My Document - SolarWinds

Transcription

Contents
Copyright © 1995-2015 SolarWinds Worldwide, LLC. All rights reserved worldwide. No part of this
document may be reproduced by any means nor modified, decompiled, disassembled, published or
distributed, in whole or in part, or translated to any electronic medium or other means without the
written consent of SolarWinds. All right, title, and interest in and to the software and documentation
are and shall remain the exclusive property of SolarWinds and its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS OR OTHER TERMS, EXPRESS
OR IMPLIED, STATUTORY OR OTHERWISE, ON SOFTWARE AND DOCUMENTATION
FURNISHED HEREUNDER INCLUDING WITHOUT LIMITATION THE WARRANTIES OF
DESIGN, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND
NONINFRINGEMENT. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS
LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR
ANY OTHER LEGAL THEORY EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, the SolarWinds & Design, ipMonitor, LANsurveyor, Orion, and other SolarWinds
marks, identified on the SolarWinds website, as updated from SolarWinds from time to time and
incorporated herein, are registered with the U.S. Patent and Trademark Office and may be registered
or pending registration in other countries. All other SolarWinds trademarks may be common law
marks or registered or pending registration in the United States or in other countries. All other
trademarks or registered trademarks contained and/or mentioned herein are used for identification
purposes only and may be trademarks or registered trademarks of their respective companies.
Microsoft®, Windows®, and SQL Server® are registered trademarks of Microsoft Corporation in the
United States and/or other countries.
LEM 6.1
2/3/15
2
Quick Start Guide
Chapter 1: Introduction
1
Chapter 2: Installing LEM
2
Chapter 3: Requirements
3
Chapter 4: Installing the Virtual Appliance
5
Deploying LEM Using VMware vSphere
5
URLs that are Supported and Not Supported
6
Deploying LEM Using Microsoft Hyper-V
6
Chapter 5: Going from Evaluation to Production
Installing the License Using the Web Console
10
10
VM Resource Reservations
10
Vsphere Reservation Settings
11
LEM Reservations within the Hyper-V Console (2008 and 2012)
13
RAM Memory Settings
13
Processor/CPU Settings for 2008
13
13
Activating the Virtual Appliance Using Vsphere/Hyper-V SSH-type Console
13
Reconnecting the Virtual Appliance to the Desktop Software
14
SSL Certificate
15
Resolving the Hostname
15
i
Chapter 1: Introduction
SolarWinds Log & Event Manager (LEM) is a state-of-the-art virtual appliance that adds value to
existing security products and increases efficiencies in administering, managing and monitoring
security policies and safeguards on your network.
SolarWinds LEM is based on brand new concepts in security. You can think of it as an immunity
system for computers. It is a system that is distributed throughout your network to several “points of
presence” that work together to protect and defend your network. SolarWinds LEM responds
effectively with focus and speed to a wide variety of threats, attacks, and other vulnerabilities.
SolarWinds LEM collects, stores and normalizes log data from a variety of sources and displays that
data in an easy to use desktop or web console for monitoring, searching, and active response. Data is
also available for scheduled and ad hoc reporting from both the LEM Console and standalone LEM
Reports console.
Some common use cases for SolarWinds LEM include the following:
l
Correlating network traffic from a variety of sources using filters and rules.
l
Visualizing log data in dynamic graphs, charts and other widgets.
l
Monitoring USB mass storage device activity on network Agents.
l
Responding to countless threats, attacks and other vulnerabilities with easy to use
point-and-click and automated active responses.
l
Searching normalized log data for events of interest.
l
Change Management and other security-related reporting for management and
auditors.
1
Chapter 2: Installing LEM
SolarWinds Log & Event Manager is a two-part installation requiring you to separately install its two
components. Install the virtual appliance first, followed by the desktop software component.
A complete LEM installation includes the following components:
l
The virtual appliance to collect and process log and event information
l
The desktop software which allows you to view the information from a desktop or
laptop
What is the difference between a virtual appliance and desktop software?
l
A virtual appliance (also called an OVF template) functions more or less like a virtual
machine. It appears as a virtual machine in vSphere. Deploy the virtual appliance using
vSphere. The OVA file must be deployed from within vSphere for it to work.
l
The desktop software runs on a machine's operating system. It is installed by doubleclicking an executable (.exe) file, which then displays the install screens.
2
