Installing QRadar Suite Software by using the Red Hat OpenShift web console

Install IBM Security QRadar® Suite Software in an environment with internet connectivity by using the Red Hat® OpenShift® web console. Before you install, you create a namespace, an entitlement key, and a pull secret.

Before you begin

To complete this task, you must be a Red Hat OpenShift cluster administrator.

Review the Planning for installation section to make sure that you meet the hardware, system, storage and other requirements.

Before you install QRadar Suite Software, review and take the following prerequisite steps for a successful installation.

Gather the information needed to install QRadar Suite Software

Make sure you know the registry key and other information to successfully install QRadar Suite Software.

Table 1. Information needed to install QRadar Suite Software
Information needed Description
The IBM® Entitled Registry key

After you purchase a license for QRadar Suite Software, an entitlement for the Cloud Pak software is associated with your MyIBM account ID. You must have an entitlement key for the IBM Entitled Registry to install QRadar Suite Software by the online or air-gapped method that uses the IBM Entitled Registry. The value of the key is set in a parameter that is used during installation.

  1. Use the IBMid and the password that are associated with the entitled software to log in to the MyIBM Container Software Library.
  2. In the Container software library, from the menu bar, click Get entitlement key.
  3. In the Entitlement keys section, click Copy Key, and copy the key to a safe location.

You need the IBM Entitled Registry key during the installation process and it must continue to be valid through the entire lifecycle of the platform.

Important: If the IBM Entitled Registry key becomes invalid, you must create a new key in Passport Advantage® from a valid account and replace the key on QRadar Suite Software. If you do not replace the key on QRadar Suite Software, services fail.
The Fully Qualified Domain Name (FQDN) chosen for the QRadar Suite Software application
You must create a unique FQDN for the QRadar Suite Software platform. The FQDN must not be the same as the Red Hat OpenShift Container Platform cluster FQDN, the IBM Cloud Pak® foundational services FQDN, or any other FQDN associated with the Red Hat OpenShift Container Platform cluster.
Tip: If your QRadar Suite Software platform is installed in one of the following environments, the FQDN of the Red Hat OpenShift Container Platform cluster is used with the TLS certificate for the platform FQDN.
  • IBM Cloud®
  • Amazon Web Services (AWS)
  • Microsoft Azure
  • VMware
You can choose to create a unique FQDN for the QRadar Suite Software platform if you don't want to use the Red Hat OpenShift Container Platform cluster FQDN.
For more information about the FQDN requirements, see Domain name and TLS certificates.
Certificate of Authority (CA), if required for the QRadar Suite Software application domain. For more information about certificates, see Domain name and TLS certificates.
The persistent storage and storage class to be used. For more information about the persistent storage required for QRadar Suite Software, see Storage requirements.
The user that you provide in the installation for the adminUser parameter to set the initial user in QRadar Suite Software. The adminUser must exist in your identity provider. If you are using LDAP for your identity provider, the adminUser must have the mail attribute in LDAP. If you are using IBM Security Verify for your identity provider, be aware that email addresses are case-sensitive.
Warning: Do not add a user with the username admin to your identity provider, as that might cause issues with other services on your cluster.

For more information about the adminUser, see Logging in to QRadar Suite Software as initial user.

Installing QRadar Suite Software by using the Red Hat OpenShift web console

After you take the prerequisite steps, install IBM Security QRadar Suite Software in an environment with internet connectivity by using the Red Hat OpenShift web console.

Procedure

  1. Go to Projects > Create Project and create a namespace where you want to install QRadar Suite Software.
    The namespace must meet the following criteria:
    • Contain only lowercase alphanumeric characters or -
    • Start and end with an alphanumeric character
    • Be a dedicated namespace for QRadar Suite Software
    • Not be default, kube-*, or openshift-*

    For example, you might call your QRadar Suite Software namespace cp4s.

