Professional Documents
Culture Documents
Copyright 2010 - 2013 RSA, the Security Division of EMC. All rights reserved.
Trademarks
RSA, the RSA Logo and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other
trademarks used herein are the property of their respective owners. For a list of EMC trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may be used and copied only in
accordance with the terms of such license and with the inclusion of the copyright notice below. This software and the documentation, and any copies thereof,
may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any unauthorized use or reproduction of
this software and the documentation may be subject to civil and/or criminal liability. This software is subject to change without notice and should not be
construed as a commitment by EMC.
Third-Party Licenses
This product may include software developed by parties other than RSA. The text of the license agreements applicable to third-party software in this product
may be viewed in the thirdpartylicenses.pdf file.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption technologies, and current use, import,
and export regulations should be followed when using, importing or exporting this product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. EMC believes the information in this
publication is accurate as of its publication date. The information is subject to change without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY
KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY
OR FITNESS FOR A PARTICULAR PURPOSE.
15
Overview
Overview
Overview
This document introduces the RSA Series 4 Broker and provides a description of controls and connectors along with
selected specifications.
Introduction
The RSA Security Analytics Series 4 Broker is shipped with Broker software installed. The initial setup of the Broker in
your network involves these steps:
1. Review site requirements and safety information.
2. Mount the Broker hardware.
3. Connect the Broker to your network and configure network parameters on the Broker.
4. Finish Broker setup in Security Analytics.
There are several options for the initial physical connection to the Broker to begin configuration of the software
parameters. Once connected, the Security Analytics appliance console is used to make those configuration changes. Each
step is described in detail in this document.
You can learn more about Security Analytics in the online documentation. To view Security Analytics documentation, log
on to Security Analytics and select the Help option in the Security Analytics menu.
Package Contents
Verify the contents of the packing box to ensure that you have received all items necessary to install and configure your
Broker.
Series 4 Broker appliance
Rail Slide Assemblies (2)
2010 - 2013 RSA, The Security Division of EMC.
Key
Description
Diagnostic LEDs
Power On/Off
Ten 2.5-inch hard drive bays. The Broker has two 146 GB drives and two 1 TB drives installed. There is also an
internal secure digital (SD) card module where two 32 GB cards are installed, and this is where the operating
system is installed by default.
Key
Description
iDRAC Port
RS232 Serial Port (serial connection to laptop via DB9 or serial server)
Network Interface cards slot: SAS Controller installed with two DAC interface ports for connecting to the disk
storage arrays.
Network Interface card expansion slots for optional cards. Possible options are:
7
10
11
Broker Specifications
Form Factor
Weight
39 lbs.
Broker Specifications
Dimensions
Power supplies
Processors
RAM
96 GB
Overview
Overview
This topic provides instructions for connecting a Security Analytics S4 appliance to your network and configuring initial
management parameters on the appliance.
Introduction
Before you begin network configuration, mount or place the appliance securely in accordance with site requirements.
Configuring network parameters for an RSA Security Analytics S4 appliance consists of setting the default IP address,
the network clock source, and the hostname, then configuring your DNS servers. To set these parameters, you can
connect to the appliance console using a keyboard and mouse or the Ethernet connection. In both cases, log on to the
appliance as root. Once able to log on to the appliance, use the NwConsole program to modify the appliance
management settings. Use the OS command line to configure DNS servers.
Method
ssh/cli
root
netwitness
appliance
admin
netwitness
2. Connect a keyboard or KVM adapter to one of the USB ports on the back of the appliance.
3. Connect a power cord to each of the two power supplies on the rear of the appliance. Connect the power cords to a power source.
To provide a more robust setup, connect each power supply to a different circuit.
Caution:
5V standby power is active whenever the system is plugged in. To remove power from the system, you
must unplug both AC power cords from the power source
4. At the login prompt use the default credentials to gain access to the operating system (root/netwitness).
5. Continue to Set the IP Address section below.
10
1. Connect an Ethernet cable between a computer and the Ethernet management port on the back of the appliance.
2. Connect the power cords to the power connectors on the appliance and a power receptacle.
3. The default IP address of the appliance is set at the factory to 192.168.1.1; therefore, set the IP address of the client system in the
same subnet. For example, set your laptop to 192.168.1.15 with default gateway of 192.168.1.1 and then using a secure shell (SSH)
client connect to the appliance.