This section discusses software and hardware requirements. Before installing, make sure your
hardware and software meet these minimum requirements.
The following table provides the minimum installation requirements:
Software/Hardware
Requirements
Virtualization Platform
n
vSphere 4 or later
n
Microsoft Hyper -V 2008 R2
n
Microsoft Hyper-V 2012
CPU Speed
2 GHZ
Memory
8 GB
Hard Drive Space
n
250 GB is for a small deployment
n
2.0 TB is advised for a larger deployment
The following table provides the minimum installation requirements for the SolarWinds LEM desktop
console software and reports:
Software/Hardware
Requirements
Operating System -
n
Windows XP
n
Windows Server 2003
Desktop Console &
n
Windows Vista
n
Windows Server 2008
Reports
n
Windows 7
n
Windows Server 2008R2
n
Windows 8
CPU Speed
1 GHz Pentium III or equivalent
Memory
1 GB
3
Software/Hardware
Requirements
Hard Drive Space
5GB
Environment Variables
The ability to install all software with administrator rights
The following table provides the minimum installation requirements for the SolarWinds LEM web
console:
Software/Hardware
Requirements
Adobe Flash
Flash Player 15
Supported Browsers
n
Internet Explorer 8 and later.
Note: Cannot run the web console on Internet Explorer 10 on a
Windows Server 2012
n
Mozila Firefox 10 and later
n
Google Chrome 17 and later
4
This chapter discusses installing the SolarWinds LEM VMware virtual appliance. The files in each
executable contain the virtual appliance image to deploy SolarWinds Log & Event Manager using
either VMware vSphere or Microsoft HyperV.
Preparing the Installation Files
Double-click the SolarWinds Log and Event Manager.exe file to extract the application files to a
folder on your desktop. Follow the prompts shown in the Quick Start: Log and Event Manage screen.
Deploying LEM Using VMware vSphere
Deploy LEM using VMware vSphere version 4 or higher.
Note: If you are using a non-US keyboard, use SSH to input the settings.
Installing the virtual appliance using the vSphere Client:
5
1. Start the VMware vSphere Client and log on with VMware administrator privileges.
2. Click File > Deploy OVF Template.
3. Click Browse to select the Deploy First – LEM Virtual Appliance.ova file in the
SolarWinds Log & Event Manager folder on your desktop, and then click Next.
4. Complete the setup wizard.
5. Select Thin provisioned as the disk format, and then click Next.
6. Select the network to be mapped to the network interface card, and then click Next.
7. Click Finish after the OVF deployment completes successfully.
8. Select the SolarWinds Log and Event Manager virtual appliance and then click
Play.
9. Click the Console tab.
10. To start the LEM web console, launch a web browser and enter the Web Console URL
shown in the Console tab.
URLs that are supported
URLs that are NOT supported
http://<insert IP Address here>
https://<insert IP Address here>
http://<insert IP Address here>:8080/lem
https://<insert IP Address here>:8443/lem
http://<insert Hostname here>:8080/lem
https://<insert Hostname here>
https://<insertHostname here>:8443/lem
1. Open Hyper-V Manager.
2. Click Action > Import Virtual Machine.
3. Click Browse to open the SolarWinds Log and Event Manager folder extracted to the
desktop during installation.
6
4. Select the SolarWinds Log & Event Manager folder.
Note: Windows 2012 R2 users should select the Virtual Machines 2012 R2 directory
when importing the virtual machine.
5. Click Select Folder.
6. Select Copy the virtual machine... and Duplicate all files... on the Import Virtual
Machine window and then click Import.
7. Right-click the newly created SolarWinds Log & Event Manager virtual appliance and
select Settings.
8. Specify Network Adapter for a VM. Click OK to save the settings.
9. Select the SolarWinds Log & Event Manager virtual appliance and then click Action >
Connect.
10. In the virtual console window, click Action > Start and wait for the virtual appliance to
start.
11. Write down the IP Address of the virtual appliance which displays after the virtual
appliance starts up.
Note: To start the LEM web console, launch a web browser and enter the Web Console
URL shown in the Virtual Machine Connection screen. For more information,
seeDeploying LEM Using Microsoft Hyper-V
URLs that are supported
URLs that are NOT supported
https://<insert IP Address here>
http://<insert IP Address here>:8080/lem
https://<insert IP Address here>:8443/lem
http://<insert Hostname here>:8080/lem
https://<insert Hostname here>
https://<insertHostname here>:8443/lem
7
Configuring a Static IP Address
To configure a static IP Address:
1. Start the Client and log on with administrator privileges.
2. Arrow down to Advanced Configuration, and then press Enter.
3. At the cmc> prompt, enter appliance.
4. At the cmc::acm# prompt, enter netconfig.
5. At the prompt, enter static.
6. Follow the prompts to configure the remaining network settings.
Note: An entry is required for each prompt. Leaving blank entry results in a bad