  2. Create an ibm-entitlement-key secret for the IBM Entitlement Registry in the namespace that you created.
    1. Go to Workloads > Secrets and ensure that the Project is set to the namespace that you created.
    2. Click Create, select Image pull secret, and set the following parameters for the secret.
      Table 2. IBM Entitlement Registry secret parameters
      Parameter Value
      Secret Name ibm-entitlement-key
      Authentication Type Image Registry Credentials
      Registry Server Address cp.icr.io
      Username cp
      Password Your IBM Entitled Registry key.
      Email Optional. The email address associated with the Username that you provided.
    3. Click Create to create the secret.
  3. If you are using your own domain and certificates, create a TLS secret.
    1. Go to Workloads > Secrets and ensure that the Project is set to the namespace that you created.
    2. Click Create and select Key/value secret.
    3. Set the secret name to isc-ingress-default-secret.
    4. If you are using custom or self-signed certificates, add a key that is called ca.crt and upload the CA file as the value.
    5. Add a key called tls.crt and upload the TLS certificate as the value.
    6. Add a key called tls.key and upload the TLS key as the value.
    7. Click Create to create the TLS secret.
  4. Install the IBM Operator Catalog Source.
    1. Click the plus sign icon (+) in the Red Hat OpenShift web console.
    2. In the Import YAML box, paste the following text into the Import YAML field. 
      apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
    name: ibm-operator-catalog
    namespace: openshift-marketplace
spec:
    displayName: ibm-operator-catalog
    publisher: IBM Content
    sourceType: grpc
    image: icr.io/cpopen/ibm-operator-catalog
    updateStrategy:
        registryPoll:
            interval: 45m
    3. Click Create.
  5. Verify that the pod is running in the openshift-marketplace namespace.
    1. Go to Workloads > Pods.
    2. Ensure that the Project is set to the openshift-marketplace namespace.
      Tip: You might need to toggle Show default projects to the on position to see the openshift-marketplace namespace.
    3. Search for ibm-operator-catalog.
    4. Verify that the pod is in the Running state.
  6. Install the QRadar Suite Software Operator.
    1. Go to Operators > OperatorHub.
    2. Search for IBM Cloud Pak for Security and click the IBM Cloud Pak for Security tile in the search results.
    3. Click Install.
    4. In the Update Channel section, select the 1.11 channel.
    5. In the Installation Mode section, select the All namespaces option to install the operator to all namespaces, or the A specific namespace option to install the operator to a single namespace.
    6. In the Installed namespace section, select your own namespace where you created your IBM Entitlement Registry secret to install the operator using the A specific namespace option, or select the openshift-operators option to install the operator using the All namespaces option.
    7. Select the Automatic approval strategy.
    8. Click Install to install the QRadar Suite Software operator.
  7. Install QRadar Suite Software Threat Management.
    1. Go to Operators > Installed Operators and ensure that the Project is set to the namespace that you created.
    2. In the list of installed operators, click IBM Cloud Pak for Security.
    3. On the Details tab, click Create instance on the Threat Management card.
      Warning: Do not rename the Threat Management instance. The instance must be called threatmgmt.
    4. Review the license agreement and accept the license.
    5. Expand the Basic Deployment Configuration section and enter the admin user in the Admin User field.
    6. If you are using your own domain, enter your FQDN in the Domain field.
    7. If you are using a storage class that is not the default storage class, enter the storage class that you are using in the Storage class field.
    8. Expand the Optional Threat Management Capabilities section and deselect any capabilities that you don't want to deploy.
    9. Expand the Extended Deployment Configuration section and set any of the optional parameters.
    10. Click Create to start installation.
    Important: Installation takes approximately 1.5 hours. When installation is complete, the latest version of IBM Cloud Pak foundational services, and QRadar Suite Software 1.11.1 are installed.
  8. Verify QRadar Suite Software installation.
    1. Log in to the Red Hat OpenShift web console and ensure you are in the Administrator view.
    2. Go to Operators > Installed Operators and ensure that the Project is set to the namespace that you created.
    3. In the list of installed operators, click IBM Cloud Pak for Security.
    4. On the Threat Management tab, select the threatmgmt instance.
      On the Details page, the following message is displayed in the Conditions section when installation is complete. 
      Cloudpak for Security Deployment is successful.
      status:
  conditions:
  - lastTransitionTime: "<timestamp>"
    message: SOAR automation functionality will be limited
    reason: Knative not Deployed
    status: "True"
    type: Degraded

What to do next

Postinstallation tasks