Configuring the Deployed Capabilities

For guidance on configuring your deployment, see "System Performance Benchmarks for Sizing and Tuning" in the Technical Requirements for ArcSight Platform 23.3 for your workload. It might specify additional settings beyond what is described below.

You are now ready to deploy and then configure your deployed capabilities. The Pre-Deployment Configuration page displays instructions to configure the products and capabilities chosen at the start of the installation process. This section explains the process of configuring deployed capabilities on a supported platform for both on-premises and cloud deployments.

Reviewing Settings that Must Be Configured During Deployment
Transformation Hub
Fusion
ArcSight Database
Intelligence

Reviewing Settings that Must Be Configured During Deployment

This section describes configuration settings that must be set during deployment. Additional settings can be modified after deployment by logging in to the OMT Management Portal.

For more information on a setting, hover over the setting to display the setting tooltip, then set the values accordingly.

The following products require configuration settings to be set during deployment.

Transformation Hub
Fusion
ArcSight Database
Intelligence

Transformation Hub

If you deployed Transformation Hub, in the Transformation Hub tab, ensure the following are set to the number of Kafka worker nodes in your deployment or what is specified in the Technical Requirements for ArcSight Platform 23.3 for your workload.

# of Kafka broker nodes in the Kafka cluster (th-kafka-count)
# of ZooKeeper nodes in the ZooKeeper cluster (th-zookeeper-count)
# of replicas assigned to each Kafka Topic (th-init-topicReplicationFactor) (This setting must be set to 1 for a single worker deployment, and 2 for a 3-node environment.)

On the Transformation Hub tab, configure the following security settings based on how you planned to secure communications as described in the Securing Communication Among OpenText Components section.

FIPS, Client Authentication, and Allow Plain Text connections to Kafka settings are available during installation and deployment only.

Allow plain text (non-TLS) connections to Kafka (th-kafka-allow-plaintext)
Enable FIPS 140-2 Mode (th-init-fips)
Connection to Kafka uses TLS Client Authentication (th-init-client-auth)
# of message replicas for the __consumer_offsets Topic (th-init-kafkaOffsetsTopicReplicationFactor)
Schema Registry nodes in the cluster (th-schema-registry-count)

If you are deploying ESM, configure your Enrichment Stream Processor Group source Topic according to the scope for which you want to leverage ESM's event enrichment capability. For more information, refer to Enrichment Stream Processors.

Fusion

If you deployed Fusion, on the Fusion tab:

Single Sign-on Configuration: Modify the Client ID (sso-client-id) and Client Secret (sso-client-secret) to a unique value for your environment.
If you are deploying Transformation Hub and configured # of Enrichment Stream Processor Group instances to start (enrichment-processor1-replicas) with a value greater than zero (default is 2), which means Enrichment Stream Processor will be enabled, the Fusion ArcMC Generator ID Manager must be enabled with a sufficient range of IDs because the Enrichment Stream Processor automatically requests generator IDs from the Fusion ArcMC in the same cluster as needed for its processing. To enable the Fusion ArcMC Generator ID Manager, configure Enable Generator ID Manager (arcmc-generator-id-enable) to True (default is True) and set the values of Generator ID Range Start (arcmc-generator-id-start) and Generator ID Range End (arcmc-generator-id-end) to provide a range of at least 100 between them. A range of 100 should be sufficient for common scenarios with a comfortable buffer, but you could also make the range larger if you have configured a large number of Enrichment Stream Processor instances or other components that use Generator IDs from this Fusion ArcMC instance.

It is important to choose a range that does not overlap with the Generator ID Manager range configured in any other ArcMC instances in your organization, otherwise different events with duplicate Globally Unique Event IDs could be created.

Maximum Search Results: This value specifies number of results that a search can return. Maximum limit is 10 million events.
Maximum Number of Searches: This value specifies the maximum number of searches that can exist in the system at any point. The default maximum search limit is 1,000, but you can change it to any number between 100 and 10,000. Any value above 10,000 or below 100 will display the following error message: "The value should be a number in the range of >=100 and <=10000."
- To change the maximum search limit:
  1. Log in to the Management Portal.
  2. Click Deployment.
  3. Select Deployments.
  4. Click the Three Dots icon (Browse) on the right side of the screen. Then, select Reconfigure.
  5. Select Fusion.
  6. Scroll down to the Search Configuration section.
  7. Change the value in the Maximum Number of Searches field to any number between 100-10,000.

The higher the number of searches, the more storage space will be consumed.

ArcSight Database

If you deployed the ArcSight Database and you configure SmartConnectors to use the CEF format when you send events to the Transformation Hub, in the Transformation Hub tab, ensure the # of CEF-to-Avro Stream Processor instances to start is set to at least 1 or what is specified in Technical Requirements for ArcSight Platform 23.3 for your workload.

On the Database Configuration, ensure that you set these configuration settings for your environment:

Enable Database
Use SSL for Database Connections

Leave SSL disabled (the default) but it must be enabled in a later step.
Database Host

The host list of the database node's IP, that is node1-IP, node2-IP,..., upto nodeN-IP.

Database Application Admin User Name
Database Application Admin User Password
Search User Name
Search User Password
Database Certificate(s)

Leave the Database Certificate(s) field empty.

Database Host Name(s)

Intelligence

If you deployed Intelligence, on the Intelligence tab, ensure you set these configuration settings for your environment:

HDFS NameNode (interset-hdfs-namenode)
In the OMT Management Portal > Configure/Deploy page > Intelligence > Analytics Configuration section, ensure that you specify the Fully Qualified Domain Name (FQDN) of the node in the HDFS NameNode field.
Elasticsearch Index Replicas Count (interset-elasticsearch-index-replicas-count)

Ensure you change default passwords to have a unique value in your environment.
H2 Password (interset-h2-password)

You can set this password only at the time of deployment.
KeyStore Password
Elasticsearch Password (interset-elasticsearch-password)

You must enable Enable Secure Data Transfer with HDFS Cluster to encrypt communication between the HDFS cluster and the database. For more information, see Configuring HDFS Security in OMT.

Consider the following:

If the topic name specified for the Avro Event Topic field is not the default topic, then use Transformation Hub's Avro routing rules using ArcMC 2.96 or later to filter Avro events from the default topic. Create a routing rule with the source topic as mf-event-avro-enriched and destination topic as the topic name you have provided in the Avro Event Topic field. For more information, see Creating a Route.
For Analytics Configuration-Spark, set the values based on the data load. For information about the values for Spark, see System Hardware Sizing and Tuning Guidelines in the Technical Requirements for ArcSight Platform 23.3 for your workload.
For the Data Identifiers to Identify Machine Users field, if you need to consider only human users for licensing, ensure that you provide appropriate values to identify and filter out the machine users from licensing. For more information, contact OpenText Customer Support.

If you are specifying details under the Hadoop File System (HDFS) Security section, consider the following:

If you are enabling Kerberos Authentication, then, before selecting kerberos in Enable Authentication with HDFS Cluster, ensure you configure the Kerberos Authentication. For more information, see Enabling and Configuring Kerberos Authentication.
The Kerberos details that you provide in Kerberos Domain Controller Server, Kerberos Domain Controller Admin Server, Kerberos Domain Controller Domain, and Default Kerberos Domain Controller Realm will be considered only if you select kerberos in Enable Authentication with HDFS Cluster. They are not valid if you select simple.