Create a virtual machine where you can install IBM®
QRadar® if you do not want to
install it on a physical appliance.
Before you begin
Important: If you are installing QRadar on a Unified Extensible Firmware Interface
(UEFI) system, secure boot must be disabled.
About this task
Build your virtual machine to match the recommended specifications for IBM
QRadar on Cloud. For more information,
see QRadar on Cloud onboarding.
Procedure
- Create a virtual machine by using one of the following hypervisors:
- VMWare ESXi with hardware
version 13
- KVM on CentOS or Red Hat® Enterprise Linux®
7.9 with QEMU KVM
1.5.3-141 or later
- The Hyper-V plugin on Windows Server 2016 with all Windows updates applied
Notes:
- If you are installing a QRadar on Cloud appliance in
Hyper-V, you must do a software installation, not an appliance installation. If you are using a
version of Hyper-V that includes a secure boot option, secure boot must be disabled.
- A QRadar on Cloud
appliance can be installed using Appliance Install on an Unified Extensible Firmware Interface
(UEFI) system with Secure Boot enabled or disabled. If Secure Boot is enabled, QRadar on Cloud does not
function properly until you enroll the public key and reboot the system. If Secure Boot is disabled,
you can install the public key if you plan to use Secure Boot in the future. For more information,
see Enabling secure boot.
- If you create a virtual machine by using KVM, you must do a software installation.
- If you are installing QRadar on Cloud on a Unified
Extensible Firmware Interface (UEFI) system, secure boot must be disabled.
- The listed hypervisor versions are tested by QRadar on Cloud, but other
untested versions might also work. If you install QRadar on Cloud on an
unsupported version and encounter an issue that can be produced on the listed version of that
hypervisor, IBM supports that issue.
For more information about VMWare ESXi and hardware versions, see
ESXi/ESX hosts
and compatible virtual machine hardware versions list
(https://kb.vmware.com/s/article/2007240).
- Use the following steps to guide you through the choices:
-
For the Operating System (OS), select Linux, and
select Red Hat Enterprise Linux 7.3 (64-bit).
- On the CPUs page, configure the number of virtual processors
that you want for the virtual machine:
- For less than 1000 events per second (EPS), select 4 cores.
- For 1000 EPS or more, or for a deployment with QRadar Vulnerability Manager, select 8 cores.
-
In the Memory Size field, select 16 or greater.
- Use the following table to configure you network connections.
Table 1. Descriptions for network configuration parameters
Parameter
|
Description
|
How many NICs do you want to connect |
You must add at least one Network Interface Controller (NIC)
|
Adapter |
VMXNET3 |
- In the SCSI controller pane, select
Paravirtual.
- In the Disk pane, select Create a new virtual disk
and use the following table to configure the virtual disk parameters.
Table 2. Settings for the virtual disk size and provisioning policy parameters
Property |
Option |
Capacity |
500 GB minimum
2 TB or higher recommended
|
Disk Provisioning |
Thick provision |
Advanced options |
Do not configure |
- On the Ready to Complete page, review the settings and click
Finish.