You are on page 1of 106

RSA enVision

Hardware Setup and Maintenance Guide


60 Series

Contact Information
Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com

Trademarks
RSA, the RSA Logo, RSA enVision, RSA Event Explorer and EMC are either registered trademarks or trademarks of EMC
Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective
owners. For a list of EMC trademarks, go to www.rsa.com/legal/trademarks_list.pdf.

License agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and
may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice
below. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any
other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.

Third-party licenses
This product may include software developed by parties other than RSA. The text of the license agreements applicable to
third-party software in this product may be viewed in the thirdpartylicenses.pdf file.
Portions of this application include technology used under license from Visual Mining, Inc. 2000 - 2010.
Portions of this application include iAnywhere technology, 2001 - 2010.

Note on encryption technologies


This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.

Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright 2012 EMC Corporation. All Rights Reserved. Published in the USA.
June 2012

RSA enVision Hardware Setup and Maintenance Guide

Contents
Preface................................................................................................................................... 7
About This Guide................................................................................................................ 7
Terminology Used in this Document .................................................................................. 7
RSA enVision Documentation............................................................................................ 7
Related Documentation....................................................................................................... 8
Support and Service ............................................................................................................ 9
Before You Call Customer Support............................................................................. 9

Chapter 1: Overview of the RSA enVision Platform ................................11


RSA enVision Sites............................................................................................................11

Chapter 2: Appliance Layout ................................................................................. 13


Front Panel ........................................................................................................................ 13
LCD Panel Features ................................................................................................... 15
Hard Drive Indicators ................................................................................................ 16
Back Panel......................................................................................................................... 17
Power Indicator Codes............................................................................................... 19

Chapter 3: Single Appliance Site ........................................................................ 21


Single Appliance Site Overview ....................................................................................... 21
Setup and Configuration Tasks - Single Site .................................................................... 21
Set Up a Single Appliance Site ......................................................................................... 22
Configure the RSA DAS 2000.......................................................................................... 24
Configure Free Space on the RSA enVision DAS-2000 .................................................. 25

Chapter 4: Multiple Appliance Site .................................................................... 27


Multiple Appliance Site Overview ................................................................................... 27
Setup and Configuration Tasks - Multiple Appliance Site ............................................... 28
Set Up a Multiple Appliance Site ..................................................................................... 28
Cabling Examples ............................................................................................................. 32
Enhanced Availability....................................................................................................... 38

Chapter 5: Remote Collector Site ....................................................................... 39


Remote Collector Site Overview ...................................................................................... 39
Setup and Configuration Tasks - Remote Collector Site .................................................. 39
Set Up a Remote Collector Site ........................................................................................ 40

Chapter 6: Adding an Appliance to an Existing Site .............................. 43


Prepare to Add an Appliance ............................................................................................ 43
Determine Whether to Update Files on the D-SRV1 ................................................ 44
Update Files on the D-SRV1 ..................................................................................... 44
Add an LC, A-SRV, or D-SRV to a Site .......................................................................... 45
Add an RC to a Site........................................................................................................... 47

Chapter 7: NAS Configuration .............................................................................. 49


Supported NAS Storage for RSA enVision ...................................................................... 49

Contents

RSA enVision Hardware Setup and Maintenance Guide

Storage Specifications....................................................................................................... 50
NAS Configuration Values for VNX................................................................................ 51
Creation of Storage Pools .......................................................................................... 52
Network Interface Configuration............................................................................... 52
Creation of the File Systems ...................................................................................... 52
Creation of the Standalone CIFS Server.................................................................... 54
Creation of the CIFS Shares ...................................................................................... 55
iSCSI Configuration Settings..................................................................................... 57
Enable E-mail Connect Home ................................................................................... 60
Proxy Address Resolution Protocol ........................................................................... 61
NAS Configuration Values for Celerra............................................................................. 62
Creation of Storage Pools .......................................................................................... 62
Network Interface Configuration............................................................................... 63
Creation of the File Systems...................................................................................... 63
Creation of the Standalone CIFS Server.................................................................... 65
Creation of the CIFS Shares ...................................................................................... 67
iSCSI Configuration Settings..................................................................................... 68
Enable Celerra Connect Home .................................................................................. 71
Proxy Address Resolution Protocol ........................................................................... 71

