Creating your virtual machine

Create a virtual machine where you can install IBM® QRadar® if you do not want to install it on a physical appliance.

Before you begin

Important: If you are installing QRadar on a Unified Extensible Firmware Interface (UEFI) system, secure boot must be disabled.

About this task

Build your virtual machine to match the recommended specifications for IBM QRadar on Cloud. For more information, see QRadar on Cloud onboarding.

Procedure

  1. Create a virtual machine by using one of the following hypervisors:
    • VMWare ESXi with hardware version 13
    • KVM on CentOS or Red Hat® Enterprise Linux® 7.9 with QEMU KVM 1.5.3-141 or later
    • The Hyper-V plugin on Windows Server 2016 with all Windows updates applied
    Notes:
    • If you are installing a QRadar on Cloud appliance in Hyper-V, you must do a software installation, not an appliance installation. If you are using a version of Hyper-V that includes a secure boot option, secure boot must be disabled.
    • A QRadar on Cloud appliance can be installed using Appliance Install on an Unified Extensible Firmware Interface (UEFI) system with Secure Boot enabled or disabled. If Secure Boot is enabled, QRadar on Cloud does not function properly until you enroll the public key and reboot the system. If Secure Boot is disabled, you can install the public key if you plan to use Secure Boot in the future. For more information, see Enabling secure boot.
    • If you create a virtual machine by using KVM, you must do a software installation.
    • If you are installing QRadar on Cloud on a Unified Extensible Firmware Interface (UEFI) system, secure boot must be disabled.
    • The listed hypervisor versions are tested by QRadar on Cloud, but other untested versions might also work. If you install QRadar on Cloud on an unsupported version and encounter an issue that can be produced on the listed version of that hypervisor, IBM supports that issue.

    For more information about VMWare ESXi and hardware versions, see ESXi/ESX hosts and compatible virtual machine hardware versions list (https://kb.vmware.com/s/article/2007240).

  2. Use the following steps to guide you through the choices:
    1. For the Operating System (OS), select Linux, and select Red Hat Enterprise Linux 7.3 (64-bit).
    2. On the CPUs page, configure the number of virtual processors that you want for the virtual machine:
      • For less than 1000 events per second (EPS), select 4 cores.
      • For 1000 EPS or more, or for a deployment with QRadar Vulnerability Manager, select 8 cores.
    3. In the Memory Size field, select 16 or greater.
    4. Use the following table to configure you network connections.
      Table 1. Descriptions for network configuration parameters

      Parameter

      Description
      How many NICs do you want to connect

      You must add at least one Network Interface Controller (NIC)
      Adapter VMXNET3
    5. In the SCSI controller pane, select Paravirtual.
    6. In the Disk pane, select Create a new virtual disk and use the following table to configure the virtual disk parameters.
      Table 2. Settings for the virtual disk size and provisioning policy parameters
      Property Option
      Capacity

      500 GB minimum

      2 TB or higher recommended
      Disk Provisioning Thick provision
      Advanced options Do not configure
  3. On the Ready to Complete page, review the settings and click Finish.