rsa envision 4.0 hardware guide - sys-g-rsa400
TRANSCRIPT
RSA enVision™ Hardware Guide
60 Series
RSA enVision 4.0 Hardware Guide 60 Series Copyright © 1996 - 2009 RSA Security Inc.
enVision, Enterprise Dashboard, and Internet Protocol Database (IPDB) are trademarks of RSA Security Inc. LogSmart is a registered trademark of RSA Security Inc.
All other trademarks, service marks, registered trademarks, registered service marks mentioned in this document are the property of their respective owners.
Information in this document is subject to change without notice. The software described in this document is furnished under a license agreement or nondisclosure agreement. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or any means electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of RSA Security Inc.
RSA Security Inc. 200 Lowder Brook Drive, Suite 2000 Westwood, MA 02090 U.S.A. 781.375.9000
Contents
1. INTRODUCTION ....................................................................................................1-1
Site Deployment......................................................................................................................................... 1-2
2. HARDWARE LAYOUT...........................................................................................2-1
Front Panel ................................................................................................................................................ 2-1 Hard-Drive Indicators ............................................................................................................................. 2-3
Back Panel.................................................................................................................................................. 2-5 Power Indicators ..................................................................................................................................... 2-6
3. SINGLE APPLIANCE SITE....................................................................................3-1
Single Appliance Site Hardware Set Up Tasks ....................................................................................... 3-2
4. MULTIPLE APPLIANCE SITE ...............................................................................4-1
Hardware in Multiple Appliance Site...................................................................................................... 4-1
Multiple Appliance Site Hardware Set Up Tasks................................................................................... 4-2
Multiple Appliance Site - Cabling Examples .......................................................................................... 4-4
Multiple Appliance Site with Enhanced Availability ............................................................................. 4-6
5. REMOTE COLLECTOR SITE ................................................................................5-1
RC Site Hardware Set Up Tasks.............................................................................................................. 5-1
APPENDIX A. HARDWARE SPECIFICATIONS ........................................................ A-1
Hardware Location .................................................................................................................................. A-1
ES Appliance Specifications .................................................................................................................... A-2
LS Appliance Specifications .................................................................................................................... A-3
ES and LS Series Appliance Specifications............................................................................................ A-4
ES Storage Array ..................................................................................................................................... A-6
LS Storage Array ..................................................................................................................................... A-7 EMC Celerra NS22 ................................................................................................................................ A-7 Network Switch ..................................................................................................................................... A-9
Rack......................................................................................................................................................... A-10
RSA enVision Hardware Guide 60 Series iii
Contents
RSA enVision Hardware Guide 60 Series iv
Safety and Regulatory Statements ........................................................................................................ A-11
APPENDIX B. REMEDIATION FOR DELL RAID CONTROLLER BATTERY ISSUE........................................................................................................ B-1
Dell RAID Controller Battery Issue ........................................................................................................B-1
Prevention of Powering Up an Appliance With a Depleted RAID Battery..........................................B-2
APPENDIX C. CUSTOMER-PROVIDED STORAGE ................................................. C-1
EMC Celerra Storage .............................................................................................................................. C-2 NAS Requirements .................................................................................................................................C-2 Network Configuration ...........................................................................................................................C-3 NAS Configuration .................................................................................................................................C-4
CIFS Server .........................................................................................................................................C-4 Local Users..........................................................................................................................................C-4 File Systems/CIFS Shares Combinations ............................................................................................C-5
Enhanced Availability.............................................................................................................................C-6
NetApp® FAS Series................................................................................................................................. C-7 CIFS Shares and Directory Structure ......................................................................................................C-8 Hardware Requirements..........................................................................................................................C-8 Setup Requirements ................................................................................................................................C-9 Connecting RSA enVision Appliances to the NetApp FAS .................................................................C-10 NetApp CIFS File Storage Authentication............................................................................................C-12 NetApp CIFS Configuration .................................................................................................................C-14
APPENDIX D. CHANGING PASSWORDS ON RSA ENVISION APPLIANCES ....... D-1
Changing Password on A-SRV and LC.................................................................................................. D-1
Changing Password on D-SRV................................................................................................................ D-2
Changing Passwords on NAS .................................................................................................................. D-2
Verifying Read/Write Permissions after Changing Passwords............................................................ D-4
Preface This guide contains information on setting up your RSA enVision™ appliance hardware. Use this guide in conjunction with the Configuration Guide.
Audience
The Hardware Guide is for system administrators who need to set up RSA enVision appliances for an enVision site.
Documentation Set
The enVision documentation set consists of the following:
Documentation Description
Hardware Guide Instructions on setting up your RSA enVision appliances. Intended audience is the system administrator.
Configuration Guide Instructions on configuring your RSA enVision site. Intended audience is the system administrator.
Migration Guide Instructions on migrating your data from a previous version of enVision to the current version.
Online Help Comprehensive online guide to setting up enVision processing options and using enVision analysis tools.
Go to https://knowledge.rsasecurity.com and log into RSA SecurCare Online to download all product documentation.
Conventions
This guide uses the following conventions:
Item Formatting
Literals (exact values that the user must type)
Bold font.
Example: Type New Report.
Variables (adjustable values that the user must type)
Bold, italicized font.
Example: Type user-name.
Fields, buttons, menu items, and so forth
Bold font. (Note: Screen names are not bold.)
Example: Type New Report in the Description field on the Report Setup window.
Keys (on the keyboard) Bold font.
Example: Press Enter.
RSA enVision Hardware Guide 60 Series v
Preface
RSA enVision Hardware Guide 60 Series vi
Contact RSA
Contact RSA at:
200 Lowder Brook Drive Suite 2000 Westwood, MA 02090 U.S.A.
Telephone: 781.375.9000
Fax: 781.375.9100
World Wide Web: http://www.rsa.com
Sales
You can purchase enVision directly from RSA’s dedicated team of sales professionals or through RSA’s North American and international resellers. Call RSA at 781.375.9000.
Support and Service
You can contact Technical Support as follows:
By Telephone - Technical support is available during business hours via telephone at 800.995.5095.
Through the Internet - The RSA SecurCare Online support page contains answers to common questions and solutions to known problems. It also provides information on new releases, important technical news, device configuration guides, product documentation, and software downloads. You can visit the RSA SecurCare Online web site at https://knowledge.rsasecurity.com. You can visit RSA Technical Support web site at https://www.rsa.com/support.
1. Introduction RSA enVision™ is a feature-rich compliance and security application. It allows you to capture and analyze log information automatically from your network, security, application, operating and storage environments. The enVision LogSmart® Internet Protocol Database (IPDB) provides the only architecture proven to collect and protect all the data automatically, from any network device, without filtering or agents. It gives you an accurate picture of how your network is being used, and by whom. It independently monitors your network to verify security policies, to generate alerts for possible compliance breaches, and to analyze and report on network performance.
enVision is tightly coupled with its underlying appliance operating system and hardware, and together they comprise a highly scalable platform that provides guaranteed levels of performance.
enVision is made up of three components:
Application – supports interactive users and runs the suite of analysis tools
Collector – captures incoming events
Database – manages access and retrieval of captured events
RSA enVision Hardware Guide 60 Series 1-1
1. Introduction
RSA enVision Hardware Guide 60 Series 1-2
Site Deployment
enVision is deployed on a site basis. The enVision components are deployed based on the type of site you have. The two types of sites are:
Single appliance site. The ES series appliances are designed to operate in a stand-alone, nondistributed mode. They have all three enVision components―Application, Collector, and Database―installed on one appliance. The single appliance is a site. Some single appliance sites have an external storage system. See Chapter 3 “Single Appliance Site Hardware,” for information on a single appliance site.