Chapter 8: Factory Reimaging and Typing ................................................... 73


Factory Reimaging and Typing an Appliance .................................................................. 73
Disable Virtual Drives ............................................................................................... 73
Reimage the Appliances ............................................................................................ 74
Factory Type the Appliances ..................................................................................... 74

Appendix A: Hardware Specifications............................................................. 77


Hardware Location Requirements .................................................................................... 77
ES Appliance Specifications ............................................................................................. 78
LS Appliance Specifications ............................................................................................. 79
Appliance Specifications................................................................................................... 80
ES Storage Array Specifications....................................................................................... 82
LS Storage Array Specifications....................................................................................... 83
Rack Specifications for ENV-NAS53-1 and ENV-NAS53-2 ................................... 86
Rack Specifications for RSA NAS 3500 and RSA NAS 7000.................................. 87
LS Network Switch Specifications ................................................................................... 88
Appliance Rack Specifications ......................................................................................... 89
Safety and Regulatory Statements .................................................................................... 90
Caution....................................................................................................................... 90

Appendix B: Changing Passwords ................................................................... 91


Passwords for the RSA enVision Platform and the NAS ................................................. 91
Change Passwords on the NAS......................................................................................... 92
Change Passwords on the enVision Appliance Using the Password Manager Utility ..... 93
Verify Remote Collector Connectivity ............................................................................. 95
Change the DRAC (root) Password .................................................................................. 95

Contents

RSA enVision Hardware Setup and Maintenance Guide

Verify Read/Write Permissions After Changing Passwords............................................. 95


Verify Permissions on D-SRVs ................................................................................. 95
Verify Permissions on Collectors .............................................................................. 96
Verify Permissions on A-SRVs ................................................................................. 96
Additional Passwords........................................................................................................ 98
Troubleshooting ................................................................................................................ 99
Change Passwords that were Accidentally Updated Manually ................................. 99

Glossary ........................................................................................................................... 101

Contents

RSA enVision Hardware Setup and Maintenance Guide

Preface
About This Guide
This guide contains information on setting up and maintaining your RSA enVision
hardware appliance. Use this guide in conjunction with the Configuration Guide. It is
intended for system administrators who need to setup an enVision appliance.

Terminology Used in this Document


GB versus INF

This document uses the Gigabit ethernet switches convention (GB) for all references
to network switches. The operating system naming convention of INF is not used in
this document.
NAS (Network Attached Storage)

The following naming convention is used in this document:


Term

Description

NAS

Any supported network attached storage,


or third-party network attached storage
that meets minimum requirements.

RSA NAS

Celerra NS-120

RSA NAS 3500


RSA NAS 7000
ENV-NAS53-1

VNX 5300 with 15 disks

ENV-NAS53-2

VNX 5300 with 30 disks

RSA enVision Documentation


For information about the RSA enVision platform, see the following documentation:
Release Notes. Provides information about what is new and changed in this
release, as well as workarounds for known issues. The latest version of the
Release Notes is available on RSA SecurCare Online at
https://knowledge.rsasecurity.com.
Overview Guide. Provides an introduction to RSA enVision platform features and
capabilities.

Preface

RSA enVision Hardware Setup and Maintenance Guide

Hardware Setup and Maintenance Guide. Provides instructions on setting up and


maintaining RSA enVision appliances. Intended audience is the system
administrator.
Configuration Guide. Provides instructions on configuring an RSA enVision site.
Intended audience is the system administrator.
Migration Guide. Provides instructions on migrating data from a previous version
of the RSA enVision platform to the current version.
Virtual Deployment Guide. Provides instructions on installing an RSA enVision
single appliance site or Remote Collector on a virtual infrastructure.
Administrators Guide. Provides instructions on the basic setup and maintenance
of the RSA enVision platform. Includes instructions for the most common
administrator tasks.
Users Guide. Provides information that helps users to get started using the
RSA enVision platform. Includes instructions for the most common user tasks.
Backup and Recovery Guide. Provides instructions on backing up an
RSA enVision system and recovering from a hardware failure.
Security Configuration Guide. Provides an overview of security configuration
settings in the RSA enVision platform.
Universal Device Support Guide. Describes how to add log collection and
analysis support for event sources that the RSA enVision platform does not
support.
RSA enVision Help. Provides comprehensive instructions on setting up
RSA enVision processing options and using RSA enVision analysis tools.
RSA continues to assess and improve the documentation. Check RSA SecurCare
Online for the latest documentation.