network configuration and the ‘netconfig’ command needs to be run again.
Installing the LEM Reports
After installing the virtual appliance, install the SolarWinds Log & Event Manager Reports from the
Quick Start: Log and Event Manager splash screen.
Installing the SolarWinds LEM Reports:
1. Click the Install Desktop Software button
2. Click Run.
3. Click Next.
4. Review the Requirements for Installation information and then click Next.
5. Click Begin Install to begin the installation process.
6. Click Next.
7. Click Finish.
Connecting to the Web Console
When you have installed the LEM Reports, you are ready to connect to the LEM web console.
8
To access the web console:
1. To start the LEM web console, launch a web browser and enter the Web Console URL
provided during the configuration of VMware vSphere or Microsoft Hyper-V.
2. Click Connect.
Installing the LEM Desktop Console Software
If you do not wish to use the LEM web console, you can install the LEM desktop console
software.The LEM desktop console software is a Windows application that can be installed on any
computer that meets the system requirements.
Installing the SolarWinds LEM desktop software:
1. Download the Adobe AIR Runtime for Windows and Log & Event Manager Console zip
files from the Downloads section of the Customer Portal on Solarwinds.com.
2. Extract the contents of SolarWinds-LEM-v6.1.0-Console.zip and double-click the LEM
Console installer.
3. Click Install.
4. Specify your installation preferences.
5. Click Continue to begin the installation process.
6. If you did not instruct the console to open after installation, open the desktop console.
7. Accept the End User License Agreement, and then click OK.
8. Enter the IP Address of the virtual appliance and then click Connect.
Note: The LEM desktop software requires that you change your LEM password after
installation. This password must be between 6 and 40 characters, and must contain at
least one capital letter and one number.
9. Enter your email address to use the SolarWinds Improvement Program to send
anonymous data about your usage to SolarWinds. If you do not wish to participate,
clear the check box.
10. Click Save.
9
The evaluation version of SolarWinds Log & Event Manager can be upgraded to a fully functional
production version after purchasing a license from SolarWinds.com. There are two necessary steps
to that must be completed in the following order to activate and license the virtual appliance and
desktop software correctly:
o
Installing
o
o
SSL Certificate
o
Installing the License Using the Web Console
1. In the LEM Console, navigate to Manage > Appliances.
2. Click the License tab in the Properties area.
3. Select the Manager to be licensed.
4. Enter the License Key in the Key field.
Note: Administrator privileges are necessary to perform this operation.
5. Enter your Name, Email, and Phone.
6. Click Activate.
7. Click OK when the license has been successfully activated.
VM Resource Reservations
This section discusses disk space requirements and the VM resource ‘reservations’ for proper
operation.
The deployment default for LEM is 250GB. For larger deployments, 2.0TB may be required, which is
available when using ESX(i) 4/5+ and Hyper-V 2008 R-2.
10
LEM deployment requires “reservations” for system resources in the Virtual environment. LEM has
nearly 500 connectors to receive traffic from a multitude of different devices on a network. The type of
traffic varies depending upon the device sending the traffic, and the volume of traffic varies depending
on audit and log settings on those devices. This volume of traffic is typically a continuous stream of
traffic that fluctuates slightly due to changes in user needs, server usage, and network activity.
LEM data is received by connectors, presented in the console Monitor area, passed through the rules
engine for specified actions, and then pushed into a database for retrieval by the reports application or
nDepth search function. To accommodate processing the data real-time, LEM requires reservations
from the VM host.
When the volume of traffic exceeds 15 million events per day, increasing the reservations is needed.
The LEM Reports application determines the volume of traffic per day and the ‘span of time’ that the
database allows. Contact SolarWinds Technical Support to assist in setting the appropriate
reservations.
By default LEM deploys with 8GB of RAM and 2-CPU’s on both ESX and Hyper-V platforms.
When using VMware, the reservations can be viewed under Vsphere settings for the LEM.
To view the reservation settings in Vsphere:
1. Log into Vsphere.
2. View Settings/Reservations.
3. Select the desired LEM appliance from the list.
4. Click the Summary tab to view the number of CPU's.
Note: The Provisioned Storage in the Resource area is the total diskspace LEM can use.
5. Select the Resource Allocation tab, and note CPU reservation on the left and the
Memory reservations on the right.