Multiple appliance site. The LS series appliances are designed to operate in a distributed installation. Each enVision component―Application, Collector, and Database―is on its own appliance. The appliances together form a site. Distributed multiple appliance sites allow multiple installations of any of the three appliance types to be deployed to manage the variety of network infrastructures found in production environments. All multiple appliance sites have external storage systems. See Chapter 4 “Multiple Appliance Site Hardware” for information on a multiple appliance site.
See Chapter 5 “Remote Collector Site” for information on connecting a Remote Collector site with a multiple appliance site.
2. Hardware Layout The hardware layouts of the ES and LS series appliance hardware types are the same. This chapter describes the layout of the following:
Front panel
Hard-drive indicators
Back panel
Power indicators
The internal specification of the ES and LS series appliance hardware differ. See Appendix A “Hardware Specifications” for information on the hardware specifications.
Front Panel
Here is the front panel of the RSA enVision appliance:
Item Indicator, Button, or Connector
Icon Description
1 Power-on indicator, power button
Lights when the system power is on.
The power button has been disabled for security purposes.
2 NMI button Use to troubleshoot software and device driver errors when using certain operating systems.
Use this button only if directed to do so by qualified support personnel or by the operating system's documentation.
3 System identification button
Use to locate a particular system within a rack. When you push one of these buttons, the LCD panel on the front and the blue system status indicator on the back blink, so that you can easily locate the back of the appliance in a rack. The LCD panel and system status indicator blink until you push one of the buttons again.
RSA enVision Hardware Guide 60 Series 2-1
2. Hardware Layout
Item Indicator, Button, or Connector
Icon Description
4 LCD panel Provides system ID, status information, and system error messages. The LCD lights during normal system operation. Both the systems management software and the identification buttons located on the front and back of the system can cause the LCD to flash blue to identify a particular system.
The LCD lights amber when the system needs attention, and the LCD panel displays an error code followed by descriptive text.
Note: If the system is connected to AC power and an error has been detected, the LCD lights amber regardless of whether the system has been powered on.
5 USB connectors (2)
Use to connect USB 2.0-compliant devices to the system.
6 Video connector
Use to connect a monitor to the system.
7 Hard drives (6) Six 3.5-inch hot plugs.
The appliance contains two disks.
8 Optical drive (CD/DVD)
One CD/DVD drive.
RSA enVision Hardware Guide 60 Series 2-2
2. Hardware Layout
Hard-Drive Indicators
The hard-drive carriers have two indicators:
Drive-activity indicator
Drive-status indicator
Here are the hard-drive indicators:
Item Description
1 Drive-status indicator (green and amber)
2 Green drive-activity indicator
RSA enVision Hardware Guide 60 Series 2-3
2. Hardware Layout
In RAID configurations, the drive-status indicator lights display different patterns as drive events occur in the system.
The drive indicator patterns for RAID hard drives are as follows:
Condition Drive-Status Indicator Pattern
Identify drive/preparing for removal
Blinks green two times per second
Drive ready for insertion or removal
Off
Drive predicted failure Blinks green, amber, and off
Drive failed Blinks amber four times per second
Drive rebuilding Blinks green slowly
Drive online Steady green
Rebuild aborted Blinks green three seconds, amber three seconds, and off six seconds
RSA enVision Hardware Guide 60 Series 2-4
2. Hardware Layout
Back Panel
Here is the back panel of the RSA enVision appliance:
Item Description
1 Network interface card
2 Power supplies (2)
3 System identification button
4 System status indicator
5 System status indicator connector
6 Network interface connectors
7 USB connectors (2)
8 Video connector
9 Serial connector
10 Remote access controller
RSA enVision Hardware Guide 60 Series 2-5
2. Hardware Layout
Power Indicators
The power button on the front panel controls the power input to the system power supplies. The power indicator lights green when the system is on.
The indicators on the redundant power supplies show whether power is present or whether a power fault has occurred. Here are the redundant power supply indicators:
Indicator Function
1 Power supply status. Green indicates that the power supply is operational.
2 Power supply fault. Amber indicates a problem with the power supply.
3 AC line status. Green indicates that a valid AC source is connected to the power supply.
RSA enVision Hardware Guide 60 Series 2-6
3. Single Appliance Site The ES series appliances are designed to operate in a stand-alone, nondistributed mode. The ES appliances have all three enVision components―Application, Collector, and Database―installed on one appliance. The single appliance is a site.
The two enVision appliance series used for single appliance sites are:
ES Series with local storage. Designed for the unique requirements of the small/medium sized business, up to enterprise-wide installations. The ES series achieves the industry's lowest total cost of ownership (TCO) for organizations that need to manage up to 2,500 sustained events per second (EPS) from up to 256 source devices without sacrificing any of the real-time or historical analysis.
ES Series with external storage. Designed for the enterprise, where fleets of devices are often deployed to enforce, monitor, and manage security. The ES series with external storage has been architected to handle over 7,500 sustained EPS from up to 1,250 source devices while supporting up to 16 simultaneous online users and still have enough horsepower for real-time and historical event research and analysis. This translates into over 640 million events per day.
There are different models within each of these types. The appliance model you use depends on your needs.
See Chapter 2 “Single Appliance Site” in the Configuration Guide for information on configuring enVision on single appliance sites.
RSA enVision Hardware Guide 60 Series 3-1
3. Single Appliance Site
Single Appliance Site Hardware Set Up Tasks
Important! Review the “Safety and Regulatory Statements” section in Appendix A. “Hardware Specifications” before you set up your hardware.
The hardware setup tasks for a single appliance site are as follows:
Task Activity
1 Plan the installation. Complete the Configuration Wizard Planning Worksheet - Single Appliance Site in Chapter 2, “Single Appliance Site” in the enVision Configuration Guide.
2 Select a hardware setup location that meets the requirements for the current installation and for future growth. See Appendix A “Hardware Specifications” for location requirements. See the manufacturer’s documentation for information on installing the appliance. If your site has external storage, see the storage system documentation for information on installing the storage system.
3 Connect the ES appliance to the LAN.
4 If your ES appliance has external storage, connect the storage system to the ES appliance.
5 Connect each of the power cords to a different power circuit for increased reliability and availability.
6 Power on the storage appliance, if applicable. Wait 5 minutes before powering on the servers.
7 Power on the ES appliance.
8 Complete the enVision site configuration, using the enVision Configuration Wizard. See Chapter 2 “Single Appliance Site” in the Configuration Guide for complete information.
RSA enVision Hardware Guide 60 Series 3-2
4. Multiple Appliance Site The LS series appliances are designed to operate in a distributed installation. Each enVision component - Application, Collector, and Database - is on its own appliance. The appliances together form a site. Distributed multiple appliance sites allow multiple installations of any of the three appliance types to be deployed in order to manage the variety of network infrastructures found in production environments. All multiple appliance sites use external storage systems.