Related Documentation
For information about the RSA enVision Event Explorer module, see the following
documentation:
Release Notes. Provides information about what is new and changed in this
release, as well as workarounds for known issues.
Installation Guide. Provides instructions on installing the RSA enVision Event
Explorer module on your client machine in separate guides for Microsoft
Windows and Apple Macintosh operating systems. Intended audience is the end
user.
RSA enVision Event Explorer Help. Provides comprehensive instructions on
setting up and using the RSA enVision Event Explorer module.
For information about the RSA enVision EventSource Integrator, see the following
documentation:
Release Notes. Provides information about what is new and changed in this
release, as well as workarounds for known issues.

Preface

RSA enVision Hardware Setup and Maintenance Guide

Overview Guide. Provides an introduction to RSA enVision EventSource


Integrator features and capabilities.
RSA enVision EventSource Integrator Help. Provides comprehensive
instructions on using RSA enVision Event Source Integrator.

Support and Service


RSA SecurCare Online

https://knowledge.rsasecurity.com

Customer Support Information

www.rsa.com/support

RSA Secured Partner Solutions Directory

www.rsasecured.com

RSA SecurCare Online offers a knowledgebase that contains answers to common


questions and solutions to known problems. SecureCare Online also offers
information on new releases, important technical news, and software downloads.
The RSA Secured Partner Solutions Directory provides information about third-party
hardware and software products that have been certified to work with RSA products.
The directory includes Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.

Before You Call Customer Support


Make sure that you have direct access to the computer running the RSA enVision
software.
Please have the following information available when you call:
One of the following:

On a 60-series appliance, the serial number of the appliance.


You can find the seven-character serial number on the chassis tag on the back
of the appliance, or open a Dell Openmanage Server Administrator session,
and click System > Properties > Summary to find the serial number in the
chassis service tag field.

On a virtual appliance, the serial number of the RSA enVision software.


Open the C:\WINDOWS\system32\drivers\etc\Nie-oe.dat file, and locate
the line that begins with S/N=.

RSA enVision software version number.


The name and version of the operating system under which the problem occurs.
On a virtual appliance, the VMware ESX or ESXi server details.

Preface

RSA enVision Hardware Setup and Maintenance Guide

Overview of the RSA enVision Platform


The RSA enVision platform is a feature-rich compliance and security application. It
allows you to capture and analyze log information automatically from your network,
security, application, operating, and storage environments. The enVision LogSmart
Internet Protocol Database (IPDB) collects and protects all the data from any network
device automatically, without filtering. The enVision platform gives you an accurate
picture of how your network is being used, and by whom. It independently monitors
your network to verify security policies, generates alerts for possible compliance
breaches, and analyzes and reports on network performance.
The enVision platform is tightly coupled with its underlying appliance operating
system and hardware, and together they make up a highly scalable platform that
provides guaranteed levels of performance.
The enVision platform is made up of three components:
Application Server. Supports interactive users and runs the suite of analysis
tools.
Collector. Captures incoming events.
Data Server. Manages access and retrieval of captured events.

RSA enVision Sites


The RSA enVision platform is deployed on a site basis. The enVision components are
deployed based on the type of site that you have. The two types of sites are:
Single appliance site. The ES series appliances are designed to operate in a
stand-alone, non-distributed mode. They have all three enVision
componentsApplication, Collector, and Databaseinstalled on one appliance.
The single appliance is a site. Some single appliance sites have an external storage
system.
For information on single appliance sites, see Chapter 3, Single Appliance Site.

