Deploying the SOAR appliance

Deploy and install the SOAR appliance and then import the SOAR license.

About this task

After you complete the deployment and your system restarts, the first boot script starts automatically and installs the appliance. This process might take a few minutes.

Note: Do not cancel the first boot script or restart the system until after the installation is complete. Otherwise, you might need to import the OVA file again or, if you cancel the script before a root password is set, you might not be able to access the system.

During the first boot script, you are asked to provide passwords for root and resadmin accounts, and to verify or adjust the VM’s network configuration. When completed, the first boot script is removed and cannot be run a second time.

Deploy and install the SOAR appliance.

Procedure

  1. Open the VMware vSphere client.
  2. Select File > Deploy OVF Template.
  3. Browse to the location of the .ova file you downloaded and select the .ova file.
  4. When prompted, enter a name for the deployed template.
  5. When prompted by the Disk Format screen, select the Thick Provision Lazy Zeroed, Thick Provision Eager Zeroed, or Thin Provision option. If you choose one of the thick provisions, the appliance initially begins by using 100 GB of storage. If you choose Thin Provision, the appliance initially begins by using a few gigabytes and grows over time.
  6. In the Ready to Complete screen, select click Finish. A status bar appears during deployment. VMware notifies you when the appliance successfully deploys.
  7. Click Close in the Deployment Completed Successfully dialog box.

    After the deployment completes, power on the system. The first boot script then starts automatically and installs the appliance. The process might take a few minutes.

  8. When prompted, enter a root password then enter a password for the resadmin account. For security, use a strong password with at least four character classes, such as lowercase, uppercase, digits, and symbols.
  9. When prompted, review the network settings. You can choose to accept the default configuration or modify it. You can choose to use a static IP address instead of using DHCP. If you use a static IP address, make sure that the hostname resolves to that IP address since the SOAR appliance does not automatically register the IP address in DNS. Also, enter the IP address in your Domain Name Server (DNS).
  10. If you want, you can modify the settings.
    1. Start the NetworkManager text user interface (nmtui) tool by issuing the following command as root.
      #nmtui
    2. Use the arrow keys or press Tab to step forwards and press Shift+Tab to step back through the options. Press Enter to select an option. The Space bar toggles the status of a checkbox. Edit the connection that you want to modify.

    3. To use a static IP address, select the configuration and select Manual.
    4. Enter the IP address that you want to use and your Domain Name Servers as shown in the following graphic. Make sure that the hostname resolves to that IP address. The SOAR appliance does not automatically register the IP address in DNS. Also, enter the IP address in your Domain Name Server (DNS).
    5. Save your settings and restart the appliance.
    Note: If you are using a static IP address and if DNS is not available, you can append a mapping of the IP address to /etc/hosts. Otherwise, you might see performance issues, such as slow service startup or command execution, where the hostname is not resolved to an IP address.

What to do next

Import the license, as described in the following section.

Importing the SOAR license

Before you can start the SOAR Platform, you must import the license that you got from IBM Security®. To import the license, you must log in to the SOAR system with an SSH client, such as PuTTY.

About this task

If you do not have the license, refer to the IBM Security Support page.

Complete the following steps to import the license.

Procedure

  1. Copy the license file that you received from IBM Security.
  2. Log in to the system with SSH as the resadmin user account you created in the previous section. You can use PuTTY or connect from a terminal client as follows. 
    ssh resadmin@<Platform hostname or IP Address>
  3. To import the license, enter the following command: 
    sudo license-import -file <License File>

    A message, similar to the following message, appears on the screen, indicating successful import: 

    
Successfully imported license
Customer name:  <customer>
Expiration:  Not Defined
US regulators enabled:  true
CA regulators enabled:  true
EU regulators enabled:  true
APAC regulators enabled:  true
Security module enabled:  true
Actions framework enabled: true
Users:  Not Defined
    To display information about the currently installed license, enter the following command: 
    
sudo resutil license
    The system displays the following information:
    • Customer name, which is the name of your company.
    • Expiration, which is the expiration date of the license.
    • US regulators enabled, which displays true or false.
    • CA regulators enabled, which displays true or false.
    • EU regulators enabled, which displays true or false.
    • APAC regulators enabled, which displays true or false.
    • Security module enabled, which displays true (default) or false.
    • Actions framework module enabled, which displays true (default) or false.
    • Users, which displays the number of users the license allows.

Results

If you do not have an installed license when you run this command, the system informs you that no license is installed.