See Chapter 3 “Multiple Appliance Site” in the Configuration Guide for a complete explanation of a multiple appliance site and multiple site deployments, and for instructions on configuring enVision on these sites.
Hardware in Multiple Appliance Site
Each multiple appliance site is comprised of the following hardware items:
RSA enVision appliances
Storage system
Network switch
Appliance rack
See Appendix A, “Hardware Specifications” for information on the hardware items.
RSA enVision Hardware Guide 60 Series 4-1
4. Multiple Appliance Site
Multiple Appliance Site Hardware Set Up Tasks
Important! Review the “Safety and Regulatory Statements” section in Appendix A. “Hardware Specifications” before you set up your hardware.
The hardware setup tasks for a multiple appliance site are as follows:
Task Activity
1 Plan the installation. Complete the Configuration Wizard Planning Worksheet - Multiple Appliance Site in Chapter 3 “Multiple Appliance Site” in the Configuration Guide.
2 Select a hardware setup location that meets the requirements for the current installation and for future growth. See Appendix A “Hardware Specifications,” for location requirements.
3 Configure the storage system. Note the IP address for the storage device in the Identify External Storage (NAS 3500) section of the Configuration Wizard Planning Worksheet - Multiple Appliance Site in Chapter 3 “Multiple Appliance Site” in the Configuration Guide.
4 Connect each LS appliance in the site to the LAN.
Ignore any warning messages you may receive about IP conflicts when you are making the physical connections to the LAN.
5 Connect each of the rack power cords to a different power circuit for increased reliability and availability.
6 Power on the storage system (refer to the storage system documentation for instructions). Wait five minutes before powering on the servers.
7 Power on the network switch and LS appliances.
RSA enVision Hardware Guide 60 Series 4-2
4. Multiple Appliance Site Hardware
Task Activity
8 The LS Typing Wizard starts automatically on the appliances. Assign the LS appliance type to each appliance in the site, as follows:
a. Connect to the appliance.
b. Select the LS check box.
c. Select the LS type for the appliance. The options are:
AS1 (Application Server) AS2 (Application Server) AS3 (Application Server) DS1 (Database Server) RC (Remote Collector) LC1 (Local Collector) LC2 (Local Collector) LC3 (Local Collector)
d. Click Next.
e. The wizard displays the Review Page window. Verify that the information is correct. Click Finish. If the Review page is not correct, click Cancel.
If you click Cancel at any time while using the wizard, you must restart the wizard to type the appliance. To restart the wizard, double-click the lsconfigurationwizard.exe file in the c:\windows\installations directory.
f. Apply the appropriate labels for the appliance type to the front and back of the appliance to identify it.
Repeat steps a - f for each appliance in your site.
9 Complete the enVision site configuration, using the enVision Configuration Wizard. See Chapter 3 “Multiple Appliance Site” in the Configuration Guide for complete information.
RSA enVision Hardware Guide 60 Series 4-3
4. Multiple Appliance Site
Multiple Appliance Site - Cabling Examples
This section contains two examples of multiple appliance sites, cabled in their racks.
The following diagram is an example of a multiple appliance site with an Application Server (A-SRV), a Database Server (D-SRV), and a Local Collector (LC), delivered pre-cabled in its rack.
RSA enVision Hardware Guide 60 Series 4-4
4. Multiple Appliance Site Hardware
The following diagram is an example of a multiple appliance site with one Database Server (D-SRV), two Application Servers (A-SRV), and three Local Collectors (LC), delivered pre-cabled in its rack.
RSA enVision Hardware Guide 60 Series 4-5
4. Multiple Appliance Site
RSA enVision Hardware Guide 60 Series 4-6
Multiple Appliance Site with Enhanced Availability
Optionally, you can set up enhanced availability (EA) for the Local Collectors (LCs). This allows you to define up to six cluster appliances (CAs) for a site to perform the LC roles.
The implementation of the enhanced availability feature for the Local Collectors is a Professional Service package. You can arrange for a Professional Service package by contacting RSA at 781.375.9000.
5. Remote Collector Site Each multiple appliance site has the option of having up to 16 Remote Collector (RC) server appliances. Each RC is considered a site. RCs capture incoming events remotely. Remote collectors forward data collected to the enVision site (using the NIC Forwarder Service). (The Administrator sets up the remote collector's Forwarder parameters on the Modify Collector Service window in enVision.)
The RCs use the LS series appliances. See Appendix A “Hardware Specifications” for the specifications for the LS series appliances.
Note: The total events per second (EPS) for all Collectors per site (per D-SRV) cannot exceed 30,000 EPS.
RC Site Hardware Set Up Tasks
Important! Review the “Safety and Regulatory Statements” section in Appendix A. “Hardware Specifications” before you set up your hardware.
Important! Before you configure the RC, make sure that its master is configured, and up and running.
The appliance setup tasks for an RC site are as follows:
Task Activity
1 Plan the installation. Complete the Configuration Wizard Planning Worksheet – Remote Collector Site in Chapter 3 “Multiple Appliance Site” in the Configuration Guide.
2 Select a hardware setup location that meets the requirements for the current installation and for future growth. See Appendix A “Hardware Specifications” for location requirements.
3 Connect the RC appliance to the LAN.
4 Connect the rack power cords to different power circuits for increased reliability and availability.
5 Power on the network switch and RC appliance.
6 Complete the enVision site configuration, using the enVision Configuration Wizard. See Chapter 4 “Remote Collector Site” in the Configuration Guide for complete information.
RSA enVision Hardware Guide 60 Series 5-1
Appendix A. Hardware Specifications
Hardware Location
Select a hardware setup location that meets the requirements for the current installation and for future growth. The specific requirements for each hardware item are listed in this appendix. The following list summarizes the location requirements:
Proper temperature control: 10° to 35° C (50° to 95° F) with a maximum temperature gradation of 10°C per hour
Proper humidity control: 20% to 80% (non-condensing) with a maximum humidity gradation of 10% per hour
Adequate floor loading capacity. This depends on the rack and the number of hardware items in it.
Near appropriate AC outlets and Ethernet hubs or individual jacks (10/100/1000 Base-T cables cannot be longer than 100 meters)
Enough clearance in the front and the back of the rack to allow for sufficient airflow and to enable you to access appliance components
Important! Installation or operation of appliances stacked on a desktop table is not supported.
