Installing QRadar Suite Software in an air-gapped environment by using a portable device

If your cluster is not connected to the internet, you can install IBM Security QRadar® Suite Software in your cluster by using a portable device as a mirroring device.

You store the product images on a mirroring device. Your mirroring device can be a portable compute device, such as a laptop, or a portable storage device, such as an external hard disk drive. You transfer the images from your mirroring device to a local air-gapped network.

The workflow for a portable device installation consists of these steps:
  1. Setting up your mirroring environment
  2. Setting environment variables and downloading CASE files
  3. Mirroring images from the internet to your mirroring device
  4. Mirroring images from your mirroring device to your air-gapped environment
  5. Installing QRadar Suite Software

Setting up your mirroring environment

Before you install IBM Security QRadar Suite Software in an air-gapped environment, you must set up a mirroring device that can be connected to the internet to complete configuring your mirroring environment.

Install CLI tools

The following table shows the CLI tools that are needed to install QRadar Suite Software in an air-gapped environment.

Table 1. CLI tools needed to install QRadar Suite Software in an air-gapped environment
Software Purpose
Docker or Podman Container management
Red Hat OpenShift CLI (oc) Red Hat OpenShift Container Platform administration
IBM® Catalog Management plug-in for Red Hat OpenShift CLI Mirroring and installing QRadar Suite Software

  • For more information about installing WSL, see Install WSL.

  • Install Docker.

    1. Download and set up the Docker CLI tool for your computer operating system (OS).
    2. Ensure that the Docker CLI tool is working by typing the following command.
      docker version

    If you can't install Docker, install Podman.

    1. Download and set up the Podman CLI tool for your computer OS.
    2. Ensure that the Podman CLI tool is working by typing the following command.
      podman version

  • The Red Hat OpenShift CLI client helps you develop, build, deploy, and run your applications on any Red Hat OpenShift or Kubernetes cluster. It also includes the administrative commands for managing a cluster under the adm subcommand.

    1. Download Red Hat OpenShift CLI 4.10 or later from https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable-4.10/. The file to download is called openshift-client-<platform>-<version>.tar.gz.
    2. Extract the binary file that you downloaded by typing the following command, where <oc_cli_archive_file> is the name of the archive file that you downloaded.
      tar -xf <oc_cli_archive_file>
    3. Modify the permissions of the binary file by typing the following command, where <oc_cli_binary> is the name of the Red Hat OpenShift binary that you extracted from the archive.
      chmod 755 <oc_cli_binary>
    4. Move the binary file to the /usr/local/bin directory by typing the following command.
      mv <oc_cli_binary> /usr/local/bin/oc
      Tip: If this command returns a No such file or directory or Not a directory error message, create the /usr/local/bin directory by typing the following command.
      sudo mkdir /usr/local/bin
    5. Ensure that the Red Hat OpenShift CLI client is working by typing the following command.
      oc version
      Tip: MacOS users might see a message that this tool cannot be opened because it is from an unidentified developer. Close this message and go to System Preferences > Security & Privacy. On the General tab, click Open Anyway or Allow Anyway. Repeat the oc version command.
    1. Download the latest version of the plug-in.
      • To download the latest release version from the public GitHub repo on MacOS, type the following command. 
        curl -L https://github.com/IBM/ibm-pak-plugin/releases/latest/download/oc-ibm_pak-darwin-amd64.tar.gz -o oc-ibm_pak-plugin.tar.gz
      • To download the latest release version from the public GitHub repo on Linux, type the following command. 
        curl -L https://github.com/IBM/ibm-pak-plugin/releases/latest/download/oc-ibm_pak-linux-amd64.tar.gz -o oc-ibm_pak-plugin.tar.gz
    2. Extract the plug-in from the archive file by typing the following command.
      tar -xvf oc-ibm_pak-plugin.tar.gz
    3. Move the extracted plug-in to your /usr/local/bin directory by typing the following command.
      mv oc-ibm_pak-*-amd64 /usr/local/bin/oc-ibm_pak
    4. Verify that the plug-in is installed successfully by typing the following command.
      oc ibm-pak --version

Prerequisites

You must satisfy the following prerequisites before you install IBM Security QRadar Suite Software in an air-gapped environment:

To complete this task, you must be a Red Hat OpenShift cluster administrator.

Review the Planning for installation section to ensure that you meet the hardware, system, storage, and other requirements.

