Installing QRadar Suite Software by using the Red Hat OpenShift web console

Install IBM Security QRadar® Suite Software in an environment with internet connectivity by using the Red Hat® OpenShift® web console. Before you install, you create a namespace, an entitlement key, and a pull secret.

Before you begin

To complete this task, you must be a Red Hat OpenShift cluster administrator.

Review the Planning for installation section to ensure that you meet the hardware, system, storage, and other requirements.

  • You must have access to a Red Hat OpenShift Container Platform account with cluster administrator access.
    1. Log in to the Red Hat OpenShift Container Platform web console.
    2. In the Red Hat OpenShift Container Platform web console, go to Operators > OperatorHub.
    3. Scroll, or type the keyword Serverless into the Filter by keyword box to find the Red Hat OpenShift Serverless operator.
    4. Review the information about the operator and click Install.
    5. On the Install Operator page, set the following parameters.
      1. Set the Installation Mode to All namespaces on the cluster (default). This mode installs the operator in the default openshift-serverless namespace to be available to all namespaces in the cluster.
      2. Set the Installed Namespace to openshift-serverless.
      3. Select the stable channel as the Update Channel. The stable channel enables installation of the latest stable release of the Red Hat OpenShift Serverless operator.
      4. Select Automatic or Manual approval strategy.
    6. Click Install to make the operator available to the selected namespaces on this Red Hat OpenShift Container Platform cluster.
    7. Go to Operators > Installed Operators to monitor the Red Hat OpenShift Serverless operator installation and upgrade progress.
      • If you selected a Manual approval strategy, the subscription upgrade remains in the Upgrading state until you review and approve its install plan. After you approve the subscription upgrade on the Install Plan page, the subscription upgrade status moves to Up to date.
      • If you selected an Automatic approval strategy, the upgrade status resolves to Up to date without intervention.
    8. After the subscription upgrade status is Up to date, select Operators > Installed Operators to verify that the Red Hat OpenShift Serverless operator eventually shows up, and its Status ultimately resolves to Succeeded in the relevant namespace.
    1. Click the Import YAML icon () on the menu bar.
    2. On the Import YAML screen, add the following content.
      apiVersion: operator.knative.dev/v1beta1
kind: KnativeServing
metadata:
    name: knative-serving
    namespace: knative-serving
spec:
    high-availability:
        replicas: 2
    3. Click Create.

      After you install Knative Serving, the KnativeServing object is created, and you are automatically directed to the knative-serving custom resource. Knative Serving installation is complete if all of the conditions in the Conditions section show True. If the conditions have a status of Unknown or False, wait a few moments, and then check again after you confirm that the resources are created.

  • Table 1. Information needed to install QRadar Suite Software
    Information needed Description
    The IBM® Entitled Registry key

    After you purchase a license for QRadar Suite Software, an entitlement for the Cloud Pak software is associated with your MyIBM account ID. You must have an entitlement key for the IBM Entitled Registry to install QRadar Suite Software by the online or air-gapped method that uses the IBM Entitled Registry. The value of the key is set in a parameter that is used during installation.

    1. Use the IBMid and the password that are associated with the entitled software to log in to the MyIBM Container Software Library.
    2. In the Entitlement keys section, click Add new key.
    3. Click Copy Key, and copy the key to a safe location.

    You need the IBM Entitled Registry key during the installation process and it must continue to be valid through the entire lifecycle of the platform.

    Important: If the IBM Entitled Registry key becomes invalid, you must create a new key in Passport Advantage® from a valid account and replace the key on QRadar Suite Software. If you do not replace the key on QRadar Suite Software, services fail.
    The Fully Qualified Domain Name (FQDN) chosen for the QRadar Suite Software application

    By default, the FQDN for your QRadar Suite Software platform is cp4s.apps.<cluster_domain>. If you want to use your own FQDN, you must create a unique FQDN for the QRadar Suite Software platform. The FQDN must not be the same as the Red Hat OpenShift Container Platform cluster FQDN, the IBM Cloud Pak® foundational services FQDN, or any other FQDN associated with the Red Hat OpenShift Container Platform cluster.

    For more information about the FQDN requirements, see Domain name and TLS certificates.
    Certificate of Authority (CA), if required for the QRadar Suite Software application domain. For more information about certificates, see Domain name and TLS certificates.
    The persistent storage and storage class to be used. For more information about the persistent storage required for QRadar Suite Software, see Storage requirements.
    The user that you provide in the installation for the Admin User parameter to set the initial user in QRadar Suite Software. The Admin User must exist in your identity provider. If you are using LDAP for your identity provider, the Admin User must have the mail attribute in LDAP. If you are using IBM Security Verify for your identity provider, be aware that email addresses are case-sensitive.
    Warning: Do not add a user with the username admin to your identity provider, as that might cause issues with other services on your cluster.