RSA enVision Hardware Guide 60 Series A-1
Appendix A. Hardware Specifications
ES Appliance Specifications
The models of the ES appliance are as follows:
560-ES 1060-ES 2560-ES 5060-ES 7560-ES
Sustained Performance Per Appliance (Events Per Second)
Up to 500 EPS Up to 1,000 EPS
Up to 2,500 EPS Up to 5,000 EPS Up to 7,500 EPS
Recommended Maximum Devices per Appliance
Up to 100 Up to 200 Up to 400 Up to 750 Up to 1,250
Maximum Simultaneous Users
Up to 6 Up to 8 Up to 10 Up to 12 Up to 14
Maximum Simultaneous Users (Event Explorer)
1 Up to 2 Up to 3 Up to 4 Up to 5
Base Storage* Internal
300 GB
Internal
300 GB
Internal
300 GB
External
2.5 TB
External
2.5 TB
Data Protection Hardware-accelerated RAID1 controller with auto-rebuild and battery-backed 256MB on-controller cache
Hardware-accelerated RAID5 controller with auto-rebuild, and battery-backed 256MB on-controller cache
Appliance Power Options
Redundant, load sharing 400-watt power supplies; 120/240 volt auto-switching
Operating Environment
Security-hardened, embedded operating system featuring real-time data encryption to protect sensitive event data
Application Software
RSA enVision with two-phase Real-Time Data Compression (RTDC)
Regulatory Approvals
UL 1950, CSA22.2 no 950, EN 60950, FCC Part 15 - Class A, ICES-003 EN55024:1998, EIN55022:1998, EN50082-1, VCCI V-3/2000.4, AS/NZS 3548
Hardware Warranty
90-day hardware warranty, during which time RSA will remedy, replace, or provide a refund
Software Warranty
90-day access to technical support for application setup assistance and bug fixes
*Base storage of 300 GB is raw storage. Data storage for events is 220 GB, once you take out formatting, OS partition, and temp nugget partition.
RSA enVision Hardware Guide 60 Series A-2
Appendix A. Hardware Specifications
LS Appliance Specifications
The four models of collection (LC and RC) appliances are: NIE-RC01-LS, NIE-RC02-LS, NIE-LC05-LS, and NIE-LC10-LS. The model of application appliance (A-SRV) is NIE-A-SRV. The model of database appliance (D-SRV) is NIE-D-SRV.
RC1 RC2 LC5 LC10 A-SRV D-SRV
Description Remote Collector 1,000 EPS
Remote Collector 2,000 EPS
Local Collector 5,000 EPS
Local Collector 10,000 EPS
enVision Application Server
LogSmart Database Server
Sustained Performance Per Appliance (Events Per Second)
Up to 1,000 EPS
Up to 2,000 EPS
Up to 5,000 EPS
Up to 10,000 EPS
NA Up to 30,000 EPS (from Collectors)
Maximum Devices Possible
512 512 1,500 2,048 NA 3,072* (from Collectors)
Maximum Simultaneous Users
NA NA NA NA Up to 16 NA
Maximum Simultaneous Users (Event Explorer)
NA NA NA NA Up to 15 NA
Operating Environment
Security-hardened, embedded operating system featuring real-time data encryption to protect sensitive event data
Base Storage 3500 GB with NAS-3500
Data Protection Hardware-accelerated RAID5 controller with auto-rebuild and battery-backed 4GB on-controller cache
Application Software
enVision with two-phase Real-Time Data Compression (RTDC)
Regulatory Approvals
UL 1950, CSA22.2 no 950, EN 60950, FCC Part 15 - Class A, ICES-003 EN55024:1998, EIN55022:1998, EN50082-1, VCCI V-3/2000.4, AS/NZS 3548
Hardware Warranty
90-day hardware warranty, during which time RSA will remedy, replace, or provide a refund
Software Warranty
90-day access to technical support for application setup assistance and bug fixes
* Current licensing of the 60 series LS Data Server restricts the number of devices that can be monitored by an LS Site to 3072. This may be lower than the cumulative device count license if the site has more than one 60 Series Local Collector. Pending resolution of this licensing issue, updated license keys will be issued. Updated license keys will be issued for all 60 series Data Servers at no additional cost to allow for the management of the full device count of up to three Local Collectors per Data Server.
RSA enVision Hardware Guide 60 Series A-3
Appendix A. Hardware Specifications
ES and LS Series Appliance Specifications
Form Factor 2U Rack mount
Operating System Windows 2003 Server R2 Enterprise 64-bit w/5 CALs
Processor Two Quad Core Xeon Processor E5410 12MB Cache, 2.33 GHz, 1333MHz FSB
Memory 8 GB memory (Eight 1GB Fully Buffered DIMMs)
Hard disks 300 GB HDD RAID 1, 180 GB usable (Two 3.5” internal hot-pluggable 300 GB SAS, 15k-RPM)
RAID PERC 6i 256MB cache
Optical drives CD-RW/DVD
Front Two RJ-45 (for integrated 1-GB NICs)
15-pin VGA
Two 4-pin, USB 2.0-compliant
15-pin VGA
Connectors
Back 9-pin, DTE, 16550-compatible
Two 4-pin, USB 2.0-compliant
Motherboard Dual embedded Broadcom NetXtreme II 5708 Gigabit Ethernet NIC Network
PCI Intel PRO 1000PT Cu, Dual Port, PCIe NIC
Wattage Redundant 750 W power supplies
Voltage 85–264 VAC, autoranging, 47–63 Hz
Maximum inrush current
55 A per power supply for 10 ms or less
Power cables Two Power cables
AC Power Supply
Heat dispersion 2697 Btu per hour maximum
System battery CR 2032 3.0 V lithium-ion coin cell Batteries
RAID battery 4.1 V lithium-ion
RSA enVision Hardware Guide 60 Series A-4
Appendix A. Hardware Specifications
Height 3.4 in (8.656 cm)
Width 17.6 in (44.7 cm)
Depth 29.79 in (75.68 cm)
Dimensions
Gross Weight 59 lb (26.76 kg)
Operating 10° to 35° C (50° to 95° F) with a maximum temperature gradation of 10° C per hour
Temperature
Storage -40° to 65° C (-40° to 149° F) with a maximum temperature gradation of 20° C per hour
Operating 20% to 80% (noncondensing) with a maximum humidity gradation of 10% per hour
Relative Humidity
Storage 5% to 95% (noncondensing) with a maximum humidity gradation of 10% per hour
Operating 0.25 G at 3–200 Hz for 15 min Maximum Vibration
Storage 0.5 G at 3–200 Hz for 15 min
Operating One shock pulse in the positive z axis (one pulse on each side of the system) of 41 G for up to 2 ms
Maximum Shock
Storage Six consecutively executed shock pulses in the positive and negative x, y, and z axes (one pulse on each side of the system) of 71 G for up to 2 ms
Operating -16 to 3048 m (-50 to 10,000 ft) Altitude
Storage -16 to 10,600 m (-50 to 35,000 ft)
RSA enVision Hardware Guide 60 Series A-5
Appendix A. Hardware Specifications
ES Storage Array
The ES single appliance site with external storage uses the EMC CLARiiON storage array.
See the EMC CLARiiON documentation for complete information on the storage array. This section contains specification information.
Storage connection iSCSI
Height 3.5 in (8.89 cm)
Width 17.5 in (44.45 cm)
Depth 20 in (50.8 cm)
Dimensions
Gross Weight
57 lb (25.86 kg)
Temperature 50 to 104° F (10 to 40° C)
Temperature gradient
10° C per hour
Relative humidity
20% to 80% noncondensing
Operating Environment
Altitude 8,000 ft (2438.4 m) at 104° F (40° C) maximum
10,000 ft (3048 m) at 98.6° F (37° C) maximum
Power supplies per Array
2
Frequency 47–63 Hz
AC voltage 100–240 Vrms, single phase
Power factor 0.98 (typical)
Power consumption
450 W (maximum)
Heat dissipation
1,535 Btu per hour (maximum)
Protection 12 A, internally fused (each supply)
AC circuits Redundant, external AC circuits
Power
Inlet type Dual inlet, rack-mount: IE320-C14 appliance coupler
RSA enVision Hardware Guide 60 Series A-6
Appendix A. Hardware Specifications
LS Storage Array
The LS multiple appliance site uses the NAS 3500 (NS22) storage array. See the EMC Celerra documentation for complete information on the storage array. This section contains specification information.
