QRadar Network Insights software installations on your own hardware

You can install QRadar Network Insights on your own hardware. The software installation uses a Red Hat® Enterprise Linux® operating system that you provide.

Complete the following tasks in order:

  1. Ensure that your system meets the minimum system requirements for QRadar Network Insights installations.
  2. Ensure that you have entitlement for a QRadar Software Node. To acquire entitlement to a QRadar Software Node, contact your QRadar Sales Representative.
  3. Install Red Hat Enterprise Linux (RHEL).
  4. Install QRadar Network Insights

You cannot stack appliances in a QRadar Network Insights software installation.

Prerequisites for installing QRadar Network Insights on your own appliance

Before you install IBM QRadar Network Insights on your own appliance, ensure that you follow these installation guidelines and that your hardware meets the system requirements.

Installation requirements

Follow these guidelines to install QRadar Network Insights software on your own appliance:

  • You must acquire entitlement to a QRadar Software Node for a QRadar Network Insights software installation.

    To acquire entitlement to a QRadar Software Node, contact your QRadar Sales Representative.

  • Do not install software other than QRadar Network Insights on your hardware.

    Unapproved RPM installations can cause dependency errors when you upgrade QRadar Network Insights software and can also cause performance issues in your deployment.

  • Do not update your operating system or packages before or after QRadar Network Insights installation.

Minimum system requirements

The following table describes the system requirements for QRadar Network Insights software installations:

Restriction: Resizing logical volumes is not supported.
Table 1. Minimum system requirements for QRadar Network Insights software installations

Requirement

Details

CPU

The system must use a processor that is supported by the Red Hat Enterprise Linux (RHEL) version that is required for the QRadar Network Insights installation. To determine which version of RHEL is required, see Installing RHEL on your hardware. To determine which processors are supported by the RHEL version, refer to the vendor documentation.

Virtualization hardware extensions such as Intel VT or AMD-V must be enabled in the BIOS. This requirement does not apply to the following systems:
  • Appliances that have a Napatech card.
  • Virtual hosts such as EC2 instances and VMware guests.
Storage

Capacity: 480 GB

IOPS: 300

Data transfer rate (MB/s): 300

Memory (RAM)

64 GB

Always complete memory upgrades before you install QRadar Network Insights.

Network capture cards
One of the following network interface cards for traffic capture:
  • Napatech NT100A01 (4x1G/10G) New in 7.5.0 Update Package 4
  • Napatech NT40E3 (4x1G/10G)
  • Intel x520
  • Intel x710

Maximum of one capture card per host.

Network management interface
One of the following network interface cards for management:
  • RJ-45 10/100/1000 Mb Ethernet systems management port
  • 10 GbE SFP+ port

Installing RHEL on your hardware

Your appliance must have the Red Hat Enterprise Linux (RHEL) operating system installed on it before you install IBM QRadar Network Insights.

Before you begin

Download the Red Hat Enterprise Linux Server ISO x86_64 Boot ISO from https://access.redhat.com Refer to the Red Hat version table to choose the correct version.
Table 2. Red Hat version
IBM QRadar version Red Hat Enterprise Linux version
IBM QRadar 7.5.0 Red Hat Enterprise Linux V8.8 64-bit

You must acquire entitlement to a QRadar Software Node for a QRadar Network Insights software installation. To acquire entitlement to a QRadar Software Node, contact your QRadar Sales Representative.

Procedure

  1. Map the ISO to a device for your appliance by using the Integrated Management Module (IMM) or the Integrated Dell Remote Access Controller (iDRAC), or insert a bootable USB drive with the ISO.
  2. Insert the portable storage device into your appliance and restart your appliance.
  3. From the starting menu, do one of the following options:
    • Select the device that you mapped the ISO to, or the USB drive, as the boot option.
    • To install on a system that supports Extensible Firmware Interface (EFI), you must start the system in legacy mode.
  4. When prompted, log in to the system as the root user.
  5. Follow the instructions in the installation wizard to complete the installation:
    1. Set the language to English (US).
    2. Click Date & Time and set the time for your deployment.
    3. Click Software selection and select Minimal Install.
    4. Click Installation Destination and select the I will configure partitioning option.
    5. Select LVM from the list.
    6. Click the Add button to add the mount points and capacities for your partitions, and then click Done.
    7. Click Network & Host Name.
    8. Enter a fully qualified domain name for your appliance host name.
    9. Select the interface in the list, move the switch to the ON position, and click Configure.
    10. On the General tab, select the Automatically connect to this network when it is available option.
    11. On the IPv4 Settings or IPv6 Settings tab, select Manual in the Method list.
    12. Click Add.
      • For an IPv4 deployment, enter the IP address, Netmask, and Gateway for the appliance in the Addresses field.
      • For an IPv6 deployment, enter the IP address, Prefix, and Gateway in the Addresses field.
    13. Add two DNS servers.
    14. Click Save > Done > Begin Installation.
  6. Set the root password, and then click Finish configuration.
  7. After the installation finishes, disable SELinux by modifying the /etc/selinux/config file, and restart the appliance.

What to do next

Installing QRadar Network Insights on your own hardware

Installing QRadar Network Insights on your own hardware

You can install IBM QRadar Network Insights 7.4.0 or later on your own hardware.

Software installations for earlier versions of QRadar Network Insights are not supported.

Before you begin

Download the installation file from Fix Central (www.ibm.com/support/fixcentral/).

Procedure

  1. Copy the installation .iso file to the device.
  2. Create the /media/cdrom directory by typing the following command:
    mkdir /media/cdrom
  3. Mount the .iso file by using the following command:
    mount -o loop <software_installation_file.iso> /media/cdrom
  4. Run the installation setup wizard by using the following command:
    /media/cdrom/setup
    Note: A new kernel might be installed as part of the installation, which requires a system restart. Repeat the commands in steps 3 and 4 after the system restart to continue the installation.
  5. On the Software Installed System window, select Software Install.
  6. On the Software Appliance Assignment window, choose Network Insights.
  7. For the type of setup, select Normal Setup (default) or HA Recovery Setup
  8. Select the continent and time zone.

    The default selection is the time zone that is specified in the Red Hat Enterprise Linux install.

  9. On the Management Interface Setup window, select the management interface.
  10. On the Network Information Setup window, the host name and IP address is automatically loaded.

    You can enter a static IP address, or use the assigned IP address.

  11. On the Root Password Setup window, set a password.

    This is the password that you use to add the managed host to the QRadar Console.

  12. Click Finish.
  13. Follow the instructions in the installation wizard to complete the installation.

    The installation process might take several minutes.

  14. Add the QRadar Network Insights managed host to QRadar:
    1. Log in to QRadar:
      https://IP_Address_QRadar

      The default user name is admin. The password is the password of the root user account.

    2. On the Admin tab, in the System Configuration section, click System and License Management.
    3. In the Display list, select Systems.
    4. On the Deployment Actions menu, click Add Host.
    5. Configure the settings for the managed host by providing the fixed IP address and the root password.
    6. Click Add.
    7. On the Admin tab, click Advanced > Deploy Full Configuration.
  15. Apply your license key.
    1. On the Admin tab, click System Configuration.
    2. Click the System and License Management icon.
    3. From the Display list, select Licenses, and upload your license key.
    4. Select the unallocated license and click Allocate System to License.
    5. From the list of licenses, select the license, and click Allocate License to System.

    Only the QRadar Network Insights managed host requires a license. The QRadar Console does not need a QRadar Network Insights license.