This section provides information about installing Sentinel, Collector Managers, and Correlation Engines using the VHD appliance image. This image format allows you to generate a full disk image format that can be deployed directly to hardware, either physical (bare metal) or virtual (uninstalled virtual machine in a hypervisor) by selecting VHD image as a disc.
To install the Sentinel VHD appliance:
Download the VHD appliance image from the Download Website.
(Conditional) If you are using a hypervisor (Example: Windows 10 / Windows 19):
Set up the virtual machine using the VHD appliance image and power it on.
Follow the installation wizard on-screen instructions.
Select Install sentinel server <version>.
Select the language of your choice.
Select the keyboard layout.
Click Next.
Read and accept the SUSE Enterprise Server Software License Agreement. Click Next
Read and accept the Sentinel Server Appliance License Agreement. Click Next
Set the Sentinel appliance passwords, NTP configuration, and the time zone.
Set vaadmin user credentials for logging on to Sentinel Appliance Management Console.
NOTE:After installation, you can change the NTP configuration and time zone in the following ways:
Go to the command prompt and enter yast->Network Services->NTP Configuration
Go to Sentinel Appliance Management Console and click Time.
If the time appears out of sync immediately after the install, run the following command to restart NTP:
rcntp restart
On the Sentinel Server Appliance Network Settings page, specify the hostname and domain name. Select either Static IP Address or DHCP IP Address.
Click Next.
(Conditional) If you have selected Static IP Address in Step 10, specify the network connection settings.
Click Next.
Set the password for Sentinel user admin, then click Next.
Appliance is installed.
Make a note of the appliance IP address that is shown in the console.
Log in as root user at the console to log in to the appliance.
Enter the username as root and enter the password you set in Step 9.
Reboot the system after the deployment/installation is completed.
Proceed with Post-Installation Configuration for the Appliance.
The procedure to install a Collector Manager or a Correlation Engine is the similar to the procedure to installing Sentinel except that you need to download the appropriate VHD appliance file from the Download website.
Complete Step 1 through Step 13 in Installing Sentinel.
The installation checks for the available memory and disk space. If the available memory is less than 1 GB, the installation will not let you proceed and the Next button is greyed out.
Specify the following configuration for the Collector Manager or the Correlation Engine:
Sentinel Server Hostname or IP Address: Specify the host name or IP address of the Sentinel server that the Collector Manager or Correlation Engine should connect to.
Sentinel Communication Channel Port: Specify the Sentinel server communication channel port number. The default port number is 61616.
Sentinel Web Server Port: Specify the Sentinel web server port. The default port is 8443.
User name with Administrator role: Specify username of any user in Administrator role.
Password for user with Administrator role: Specify the password for the user name you have specified in the above field.
(Conditional) If your environment uses multi-factor or strong authentication, you must provide the Sentinel client id and Sentinel client secret. For more information about authentication methods, see Authentication Methods
in the Sentinel Administration Guide.
To retrieve the Sentinel client ID and Sentinel client secret, go to the following URL:
https://Hostname:port/SentinelAuthServices/oauth/clients
Where:
Hostname is the host name of the Sentinel server.
Port is the port Sentinel uses (typically 8443).
The specified URL uses your current Sentinel session to retrieve the Sentinel client ID and Sentinel client secret.
Click Next.
Accept the certificate when prompted.
Make a note of the appliance IP address that is shown in the console.
The console displays a message that this appliance is the Sentinel Collector Manager or Correlation Engine depending on what you chose to install, along with the IP address. The Console also displays the Sentinel server user interface IP address.
Complete Step 16 through Step 18 in Installing Sentinel.