envision vmdeployment guide

RSA enVision 4.1

Virtual Deployment Guide

Contact Information

Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com

Trademarks

RSA, the RSA Logo, RSA enVision, RSA Event Explorer and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective owners. For a list of EMC trademarks, go to www.rsa.com/legal/trademarks_list.pdf.

License agreement

This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.

No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.This software is subject to change without notice and should not be construed as a commitment by EMC.

Third-party licenses

This product may include software developed by parties other than RSA. The text of the license agreements applicable to third-party software in this product may be viewed in the thirdpartylicenses.pdf file.

Portions of this application include technology used under license from Visual Mining, Inc. 2000 - 2010.

Portions of this application include iAnywhere technology, 2001 - 2010.

Note on encryption technologies

This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption technologies, and current use, import, and export regulations should be followed when using, importing or exporting this product.

Distribution

Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.

EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2011 EMC Corporation. All Rights Reserved. Published in the USA.September 2011.

www.rsa.com

www.rsa.com/legal/trademarks_list.pdf

RSA enVision 4.1 Virtual Deployment Guide

Contents

Preface................................................................................................................................... 5About This Guide................................................................................................................ 5

RSA enVision Documentation............................................................................................ 5

Related Documentation....................................................................................................... 6

Support and Service ............................................................................................................ 6

Before You Call Customer Support............................................................................. 7

Chapter 1: Virtual Deployment of RSA enVision ........................................ 9Before You Begin ............................................................................................................... 9

Virtual Infrastructure Overview.......................................................................................... 9

RSA enVision Virtual Deployment .................................................................................. 10

Virtual Deployment Models ...................................................................................... 10

Chapter 2: RSA enVision Virtual Deployment Requirements ........... 13License Requirements ....................................................................................................... 13

Microsoft Windows License Requirements............................................................... 13

RSA enVision License Requirements........................................................................ 13

Client Machine Requirements........................................................................................... 14

VMware ESX or ESXi Host Requirements ...................................................................... 15

Virtual Machine Minimum Configuration Requirements................................................. 15

Single Appliance Site................................................................................................. 15

Remote Collector ....................................................................................................... 16

Virtual Machine Infrastructure Qualified ......................................................................... 16

Chapter 3: Setting Up a Virtual RSA enVision Appliance ................... 17Obtain VMware vCenter Server or ESX Host or ESXi Host Information ....................... 17

Setting Up the Virtual RSA enVision Appliance.............................................................. 17

Create a Virtual Machine .................................................................................................. 18

Create an ISO Image of Microsoft Windows Server 2003 R2 .................................. 20

Verify Virtual Machine Creation ...................................................................................... 21

Edit a Virtual Machine...................................................................................................... 22

Install Microsoft Windows Server 2003 R2 ..................................................................... 24

Configure VMware High Availability for RSA enVision ................................................ 24

Add a Cluster ............................................................................................................. 25

Add a Host ................................................................................................................. 25

Chapter 4: Configure RSA enVision ................................................................. 27Log On to the Virtual RSA enVision Appliance .............................................................. 27

Configure a Single Appliance Site.................................................................................... 27

Configure a Remote Collector Site ................................................................................... 28

Chapter 5: Troubleshooting ................................................................................... 29Run Script in Windows Vista or Windows 7.................................................................... 29

Windows Script Execution Policy .................................................................................... 30

Contents 3


Overcoming the Another Task in Progress Error.............................................................. 30

Glossary ............................................................................................................................. 31

4 Contents


Preface

About This Guide

This guide describes how to deploy an RSA enVision single appliance site or Remote Collector on a virtual infrastructure. Use this guide in conjunction with the Configuration Guide. The intended audience for this guide are the VMware administrator who create the virtual machine (VM) and the enVision administrator who configure the RSA enVision virtual appliance.

RSA enVision Documentation

For information about the RSA enVision platform, see the following documentation:

Release Notes. Provides information about what is new and changed in this release, as well as workarounds for known issues. The latest version of the Release Notes is available on RSA SecurCare Online at https://knowledge.rsasecurity.com.

Overview Guide. Provides an introduction to RSA enVision platform features and capabilities.

Hardware Setup and Maintenance Guide. Provides instructions on setting up and maintaining RSA enVision appliances. Intended audience is the system administrator.

Configuration Guide. Provides instructions on configuring an RSA enVision site. Intended audience is the system administrator.

Migration Guide. Provides instructions on migrating data from a previous version of the RSA enVision platform to the current version.

Virtual Deployment Guide. Provides instructions on installing an RSA enVision single appliance site or Remote Collector on a virtual infrastructure.

Administrator’s Guide. Provides instructions on the basic setup and maintenance of the RSA enVision platform. Includes instructions for the most common administrator tasks.

User’s Guide. Provides information that helps users to get started using the RSA enVision platform. Includes instructions for the most common user tasks.

Backup and Recovery Guide. Provides instructions on backing up an RSA enVision system and recovering from a hardware failure.

Security Configuration Guide. Provides an overview of security configuration settings in the RSA enVision platform.

Universal Device Support Guide. Describes how to add log collection and analysis support for event sources that the RSA enVision platform does not support.

RSA enVision Help. Provides comprehensive instructions on setting up RSA enVision processing options and using RSA enVision analysis tools.

Preface 5

https://knowledge.rsasecurity.com


RSA continues to assess and improve the documentation. Check RSA SecurCare Online for the latest documentation.