EMC Celerra NS22
Storage connection Network attached storage
Height 12.25 in (31.36 cm)
Width 18.92 in (48.06 cm)
Depth 31.58 in (80.21 cm)
Dimensions
Gross Weight 203.3 lb (92.4 kg)
Ambient temperature 50 to 104° F 10° to 40° C
Temperature gradient 18° F per hour 10° C per hour
Relative humidity 20 to 80 % noncondensing
Operating Environment
Elevation 8,000 ft (2,438.4 m) at 104° F (40° C) 10,000 ft (3,048 m) at 98.6° F (37° C)
RSA enVision Hardware Guide 60 Series A-7
Appendix A. Hardware Specifications
AC line voltage 100 – 240 VAC +10%, single phase
Frequency 47–63 Hz, full auto-ranging
AC line current 14A A maximum at 100 V (configured with 15 disks) 7.5A A maximum at 200 V (configured with 15 disks)
Power consumption 1,229 VA (1,168 W) maximum (configured with 15 disks)
Startup surge current 59A peak (configured with 15 disks) at any line voltage
Power factor 0.98 minimum at full load, 100 VAC
Heat dissipation 3,422 KJ per hour (3,236 Btu per hour) estimate configured with 15 disks
In-rush current 116A peak estimate for ½ line cycle per power supply @ 240 VAC 65A peak estimate for ½ line cycle per power supply @ 120 VAC
AC protection 10A internal fuse (non-serviceable)
AC inlet type IEC320-C14 appliance coupler
Ride-through 30 ms minimum at full load
AC Power and Dissipation
Current sharing 60% maximum, 40% minimum between power supplies
RSA enVision Hardware Guide 60 Series A-8
Appendix A. Hardware Specifications
Network Switch
The multiple-appliance site uses a network switch.
See the vendor documentation for complete information on the network switch. This section contains the requirements for the network switch.
Height 1.73 in (4.4 cm)
Width 17.24 in (43.8 cm)
Depth 7.24 in (18.4 cm)
Dimensions
Gross Weight 7.94 lb (3.60 kg)
Operating Temperature 0° to 40° C (32° to 104° F) Operating Environment
Operating Humidity 5% to 8%
AC Power Line voltage 220/110V AC 50/60 Hz
RSA enVision Hardware Guide 60 Series A-9
Appendix A. Hardware Specifications
Rack
See the vendor documentation for complete information on the rack. This section contains the requirements for a rack.
Height 75.0 in (190.8 cm)
Width 24.0 in (61.1 cm)
Depth 36.0 in (91.6 cm)
Dimensions
Gross Weight (empty)
300 lb (136 kg)
Operating Voltage/Frequency
200–240 VAC
50–60 Hz
Power Cord Connector
AC Power
Service Type Two 30-amp services, single phase
RSA enVision Hardware Guide 60 Series A-10
Appendix A. Hardware Specifications
Safety and Regulatory Statements
WARNING: Power supplies can contain over 240 volts. If mishandled, this high voltage can cause serious injury or death. Do not touch or handle a power cable or power supply unless you have been trained and prepared to perform this task. Always remove the power cord before attempting to remove or work on a Power Unit.
WARNING: Electronic components are sensitive to damage from Electrostatic Discharge (ESD). Observe appropriate precautions at all times when handling the RSA enVision appliance and EMC Celerra or its subcomponents.
CAUTION: Do not attempt to connect an Ethernet cable, regular or cross-over, between the EMC Celerra and the RSA enVision appliance. Connect the EMC Celerra through a GigE switch, the same as any other networked device.
CAUTION: When installing disk shelves and a storage system into a movable cabinet or rack, install from the bottom up for best stability.
WARNING: To reduce the risk of personal injury or equipment damage, allow internal components time to cool before touching them and ensure that the equipment is properly supported or braced when installing options.
WARNING: This equipment is designed for connection to a grounded outlet. The grounding type plug is an important safety feature. To avoid the risk of electrical shock or damage to the equipment, do not disable this feature.
WARNING: This equipment has one or more replaceable batteries. There is danger of explosion if the battery is incorrectly replaced. During the hardware warranty period the batteries can only be replaced by RSA. Dispose of used batteries according to the manufacturer’s instructions.
WARNING: If your storage system or disk shelf has more than one power supply cord, disconnect all power supply cords before servicing to reduce the risk of electrical shock.
RSA enVision Hardware Guide 60 Series A-11
Appendix B. Remediation for Dell RAID Controller Battery Issue
This appendix describes a scenario with the Dell PowerEdge Expandable RAID Controller (PERC) battery that can cause the RSA enVision appliance to malfunction and the steps to follow if this issue occurs. Steps you can follow to prevent the issue from occurring are also included.
Note: This scenario is inherent in RAID controller design, which is intended to protect systems from data loss during operational state (the system is up and running). Similar issues can occur on any server using RAID technology.
Dell RAID Controller Battery Issue
The Dell PERC controller uses a battery to maintain cache state following a power failure. When a power failure or uncontrolled shutdown of the unit occurs, the battery maintains cache state for 72 hours. After this time the battery is depleted and you must recharge it.
With a controlled shutdown, a minimal battery draw exists, which results in battery discharge after an extended unpowered shelf life.
Due to the characteristics of all Lithium-Ion batteries, RSA recommends that you do not leave any unit in a fully discharged state (such as after an uncontrolled shutdown) for an extended period of time.
If the enVision appliance has been powered down for a long period of time, or has maintained the RAID cache state for more than 72 hours, the RAID controller battery may have lost its electrical charge.
If the appliance is powered up with a depleted RAID battery, the system LCD displays the following error message:
E1211 ROMB battery failures
To charge the battery:
1. Power off the unit and unplug it.
2. Wait 10 minutes. Plug the unit in but do not power it up.
3. Leave the unit plugged in with the power off for 48 hours to allow the battery to fully charge.
4. After 48 hours, power on the unit. You can now start using it.
RSA enVision Hardware Guide 60 Series B-1
Appendix B. Remediation for Dell RAID Controller Battery Issue
RSA enVision Hardware Guide 60 Series B-2
Prevention of Powering Up an Appliance With a Depleted RAID Battery
If an appliance is powered up with a depleted RAID battery and the error is displayed, customers in two situations can be affected:
A New Installation. In this case, you must delay the installation for about two days to clear the problem and proceed with a clean system that is fully functional.
When Using a Cold Spare Appliance. In this case, RSA recommends that you ignore the error message and continue to use the unit. At the same time, prepare another unit that will be fully functional.
To prevent this problem from occurring, do one of the following:
Keep the units plugged in at all times. This option has the following advantages:
The units are always ready to be used to replace failed units.
You can periodically, (for example, once a month) power up the unit and verify that it initializes without a problem and that it is in prime status to replace any failed unit.
