Installation Steps for ArcSight Proof of Concept Equipment Version 1.5

Summary:

This document outlines the setup process for HP ArcSight appliances and Logger VM within a Canaccord PoC environment. Key steps include configuring DNS with static IP addresses, setting up ArcSight Express 4.0 and HP ProLiant DL380p G8 Server, adding entries for the ArcSight ArcMC 2.0 Connector Server on an HP ProLiant DL360p Server, deploying the HP ArcSight Logger 6.0 VM using VMware ESX, downloading the package either from HP SSO or FTP, and configuring HP iLO 3 for remote management. The document also covers initial hardware and network configuration details specific to the system's OS-level settings such as user information, date/time, IP address, and hostname.

Details:

To summarize, this document outlines initial setup steps for HP ArcSight appliances and Logger VM on a Canaccord PoC environment. Key points include: 1. DNS Configuration: Before configuring the ArcSight systems, ensure that two static IP addresses are added to Canaccord's corporate DNS server in a specific table format provided in the document. 2. ArcSight Express 4.0 and HP ProLiant DL380p G8 Server: The appliance is configured using the First Boot Wizard which automatically runs when the system boots for the first time or after a factory restore. It uses auto-login to log in as the "root" user, and the wizard runs while logged in as root. 3. ArcSight ArcMC 2.0 Connector Server on HP ProLiant DL360p Server: This requires adding entries for its static IP address in the corporate DNS server. 4. HP ArcSight Logger 6.0 VM: Introduced is the VMware ESX-based version, which should be deployed onto a supported VMware ESX server. The document provides specific requirements for CPU, memory, and disk space based on whether it's a trial or enterprise software version. 5. Downloading the Package: Either download from HP SSO or an FTP link (ftp://han). These steps ensure that the environment is properly set up to support the HP ArcSight solutions as per Canaccord's requirements. This document outlines the steps for deploying and configuring Logger 6.0 on a VMware ESX platform from an OVA file, emphasizing that no VM should be powered on immediately after deployment. It details initial hardware and network configuration including OS-level settings such as user information, date/time, IP address, and hostname. The document also specifies not to worry about formatting or mounting the secondary disk, which will auto-partition, format, and mount itself as /opt/arcsight/logger/data. Additionally, it introduces the concept of HP iLO 3 (Integrated Lights Out Management), a standard feature on certain ArcSight appliances that provides secure remote management capabilities via web interface. This section is limited to specific models including L7400-SAN, N5400, C5400, C3400, L7400, M7400, E7400, and E7400, and outlines its functionalities for Network Security administrators. The document titled "rcsight recommends using the Web Using a graphical user interface (GUI)" provides detailed instructions on setting up HP iLO 3 for remote KVM connection. It specifies that the iLO 3 has its own LAN port distinct from the system's main LAN port, labeled as 'ilo'. This network interface is configured to either use DHCP or static IP address based on whether the server has DHCP enabled. The setup includes configuring a user name (default: Administrator) and password (a randomly generated one found on the iLO Network Information Tag), which should be changed upon configuration for security reasons. The document highlights that once properly configured, the iLO 3 offers features such as power management (to control power settings of the appliance) and remote console access (for remotely accessing the system console without physical attachments). It is advised to configure iLO 3 at the time of initial deployment in ArcSight appliances for troubleshooting and debugging purposes. To configure HP iLO 3 on an appliance for initial setup: 1. **Reboot the Appliance**: Follow product documentation instructions to reboot your appliance. 2. **Monitor POST Announcements**: Watch the monitor for prompts during the Power On Self Test (POST). 3. **Access Integrated Lights Out Menu**: When prompted to press F8, access the menu by entering the appropriate key. 4. **Set DHCP to OFF**: In the Integrated Lights Out menu, navigate to Set network > DNS/DHCP and disable DHCP by pressing the space bar from ON to OFF, then save with

. 5. **Configure Network Settings**: Go to Network NIC and TCP/IP options in the menu, enter IP address, subnet mask, and gateway details, and save with

. 6. **Add Administrator User (Optional)**: Create an admin user by selecting Add > Add user under User settings. Set all administrator privileges to Yes. 7. **Exit Configuration**: Use File > exit in the menu, confirming with

when prompted. 8. **Access iLO 3 Web GUI**: Open a web browser and enter the assigned IP address for HP iLO 3. Confirm SSL Security Warning, then log in using assigned credentials or default admin details. For advanced configurations like DNS server setup, use

to configure more network options. The text provides information on two methods to access and control a system using KVM (Keyboard, Video, Mouse): a) Integrated Remote Console: This method allows users to access the system's KVM through Microsoft Internet Explorer or Mozilla Firefox browsers, provided that they have Microsoft .NET Framework 3.5 installed, which can be obtained via Windows Update. The console offers control over both Virtual Power and Media. b) Java Integrated Remote Console: This option requires a Java applet-based console and relies on the availability of a JVM (Java Virtual Machine). It allows access to the system's KVM through this Java interface. In the example provided, the recommended method is "Java Integrated Remote Console," which will launch a console session in the Java applet when selected. The text also references Appendix B – Install RepSM 1.53, where it mentions uninstalling an older version of RepSM before installing version 1.53. However, specific details on how to perform this uninstallation are not provided and suggest focusing only on following the solution guide for version 1.53, bypassing versions 1.51, 1.52, or 1.53 as mentioned in the text.