Related Documentation

For information about the RSA enVision Event Explorer module, see the following documentation:

Release Notes. Provides information about what is new and changed in this release, as well as workarounds for known issues.

Installation Guide. Provides instructions on installing the RSA enVision Event Explorer module on your client machine in separate guides for Microsoft Windows and Apple Macintosh operating systems. Intended audience is the end user.

RSA enVision Event Explorer Help. Provides comprehensive instructions on setting up and using the RSA enVision Event Explorer module.

For information about the RSA enVision EventSource Integrator, see the following documentation:

Release Notes. Provides information about what is new and changed in this release, as well as workarounds for known issues.

Overview Guide. Provides an introduction to RSA enVision EventSource Integrator features and capabilities.

RSA enVision EventSource Integrator Help. Provides comprehensive instructions on using RSA enVision Event Source Integrator.

Support and Service

RSA SecurCare Online offers a knowledgebase that contains answers to common questions and solutions to known problems. SecureCare Online also offers information on new releases, important technical news, and software downloads.

The RSA Secured Partner Solutions Directory provides information about third-party hardware and software products that have been certified to work with RSA products. The directory includes Implementation Guides with step-by-step instructions and other information about interoperation of RSA products with these third-party products.

RSA SecurCare Online https://knowledge.rsasecurity.com

Customer Support Information www.rsa.com/support

RSA Secured Partner Solutions Directory www.rsasecured.com

6 Preface

https://knowledge.rsasecurity.com

www.rsa.com/support

www.rsasecured.com


Before You Call Customer Support

Make sure that you have direct access to the computer running the RSA enVision software.

Please have the following information available when you call:

One of the following:

• On a 60-series appliance, the serial number of the appliance.You can find the seven-character serial number on the chassis tag on the back of the appliance, or open a Dell Openmanage Server Administrator session, and click System > Properties > Summary to find the serial number in the chassis service tag field.

• On a virtual appliance, the serial number of the RSA enVision software.Open the C:\WINDOWS\system32\drivers\etc\Nie-oe.dat file, and locate the line that begins with “S/N=”.

RSA enVision software version number.

The name and version of the operating system under which the problem occurs.

On a virtual appliance, the VMware ESX or ESXi server details.

Preface 7


1 Virtual Deployment of RSA enVision

• Before You Begin

• Virtual Infrastructure Overview

• RSA enVision Virtual Deployment

Before You Begin

RSA recommends that you go through the following tasks before executing the RSA enVision virtual implementation:

• Familiarize yourself with VMware concepts. For more information on these concepts, see the VMware product documentation.

• Understand RSA enVision virtual deployment and the VMware features supported by the enVision virtual deployment. For more information, see “RSA enVision Virtual Deployment” and “Virtual Infrastructure Overview”.

• Identify the software and hardware requirements. For more information, see “RSA enVision Virtual Deployment Requirements” on page 13.

• Refer to the virtual infrastructure that RSA has qualified. For more information, see “Virtual Machine Infrastructure Qualified” on page 16.

Virtual Infrastructure Overview

You can deploy RSA enVision on a VMware infrastructure. The enVision virtual deployment is supported only on VMware ESX 4.0 and 4.1 and ESXi 4.1.

A VMware infrastructure typically consists of multiple VMware vCenter Servers, each of which manages several ESX or ESXi hosts.

You must be familiar with the following concepts to set up a virtual deployment of the enVision platform.

• VMware vCenter Server

• VMware ESX or ESXi host

• Virtual machine (VM)

• Thin provisioning

• VMware Host VMotion and Storage VMotion

• VMware High Availability (HA)

For information on these VMware concepts, see the VMware product documentation.

1: Virtual Deployment of RSA enVision 9


RSA enVision Virtual Deployment

You use the RSA enVision virtual deployment kit (buildbuildnumber_g3.zip) to create a virtual machine in a network within the virtual infrastructure and to deploy enVision on the virtual machine. You then use the enVision Configuration Wizard to configure the virtual appliance as a single appliance site or as a Remote Collector site.

RSA enVision 4.1 supports moving a virtual appliance using VMware Host VMotion and Storage VMotion. You can move the virtual appliance to a new ESX or ESXi host or to a new datastore without any interruption.

RSA enVision 4.1 supports VMware HA for single appliance site and remote Collector sites. Using the HA feature, virtual machines can be automatically restarted in the event of hardware failure. HA minimizes downtime and IT service disruption while eliminating the need for dedicated stand-by hardware and the installation of additional software.

For information on moving a virtual appliance using Host VMotion, Storage VMotion, and VMware HA, see the VMware product documentation.

Virtual Deployment Models

You can deploy the following RSA enVision sites in a virtual infrastructure:

• Single appliance site

• Remote Collector site

Single Appliance Site

You can deploy a single appliance site on a virtual machine on an ESX or ESXi host. You can deploy multiple single appliance sites, each on a separate virtual machine. The event sources and the client system connect to the ESX or ESXi host. You run RSA enVision Event Explorer or the enVision web UI from the client system.

10 1: Virtual Deployment of RSA enVision


The following figure shows the deployment of multiple virtual single appliance sites.

Remote Collector Site

You can deploy a Remote Collector (RC) on a virtual machine on an ESX or ESXi host and configure the RC (Site 2) to communicate with a multiple appliance site (Site 1). You can deploy multiple remote collectors, each on a separate virtual machine. The event sources and the multiple appliance site connect to the ESX or ESXi host. The client system on which you run Event Explorer or the enVision web UI connects to the multiple appliance site.