Forty-eight hours before a new installation, plug the unit into the power without powering up the appliance, to ensure the RAID battery is fully charged.
Appendix C. Customer-Provided Storage You can use the following storage arrays with a multiple appliance site:
EMC Celerra
NetApp® FAS (Fabric-Attached Storage) Series
The audience for this appendix is anyone who specifies storage requirements for RSA enVision log storage, and engineers performing installation and configuration of servers.
RSA enVision Hardware Guide 60 Series C-1
Appendix C. Customer-Provided Storage
EMC Celerra Storage
This section describes the requirements and configuration steps to add customer-provided Network Attached Storage (NAS) to enVision for data storage.
RSA enVision supports customer-provided storage on the following certified platforms:
EMC Celerra NS Series / Integrated
EMC Celerra NS Series / Gateway
EMC Celerra NSX Gateway
You must connect NAS to the enVision storage network switch and configure NAS before configuring enVision.
NAS Requirements
For each multiple appliance site, the minimum requirements for NAS hardware to function as enVision storage are:
Minimum number of active Data Movers: 1 (dedicated to enVision storage).
Recommended number of failover Data Movers: 1.
Minimum of 15 FC HDDs: 15 for 3,000 devices, 30 for 6,000 devices.
Note: The I/O workload generated by enVision consists of simultaneous reads and writes. For the most part, the reads are random. Because of the random nature of the workload, you should use Fibre Channel drives. The workload is not suitable for ATA drives.
One dedicated 1GB network interface for each Data Mover.
RSA enVision Hardware Guide 60 Series C-2
Appendix C. Customer-Provided Storage
Network Configuration
To set up the appropriate network connections between enVision and the NAS:
1. Connect the primary Data Mover to the storage network switch.
2. If you are using a failover Data Mover, connect it to the storage network switch.
RSA recommends this connection to increase data availability.
3. Set up the network connections to the enVision appliance according to the enVision documentation.
The following diagram shows how to connect the enVision appliance to the customer LAN and storage network switch:
RSA enVision Hardware Guide 60 Series C-3
Appendix C. Customer-Provided Storage
NAS Configuration
To configure network attached storage, you set up a CIFS Server, local users, and file systems/CIFS shares combinations.
CIFS Server
Use the following parameters to create the CIFS server:
IP address: 10.203.2.101 (Must be connected to the private switch)
Subnet: 255.255.255.0
DNS Server: 10.203.2.11 (D-SRV IP address)
CIFS Server authentication: Local users
NTP Server: 10.203.2.11 (D-SRV IP address)
Note: You must have time synchronization between NAS and the RSA enVision appliances. This time synchronization is essential for CIFS.
Local Users
You need local user authentication to ensure that the RSA enVision local collectors can authenticate through to NAS when the Window domain controller is not available; otherwise data collection may be interrupted.
Username Password
NIC_System n!0A6y_7tbE9z3
Master themaster01
NIC_sshd 1937Partanna1985
NIC_sftp 1937Partanna1985
RSA enVision Hardware Guide 60 Series C-4
Appendix C. Customer-Provided Storage
File Systems/CIFS Shares Combinations
The minimum requirement for enVision is the vol0 and vol1 file systems/CIFS shares combinations (for enVision D-SRV and LC1 respectively). If you use additional Local Collectors, you must create the vol2 and vol3 file systems/CIFS shares combinations. The following table contains an example of the file systems/CIFS shares combinations you must set up if you use additional Local Collectors.
File system name CIFS share name
vol0 vol0
vol1 vol1
vol2 vol2
vol3 vol3
For RSA enVision 3.5.0 and later, the number of files created has been significantly reduced and only a single file system is needed for all three Local Collectors.
Note: For RSA enVision 3.5.0 and later, a maximum of 10,240 files per day per Local Collector are created.
RSA enVision Hardware Guide 60 Series C-5
Appendix C. Customer-Provided Storage
Enhanced Availability
Within enVision, you can configure Enhanced Availability (EA) for the Local Collector appliances. For EA, data storage continues to use the CIFS protocol. In addition, you must fulfill an iSCSI LUN storage requirement.
Note: EA is supported in RSA enVision 3.5.0 and later.
Complete the following tasks to configure NAS to support iSCSI for the enVision EA system. (See the NAS documentation for detailed instructions.)
1. Configure the iSCSI service to run over the same IP address as CIFS.
2. Configure NAS to have one iSCSI volume of 1024 MB.
3. Configure the iSCSI volume to have one target, at LUN 0.
4. Configure the iSCSI service to support discovery on port 3260.
5. Configure the iSCSI service to support multiple logins.
6. Add the following IQN names to allow them access to the iSCSI LUN 0:
iqn.2006-01.nic.niceacluster:CA1.niceacluster.nic
iqn.2006-01.nic.niceacluster:CA2.niceacluster.nic
iqn.2006-01.nic.niceacluster:CA3.niceacluster.nic
iqn.2006-01.nic.niceacluster:CA4.niceacluster.nic
iqn.2006-01.nic.niceacluster:CA5.niceacluster.nic
iqn.2006-01.nic.niceacluster:CA6.niceacluster.nic
iqn.2006-01.nic.niceacluster:CA7.niceacluster.nic
iqn.2006-01.nic.niceacluster:CA8.niceacluster.nic
iqn.2006-01.nic.niceacluster:DS1.niceacluster.nic
iqn.2006-01.nic.niceacluster:DS2.niceacluster.nic
RSA enVision Hardware Guide 60 Series C-6
Appendix C. Customer-Provided Storage
NetApp® FAS Series
The following graphic illustrates the suggested IP addressing scheme and wiring for the NetApp FAS:
RSA enVision Hardware Guide 60 Series C-7
Appendix C. Customer-Provided Storage
CIFS Shares and Directory Structure
Use the default directory structure on the NetApp storage array by adding the directory structure that suits your needs shown below.
For each node that stores data on the storage array, you configure the storage location within enVision in the Manage Storage Location window within enVision. See the enVision online Help on Event Storage Locations for more information.
RSA enVision Appliances
CIFS Directory Shares
D-SRV \\10.203.2.101\vol0
LC1 \\10.203.2.101\vol1
LC2 \\10.203.2.101\vol2
LC3 \\10.203.2.101\vol3
Hardware Requirements
The minimum requirements for NetApp FAS to function as an enVision log storage location, in an enVision multiple appliance site, are as follows:
Hardware Minimum Requirements (for each enVision multiple appliance site)
NetApp FAS
Minimum NetApp Filer: 1 active NetApp FAS270 or equivalent (dedicated to enVision storage).
Recommended: 1 failover NetApp FAS270 or equivalent.
One dedicated 1GB network interface for each NetApp Filer.
Disk drive requirements for each NetApp Filer.
o Minimum of 15 FC drives (number and capacity of drives can be increased per customer data retention requirements).
o RAID DP.
Network Switch Layer 2 GbE network switch:
o 1 GbE port for each enVision appliance.
o 1 GbE port for each NetApp Filer.
These minimum hardware requirements have been certified for RSA enVision data storage up to 30,000 EPS.
RSA enVision Hardware Guide 60 Series C-8
Appendix C. Customer-Provided Storage
Setup Requirements
Here are the setup requirements for the NetApp FAS:
NetApp Filer IP address: 10.203.2.101.