1: Overview of the RSA enVision Platform

11

RSA enVision Hardware Setup and Maintenance Guide

Multiple appliance site. The LS series appliances are designed to operate in a


distributed installation. Each enVision componentApplication Server,
Collector, and Data Serveris on its own appliance. The appliances together form
a site. Distributed multiple appliance sites allow multiple installations of any of
the three appliance types to be deployed to manage the variety of network
infrastructures found in production environments. All multiple appliance sites
have external storage systems.
For information on multiple appliance sites, see Multiple Appliance Site on
page 27.
For information on connecting a remote collector site with a multiple appliance
site, see Remote Collector Site on page 39.

12

1: Overview of the RSA enVision Platform

RSA enVision Hardware Setup and Maintenance Guide

Appliance Layout
The appliance layouts of the ES and LS series appliance hardware types are the same.
The internal specifications of the ES and LS series appliance hardware differ. The
following topics provide information on the appliance layout, and briefly describe the
function of buttons on the:

Front Panel

Back Panel

For information on hardware specifications, see Hardware Specifications on


page 77.

Front Panel
The following figure shows the front panel of the RSA enVision appliance.
1

10

Item

Indicator,
Button, or
Connector

Information tag

Slide-out label panel for system information,


including the enVision appliance model
number.

Power-on
indicator,
power button

Lights when the system power is on.

2: Appliance Layout

Icon

Description

The power button is configured to disable


accidental power down of the appliance.

13

RSA enVision Hardware Setup and Maintenance Guide

Item

Indicator,
Button, or
Connector

NMI button

Icon

Description

Use to troubleshoot software and device driver


errors.
Use this button only if directed to do so by
Customer Support or by the operating system
documentation. (Use the end of a paper clip to
press this button.)

USB
connectors (2)

Use to connect USB 2.0-compliant devices to


the system.

Video
connector

Use to connect a monitor to the system.

LCD menu
buttons

Allows you to navigate the control panel LCD


menu.

LCD panel

Provides system ID, status information, and


system error messages.
The LCD lights blue during normal system
operation. The LCD lights amber when the
system needs attention, and the LCD panel
displays an error code followed by descriptive
text.
Note: If the system is connected to AC power

and an error has been detected, the LCD lights


amber regardless of whether the system has
been powered on.

14

System
identification
button

Use to locate a particular system within a rack.


When you push this button, the LCD panel on
the front and the system status indicator on the
back flash blue until you push the button again.
There is also a system identification button on
the back panel.

Optical drive
(CD/DVD)

One CD/DVD drive.

10

Hard Drive
Bays (6)

Six 3.5-inch hot-swappable hard drive bays.


The LS series Application Server (A-SRV) is
fully populated with six hard drives while all
other appliance types contain only two hard
drives.

2: Appliance Layout

RSA enVision Hardware Setup and Maintenance Guide

LCD Panel Features


The LCD panel provides system information and status messages to indicate that the
system is operating correctly or that the system needs attention.
The LCD backlight lights blue during normal operating conditions and lights amber to
indicate an error condition. When the system is in standby mode, the LCD backlight is
off. To turn on the LCD backlight, press the Select button on the LCD panel.
The following figure shows the LCD panel.
1

Item

Description

Moves the cursor back in one-step increments.

Selects the menu item highlighted by the cursor.

Moves the cursor forward in one-step increments.


During message scrolling:
Press once to increase scrolling speed.
Press again to stop.
Press again to return to default scrolling speed.

2: Appliance Layout

Use to locate a particular system within a rack. When you push this button, the
LCD panel on the front and the system status indicator on the back flash blue
until you push the button again. There is also a system identification button on
the back panel.

15

RSA enVision Hardware Setup and Maintenance Guide

Hard Drive Indicators


The hard drive carriers have two indicators:

Drive-activity indicator

Drive-status indicator

The following figure shows the hard drive indicators.

Item

Description

Drive-status indicator (green and amber)

Drive-activity indicator (green)

In RAID configurations, the drive-status indicator lights display different patterns as


drive events occur in the system. The drive indicator patterns for RAID hard drives are
shown in the following table.