Your mirroring device must have at least 1 TB of storage available.

    • icr.io:443 for IBM Cloud Pak® for Security catalog source
    • cp.icr.io:443 for IBM Entitled Registry
    • github.com for Container Application Software for Enterprises (CASE) and tools
  • You must have access to a Red Hat OpenShift Container Platform account with cluster administrator access.
    1. Log in to the Red Hat OpenShift Container Platform web console.
    2. In the Red Hat OpenShift Container Platform web console, go to Operators > OperatorHub.
    3. Scroll, or type the keyword Serverless into the Filter by keyword box to find the Red Hat OpenShift Serverless operator.
    4. Review the information about the operator and click Install.
    5. On the Install Operator page, set the following parameters.
      1. Set the Installation Mode to All namespaces on the cluster (default). This mode installs the operator in the default openshift-serverless namespace to be available to all namespaces in the cluster.
      2. Set the Installed Namespace to openshift-serverless.
      3. Select the stable channel as the Update Channel. The stable channel enables installation of the latest stable release of the Red Hat OpenShift Serverless operator.
      4. Select Automatic or Manual approval strategy.
    6. Click Install to make the operator available to the selected namespaces on this Red Hat OpenShift Container Platform cluster.
    7. Go to Operators > Installed Operators to monitor the Red Hat OpenShift Serverless operator installation and upgrade progress.
      • If you selected a Manual approval strategy, the subscription upgrade remains in the Upgrading state until you review and approve its install plan. After you approve the subscription upgrade on the Install Plan page, the subscription upgrade status moves to Up to date.
      • If you selected an Automatic approval strategy, the upgrade status resolves to Up to date without intervention.
    8. After the subscription upgrade status is Up to date, select Operators > Installed Operators to verify that the Red Hat OpenShift Serverless operator eventually shows up, and its Status ultimately resolves to Succeeded in the relevant namespace.
    1. Click the Import YAML icon () on the menu bar.
    2. On the Import YAML screen, add the following content.
      apiVersion: operator.knative.dev/v1beta1
kind: KnativeServing
metadata:
    name: knative-serving
    namespace: knative-serving
spec:
    high-availability:
        replicas: 2
    3. Click Create.

      After you install Knative Serving, the KnativeServing object is created, and you are automatically directed to the knative-serving custom resource. Knative Serving installation is complete if all of the conditions in the Conditions section show True. If the conditions have a status of Unknown or False, wait a few moments, and then check again after you confirm that the resources are created.

  • Docker
    docker info
    Look for Docker Root Dir: in the output, and ensure that the location shows has at least 1 TB storage available.
    Podman
    podman info
    Look for volumePath: in the output, and ensure that the location shows has at least 1 TB storage available.

    The registry is available to aid in mirroring to final location by using portable options. For more information, see Docker Manifest V2, Schema 2.

  • Table 2. Information needed to install QRadar Suite Software
    Information needed Description
    The IBM Entitled Registry key

    After you purchase a license for QRadar Suite Software, an entitlement for the Cloud Pak software is associated with your MyIBM account ID. You must have an entitlement key for the IBM Entitled Registry to install QRadar Suite Software by the online or air-gapped method that uses the IBM Entitled Registry. The value of the key is set in a parameter that is used during installation.

    1. Use the IBMid and the password that are associated with the entitled software to log in to the MyIBM Container Software Library.
    2. In the Container software library, from the menu bar, click Get entitlement key.
    3. In the Entitlement keys section, click Copy Key, and copy the key to a safe location.

    You need the IBM Entitled Registry key during the installation process and it must continue to be valid through the entire lifecycle of the platform.