Time: Time synchronization between the NetApp Filer and enVision appliances is required for CIFS.
CIFS: The following CIFS Shares must be created on the NetApp Filer, each on a separate file system, one for each enVision collector:
vol0 (used for Common Storage Directory, CSD)
vol1 (used for enVision Local Collector 1)
vol2 (used for enVision Local Collector 2)
vol3 (used for enVision Local Collector 3)
RSA enVision Hardware Guide 60 Series C-9
Appendix C. Customer-Provided Storage
Connecting RSA enVision Appliances to the NetApp FAS
The NetApp FAS connects to a multiple or single appliance site through a network switch. Each enVision appliance connects to the network switch and the NetApp FAS connects to the network switch.
The network connections between the appliances, switch, and storage array are as follows:
To connect the enVision appliances to the NetApp FAS:
1. Connect network cables from the enVision appliances to the switch and from the storage array to the switch.
2. Connect the network connection from the enVision appliance through the network interface named SWITCH.
RSA enVision Hardware Guide 60 Series C-10
Appendix C. Customer-Provided Storage
The IP addresses on the SWITCH network interface are based on the appliance type.
Appliance IP Address
D-SRV 10.203.2.11
A-SRV1 10.203.2.21
A-SRV2 10.203.2.22
LC1 10.203.2.31
LC2 10.203.2.32
LC3 10.203.2.33
RSA enVision Hardware Guide 60 Series C-11
Appendix C. Customer-Provided Storage
NetApp CIFS File Storage Authentication
You can authenticate the NetApp FAS can to the enVision appliance using one of the following three methods:
Local user authentication using existing enVision users (recommended)
NetApp Multistore authentication
Authentication of the NetApp FAS to the enVision appliance by adding the NetApp FAS to the enVision Windows Domain
Local User Authentication Using Existing enVision Users
The enVision appliance ships with four users that enVision needs to run:
Master
NIC_System user
NIC_sshd
NIC_sftp
If you create these users on the NetApp FAS with the same password as stored in the enVision systems, Windows ensures that the local user has the rights to storage. If the password changes on the enVision appliances, you must reset the password on the NetApp FAS. RSA recommends this authentication method.
To authenticate the NetApp FAS to the enVision appliance using existing enVision users:
1. Add the following four existing users to the EMC Celerra NS22 CIFS server:
Username Password
Master themaster01
NIC_System n!0A6y_7tbE9z3
NIC_sshd 1937Partanna1985
NIC_sftp 1937Partanna1985
2. Ensure that these four users have full control to the appropriate CIFS share.
NetApp Multistore Authentication
NetApp Multistore allows a single NetApp appliance to authenticate and share multiple domains. Multistore allows the creation of separate private logical partitions in the filer network and storage resource. Each virtual storage partition maintains absolute separation from every other storage partition. This separation allows multiple domains to exist on a single NetApp Filer.
Call your NetApp sales representative for details on using the NetApp Multistore product.
RSA enVision Hardware Guide 60 Series C-12
Appendix C. Customer-Provided Storage
Authentication By Adding the NetApp FAS to the RSA enVision Windows Domain
You can authenticate the NetApp FAS to the enVision appliance by adding the NetApp FAS to the enVision Windows Domain. RSA does not recommend this method because you may experience unknown side effects when you add the NetApp into the enVision Windows domain.
Warning: Unknown side effects may occur if you use this method.
The domain must first exist before you can add the NetApp FAS to the enVision Windows Domain.
To authenticate the NetApp FAS to the enVision appliance by adding the NetApp FAS to the enVision Windows domain:
1. Set IiWaitForCelerraConfiguration=YES in the lsconfigurationwizard.cfg file.
2. Run the lsconfigurationwizard.exe enVision configuration wizard.
The wizard:
Creates the Windows domain
Restarts the appliances
Displays the message: The Celerra configuration flag has been set. Configure your Celerra device now and then click OK to proceed.
3. Use the NetApp FAS Control Station to add the previously created CIFS Server to the enVision Windows domain.
4. Complete the enVision configuration wizard.
5. Reconfigure the enVision NIC Packager and NIC Collector services so that they operate with the network attached storage. By default, the NIC Packager Service is run by a local user account which you must reconfigure to be run by a domain user account.
6. Perform the following steps on each Local Collector (LC) appliance:
a. In the Start menu select Run, type services.msc and click OK.
b. Complete the following for the NIC Packager Service:
i. Right-click on NIC Packager Service and select Properties.
ii. In the NIC Packager Properties window, click the Log On tab.
iii. Under the This Account, parameter, replace .\NIC_System with enVision Windows domain name\NIC_System. For example, if testemc.nic is the Windows domain name of the enVision appliances, you would enter testemc.nic\NIC_System.
iv. Type n!0A6y_7tbE9z3 in the Password and Confirm password fields. Click OK.
v. Stop and start the NIC Packager Service.
RSA enVision Hardware Guide 60 Series C-13
Appendix C. Customer-Provided Storage
c. Complete the following for the NIC Collector Service:
i. Right-click on NIC Collector Service and select Properties.
ii. In the NIC Collector Properties window, click the Log On tab.
iii. Under the This Account parameter replace .\NIC_System with enVision Windows domain name\NIC_System. For example, if testemc.nic is the Windows domain name of the enVision appliances, you would enter testemc.nic\NIC_System.
iv. Type n!0A6y_7tbE9z3 in the Password and Confirm password fields. Click OK.
v. Stop and start the NIC Collector Service.
NetApp CIFS Configuration
You must configure the network share, CIFS, on the NST Storage Array to authenticate against the pre-configured enVision appliance domain.
To configure the CIFS network share:
1. Connect to the NetApp storage array using telnet from the enVision D-SRV appliance (which is connected to the network switch, with a default IP address of 10.203.2.100).
2. At the Username prompt, type root.
3. At the Password prompt, type your factory default password.
4. At the NIappStor prompt, type date CCyymmddhhmm (where CCyy is the year, mm is the month, dd is the date, hh is the hour, and mm is the minute) to set the time and time zone.
For example, type 200903281521 for a date/time of March 28 2009 15:21.
5. At the NIappStor prompt, type timezone timezone to set the Windows domain. (For more information see Appendix B in the Data ONTAP 7.0 Software Setup Guide.).
6. At the NIappStor prompt, type options dns.domainname Windows domain name (where Windows domain name is your unique NIC domain name) to set the Windows DNS domain.
7. At the NIappStor prompt, type cifs terminate.
8. At the NIappStor prompt, type cifs setup to enable CIFS access to the filer from a Windows system.
9. Type the responses shown in bold text when the following series of prompts is displayed. (Type ? for help at any prompt and Ctrl-C to exit without saving changes.)
This filer is currently a member of the Windows-style workgroup ‘WORKGROUP’. Do you want to continue and change the current filer account information? [n]: y
RSA enVision Hardware Guide 60 Series C-14
Appendix C. Customer-Provided Storage
Your filer does not have WINS configured and is visible only to clients on the same subnet.
Do you want to make the system visible through WINS? [n]: n.
This filer is currently configured as an NTFS-only filer
Would you like to reconfigure this filer to be a multiprotocol filer? [n]: n
The default name for this CIFS server is ‘NIAPPSTOR’.