Note: You must ensure that remote collectors and the RSA enVision appliance communicate with each other and the RC version is less than or equal to that of the LS site.

1: Virtual Deployment of RSA enVision 11


The following figure depicts the deployment of multiple virtual Remote Collector sites.

Note: A multiple appliance site can have up to 16 RCs. The RCs can be a combination of physical and virtual appliances.

12 1: Virtual Deployment of RSA enVision


2 RSA enVision Virtual Deployment Requirements

• License Requirements

• Client Machine Requirements

• VMware ESX or ESXi Host Requirements

• Virtual Machine Minimum Configuration Requirements

• Virtual Machine Infrastructure Qualified

License Requirements

You must have the required license keys for the virtual deployment of RSA enVision.

Microsoft Windows License Requirements

You must have a licensed 64-bit version of the Microsoft Windows Server 2003 R2 operating system. You must have one license key for each virtual machine that you want to set up.

RSA enVision License Requirements

You must download the RSA enVision license keys from https://download.rsasecurity.com. Ensure that you download one license key for each virtual appliance that you want to set up.

You must store the license keys in a folder that you can access from the client machine. The extension of the license key file is .ini.

Note: If you have not received an e-mail with license information, contact RSA Customer Support.

2: RSA enVision Virtual Deployment Requirements 13

https://download.rsasecurity.com

https://download.rsasecurity.com


Client Machine Requirements

Set up a client machine, from which you deploy RSA enVision using the enVision virtual deployment kit. The client machine must meet the following requirements.

Operating System One of the following 64-bit operating systems:

• Windows Server 2008 R2 or Windows Server 2008 with Service Pack 2

• Windows Server 2003 with Service Pack 2

• Windows 7

• Windows Vista with Service Pack 1 or Service Pack 2

• Windows XP with Service Pack 3

Software All of the following:

• Microsoft Windows PowerShell 2.0

• Microsoft .NET Framework 2.0 and higher

• VMware PowerCLI 4.1

• vSphere Client

Important: If the operating system is Windows XP 64-bit, RSA recommends that you use PowerShell 2.0, which is available for Windows Server 2003 64-bit version.

Important: To download PowerCLI 4.1 from the VMware portal, go to the VMware web site. VMware PowerCLI does not work with free versions of VMware ESX or ESXi host. For instructions on deploying enVision on a free version of ESX or ESXi host, contact RSA Professional Services.

Disk Space 3 GB

14 2: RSA enVision Virtual Deployment Requirements


VMware ESX or ESXi Host Requirements

The ESX or ESXi host on which the RSA enVision virtual deployment kit creates the virtual machine must meet the following requirements.

Important: RSA enVision virtual deployment is only supported on a 64-bit ESX server.

Virtual Machine Minimum Configuration Requirements

Depending on the deployment that you want, you must select the minimum configuration requirements for the virtual machine.

Note: For instructions on editing the configuration for a virtual machine, see the VMware product documentation.

Single Appliance Site

The virtual machine on which you deploy a single appliance site must meet the following requirements.

VMware Infrastructure One of the following:

• VMware ESX 4.0

• VMware ESX 4.1

• VMware ESXi 4.1

Client vSphere Client or Web Access through a web browser

Datastore 310 GB for each virtual appliance (thin client)

Number of virtual CPUs 2

RAM size 4 GB

Virtual machine hard disk size C Drive: 30 GB

D Drive: 30 GB

E Drive: 250 GB

2: RSA enVision Virtual Deployment Requirements 15


Remote Collector

The virtual machine on which you deploy a Remote Collector must meet the following requirements.

Virtual Machine Infrastructure Qualified

The recommendations mentioned in this chapter are based on the setups and configurations used for qualification at RSA.

Virtual machines are deployed and qualified for the following ESX servers with versions and hardware configurations as mentioned in the following table:

Number of virtual CPUs 2

RAM size 4 GB

Virtual machine hard disk size C Drive: 30 GB

D Drive: 30 GB

E Drive: 250 GB

ESX ServerVersion and Hardware Configuration

ES Setup Utilisation

Unexpended or Remaining configuration

ESX Server 1 ESX version 4.1.0

HP Proliant DL 585 G2 (Dual core AMD Opteron)

4 CPUs x 2.612 GHz

65 GB RAM

VMXNET3 Driver

One ES Setup

2 vCPUs

4 GB RAM

One RC setup

2 vCPUs

4 GB RAM

57 GB RAM

ESX Server 2 ESX version 4.0.0

HP Proliant DL 585 G5 (Quad core AMD Opteron)

16 CPUs x 2.411 GHz

73 GB RAM

VMXNET3 Driver

One ES Setup

2 vCPUs

4 GB RAM

One RC setup

2 vCPUs

4 GB RAM

10 vCPUs

65 GB RAM

ESX Server 3 ESXi Version 4.1.0

HP Proliant DL 585 G7

32 CPUs x 3.294 GHz

73 GB RAM

VMXNET3 Driver

One ES Setup

2 vCPUs

4 GB RAM

One RC setup

2 vCPUs

4 GB RAM

26 vCPUs

65 GB RAM

16 2: RSA enVision Virtual Deployment Requirements


3 Setting Up a Virtual RSA enVision Appliance

• Obtain VMware vCenter Server or ESX Host or ESXi Host Information

• Setting Up the Virtual RSA enVision Appliance

• Create a Virtual Machine

• Verify Virtual Machine Creation

• Edit a Virtual Machine

• Install Microsoft Windows Server 2003 R2

• Configure VMware High Availability for RSA enVision

Obtain VMware vCenter Server or ESX Host or ESXi Host Information

You must have a user account to access the VMware vCenter Server, ESX host, or ESXi host. The user account must have administrative privileges on the vCenter Server, ESX host, or ESXi host. You can use the same user account to access the vCenter Server or ESX host or ESXi host using the vSphere Client.