Note: Be aware that if you change network parameters while connected through SSH, your SSH session will
be dropped and you will have to re-connect to the appliance at its new address.
4. Accept the SSH key.
5. At the login prompt use the default credentials to gain access to the operating system.
6. Continue to Set the IP Address section below.
Set a Static IP
To set a static IP address:
1. At the root prompt: [root@NwAppliance~]#
enter the following command:
NwConsole
The NwConsole starts up and the following message is displayed:
RSA Security Analytics Console 10.2
Copyright 2001-2012, RSA Security Inc. All Rights Reserved.
2. In the NwConsole, enter the following command:
login localhost:50006 <adminusername> <password>
for example: login localhost:50006 admin netwitness
You are logged onto the appliance and the following message is displayed:
Successfully logged in as session <session #>
3. At the localhost prompt: [localhost:50006] />
enter the following command:
appliance setNet mode=static address=<desired IP address> netmask=<desired netmask>
gateway=<desired network gateway>
Example: To set the appliance em1 interface IP address to 10.1.2.35 for a class C network with gateway 10.1.2.1, execute the
following command:
appliance setNet mode=static address=10.1.2.35 netmask=255.255.255.0 gateway=10.1.2.1
The network services automatically restart on the appliance and the new settings are applied.
11
4. If the appliance is connected via network connection, you will have to reconnect to appliance using the new IP address to continue.
If you moved the appliance to a new subnet, changes to client networking may also be required.
5. To logout and exit the NwConsole, type exit.
Set a Dynamic IP
To set a dynamic IP address:
1. At the root prompt: [root@NwAppliance~]#
enter the following command:
NwConsole
The NwConsole starts up and the following message is displayed:
RSA Security Analytics Console 10.2
Copyright 2001-2012, RSA Security Inc. All Rights Reserved.
2. In the NwConsole, enter the following command:
login localhost:50006 <username> <password>
You are logged onto the appliance and the following message is displayed:
Successfully logged in as session <session #>
3. At the localhost prompt: [localhost:50006] />
enter the following command:
appliance setNet mode=dhcp
4. The network services automatically restart on the device and the new settings are applied. If the appliance is
connected via network connection, you will have to reconnect to appliance using the new IP address to continue. If
you moved the appliance to a new subnet, changes to client networking may also be required.
Caution: If you choose DHCP, there may be no way to determine the new address. You must connect to
the appliance console directly to determine the new address.
12
Note: It is recommended that you reboot the system after changing the hostname.
It is recommended that all systems in the Security Analytics suite be synchronized using a network time source so that
all devices accurately depict the same time. If this is not done then the time on the devices can get out of sync causing
queries for a specific time to not return the expected results.
Note: The commands in these instructions are case sensitive.
Note: If you specified an NTP clock source of local, the appliance clock serves as the clock source and the
time is configured using Set Appliance Built-In Clock as described in Security Analytics online help.
13
nameserver <DNS_server_ip_address>
search <domain_name>
where <DNS_server_ip_address> is the IP address of your DNS server, and
<domain_name> is the domain name
for example:
nameserver 192.168.0.1
search acmecorp.com
3. Save the changes and exit the vi editor.
14
Overview
Overview
This topic provides instructions for finishing Broker configuration and starting aggregation in Security Analytics.
Introduction
The final steps for setting up the Broker are done using Security Analytics. These are:
1. Add the Broker to Security Analytics in Devices view.
2. Apply a device license (or Entitlement) to the Broker.
3. Add one or more Concentrators to the Broker as aggregate devices.
4. Configure and start aggregation.
Several of these steps can be completed only when other parts of the Security Analytics network are in place:
At least one Concentrator and one Decoder service must be installed, licensed, configured, and capturing data to generate Meta
that the Broker can retrieve.
The Security Analytics device licenses (or Entitlements) must be available for activating the devices.
Log on to Security Analytics and follow instructions in the online help to finish setup of the Broker as part of the Security
Analytics suite.
15