Installing the OMT Infrastructure

This process installs the OMT Installer, with which you can install the browser-based OMT Management Portal for deploying and configuring the ArcSight capabilities.

If you performed the upload of product images to the bastion when you followed the Upload Product Images to the Artifact Registry procedure, you already have the needed packages in the right location. Otherwise, use an scp client to copy the arcsight-platform-cloud-installer-XX.X.X.XXX.zip package to the bastion and unpack it.

Unzip the cdf-deployer.zip file and run the installation as in the example below:

unzip cdf-deployer.zip

cd cdf-deployer/

./install \
--k8s-provider gcp \
--external-access-host <RECORDSET_NAME> \
--loadbalancer-info LOADBALANCERIP="<RECORDSET_IP>;networking.gke.io/load-balancer-type=Internal"  \
--nfs-server <FILESTORE_IP> \
--nfs-folder <OMT_ITOM_VOLUME> \
--registry-url <REGION>-docker.pkg.dev \
--registry-username oauth2accesstoken \
--registry-password $(gcloud auth print-access-token) \
--registry-orgname <ORGANIZATON_NAME> \

-P <PASSWORD>

Where:

<RECORDSET_NAME> is the DNS domain name configured earlier in the DNS Service Private section (check the Google Cloud worksheet)

<RECORDSET_IP> is the load balancer information. The argument networking.gke.io/load-balancer-type=Internal is always required. The LOADBALANCERIP value must be the value specified in Assigning an IP Address to Private DNS record-sets (check the Google Cloud worksheet)

By using the networking.gke.io/load-balancer-type=Internal argument, the command above will create two network load balancers:

One for the fronted ingress controller service port 3000
One for the portal ingress controller service ports 5443 and 8444

<FILESTORE_IP> is the value obtained while Creating the filestore (check the Google Cloud worksheet)

<OMT_ITOM_VOLUME> is the directory on filestore into which OMT starts the installation. The path is a combination of the parent directory plus the predefined subfolder name, as established in Configuring the Filestore for the ArcSight Suite. For example: /GCPdemo/itom-vol.

--k8s-provider is the cloud provider for an OMT installation on a cloud server. The allowed value of this parameter is gcp.

<REGION> is the region where the OMT is going to be deployed. The composed URL is the login server for the Artifactory Registry (check the Google Cloud worksheet)

<ORGANIZATON_NAME> is the organization name. Use the same value as for the -o argument you specified during the Upload Product Images to the Artifact Registry (check the Google Cloud worksheet)

<PASSWORD> is the ArcSight Suite admin password

For example:

./install \
--k8s-provider gcp \
--external-access-host arcsight-suite.internal.arcsight-suite.com \
--loadbalancer-info LOADBALANCERIP="10.1.0.100;networking.gke.io/load-balancer-type=Internal" \
--nfs-server 10.197.224.90  \
--nfs-folder /arcsight_suite/arcsight/itom-vol \
--registry-url us-central1-docker.pkg.dev \
--registry-username oauth2accesstoken \
--registry-password $(gcloud auth print-access-token) \
--registry-orgname security-arcsight-nonprod/gcp-arcsight-test-artifact-registry  \
--system-user-id 1999 \
--system-group-id 1999 \
-P Arst@dm1n!