Prerequisites
Depending on whether you are using Edge Gateway for data sources or SOAR apps, check the system and network prerequisites in one of the following sections.
Data sources only Edge Gateway for data sources
This section lists the prerequisites if you are installing the Edge Gateway to host containers for data sources. The
prerequisites apply to both the standalone and virtual application formats of the Edge Gateway software (run file or ova respectively)
except where noted:
- The prerequisites for the system hosting the Edge Gateway are as follows:
- Operating system: Red Hat Enterprise Linux v8.4 to v8.10.
- If you are installing the Edge Gateway virtual appliance, it runs on vSphere Hypervisor (ESXi) 6.7 U2 or later.
- Minimum 5 GB free disk space.
- Minimum 2 GB RAM.
- Minimum two CPUs. For Edge Gateway V1.15 or
later, the CPU must support x86-64-v2 architecture.Tip: To verify that your Edge Gateway system supports the x86-64-v2 architecture, run the following command and check that the output containsIf the output does not contain
x86-64-v2:/lib64/ld-linux-x86-64.so.2 --help | grep x86-64-v2x86-64-v2, you can change the settings for your Edge Gateway in the hypervisor. - Dedicated operating system account for data sources.
- If you are installing the standalone format, a user account on the system with sudo privileges is required.
- Access to the IBM Security QRadar® Suite Software application.
- Access to any third-party applications required by your data sources.
- If you are installing the Edge Gateway virtual application, also make sure TCP port number 22 is accessible.
- Make sure the Edge Gateway is not on a
network using IP addresses
10.42.x.xor10.43.x.x. Kubernetes require those IP ranges for its cluster and service respectively. Contact IBM Security Support for assistance if you require the Edge Gateway to be on such a network. - If you are installing the standalone format, make sure that the partitions that host the
following directories have the minimum required free disk space. IBM Security recommends using the
Logical Volume Manager (LVM) to manage your partitions:
- 400 MB for /boot
- 20 GB for /
- 70 GB for /var/lib
- 10 GB for /var/log
- If you are installing the standalone format using the
.runfile, the following packages must be installed. See Installing the standalone software for the commands to install them.createrepopackageselinuxpackage
Disable the
nm-cloud-setup service on your system, if it is enabled:- First, check if the
nm-cloud-setupservice is enabled on your system:
If it is not enabled, output similar to the following is returned, and no further action is required:# systemctl status nm-cloud-setup
If it is enabled, you see output similar to the following:[root@ip ~]# systemctl status nm-cloud-setup > Unit nm-cloud_setup.service could not be found[root@ip ~]# systemctl status nm-cloud-setup ● nm-cloud-setup.service - Automatically configure NetworkManager in cloud Loaded: loaded (/usr/lib/systemd/system/nm-cloud-setup.service; enabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/nm-cloud-setup.service.d └─10-rh-enable-for-ec2.conf Active: inactive (dead) Docs: man:nm-cloud-setup(8) - If it is enabled, run the following command to disable
it:
This command returns output similar to the following:systemctl disable nm-cloud-setup.service nm-cloud-setup.timer reboot[root@ip-172-31-2-112 ~]# systemctl status nm-cloud-setup ● nm-cloud-setup.service - Automatically configure NetworkManager in cloud Loaded: loaded (/usr/lib/systemd/system/nm-cloud-setup.service; disabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/nm-cloud-setup.service.d └─10-rh-enable-for-ec2.conf Active: inactive (dead) Docs: man:nm-cloud-setup(8)
The minimum supported TLS version for the Kubernetes API server is TLS V1.2.
The resources required by the Edge Gateway server depend on the requirements of your data sources. Therefore, you might need to increase those resources.
Apps only Edge Gateway for SOAR apps
This section lists the prerequisites if you are installing the Edge Gateway for hosting SOAR apps:
- If the Orchestration & Automation (SOAR) application is behind a firewall, such as in a cloud configuration, configure the firewall to allow the Edge Gateway access port number 443. This port number is required for the app to connect to Orchestration & Automation data using the REST API and STOMP messaging protocol. The connections are “inbound-only” from the Edge Gateway to the Orchestration & Automation application.
- IBM recommends that you install the Edge Gateway on a system other than the one hosting
IBM Security QRadar Suite Software. The prerequisites for the system
hosting the Edge Gateway are as follows:
- Operating system: Red Hat Enterprise Linux v8.4 to v8.10.
- If you are installing the Edge Gateway virtual appliance, it runs on vSphere Hypervisor (ESXi) 6.7 U2 or later.
- Minimum 5 GB free disk space.
- Minimum 2 GB RAM.
- Minimum two CPUs. For Edge Gateway V1.15 or
later, the CPU must support x86-64-v2 architecture.Tip: To verify that your Edge Gateway system supports the x86-64-v2 architecture, run the following command and check that the output containsIf the output does not contain
x86-64-v2:/lib64/ld-linux-x86-64.so.2 --help | grep x86-64x86-64, you can change the settings for your Edge Gateway in the hypervisor. - Dedicated operating system account for running apps.
- If you are installing the standalone format, a user account on the system with sudo privileges is required.
- Access to the Orchestration & Automation application.
- Access to any third-party applications required by the Orchestration & Automation apps that you install.
- If you are installing the Edge Gateway virtual appliance, also make sure TCP port number 22 is accessible.
- The
restandstomproutes hosts must be added to a DNS server. - Make sure the Edge Gateway is not on a
network using IP addresses
10.42.x.xor10.43.x.x. Kubernetes require those IP ranges for its cluster and service respectively. Contact IBM Security Support for assistance if you require that the Edge Gateway be on such a network. - If you are installing the standalone format using the
.runfile, the following packages must be installed. See Installing the standalone software for the commands to install them.createrepopackagecontainer-selinuxpackage
Disable the
nm-cloud-setup service on your system, if it is enabled:- First, check if the
nm-cloud-setupservice is enabled on your system:
If it is not enabled, output similar to the following is returned, and no further action is required:# systemctl status nm-cloud-setup
If it is enabled, you see output similar to the following:[root@ip ~]# systemctl status nm-cloud-setup > Unit nm-cloud_setup.service could not be found[root@ip ~]# systemctl status nm-cloud-setup ● nm-cloud-setup.service - Automatically configure NetworkManager in cloud Loaded: loaded (/usr/lib/systemd/system/nm-cloud-setup.service; enabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/nm-cloud-setup.service.d └─10-rh-enable-for-ec2.conf Active: inactive (dead) Docs: man:nm-cloud-setup(8) - If it is enabled, run the following command to disable
it:
This command returns output similar to the following:systemctl disable nm-cloud-setup.service nm-cloud-setup.timer reboot[root@ip-172-31-2-112 ~]# systemctl status nm-cloud-setup ● nm-cloud-setup.service - Automatically configure NetworkManager in cloud Loaded: loaded (/usr/lib/systemd/system/nm-cloud-setup.service; disabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/nm-cloud-setup.service.d └─10-rh-enable-for-ec2.conf Active: inactive (dead) Docs: man:nm-cloud-setup(8)
The minimum supported TLS version for the Kubernetes API server is TLS V1.2.
The resources required by the Edge Gateway server depend on the requirements of the apps installed. Some apps that operate on files in memory might have additional memory requirements. Apps that do considerable computations, such as decryption tasks, might need more CPU. Therefore, you might need to increase those resources.