To obtain the vCenter Server or ESX host or ESXi host information:

Contact the VMware administrator for the following information:

• Server address - The IP address of the vCenter Server or ESX host or ESXi host

• User name - The user name of the account with which you can create a virtual machine on the ESX or ESXi host

• Password - The password of the account with which you can create a virtual machine on the ESX or ESXi host

Note: You must use an administrative account with permissions to create a virtual machine on the ESX or ESXi host.

Setting Up the Virtual RSA enVision Appliance

To set up the virtual RSA enVision appliance, complete the following tasks:

1. Create a Virtual Machine

2. Verify Virtual Machine Creation

3. Install Microsoft Windows Server 2003 R2

3: Setting Up a Virtual RSA enVision Appliance 17


Create a Virtual Machine

In the RSA enVision virtual deployment kit (buildbuildnumber_g3.zip), run the build_g3.cmd script to create a virtual machine on the ESX or ESXi host. You must not create a virtual machine manually.

The build_g3.cmd script changes the Windows script execution policy to RemoteSigned. For information on execution policy, see “Windows Script Execution Policy” on page 30.

Before You Begin

• Obtain the VMware vCenter Server or ESX or ESXi host information.

• You must have a valid license for the ESX or ESXi host. You must not use a free ESX or ESXi host license.

• Download the RSA enVision virtual deployment kit.

• Ensure that the ESX or ESXi host where you want to create the virtual machine is running.

• Ensure that you meet the requirements for housing a virtual deployment. See “RSA enVision Virtual Deployment Requirements.”

Important: If the client machine is running on a 64-bit version of Windows Vista or Windows 7 and you run the build_g3.cmd script from the Windows console, the script shows errors or terminates the virtual machine creation. You must run the script from the command prompt with administrator privileges. For instructions, see “Run Script in Windows Vista or Windows 7” on page 29.

To create a virtual machine:

1. From the client machine, run the build_g3.cmd script. The script copies the enVision files to the C:\RSATemp directory by default on the client machine. You can select a different location to copy the enVision files.

2. On the vCenter Server or ESX Host Login page, follow these steps:

a. Select Create a VM.

b. In the IP Address field, enter the IP address of the vCenter Server or the ESX host or the ESXi host.

c. In the User Name field, enter the user name of an account that has administrator privileges on the vCentre Server or the ESX host or the ESXi host.

d. In the Password field, enter the password.

e. Click Next.

3. When prompted for the enVision license, browse to the folder where you stored the enVision license, and click OK. You must ensure that you select the correct path for the enVision license.

18 3: Setting Up a Virtual RSA enVision Appliance


4. If you have created the ISO image of Windows Server 2003 R2 and copied it to the ESX or ESXi server, select Yes, and go to step 6.If you have created the ISO image of a Windows Server 2003 R2 build that is not expanded on your hard drive, you can perform either of these two options:

– Copy the ISO file manually on the ESX or ESXi Server and select Yes. Once, you copy the ISO file manually, the script automatically locates the ISO file and lists it in the CD drop-down list.

– Expand the ISO files to a virtual drive using solutions like PowerISO.

5. If you have not created an ISO image of Windows Server 2003 R2, follow these steps:

a. Select No, and click Next.

b. Create an ISO image. For instructions, see “Create an ISO Image of Microsoft Windows Server 2003 R2” on page 20.

c. Go to step 7.

6. On the Windows Server 2003 R2 ISO image page, follow these steps:

a. From the Datastore drop-down list, select the shared datastore where you stored the ISO images.

b. From the CD-1 drop-down list, select the ISO image of CD1.

c. From the CD-2 drop-down list, select the ISO image of CD2.

d. Click Next.

7. On the Virtual Machine Details page, follow these steps:

a. In the Number of Virtual Machines to deploy field, enter the number of virtual machines that you want to create.

b. From the Host drop-down list, select the ESX or ESXi host on which to create the virtual machines.

c. From the Datastore drop-down list, select the datastore on which to create the virtual machines.

d. From the Network drop-down list, select the network on which to create the virtual machines.

e. In the Enable thin provisioning field, do one of the following:

• To create the virtual disk in thin format, select Yes.

• To create the virtual disk in thick format, select No.For more information on thin provisioning, see the VMware product documentation.

f. Enter the directory name click Next.

8. On the Virtual Machine Configuration page, follow these steps:

a. Click the View recommended configuration link to see the recommended minimum configuration for a virtual single appliance or a virtual remote collector site.



b. In the Virtual machine name field, enter a unique name for the virtual machine.

c. In the Number of virtual CPUs field, enter the number of virtual CPUs that you want to allocate for the virtual machine.

d. In the RAM size field, enter the amount of RAM in GB that you want to allocate for the virtual machine.

e. You must enter the disk size for the virtual hard drives on the virtual machine:

– In the C Drive field, enter the disk size in GB that you want to allocate

– In the D Drive field, enter the disk size in GB that you want to allocate

– In the E Drive field, enter the disk size in GB that you want to allocate

f. Click Next.