Would you like to change this name? [n]: n
10. Data ONTAP CIFS services support four styles of user authentication. Type the style number from the list below that best suits your situation. (In this example, the user chose 1.)
(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer’s local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication
Selection (1-4)? [1]: 1
11. Type the responses shown in bold to the following series of prompts. (Type ? for help at any prompt and Ctrl-C to exit without saving changes.)
Do you want to configure the filer’s DNS resolver service? [y]: y
Note: To operate correctly within an Active Directory-based Windows domain, CIFS must use the DNS resolver service. That service is currently not configured on the filer. You must either configure DNS resolver services or choose a different authentication style.
What is the filer’s DNS domain name? [ENVISION.nic]: unique NIC domain name
What are the IPv4 address(es) of your authoritative DNS name server(s)?: 10.203.2.50
Would you like to specify additional DNS name servers? [n]: n
What is the name of the Active Directory domain? [ENVISION.NIC]: unique domain name
12. Press Enter to accept the default, which is your unique domain.
Note: To create an Active Directory machine account for the filer, you must supply the name and password of a Windows account with sufficient privileges to add computers to the ENVISION.NIC domain.
13. Type the responses shown in bold text in response to the following series of prompts. (Type ? for help at any prompt and Ctrl-C to exit without saving changes.)
Enter the name of the Windows user [[email protected]]: master
Password for master: your unique master username password
RSA enVision Hardware Guide 60 Series C-15
Appendix C. Customer-Provided Storage
RSA enVision Hardware Guide 60 Series C-16
The system displays: CIFS - Logged in as [email protected].
The user that you specified has permission to create the filer’s machine account in several (x) containers.
14. Choose where you would like this account to be created.
(1) CN=computers
(2) OU=Domain Controllers
(3) None of the above
Selection (1-3)? [1]: 1
The system displays the following message: CIFS - Starting SMB protocol... Welcome to the ENVSION.NIC (ENVISION) Active Directory(R) domain. CIFS local server is running.
15. At the NIappStor prompt press ctrl-d.
Appendix D. Changing Passwords on RSA enVision Appliances
The RSA enVision appliance and the NAS have four key users. The following table displays these usernames and their respective passwords:
Username Password
NIC_System n!0A6y_7tbE9z3
Master themaster01
NIC_sshd 1937Partanna1985
NIC_sftp 1937Partanna1985
New passwords must:
Not contain more than two consecutive characters of the user’s account name or parts of the user’s full name.
Be at least ten characters in length.
Contain at least one uppercase letter.
Contain at least one number.
Changing Password on A-SRV and LC
To change the local user passwords:
1. Log in to the system as - username: master / password: themaster01.
2. Click StartSettingsControl PanelAdministrative ToolsComputer Management.
3. In the left pane, click on the plus sign next to Local Users and Groups and click on users.
4. Right-click on the username you want to change (for example, master), click Set Password and click Proceed.
5. Enter the new password.
6. If you changed the password for master, log out of the system and make sure that you can successfully log in with the new password.
7. Repeat Steps 1 to 6 for all collectors in the site.
RSA enVision Hardware Guide 60 Series D-1
Appendix D. Changing Passwords on RSA enVision Appliances
Changing Password on D-SRV
Because the D-SRV is a domain controller, you must change the user password in Active Directory.
To change the user password in Active Directory:
1. Log in to the D-SRV as - username: master / password: themaster01.
2. Click Start SettingsControl PanelAdministrative ToolsActive Directory Users and Computers.
3. In the left pane, click on the plus sign next to the site name, then click on users.
4. Right-click on the username you want to change (for example, master) and click Reset Password.
5. Enter the new password.
6. If you changed the password for master, log out of the D-SRV and make sure that you can successfully log in with the new password.
7. Repeat Steps 1 to 6 for all D-SRVs in the site.
Changing Passwords on NAS
To change the local user passwords:
1. Log in to all collectors and stop the collector and packager services:
a. Click StartRun.
b. Type services.msc and click OK.
The system displays the Services (Local) window.
c. Stop the service named NIC Collector and NIC Packager.
2. Log in to all D-SRVs and stop the packager service:
a. Click StartRun.
b. Type services.msc and click OK.
The system displays the Services (Local) window.
c. Stop the service named NIC Packager.
RSA enVision Hardware Guide 60 Series D-2
Appendix D. Changing Passwords on RSA enVision Appliances
3. From the D-SRV, perform a [Ctrl] – [Alt] – [Del].
The system displays the Windows Security screen:
4. Click Change Password.
The system displays the Change Password window.
5. Complete this window according to the following table and click OK.
In this field Enter Description
Username: username Username that you want to change.
Log on to: CIFS-server-IP-address CIFS server IP address (for example, 10.203.2.101).
New Password: password Password you used for the user in the steps for changing the password on the LS site.
Confirm New Password:
password Re-enter the new password to confirm it.
Here is an example of a completed Change Password window:
After the system changes the password, it displays a confirmation indicating you have successfully changed the password.
6. Click Cancel to exit the Windows security window.
RSA enVision Hardware Guide 60 Series D-3
Appendix D. Changing Passwords on RSA enVision Appliances
7. Repeat Steps 3 through 6 for each additional user’s password that you want to change.
8. Start the Packager Service on all D-SRVs.
9. Start the Packager and the Collector services on all collectors.
Verifying Read/Write Permissions after Changing Passwords
To verify permissions:
1. Reboot all appliances in the site.
2. Log in to the D-SRV.
3. Click StartRun, type \\10.203.2.101 and click OK.
The system displays a window that shows the NAS storage mount points (vol0, vol1, vol2, vol3).
4. Double-click on vol0.
5. In the right pane, right-click and select NewText Document.
This ensures that the D-SRV has the correct privileges to read and write data to the NAS.
6. Delete the newly created text document and close the window.
7. Repeat steps 3 through 6 for vol1, vol2, and vol3.
8. Log out of the D-SRV.
9. Repeat steps 2 through 8 for all D-SRVs in the site.
10. Log into the collector.
11. Click StartRun, type \\10.203.2.101 and click OK.
The system displays a window that shows the NAS storage mount points (vol0, vol1, vol2, vol3).
12. Double-click on vol0.
13. In the right pane, right-click and select NewText Document.
This ensures that the collector has the correct privileges to read and write data to the NAS.
14. Delete the newly created text document and close the window.
15. Repeat steps 11 through 14 for vol1, vol2, and vol3.
16. Log out of the collector.
17. Repeat steps 10 through 16 for all collectors in the site.
18. Log into the A-SRV.
RSA enVision Hardware Guide 60 Series D-4
Appendix D. Changing Passwords on RSA enVision Appliances
RSA enVision Hardware Guide 60 Series D-5
19. Click StartRun, type \\10.203.2.101 and click OK.
The system displays a window that shows the NAS storage mount points (vol0, vol1, vol2, vol3).
20. Double-click on vol0.
21. In the right pane, right-click and select NewText Document.
This ensures that the collector has the correct privileges to read and write data to the NAS.
22. Delete the newly created text document and close the window.
23. Repeat steps 19 through 22 for vol1, vol2, and vol3.
24. Log out of the A-SRV.