via Windows Update. B) Java Integrated Remote Console: This method involves accessing the system's KVM through a Java applet-based console, which requires the presence of a JVM (Java Virtual Machine). Once selected, this option will initiate a KVM session in the Java applet environment.