    Important: If the IBM Entitled Registry key becomes invalid, you must create a new key in Passport Advantage® from a valid account and replace the key on QRadar Suite Software. If you do not replace the key on QRadar Suite Software, services fail.
    The Fully Qualified Domain Name (FQDN) chosen for the QRadar Suite Software application
    You must create a unique FQDN for the QRadar Suite Software platform. The FQDN must not be the same as the Red Hat OpenShift Container Platform cluster FQDN, the IBM Cloud Pak foundational services FQDN, or any other FQDN associated with the Red Hat OpenShift Container Platform cluster.
    Tip: If your QRadar Suite Software platform is installed in one of the following environments, the FQDN of the Red Hat OpenShift Container Platform cluster is used with the TLS certificate for the platform FQDN.
    • IBM Cloud
    • Amazon Web Services (AWS)
    • Microsoft Azure
    • VMware
    You can choose to create a unique FQDN for the QRadar Suite Software platform if you don't want to use the Red Hat OpenShift Container Platform cluster FQDN.
    For more information about the FQDN requirements, see Domain name and TLS certificates.
    Certificate of Authority (CA), if required for the QRadar Suite Software application domain. For more information about certificates, see Domain name and TLS certificates.
    The persistent storage and storage class to be used. For more information about the persistent storage required for QRadar Suite Software, see Storage requirements.
    The user that you provide in the installation for the adminUser parameter to set the initial user in QRadar Suite Software. The adminUser must exist in your identity provider. If you are using LDAP for your identity provider, the adminUser must have the mail attribute in LDAP. If you are using IBM Security Verify for your identity provider, be aware that email addresses are case-sensitive.
    Warning: Do not add a user with the username admin to your identity provider, as that might cause issues with other services on your cluster.

    For more information about the adminUser, see Logging in to QRadar Suite Software as initial user.

Setting environment variables and downloading CASE files

Before mirroring your images, set the environment variables on your mirroring device, and connect to the internet so that you can download the corresponding CASE files.

About this task

Tip: Save a copy of your environment variable values to a file by using a text editor. You can use that file as a reference to copy and paste from as you complete your air-gapped environment installation tasks.

Procedure

  1. Connect your mirroring device to the internet, and disconnect it from your local air-gapped network.
  2. Create the following environment variables with the installer image name and the image inventory on your mirroring device by typing the following command. 
    export CASE_NAME=ibm-cp-security && export CASE_VERSION=1.0.42
  3. Download the IBM Security QRadar Suite Software installer and image inventory to your mirroring device by typing the following command. 
    oc ibm-pak get $CASE_NAME --version $CASE_VERSION --disable-top-level-images-mode
    The CASE is saved to the ~/.ibm-pak/data/cases/$CASE_NAME/$CASE_VERSION directory and the log file is saved to ~/.ibm-pak/logs/oc-ibm_pak.log.
    Tip: If you want to save the CASE to a directory other than your home directory, set the $IBMPAK_HOME environment variable by typing the following command.
    export IBMPAK_HOME=<working_directory>

    When you set the $IBMPAK_HOME environment variable, the CASE is saved to <working_directory>/.ibm-pak/data/cases/$CASE_NAME/$CASE_VERSION and the log is saved to <working_directory>/.ibm-pak/logs/oc-ibm_pak.log.

    Important: If you change where the CASE is saved to, you must use $IBMPAK_HOME/.ibm-pak in place of ~/.ibm-pak throughout this procedure.
    Tip: If you want the installation process to be repeatable across environments, you can reuse the same saved CASE instead of downloading the CASE files again in other environments. You don't need to update versions of dependencies into the saved cache.

Mirroring images from the internet to your mirroring device

Mirroring images takes the image from the internet to your mirroring device, then effectively copies that image on to your air-gapped environment. After you mirror your images, you can configure your cluster and complete the air-gapped installation.

About this task

In these steps, your mirroring device is connected to the internet and disconnected from your air-gapped environment.

Procedure

  1. Set the $TARGET_REGISTRY environment variable to the IP address or FQDN and the port for your target registry by typing the following command. The target registry is the registry where your images are mirrored to and accessed by the Red Hat OpenShift Container Platform cluster. 
    export TARGET_REGISTRY=<target_registry>
    For example, if your target registry is at 192.0.2.0:5000 type the following command.
    export TARGET_REGISTRY=192.0.2.0:5000
  2. Generate the mirror manifests to use when you mirror the images to the target registry by typing the following command. 
    oc ibm-pak generate mirror-manifests $CASE_NAME file://cp4s_images --version $CASE_VERSION --final-registry $TARGET_REGISTRY
    The following files are generated in the ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION directory.
    • images-mapping-to-filesystem.txt
    • images-mapping-from-filesystem.txt
    • image-content-source-policy.yaml
    These files are used when you mirror the images to your target registry.
    Tip: If you want to view the list of images to be mirrored, type the following command. 
    oc ibm-pak describe $CASE_NAME --version $CASE_VERSION --list-mirror-images
  3. Store the authentication credentials for the IBM Entitled Registry, cp.icr.io.
    • If you are using Podman, store authentication credentials for cp.icr.io by typing the following commands. 
      export REGISTRY_AUTH_FILE=~/.ibm-pak/auth.json
      podman login cp.icr.io -u cp
    • If you are using Docker, store authentication credentials for cp.icr.io by typing the following commands. 
      export REGISTRY_AUTH_FILE=$HOME/.docker/config.json
      docker login cp.icr.io -u cp

    The password is your IBM Entitled Registry key.