Note: When the system displays the “Another task is already in progress” message during installation, run the build_g3.cmd script again. If the problem still persists, restart the VMware management agent and perform the steps mentioned in Overcoming the Another Task in Progress Error on page 30.

9. Wait until the virtual machine is created on the ESX or ESXi host.

10. If you are creating more than one virtual machine, repeat step 8 and step 9 until you have configured each virtual machine that you want to create.

11. When a confirmation message appears, indicating that the virtual machines have been created on the ESX or ESXi host, click Close.

Next Steps

Use the vSphere Client to verify the virtual machine creation. For instructions, see “Verify Virtual Machine Creation” on page 21.

Create an ISO Image of Microsoft Windows Server 2003 R2

Important: You must ensure that you select the correct location in which you have the source files for Windows Server 2003 R2.

To create an ISO image of Microsoft Windows Server 2003 R2:

1. Browse to the location where you stored CD1 of Windows Server 2003 R2 and select the folder, or insert CD1 of Windows Server 2003 R2 in the CD or DVD drive and select the drive.

2. Click OK.

3. Wait until the ISO image of CD1 is created.

4. Browse to the location where you stored CD2 of Windows Server 2003 R2 and select the folder, or insert CD2 of Windows Server 2003 R2 in the CD or DVD drive and select the drive.



5. Click OK.

6. Wait until the ISO image of CD2 is created.

7. From the Datastore drop-down list, select the datastore where you want to store the ISO images

8. Click Next.

Note: You must store the ISO images on a datastore which is shared by all ESX or ESXi hosts.

Verify Virtual Machine Creation

Before You Begin

• Create the virtual machine on the ESX or ESXi host.

• Ensure that you have the VMware vCenter Server, ESX host, or ESXi host information.

To verify the virtual machine creation:

1. Launch the VMware vSphere Client application.

2. In the VMware vSphere Client logon dialog box, follow these steps:

a. In the IP Address / Name field, enter the IP address or name of the vCenter Server or the ESX host or the ESXi host.

b. In the User name field, enter the user name of an account that has administrator privileges on the vCenter Server or ESX host or the ESXi host.

c. In the Password field, enter the password.

d. Click Login.

3. In the vSphere Client inventory list, verify that you can view the new virtual machines that you created. The virtual machines are powered ON, and a green right arrow appears next to each virtual machine icon.

4. Right-click on the recently created virtual machine and click Edit Settings.

5. On the Virtual Machine Properties page, verify if the following are displayed:

– 4 network adapters

– 4 CD drives

– 3 virtual disks

If any of the above is missing, you must follow the steps in “Overcoming the Another Task in Progress Error” on page 30.

Next Steps

Install the Windows Server 2003 R2 operating system on the virtual machine. For instructions, see “Install Microsoft Windows Server 2003 R2” on page 24.



Edit a Virtual Machine

You can edit the following details of a Virtual Machine:

• RSA enVision license

• RSA enVision G3 ISO

• Contents of CD1 or CD2 of Windows Server 2003 R2

In the RSA enVision virtual deployment kit (buildbuildnumber_g3.zip), run the build_g3.cmd script to edit a virtual machine on the ESX or ESXi host.

To edit a Virtual Machine:

1. From the client machine, run the script build_g3.cmd.The script copies the enVision files to the C:\RSATemp directory by default on the client machine. You can select a different location to copy the enVision files.

2. On the ESX host Login page, follow these steps:

a. Select Edit a VM.

b. In the IP Address field, enter the IP address of the vCenter Server or the ESX host.

c. In the User Name field, enter the user name of an account that has administrator privileges on the vCenter Server or the ESX host.

d. In the Password field, enter the password.

e. Click Next.

3. On the Modify the Virtual Machine page, either select a VM or enter the VM Name that you want to modify.

4. Click Next.

5. On the Select the options to modify page, select from the following options:

– RSA enVision G3 ISO

– RSA enVision license

– CD1 for Windows CD-1 ISO

– CD2 for Windows CD-2 ISO

The system prompts you to provide your inputs depending on the options that you select.

6. If you select the RSA enVision G3 ISO option, click Next and perform the following steps:

a. Select the enVision G3 image file and click Open.

b. From the Datastore drop-down list, select the shared datastore where you store the ISO images.

c. Click Next.

d. Enter the directory name of the datastore to upload the ISOs and click Next.



7. If you have select RSA enVision license, click Next and perform the following steps:

a. Select the folder where you store the enVision licenses and click OK.

b. From the Datastore drop-down list, select the shared datastore where you stored the ISO images.

c. Click Next.

d. Enter the directory name of the datastore to upload the ISOs and click Next.

8. If you have selected CD1 for Windows CD1 ISO, click Next.

9. If you have already created an ISO image of Windows Server 2003 R2, select Yes, and go to step 11.




c. Go to step 11.




c. Click Next.

12. If you have selected CD2 for Windows CD2 ISO, click Next.

13. If you have already created an ISO image of Windows Server 2003 R2, select Yes, and go to step 15.




c. Go to step 15.




c. Click Next.

16. When a confirmation message appears, indicating that the virtual machine has been updated on the ESX or ESXi host, click Close. Click Modify another VM to edit another VM. You can use the VM without rebooting it if you plan to update another VM.



