QRadar EDR system requirements
You must install IBM® Security QRadar® EDR on a Red Hat® OpenShift® Container Platform cluster. To make sure that QRadar EDR works correctly, you must meet or exceed the minimum requirements on your Red Hat OpenShift Container Platform cluster. You can install QRadar EDR on a self-managed cluster (Bare metal, KVM, or VSphere) or a cluster supported by cloud providers.
Important: These requirements are for one instance of QRadar EDR running on Red Hat OpenShift Container Platform. Do not install anything other than
QRadar EDR on your cluster.
- Linux® 64-bit (x86_64) systemsTip: QRadar EDR includes support for huge pages. The huge pages feature makes it possible for the operating system to support memory pages greater than the default, which is usually 4 KB.
- Red Hat OpenShift Container Platform
4.14.x
, or 4.16.x
installed by a user with cluster administrator permissions. For more information, see Setting up Red Hat OpenShift Container Platform clusters
.
- Hardware requirements
- Storage requirements
- Security considerations
- Domain name and TLS certificates
- The user who installs QRadar EDR must have cluster administrator permissions.
- Multi-zone and single-zone deployments, where appropriate storage providers are available to support that deployment model.
Network requirements
Red Hat OpenShift Container Platform must have access to the URLs listed in Configuring your firewall for OpenShift Container Platform.
QRadar EDR requires access to the following URLs.
cp.icr.io
icr.io
registry.redhat.io
registry.access.redhat.com
.quay.io
.docker.io
access.redhat.com
api.openshift.com
www.ibm.com
cdn.reaqta.cloud
feeder.reaqta.io
icr.io
registry.redhat.io
registry.access.redhat.com
.quay.io
.docker.io
access.redhat.com
api.openshift.com
www.ibm.com
cdn.reaqta.cloud
feeder.reaqta.io
You can install QRadar EDR on a cluster that uses a cluster-wide HTTPS proxy. For more information about setting up a cluster-wide proxy, see Configuring a cluster-wide HTTPS proxy.
Supported cloud providers
QRadar EDR deployment is verified
on the following cloud managed Red Hat OpenShift Container Platform clusters.
- Amazon Web Services
- VMware
-
Important: If you are using VMWare clusters that are hosted on multiple ESXi hosts, your storage must be shared between those hosts.
- Red Hat OpenShift Container Platform on VMware using
installer-provisioned infrastructure
- Red Hat OpenShift Container Platform on VMware using user-provisioned
infrastructure
To deploy QRadar EDR on VMWare, the following requirements must be met:- VMware vSphere version 7.0 Update 2 or later
- vCenter 7.0 Update 2 or later
- Virtual machines of hardware version 15 or later
- Red Hat OpenShift Container Platform on VMware using
installer-provisioned infrastructure
Important: Deploying QRadar EDR alongside existing anti-virus
solutions might cause technical issues. The configuration must be thoroughly tested before
production.