    The command stores and caches the registry credentials in the location that is specified for the $REGISTRY_AUTH_FILE environment variable.

  4. Mirror images to your local file system by typing the following command. 
    oc image mirror \
-f ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/images-mapping-to-filesystem.txt \
--filter-by-os '.*'  \
-a $REGISTRY_AUTH_FILE \
--insecure \
--skip-multiple-scopes \
--max-per-registry=1
    The images are mirrored to a directory called v2/cp4s_images in the current directory.
  5. Copy the following files and directories from your local file system to your mirroring device.
    Important: When you copy these files to your portable storage device, ensure that you use the same path on the portable storage device.
    • The v2 directory that was generated in the previous step.
    • The ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION directory.

Mirroring images from your mirroring device to your air-gapped environment

About this task

In these steps, your mirroring device is disconnected from the internet and connected to your air-gapped environment.

Procedure

  1. Disconnect your mirroring device from the internet and connect it in your air-gapped environment.
  2. Set the $TARGET_REGISTRY environment variable to the IP address or FQDN and the port for your target registry by typing the following command. The target registry is the registry where your images are mirrored to and accessed by the Red Hat OpenShift Container Platform cluster. 
    export TARGET_REGISTRY=<target_registry>
    For example, if your target registry is at 192.0.2.0:5000 type the following command.
    export TARGET_REGISTRY=192.0.2.0:5000
  3. Create the following environment variables with the installer image name and the image inventory on your mirroring device by typing the following command. <path_to_V2_directory> is the path to the V2 directory generated in step 4 of Mirroring images from the internet to your mirroring device. 
    export CASE_NAME=ibm-cp-security &&
export CASE_VERSION=1.0.42 &&
export V2_DIR=<path_to_V2_directory>
  4. Store the authentication credentials for your target registry.
    • If you are using Podman, store authentication credentials for your target registry by typing the following commands.
      export REGISTRY_AUTH_FILE=~/.ibm-pak/auth.json
      podman login $TARGET_REGISTRY
    • If you are using Docker, store authentication credentials for your target registry by typing the following commands. 
      export REGISTRY_AUTH_FILE=$HOME/.docker/config.json
      docker login $TARGET_REGISTRY

    The command stores and caches the registry credentials in the location that is specified for the $REGISTRY_AUTH_FILE environment variable.

  5. Mirror images from your mirroring device to the target registry by typing the following command. 
    oc image mirror \
-f ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/images-mapping-from-filesystem.txt \
--from-dir=$V2_DIR \
--filter-by-os '.*' \
-a $REGISTRY_AUTH_FILE \
--insecure \
--skip-multiple-scopes \
--max-per-registry=1
  6. Log in to your Red Hat OpenShift Container Platform cluster as a cluster administrator by typing one of the following commands, where <openshift_url> is the URL for your Red Hat OpenShift Container Platform environment.
    • Using a username and password.
      oc login <openshift_url> -u <cluster_admin_user> -p <cluster_admin_password>
    • Using a token.
      oc login --token=<token> --server=<openshift_url>
  7. Update the global image pull secret for your Red Hat OpenShift Container Platform cluster and add the credentials for your target registry.
    1. Retrieve the existing global pull secret by typing the following command, where <pull_secret_location> is the location of the file where you want to store the global pull secret configuration. 
      oc get secret/pull-secret -n openshift-config --template='{{index .data ".dockerconfigjson" | base64decode}}' > <pull_secret_location>
    2. Add the new pull secret to the global pull secret file by typing the following command, where <username> and <password> are the username and password for your target registry. 
      oc registry login --registry="$TARGET_REGISTRY" --auth-basic="<username>:<password>" --to=<pull_secret_location>
    3. Update the global pull secret in the cluster by typing the following command. 
      oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson=<pull_secret_location>
    4. Verify the status of the nodes by typing the following command. 
      oc get MachineConfigPool -w
    After the global pull secret is updated, the configuration of your nodes is updated sequentially.
    Important: Wait until all MachineConfigPools are updated before you proceed to the next step.
  8. Create the ImageContentSourcePolicy resource by typing the following command. 
    oc apply -f ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/image-content-source-policy.yaml
    1. Verify that the ImageContentSourcePolicy resource is created by typing the following command. 
      oc get imageContentSourcePolicy ibm-cp-security
    2. Verify the status of the nodes by typing the following command. 
      oc get MachineConfigPool -w
    After the ImageContentSourcePolicy resource is created, the configuration of your nodes is updated sequentially.
    Important: Wait until all MachineConfigPools are updated before you proceed to the next step.
  9. If you are using an insecure registry, you must add the local registry to the cluster insecureRegistries list by typing the following command. 
    oc patch image.config.openshift.io/cluster --type=merge \
 -p '{"spec":{"registrySources":{"insecureRegistries":["'${TARGET_REGISTRY}'"]}}}'
    Important: Do not use insecure registries for production systems.
    1. Verify the status of the nodes by typing the following command. 
      oc get MachineConfigPool -w
    After the insecureRegistries list is updated, the configuration of your nodes is updated sequentially.
    Important: Wait until all MachineConfigPools are updated before you proceed to the next step.

