App Host prerequisites

You should install the App Host on a different server than the one that is hosting the SOAR Platform.

Before you install the App Host, ensure that your appliance meets the minimum system requirements.

The resources that are required by the App Host server are variable due to the unique requirements of the apps that are installed. For example, some apps that operate on files in memory might have extra memory requirements. Apps that run extensive computations, such as decryption tasks, might need more CPU resources. Therefore, you might need to increase those resources.

App Host system requirements

The following table shows the system requirements for the server that hosts the App Host.

These requirements apply to both the stand-alone (.run) and virtual appliance (.ova) installations.

Table 1. App Host system requirements
Requirement Description
SOAR Platform

Requires SOAR Platform 37.2 or later.
Operating systems
The following operating systems are supported:
  • Red Hat® Enterprise Linux® 8.4 to 8.10.
Note: Red Hat Enterprise Linux 9 is not supported.

The App Host requires a dedicated operating system account for running applications.
VMware server

VMware Hypervisor (ESXi) 7.0 or later.

If you are upgrading the App Host appliance, you do not need to upgrade VMware vSphere Hypervisor (ESXi); however, the version must be supported by VMware.
Disk space

5 GB free (minimum)
CPU
2 CPUs (minimum). For App Host V1.15 or later, the CPU must support x86-64-v2 architecture.
Tip: To verify that your App Host system supports the x86-64-v2 architecture, run the following command and check that the output contains x86-64-v2:
/lib64/ld-linux-x86-64.so.2 --help | grep x86-64-v2
If the output does not contain x86-64-v2, you can change the settings for your App Host in the hypervisor.
Memory

2 GB (minimum).
TLS version for the Kubernetes API server

TLS 1.2 (minimum).
IP addresses

Ensure that the App Host is not on a network by using IP addresses 10.42.x.x or 10.43.x.x.

Kubernetes require those IP ranges for its cluster and service. Contact IBM Security® Support for assistance if you require that the App Host be on such a network.
Server communication

The App Host requires access to the SOAR Platform. The SOAR Platform can be part of your own on-premises environment, or it can be part of a SaaS configuration in the IBM Cloud®.

If the SOAR Platform is beyond a firewall, such as in a cloud configuration, configure the firewall to allow the App Host access to port 65001. The apps communicate with port 65001 of the SOAR Platform using the STOMP messaging protocol. The connection is “inbound-only” from the App Host to the SOAR Platform.

If you install the App Host virtual appliance (.ova), TCP port 22 must also be accessible.

Third-party applications The App Host requires access to any third-party applications that are required by the apps that you install.
Disable the nm-cloud-setup service on your system, if it is enabled:
  1. First, check if the nm-cloud-setup service is enabled on your system: 
    # systemctl status nm-cloud-setup
    If it is not enabled, output similar to the following is returned, and no further action is required:
    [root@ip ~]# systemctl status nm-cloud-setup
> Unit nm-cloud_setup.service could not be found
    If it is enabled, you see output similar to the following:
    [root@ip ~]# systemctl status nm-cloud-setup
● nm-cloud-setup.service - Automatically configure NetworkManager in cloud
   Loaded: loaded (/usr/lib/systemd/system/nm-cloud-setup.service; enabled; vendor preset: disabled)
  Drop-In: /usr/lib/systemd/system/nm-cloud-setup.service.d
           └─10-rh-enable-for-ec2.conf
   Active: inactive (dead)
     Docs: man:nm-cloud-setup(8)
  2. If it is enabled, run the following command to disable it:
    systemctl disable nm-cloud-setup.service nm-cloud-setup.timer
reboot
    This command returns output similar to the following:
    [root@ip-172-31-2-112 ~]# systemctl status nm-cloud-setup
● nm-cloud-setup.service - Automatically configure NetworkManager in cloud
   Loaded: loaded (/usr/lib/systemd/system/nm-cloud-setup.service; disabled; vendor preset: disabled)
  Drop-In: /usr/lib/systemd/system/nm-cloud-setup.service.d
           └─10-rh-enable-for-ec2.conf
   Active: inactive (dead)
     Docs: man:nm-cloud-setup(8)

Stand-alone installations

The following table shows requirements for stand-alone App Host installations.

These requirements are in addition to the requirements in the previous table.

Table 2. Requirements for stand-alone App Host installations
Requirement Description
User account

The App Host requires a user account on the system with sudo privileges.
Disk partitions
Ensure that the partitions that host the following directories have enough free disk space. The following list shows the minimum amounts.
  • 20 GB for /
  • 400 MB for /boot
  • 70 GB for /var/lib
  • 10 GB for /var/log

You can use Logical Volume Manager (LVM) to manage the partitions.
Packages
The following packages must be installed.
  • createrepo package
  • container-selinux package

For more information about installing the packages, see Changed in 51.0.0.0 Installing the App Host stand-alone software.