Install Microsoft Windows Server 2003 R2

Before You Begin

• Verify the creation of the virtual machine on the ESX or ESXi host.

• Ensure that you have the license key for Windows Server 2003 R2.

To install the Windows operating system:

1. In the vSphere Client inventory list, right-click the new virtual machine icon, and select Open Console.

2. When prompted, enter the Windows Server 2003 R2 license key.

Note: You must enter the correct license key for the Windows 2003 OS distribution. For example, if you specify a Windows Standard license key for a Windows 2003 Enterprise ISO disk 1 and disk 2, the windows setup fails.

3. When prompted to confirm that you entered the correct license key, do one of the following:

• Press Y, if you entered the correct license key.

• Press N, if you entered a wrong license key. When prompted, re-enter the license key.

After the Windows operating system is installed, the virtual machine restarts.

Next Steps

Log on to the virtual enVision appliance and configure the enVision site. For instructions, see Chapter 4, “Configure RSA enVision.”

Configure VMware High Availability for RSA enVision

You can use the VMware HA feature to overcome any availability constraints and support a failover for all running virtual machines on a specified number of hosts.

Before You Begin

• Add a cluster. For information on creating a cluster, see Add a Cluster on page 25.

• Add two hosts for each cluster. For information on creating a host, see Add a Host on page 25. You must ensure that the hosts have a shared datastore.

• Each host must have a minimum of one virtual machine.

To enable VMware HA:

1. In the vSphere Client, display the cluster in the inventory list.

2. Right-click the cluster and select Edit Settings.

3. In the left pane of the Cluster dialog box, click Cluster Features.



4. Select Turn on VMware HA to enable VMware HA.

5. Click OK.When VMware HA is enabled, if a host fails, the vCenter Server automatically restarts the virtual machines on a different host.

Add a Cluster

You can use a cluster to have a collection of ESX or ESXi hosts and associated virtual machines with shared resources.

To add a cluster:

1. Log on to the vSphere Client. The vSphere Client must be connected to a vCenter Server system to add a cluster.

2. In the inventory, display the datacenter where you want to place the cluster.

3. Right-click the datacenter and select New Cluster.

4. In the Name field, enter the name of the cluster.

5. Select Turn on VMware HA to enable VMware HA.When VMware HA is enabled, the vCenter Server automatically restarts virtual machines on a different host in the cluster if a host fails.

6. Keep all the default settings and click Next. Review the configuration of the new cluster, and make any required changes. You must not change any default settings while clicking Next.

7. Click Finish.

Important: After you add a cluster, you must add a minimum of two hosts to enable the HA feature.

Add a Host

You must add a minimum of two hosts to the cluster to enable HA.

To add a host:

1. Log on to the vSphere Client. The vSphere Client must be connected to a vCenter Server system to add a host.

2. In the inventory, select the datacenter or cluster where you wish to add the host.

3. Right-click the cluster and select Add Host.

4. In the Host field, enter the name or IP address of the host.

5. Enter the Username and Password for a user account with administrative privileges on the selected host.vCenter Server uses the root account to log on to the system and then creates a special user account. vCenter Server uses this account for all future authentication.

6. Keep all the default settings and click Next. Click Next. Keep all the default settings until you reach the page.



7. Click Finish in the Ready to Complete.After you complete the steps, vCenter checks for the conditions that prevent the host from being added to the inventory. If vCenter Server gives an error message, you must correct the error before you proceed.

For more information on adding a host, see the VMware product documentation.



4 Configure RSA enVision

• Log On to the Virtual RSA enVision Appliance

• Configure a Single Appliance Site

• Configure a Remote Collector Site

Log On to the Virtual RSA enVision Appliance

Before You Begin

Ensure that you know the default logon credentials for the RSA enVision appliance.

To log on to the virtual enVision appliance:

1. To open the logon dialog box, press CTRL+ALT+DEL.

2. In the User name field, enter the default user name for the enVision appliance.

3. In the Password field, enter the default password for the enVision appliance.

4. Click OK.

Note: For information on the default passwords for the RSA enVision appliance, see “Changing Passwords” in the Hardware Guide Appendix.

Next Steps

Depending on the type of site that you want to configure, do one of the following:

• Configure the virtual enVision appliance as a single appliance site. For instructions, see “Configure a Single Appliance Site” on page 27.

• Configure the virtual enVision appliance as a Remote Collector. For instructions, see “Configure a Remote Collector Site” on page 28.

Configure a Single Appliance Site

Before You Begin

Log on to the virtual enVision appliance.

To configure a single appliance site:

1. On the virtual enVision appliance, browse to the C:\Windows\Installations directory.

2. To launch the enVision Configuration Wizard, double-click the lsconfigurationwizard.exe file.

4: Configure RSA enVision 27


3. Complete the enVision site configuration. For instructions, see “Single Appliance Site” in the Configuration Guide. When prompted for the enVision license, browse to the virtual drive where the ISO image of the license is stored and apply the license.

Next Steps

Set up RSA enVision. For more information, see the Help topic “RSA enVision Setup Tasks.”

Configure a Remote Collector Site

Before You Begin

Log on to the virtual RSA enVision appliance.

Important: You must ensure that the remote collector and the RSA enVision appliance communicate with each other.

To configure a Remote Collector:

1. On the virtual enVision appliance, browse to the C:\Windows\Installations directory.

2. To launch the enVision Configuration Wizard, double-click the lsconfigurationwizard.exe file.

3. Complete the enVision site configuration. For instructions, see the chapter “Remote Collector Site” in the Configuration Guide. When prompted for the enVision license, browse to the virtual drive where the ISO image of the license is stored and apply the license.