Installing QRadar Suite Software

After your images are mirrored to your target registry, you can deploy QRadar Suite Software to Red Hat OpenShift in your air-gapped environment.

Before you begin

Include specific IP addresses and URLs in an allowlist at the network layer for sites that need to be accessed externally. For more information, see Creating an allowlist for air-gapped installation.

Procedure

  1. Log in to your Red Hat OpenShift Container Platform cluster as a cluster administrator by typing one of the following commands, where <openshift_url> is the URL for your Red Hat OpenShift Container Platform environment.
    • Using a username and password.
      oc login <openshift_url> -u <cluster_admin_user> -p <cluster_admin_password>
    • Using a token.
      oc login --token=<token> --server=<openshift_url>
  2. Set the $CP4S_NAMESPACE environment variable by typing the following command, where <cp4s_namespace> is the namespace where you are installing QRadar Suite Software. 
    export CP4S_NAMESPACE=<cp4s_namespace>
  3. Extract the QRadar Suite Software CASE by typing the following command. 
    tar -xf \
~/.ibm-pak/data/cases/$CASE_NAME/$CASE_VERSION/ibm-cp-security-$CASE_VERSION.tgz \
-C ~/.ibm-pak/data/cases/$CASE_NAME/$CASE_VERSION
  4. Update the parameters in the ~/.ibm-pak/data/cases/$CASE_NAME/$CASE_VERSION/ibm-cp-security/inventory/ibmSecurityOperatorSetup/files/values.conf file. The following table lists the configurable parameters for the QRadar Suite Software installation and their descriptions.
    Important: Do not use a values.conf file from a release older than 1.8 because some of the parameters are different. Using a values.conf file from a release older than 1.8 causes the installation to fail.
    Table 3. QRadar Suite Software installation parameters
    Parameter Description Do you need to update this parameter?
    adminUser The user that is given administrator privileges in the QRadar Suite Software System Administration account after installation. Specify a username or an email address that exists in your identity provider. Yes
    airgapInstall Set to true. Yes
    clusterProxy Set to false. Cluster-wide proxy is not supported in an air-gapped environment. No
    domain The fully qualified domain name (FQDN) created for QRadar Suite Software. If you don't specify an FQDN, it is generated as cp4s.<cluster_ingress_subdomain>. No, unless you want to specify your own FQDN.
    domainCertificatePath The path of the TLS certificate that is associated with the QRadar Suite Software domain. If the domain is not specified, the Red Hat OpenShift cluster certificates are used. For more information, see Domain name and TLS certificates. No, unless you updated the domain parameter.
    domainCertificateKeyPath The path of the TLS key that is associated with the QRadar Suite Software domain. If the domain is not specified, the Red Hat OpenShift cluster certificates are used. For more information, see Domain name and TLS certificates. No, unless if you updated the domain parameter.
    customCaFilePath The path of the custom TLS certificate associated with the QRadar Suite Software domain. For more information, see Domain name and TLS certificates. No, unless you are using a custom or self-signed certificate.
    storageClass The provisioned block or file storage class for all the PVCs required by QRadar Suite Software. When it is not specified, the default storage class is used. For more information, see Storage requirements. No, unless you are using a storage class other than the default storage class for the cluster.
    backupStorageClass Storage class for the backup and restore PVC. If this value is not set, QRadar Suite Software takes the value from the storageClass parameter. No, unless you are using a different storage class for the backup and restore pod than you set for the storageClass parameter.
    backupStorageSize The storage size for the backup and restore PVC. Must be 500Gi or higher. No, unless you need the storage size for the backup and restore PVC to be greater than 500 Gi.
    imagePullPolicy The pull policy for the images. When Red Hat OpenShift creates containers, it uses the imagePullPolicy to determine whether to pull the container image from the registry before it starts the container. Options are Always, IfNotPresent, or Never. No
    repository Specify the URL and port for the local Docker registry with the /cp/cp4s namespace appended. For example, example-registry:5000/cp/cp4s. Yes
    repositoryUsername The username to access your target registry. Yes
    repositoryPassword The password to access your target registry. Yes
    roksAuthentication Enable ROKS authentication. Only supported in IBM Cloud. For more information about configuring ROKS authentication, see Configuring Red Hat OpenShift authentication on IBM Cloud. No, unless you're using ROKS authentication in an IBM Cloud environment.
    deployDRC Set to true to deploy Detection and Response Center. Set to false to skip deployment of Detection and Response Center. For more information, see Exploring security rule use cases with Detection and Response Center. No, unless you don't want to deploy Detection and Response Center.
    deployRiskManager Set to true to deploy IBM Security Risk Manager. Set to false to skip deployment of IBM Security Risk Manager. For more information, see IBM Security Risk Manager. No, unless you don't want to deploy IBM Security Risk Manager.
    deployThreatInvestigator Set to true to deploy Threat Investigator. Set to false to skip deployment of Threat Investigator. For more information, see Investigating cases with IBM Security Threat Investigator. No, unless you don't want to deploy Threat Investigator.
    CSNamespace The namespace where foundational services will be installed. The default is ibm-common-services.
    Warning: Do not install foundational services in the same namespace as QRadar Suite Software. If you are installing QRadar Suite Software operators in the All Namespaces Mode, do not customize the namespace.
    		 No, unless you want to install foundational services in a custom namespace or an existing QRadar Suite Software installation in your cluster uses foundational services in a custom namespace.
  5. Install QRadar Suite Software by typing the following command.
    Table 4. QRadar Suite Software installation command arguments
    Argument Description
    --allNamespaceMode