6. At the bottom left, a reservation should show CPU reservation at 2.0 Ghz (& limit is
typically unlimited).
7. àsome docs show 3.0Ghz, but 2.0 is our minimum setting.
11
8. (it is possible to have 3.0 Ghz, and beyond that, we need to find VMware
documentation to support higher speeds.)
9. At the bottom right, a reservation should show Memory reservation of 8.0 GB (& limit is
typically unlimited).
10. (The Configured must be at least the same value [or higher] than the reservation).
11. You may see Memory Reservations as high as 64GB or RAM (for customers over 150
million events per day).
or
1. Open a putty session (or Vsphere console),
2. Enter the “manager” menu.
3. Enter the “viewsysinfo” command.
4. View the “CPU > Reservation” and the “Memory Reservation.”
12
LEM Reservations within the Hyper-V Console (2008 and 2012)
RAM Memory Settings
l
Static ram set to 8GB, 16GB, 24GB, 32GB.
l
Memory Weight must to be set to High.
1. Set the number of processors: 2, 4, 6, 8, 10, or 12.
2. Set the VM reserve CPU cycles to 100%.
3. Set the Limit CPU cycles to 100%.
4. Set the relative weight for CPU to 100%.
1. Set the CPU Priority to High.
2. Set the Reserve CPU cycle to 100%.
3. Set the Limit CPU cycles to 100%.
1. On the virtual appliance, click the Console tab, and then scroll to the bottom of the
page.
2. Using the arrow keys, navigate to Advanced Configuration, and then press Enter.
3. At the cmc> prompt, enter appliance
4. The prompt changes to cmc::acm# indicating you are in the appliance configuration
menu.
5. At the acm> prompt, enter activate
6. Enter and validate the password.
13
7. Select Yes to specify a Static IP (recommended), and then set the following
properties:
l
IP Address
l
Subnet Mask
l
Gateway
l
Fully qualified domain name of the DNS domain
l
DNS server IP address
8. Select Yes to specify a hostname, or No to accept the default hostname. The
following is information on hostname conventions:
l
Standard hostname naming conventions must be observed.
l
Hostname labels may contain only the ASCII letters a through z (in a caseinsensitive manner), the digits 0 through 9, and the hyphen (-).
l
Hostnames cannot start with a digit or a hyphen, and must not end with a
hyphen.
l
No other symbols, punctuation characters, or white spaces are permitted.
9. Select Yes to specify a whitelist of IP addresses that can access reports. This is the
recommended setting.
Note: Enter viewnetconfig at the cmc::acm# prompt to confirm the network
configurations configured above.
10. To ensure secure communication between the desktop software and the virtual
appliance, the SSL certificate is automatically exported from the virtual appliance
after activation is completed. Follow the prompts to export the certificate to a network
share.
After activating the license on the virtual appliance, the desktop software automatically attempts to
reconnect. If it has been disconnected, or if the hostname changed, you need to delete and add your
appliance in Manage > Appliance on the desktop software.
14
SSL Certificate
This procedure is only applicable for the desktop console. Exporting the SSL certificate in the
activation is only necessary if you plan to use the “Adobe Air” version of the LEM console, instead of
the web-based console which automatically imports the SSL certificate.
After activation, the LEM Console connects with the virtual appliance using secure communications.
To import the virtual appliance CA SSL Certificate to the Certificate store:
1. Locate and double-click the certificate on the network share.
2. Click Install Certificate.
3. Click Next and select Place all certificates in the following store.
4. Click Browse.
5. Select Trusted Root Certification Authorities, click OK, and then click Next.
6. Click Finish.
7. Click Yes to confirm that you trust the certificate.
Resolving the Hostname
Note: This procedure is only applicable for the desktop console.
The computer running the LEM Console must be able resolve the hostname of the appliance via DNS
or a manual entry in the hosts file. Failing to resolve the hostname results in an inability to connect, or
an unreliable communication.
Configure forward and reverse DNS entries (a HOST and PTR record) for your appliance on your
DNS server. When creating the DNS entries, use the default hostname or the hostname you
specified when the virtual appliance was imported.
If you cannot configure DNS directly on your DNS server, configure a hosts file on the computer by
editing Windows\System32\drivers\etc\hosts in a text editor and adding a line with your virtual
appliance’s IP address and hostname (space or tab separated).
15

My Document - SolarWinds

Transcription

Similar documents

Lightning Fast Search Solutions for the Enterprise

Standard Console 425-6012

JULIAN - Armani/Casa

FREE PLUS - BrandSource Digital

OPERATING INSTRUCTIONS MODEL: XXLS

XT Series Singlehead Brochure (small)

Sears Commercial Discount Program

Coffeehouse coffee

How to Care for Your Appliance Insertion:

REUSABLE GEL HEAT PACK