Using ArcSight Platform Installer for an Automated On-Premises Installation
You can use ArcSight Platform Installer to build your environment. ArcSight Platform Installer automatically takes care of the end-to-end installation process, from configuring the prerequisites through completing the post-installation configurations. Before beginning this process, complete Tasks 1-10 in the On-premises Checklist.
- Using the Configuration Files
- Understanding the Installation Commands
- Configuring the System Clock of the Database Nodes
- Using ArcSight Platform Installer to Deploy On-Premises
- Updating RE Certificates (optional)
- Running an Installation (or Upgrade) with a Private Key
- Next Step
Using the Configuration Files
The Platform Installer requires a .yaml
configuration file to determine which capabilities to deploy on which nodes and how to configure the capabilities. The installation package includes example .yaml
files with pre-configured scenarios to help you build your configuration file.
The .yaml files are available by default in the {unzipped-installer-dir}/config
folder. To help you understand the settings that you might want to add, modify, or remove in your chosen .yaml
file, review the install-config-doc.yaml
, which is also in the /config
folder. Do not use the install-config-doc.yaml
file as your configuration file. Rather, choose one of the example files. Each example has placeholders for your specific environment, such as host names, so you will need to edit the example file before using it. For more information on the examples, see Configuring the Deployed Capabilities.
For example, to deploy ESM Command Center and Transformation Hub in a high-availability environment, start with the file example-install-config-esm_and_transformation_hub-high_availability.yaml
.
.yaml
files include the internal ID of configuration properties that cannot be configured easily after installation. For a description of each property internal ID in the example deployment configuration .yaml
files, see Configuring the Deployed Capabilities. After installation, you can easily configure most properties (those not in the example deployment configuration .yaml files) using the OMT Management Portal, where descriptions for all properties are supplied as tooltips.You can start from any of these example files:
Configuration | Example File | Deployment Scenario |
---|---|---|
ArcSight ESM Command Center and Transformation Hub with high availability | example-install-config-esm_and_transformation_hub-high_availability.yaml | Provides a good starting point if you anticipate your needs will grow since this configuration allows for further scaling when you need it without having to reinstall. Configures all components required by ESM Command Center on a single node, including Fusion and (optionally) SOAR, plus Transformation Hub, across 3 worker and 3 master nodes. |
ArcSight ESM Command Center on a single node | example-install-config-esm_cmd_center-single-node.yaml | Installs all components required by ESM Command Center on a single node, including Fusion and (optionally) SOAR. |
Intelligence with high availability | example-install-config-intelligence-high_availability.yaml |
Configures all components required by Intelligence including Fusion and Transformation Hub across 3 worker and 3 master nodes. The Database has 3 nodes with data replication enabled (1 original, 1 copy) so that it can tolerate a failure of a single node and remain operational. |
Intelligence with high availability on the ArcSight Database | example-install-config-intelligence-scale_db.yaml |
Supports an environment with modest EPS and minimal number of nodes but allows for further scaling with multiple worker nodes. Configures all components required by Intelligence on a single node, including Fusion and Transformation Hub, across 3 worker nodes and 1 master node. The Database has 3 nodes with data replication enabled (1 original, 1 copy) so that it can tolerate a failure of a single node and remain operational. |
Intelligence on a single node | example-install-config-intelligence-single-node.yaml |
Configures all components required by Intelligence on a single node, including Fusion and Transformation Hub. The Database has 3 nodes with data replication enabled (1 original, 1 copy) so that it can tolerate a failure of a single node and remain operational. |
Intelligence and Recon on a single node | example-install-config-intelligence_and_recon-single-node.yaml |
Configures all components required by Intelligence and Recon on a single node, including Fusion and Transformation Hub. The Database resides on a separate node. |
Recon with high availability | example-install-config-recon-high_availability.yaml |
Provides a good starting point if you anticipate your needs will grow since this configuration allows for further scaling when you need it without having to reinstall. Configures all components required by Recon, including Fusion, Transformation Hub, and (optionally) SOAR, across 3 worker and 3 master nodes. The Database has 3 nodes with data replication enabled (1 original, 1 copy) so that it can tolerate a failure of a single node and remain operational. |
Recon with high availability on the ArcSight Database | example-install-config-recon-scale_db.yaml |
Provides a good starting point when you want to scale the Database beyond a single node to handle your workload and storage requirements, but you don't yet wish to invest in high availability for Recon. Configures all components required by Recon on a single node, including Fusion, Transformation Hub, and (optionally) SOAR. The Database has 3 nodes with data replication enabled (1 original, 1 copy) so that it can tolerate a failure of a single node and remain operational. |
Recon on a single node |
example-install-config-recon-single-node.yaml |
Configures all components required by Recon on a single node, including Fusion, Transformation Hub, and (optionally) SOAR. The Database resides on a separate node. For information about FIPS mode on the Database Server, see Enabling FIPS Mode on the ArcSight Database Server. |
Transformation Hub with high availability | example-install-config-transformation_hub_and_fusion-high_availability.yaml | Configures Fusion and Transformation Hub across 3 worker and 3 master nodes. |
Understanding the Installation Commands
This table provides information about the installation commands and their purpose.