    In this mode, the QRadar Suite Software operators are installed in the openshift-operators project (namespace). The QRadar Suite Software operators are available to all namespaces in the cluster.

    Note: If the allNamespaceMode is not selected, the QRadar Suite Software operators are installed in ownNamespaceMode and is only available in the Operand Namespace.
    --acceptLicense Read the QRadar Suite Software license that is in the $HOME/ibm-cp-security/licenses directory. By accepting the license, you confirm that you read the license and accept the terms. For the QRadar Suite Software installation to proceed, the acceptLicense true parameter is added to the installation action.

    After QRadar Suite Software is installed, you can use the license and usage page to turn on and off applications to comply with your QRadar Suite Software license purchase. For more information, see Managing licensing and usage.

    		 
    oc ibm-pak launch -t 1 \
$CASE_NAME \
--version $CASE_VERSION \
--inventory ibmSecurityOperatorSetup \
--namespace $CP4S_NAMESPACE \
--action install \
--args "--acceptLicense true --inputDir ~/.ibm-pak/data/cases/$CASE_NAME/$CASE_VERSION"
    Important: Installation takes approximately 1.5 hours. When installation is complete, the latest version of IBM Cloud Pak foundational services, and QRadar Suite Software 1.10.17 are installed.
  6. Verify QRadar Suite Software installation by typing the following command. 
    oc ibm-pak launch -t 1 \
$CASE_NAME \
--version $CASE_VERSION \
--inventory ibmSecurityOperatorSetup \
--namespace $CP4S_NAMESPACE \
--action validate

Results

The following message is displayed when installation is complete. 
[INFO] IBM Cloud Pak for Security deployment is complete.

If the following message is displayed, follow the instructions in SOAR playbooks not available or SOAR automation limited to resolve the issue.

[WARN] IBM Cloud Pak for Security deployment is complete but SOAR Playbooks are not available.

What to do next

Postinstallation tasks