Next Steps

Set up RSA enVision. For more information, see the Help topic “RSA enVision Setup Tasks.”

28 4: Configure RSA enVision


5 Troubleshooting

• Run Script in Windows Vista or Windows 7

• Windows Script Execution Policy

• Overcoming the Another Task in Progress Error

Run Script in Windows Vista or Windows 7

In the 64 bit version of Windows Vista or Windows 7 operating systems, if you run the build_g3.cmd script from the Windows console:

Windows Vista. An error message,

“A required privilege is not held by the client.”

is shown on the PowerShell console. However, the build_g3.cmd script continues and creates the virtual machines.

Windows 7. An error message,

“Access to the registry key ‘HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell’ is denied.”

is shown on the PowerShell console. The build_g3.cmd script terminates and stops the virtual machine creation.

To avoid this, you must run the script from the command prompt with administrator privileges.

To run the script from the command prompt with administrator privileges:

1. Right-click the build_g3.cmd script and select Run as Administrator.

2. In the command prompt, you must change the path to the folder where you store the build_g3.cmd script.C:\Windows\system32>cd <folder_path>

where, <folder_path> is the path where you have stored the script.

3. To run the script, type:build_g3.cmd

4. Press ENTER.

The script copies the enVision files to the C:\RSATemp directory on the client machine by default. You can select a different drive to copy the enVision files.

Next Steps

Follow the on-screen instructions and create the virtual machines. For instructions, see “To create a virtual machine:” on page 18.

5: Troubleshooting 29


Windows Script Execution Policy

The Windows script execution policy determines whether you can run scripts on the client machine.

The build_g3.cmd script changes the execution policy on the client machine to RemoteSigned. After the virtual machine is deployed, the script changes the execution policy to the original value. If the execution policy is already set to RemoteSigned, the execution policy is not changed.

You can manually check the current value set for the execution policy in the Windows PowerShell console. Type:

get-executionpolicy

The current value set for the execution policy displays in the Windows PowerShell console.

Overcoming the Another Task in Progress Error

While creating a virtual machine, you might see an error stating that another task is already in progress. This error creates an erroneous virtual machine. You must perform the following steps to rectify this error and create a new virtual machine.

1. Restart the VMware management agents on the ESX or ESXi server. For detailed instruction on restarting the VMware management agents, see Restarting VMware Management Agents on an ESX or ESXi Server.

2. Manually delete the virtual machine from the ESX or the ESXi server for which the error occurred.

3. Repeat the steps in “Create a Virtual Machine” on page 18.

4. Verify if the virtual machine is correctly created. For more information, see “Verify Virtual Machine Creation”on page 21.

30 5: Troubleshooting

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003940


Glossary

A-SRVSee Application Server.

ad hoc reportAn unscheduled report that runs immediately.

ADBSee Asset Database.

administratorA user responsible for setting up and maintaining the RSA enVision platform. An administrator has access to all enVision functions.

alertAn indication that an event, or a sequence of events, requires further investigation. The enVision platform sends alerts based on messages received under a configured set of circumstances such as filters. The administrator defines alerts for each view.

Alert History toolThe RSA enVision tool that is used to display alerts from the events database.

Alerts moduleThe RSA enVision module that provides tools to monitor, display, and configure alerts.

Analysis moduleThe RSA enVision module that provides tools to view, query, and analyze collected data.

applianceThe hardware on which RSA enVision software is deployed. See single appliance site and multiple appliance site.

Application Server (A-SRV)The appliance or component of the RSA enVision platform that supports interactive users and runs the suite of enVision analysis tools. In a single appliance site, the Application Server (A-SRV) is a component of the enVision system. In a multiple appliance site, the A-SRV is installed on its own appliance. See single appliance site and multiple appliance site.

assetA system, such as a host, software system, workstation, or device, that is within a network and makes up the enterprise environment.

Asset Database (ADB)A unified view of assets created by merging data from supported vulnerability assessment (VA) tools and imported asset information in the asset tracking tools. The ADB provides security managers with insight into their operations.

Glossary 31


attribute categoryA group of categories defined by the RSA enVision platform for device and asset attributes. The nine categories are properties, location, organization, owner, physical, function, importance, vulnerability, and zone. Users can define custom categories.

bind reportA group of reports that can be scheduled to run as a single report.

collectionThe process of collecting, analyzing, and storing logs from event sources. the RSA enVision platform stores the logs, with descriptive metadata, in the Log Smart Internet Protocol Database (IPDB).

CollectorThe appliance or component of the RSA enVision platform that captures incoming events. In a single appliance site, the Collector is a component of the enVision system. In a multiple appliance site, the Collector is installed on its own appliance.

Common Storage Directory (CSD)A single directory that contains the configuration and statistical information for data collected on a site. The Common Storage Directory (CSD) can be located on a single appliance site, on the Database Server of a multiple appliance site, or on the Remote Collector of a distributed system.

computer nameSee node.

confidence level filteringA filter defined by the administrator to determine if a supported intrusion detection system (IDS) or an intrusion prevention system (IPS) can be trusted for its truthfulness and applicability. The confidence level detects if a message from an IDS or an IPS should be considered an alert.

Configuration database (nic.db)A repository that stores a user’s configuration settings such as user information, permissions, and views.

correlationA relationship between a set of events and a set of specific conditions.