Script | Purpose |
---|---|
./arcsight-install -c /opt/my-install-config.yaml --cmd preinstall |
The preinstall command attempts to install automatically any missing operating system package dependencies using the yum command. Therefore, be sure yum is configured on all nodes to automatically be able to download the packages from a package repository. It runs checks on all hosts specified in the install config file and reports if they meet the requirements. It also modifies the configuration of all hosts specified in the install config file so each host meets the required system configuration for the components that will be installed on each host. Not all required system configurations can be handled by this command. The items that must be manually configured will be reported. It also installs or configures NFS as specified in the install config file. |
./arcsight-install -c /opt/my-install-config.yaml --cmd install
|
The install command installs or configures the Database, OPTIC Management Toolkit (OMT) cluster, and ArcSight capabilities as specified in the install config file. |
./arcsight-install -c /opt/my-install-config.yaml --cmd postinstall
|
The postinstall command performs the post-installation configurations. |
Configuring the System Clock of the Database Nodes
A network time server must be available in your environment. The chrony
process implements this protocol and it is installed by default on some versions of RHEL. Ensure that chrony
is installed on every node using. Click here for more information.
Using ArcSight Platform Installer to Deploy On-Premises
ArcSight Platform Installer takes care of the prerequisite verification, software requirement verifications, and post-installation configurations for on-premises deployment.
Before building your environment, ensure the firewall is running on the OMT nodes.
To use the installer to deploy on-premises:
- Launch a terminal session and log in to the master node as
root
. - Change to the following directory:
- Select an example install config file in the directory that most closely matches the deployment you need.
- Make a copy of the selected example file. For example, in these instructions, we will name the copy the following:
- Edit the following file as needed:
/opt/my-install-config.yaml
Each example install config file explains the minimal changes that must be made before performing the installation with the example file.
Depending on your specific deployment, you might need to make additional modifications that are not described in the example file. Additional explanations are available in the{unzipped-installer-dir}/config/install-config-doc.yaml
file. - Change to the following directory:
- Execute the following command to check all the nodes and deploy all the prerequisites.
- To install the Database, OMT, and ArcSight capaabilities, complete the following steps:
Execute the following command:
./arcsight-install -c /opt/my-install-config.yaml --cmd install
(Conditional) If your config file specifies to install the Database, respond to the following prompts:
- Accept License Agreement
- Database admin password
- Database app admin password
- Database search username
Be patient as the Database installation might take time to complete. The Database might need time to create indexes and complete setup tasks. The Database installation might appear to be complete; however, if you start the product before the Database installation is complete, you might experience errors and performance issues.For installing the OMT and deploying the ArcSight capabilities, respond to the following prompts:
- Accept License Agreement (again)
- OMT admin password
If the installer discovers warnings while running a check of the node hardware configuration, a prompt appears asking you to confirm the warnings and continue.Be patient as the installation might take time to complete, depending on the number of suite products and cluster nodes being installed. For example, a small cluster might take 40 minutes or more to complete. You can monitor the progress of the installer in the terminal.
- After the install command completes, run the pod command to check the pod status. Before continuing to the post-installation step, all pods must be in
Running
orCompleted
status. -
To view additional cluster status, including logs (as needed), complete the following steps:
-
Log in to the OMT Management Portal using the OMT admin username and password that you provided.
-
Navigate to
> . -
In the Kubernetes Dashboard, select
. -
Navigate to pods, then select the pod to inspect.
-
To view the logs for the pod, click the
icon in the upper-right corner of the UI. -
In the Logs from menu, select a different container to view relevant logs.
-
-
Continue to Post-deployment Configuration.
cd {unzipped-installer-dir}/config/
{unzipped-installer-dir}/config/
directory. Do not use the install-config-doc.yaml
file for your deployment, as it is for information purposes only./opt/my-install-config.yaml
{unzipped-installer-dir}
./arcsight-install -c /opt/my-install-config.yaml --cmd preinstall
Valid password specifications include:
Length: between 8-30
Can contain: letters, digits and special characters
Valid special characters: _ ! % @ &
Valid examples: 9badm1N_X, my6AsW@rd, mypasS_w0?d
kubectl get pods -A
Updating RE Certificates (optional)
ArcSight recommends that you use an RE certificate signed by your Trusted Certificate Authority as part of the installation process. For more information, see:
Running an Installation (or Upgrade) with a Private Key
If the cluster node passwords are not available and the user is provided with a private SSH key, installation (or upgrade) may be run by providing a path to the private key, either by adding to the configuration YAML file, or as an argument to the arcsight-install command. It is assumed that passwordless communication between cluster nodes is already configured by the administrator.
Example of configuration YAML:
Infrastructure: private-key-path: /root/.ssh/test-key
CLI argument example:
./arcsight-install -c /opt/my-install-config.yaml --cmd install --private-key=/root/.ssh/test-key
Next Step
After the automated installation completes, continue the deployment with the next step in the on-premises installation checklist.