    For more information about the Admin User, see Logging in to QRadar Suite Software as initial user.
    1. Go to Projects > Create Project and create a namespace where you want to install QRadar Suite Software. The namespace must meet the following criteria:
      • Contain only lowercase alphanumeric characters or -
      • Start and end with an alphanumeric character
      • Be a dedicated namespace for QRadar Suite Software
      • Not be default, kube-*, or openshift-*

      For example, you might call your QRadar Suite Software namespace cp4s.

    2. Create an ibm-entitlement-key secret for the IBM Entitlement Registry in the namespace that you created.
      1. Go to Workloads > Secrets and ensure that the Project is set to the namespace that you created.
      2. Click Create, select Image pull secret, and set the following parameters for the secret.
        Table 2. IBM Entitlement Registry secret parameters
        Parameter Value
        Secret Name ibm-entitlement-key
        Authentication Type Image Registry Credentials
        Registry Server Address cp.icr.io
        Username cp
        Password Your IBM Entitled Registry key.
        Email Optional. The email address associated with the Username that you provided.
      3. Click Create to create the secret.
    1. Go to Workloads > Secrets and ensure that the Project is set to the namespace that you created.
    2. Click Create and select Key/value secret.
    3. Set the secret name to isc-ingress-default-secret.
    4. If you are using custom or self-signed certificates, add a key that is called ca.crt and upload the CA file as the value.
    5. Add a key called tls.crt and upload the TLS certificate as the value.
    6. Add a key called tls.key and upload the TLS key as the value.
    7. Click Create to create the TLS secret.

    If you are not using your own domain and certificates, QRadar Suite Software uses the Red Hat OpenShift domain and certificates.

Procedure

  1. Install the IBM Operator Catalog Source.
    1. Click the plus sign icon (+) in the Red Hat OpenShift web console.
    2. In the Import YAML box, paste the following text into the Import YAML field. 
      apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
    name: ibm-operator-catalog
    namespace: openshift-marketplace
spec:
    displayName: ibm-operator-catalog
    publisher: IBM Content
    sourceType: grpc
    image: icr.io/cpopen/ibm-operator-catalog
    updateStrategy:
        registryPoll:
            interval: 45m
    3. Click Create.
  2. Verify that the pod is running in the openshift-marketplace namespace.
    1. Go to Workloads > Pods.
    2. Ensure that the Project is set to the openshift-marketplace namespace.
      Tip: You might need to toggle Show default projects to the on position to see the openshift-marketplace namespace.
    3. Search for ibm-operator-catalog.
    4. Verify that the pod is in the Running state.
  3. Install the QRadar Suite Software Operator.
    1. Go to Operators > OperatorHub.
    2. Search for IBM Cloud Pak for Security and click the IBM Cloud Pak for Security tile in the search results.
    3. Click Install.
    4. In the Update Channel section, select the 1.10 channel.
    5. In the Installation Mode section, select the All namespaces option to install the operator to all namespaces, or the A specific namespace option to install the operator to a single namespace.
    6. In the Installed namespace section, select your own namespace where you created your IBM Entitlement Registry secret to install the operator using the A specific namespace option, or select the openshift-operators option to install the operator using the All namespaces option.
    7. Select the Automatic approval strategy.
    8. Click Install to install the QRadar Suite Software operator.
  4. Install QRadar Suite Software Threat Management.
    1. Go to Operators > Installed Operators and ensure that the Project is set to the namespace that you created.
    2. In the list of installed operators, click IBM Cloud Pak for Security.
    3. On the Details tab, click Create instance on the Threat Management card.
      Warning: Do not rename the Threat Management instance. The instance must be called threatmgmt.
    4. Review the license agreement and accept the license.
    5. Expand the Basic Deployment Configuration section and enter the admin user in the Admin User field.
    6. If you are using your own domain, enter your FQDN in the Domain field.
    7. If you are using a storage class that is not the default storage class, enter the storage class that you are using in the Storage class field.
    8. Expand the Optional Threat Management Capabilities section and deselect any capabilities that you don't want to deploy.
    9. Expand the Extended Deployment Configuration section and set any of the optional parameters.
    10. Click Create to start installation.
    Important: Installation takes approximately 1.5 hours. When installation is complete, the latest version of IBM Cloud Pak foundational services, and QRadar Suite Software 1.10.17 are installed.
  5. Verify QRadar Suite Software installation.
    1. Log in to the Red Hat OpenShift web console and ensure you are in the Administrator view.
    2. Go to Operators > Installed Operators and ensure that the Project is set to the namespace that you created.
    3. In the list of installed operators, click IBM Cloud Pak for Security.
    4. On the Threat Management tab, select the threatmgmt instance.
      On the Details page, the following message is displayed in the Conditions section when installation is complete. 
      Cloudpak for Security Deployment is successful.

      If the following message is displayed, follow the instructions in SOAR playbooks not available or SOAR automation limited to resolve the issue.

      status:
  conditions:
  - lastTransitionTime: "<timestamp>"
    message: SOAR automation functionality will be limited
    reason: Knative not Deployed
    status: "True"
    type: Degraded

What to do next

Postinstallation tasks