D-SRVSee Database Server.

Database Server (D-SRV)The appliance or component of the RSA enVision platform that manages access and retrieval of captured events. In a single appliance site, the Database Server (D-SRV) is a component of the enVision system. In a multiple appliance site, the D-SRV is installed on its own appliance. See single appliance site and multiple appliance site.

device See event source.

device classIdentifies the classification of the event source. A device class provides a framework for organizing event sources by their general function.

32 Glossary


device type (dtype)An assigned internal name for an event source that is used by RSA enVision tools and utilities. The dtype value is displayed on the enVision interface, reports, and queries.

EASee Enhanced Availability.

Enhanced Availability (EA)A site with Enhanced Availability (EA) is a multiple appliance site where the Local Collector (LC) functionality runs on Cluster Appliances (CAs).

EPSSee events per second.

event categorySystem-defined or administrator-defined group of messages for alerting and reporting that is assigned across device classes.

Event ExplorerRSA enVision module that provides advanced tools for analysis of real-time and historical data. These tools allow users to sift through logged data and apply security forensics.

event sourceAn asset such as a physical device, software, or appliance that produces a message (log) and is configured to send the log to the RSA enVision platform. Event sources include firewalls, VPNs, antivirus software, operating systems, security platforms, routers, and switches.

events per second (EPS)Events captured per second by the RSA enVision platform.

incident escalationSee task escalation.

incident managementSee task triage.

IPDBSee LogSmart IPDB.

LCSee Local Collector.

Local Collector (LC)A component of an RSA enVision multiple appliance site that captures incoming events. A multiple appliance site can have up to three Local Collectors (LCs). See multiple appliance site.

LogSmart IPDBThe LogSmart Internet Protocol Database (IPDB) stores internet protocol-based information, storing each source element in a separate container. Each log data message is identified by the IP address of the event source from which the message originated. The LogSmart IPDB maps this IP address to the originating event source and determines the format of the incoming message. The log message is the metadata that describes the event.

Glossary 33


message categoryA group of messages. Message categories are hierarchical, consisting of up to five levels: a NIC category, an alert category, and up to three levels of event category.

message variableDefines a type of data that is extracted from message payloads. Message variables are useful when analyzing and reporting on data.

monitored deviceA supported event source that has been configured to send event messages to the RSA enVision platform. The enVision platform collects and stores events from monitored devices.

multiple appliance siteAn RSA enVision site in which each enVision component (Application, Collector, and Database) is on its own appliance.

NICThe acronym used to label many essential RSA enVision components, services, and tools.

NIC databaseSee Configuration database (nic.db).

NIC domainA group of multiple appliance sites that constitute an organization's entire deployment of the RSA enVision platform. One site acts as the NIC domain master site.

NIC message IDA number that identifies a message. This number may or may not be the same as the vendor message ID.

NIC System deviceGenerates event messages to indicate the health and activity of the RSA enVision platform, such as disk space usage, current EPS, data retrieval statistics, and user activity messages.

NIC_ViewAllows users to monitor the health of the RSA enVision system. The NIC_View alerts users to problems within the enVision software environment.

nodeAn appliance in an RSA enVision site.

output actionConfigured notification method for alerts. The primary output actions are SMTP, SNMP, SNPP, Instant Messenger, syslog, run a command, text file, and task triage.

Overview moduleThe RSA enVision module that provides tools to configure the enVision platform and monitor system health and performance.

RCSee Remote Collector.

34 Glossary


Remote Collector (RC)An optional component of an RSA enVision multiple appliance site that captures incoming events at a remote location. A Remote Collector (RC) runs on its own appliance. Up to 16 RCs can be associated with a site.

Reports moduleThe RSA enVision module that provides tools to run standard network security and traffic analysis reports, or create and run custom reports.

single appliance siteAn RSA enVision site in which all enVision components (Application, Collector, and Database) are on one appliance.

siteThe basis on which the RSA enVision platform is deployed. Each site consists of three main components: Application Server, Collector, and Database Server.

site nameThe name of the site, defined during the configuration of the RSA enVision platform.

standard reportReports that are supplied within the RSA enVision platform for compliance, correlated alerts, event sources, as well as for task triage, and vulnerability and asset management.

task escalationA function that allows users to send tasks to an external application, such as a ticketing system, for offline investigation.

task triageA feature that allows users to group events into tasks for the purpose of investigation. Tasks can be further analyzed in the RSA enVision Event Explorer module, escalated to an external ticketing system, or both.

trace viewA set of parameters that define the information that is displayed in the form of tables and charts. The two forms of trace views are standard and advanced trace views.

UDCSee Universal Device Collection.

Universal Device Collection (UDC)Allows the RSA enVision platform to collect log data from any event source that logs through SNMP, ODBC, or File Reader.

VAMSee vulnerability and asset management.

VDBSee Vulnerability Knowledge Database.

viewAn administrator-defined set of event sources, messages, correlation rules, and criteria, within a single site, for which the RSA enVision platform issues alerts.

Glossary 35


vulnerability and asset managementA feature that provides unified management of assets and vulnerability incident analysis.

Vulnerability Knowledge Database (VDB)An embedded repository of vulnerability information derived from the National Vulnerability Database (NVD).

watchlistA named collection of strings that represent a list of like-values. A watchlist can easily function as a filter for events in reporting and alerting.

36 Glossary

envision vmdeployment guide

Documents