16

Drive-Status Indicator Pattern

Drive Condition

Blinks green two times per second

Identify drive/preparing for removal

Off

Drive ready for insertion or removal

Blinks green, amber, and off

Drive predicted failure

Blinks amber four times per second

Drive failed

Blinks green slowly

Drive rebuilding

Steady green

Drive online

Blinks green three seconds, amber


three seconds, and off six seconds

Rebuild aborted

2: Appliance Layout

RSA enVision Hardware Setup and Maintenance Guide

Back Panel
The following figure shows the back panel of the RSA enVision appliance.
2

10

11

12

13

14

15

Item

Indicator,
Button, or
Connector

PCIe slot1

PCI Express x4-link (Generation 2) expansion


slot (2.881 inch full-height, 12.2 inch length)

PCIe slot 2

PCI Express x4-link (Generation 2) expansion


slot (2.881 inch low-profile, 9.5 inch length)

PCIe slot 3

PCI Express x8-link (Generation 2) expansion


slot (4.376 inch full-height, 9.5 inch length)

PCIe slot 4

PCI Express x8-link (Generation 2) expansion


slot (4.376 inch full-height, 9.5 inch length)

Power supply 1

570-W power supply

Power supply 2

570-W power supply

VFlash media
slot

Use to connect an external secure digital (SD)


memory for the optional iDRAC6 enterprise
card.

iDRAC6
enterprise port

Dedicated management port for the iDRAC6


Enterprise card.

Serial
connector

Use to connect a serial device to the system.

10

Video
connector

Use to connect a VGA display to the system.

11

USB
connectors (2)

Use to connect USB 2.0-compliant devices to


the system.

2: Appliance Layout

Icon

Description

17

RSA enVision Hardware Setup and Maintenance Guide

Item

18

Indicator,
Button, or
Connector

Icon

Description

12

Ethernet
connectors (4)

Integrated 10/100/1000 NIC connectors labeled


GB1, GB2, GB3, GB4 from left to right.

13

System status
indicator
connector

Use to attach a system indicator extension cable


that is used on a cable management arm.

14

System status
indicator

Power-on indicator.

15

System
identification
button

Use to locate a particular system within a rack.


When you push this button, the LCD panel on
the front and the system status indicator on the
back flash blue until you push the button again.
There is also a system identification button on
the front panel.

2: Appliance Layout

RSA enVision Hardware Setup and Maintenance Guide

Power Indicator Codes


An LED indicator on the power button indicates when power is supplied to the system
and the system is operational.
The power supplies have an indicator that shows whether power is present or whether
a power fault has occurred.
The following figure shows the power supply and the power supply status button.

Power supply status


The power supply statuses are as follows:
Not litAC power is not connected.
GreenPower supply is operational.
AmberProblem with power supply.
Green and amber (alternating)Power supply is mismatched with the other power
supply (a high-output 870-W power supply and an Energy Smart 570-W power supply
are installed in the same system). Replace the power supply that has the flashing
indicator with a power supply that matches the capacity of the other installed power
supply.

2: Appliance Layout

19

RSA enVision Hardware Setup and Maintenance Guide

Single Appliance Site


The RSA enVision platform can be deployed in different ways based on the type of
site that you have planned. The following topics provide information on the single
appliance site:

Single Appliance Site Overview

Setup and Configuration Tasks - Single Site

Set Up a Single Appliance Site

Configure the RSA DAS 2000

Configure Free Space on the RSA enVision DAS-2000

Single Appliance Site Overview


The ES series appliances are designed to operate in a stand-alone, non-distributed
mode. The ES appliances have all three RSA enVision componentsApplication,
Collector, and Databaseinstalled on one appliance. The single appliance is a site.
The two enVision appliance series used for single appliance sites are:
ES series with local storage. The ES series appliances can manage up to 2,500
sustained events per second (EPS) from up to 400 event sources without
sacrificing any of the real-time or historical analysis.
ES series with external storage. Designed for the enterprise where large
numbers of event sources are often deployed to enforce, monitor, and manage
security.
There are different models within each of these series. The appliance model that you
use depends on your needs. For more information, see ES Appliance Specifications
on page 78.
Note: Starting with the enVision 4.1 platform, you can deploy a single appliance site

on a virtual infrastructure. For information, see the Virtual Deployment Guide.

Setup and Configuration Tasks - Single Site


You must perform the following tasks to set up and configure a single appliance site.
Task

Reference

1. Plan the installation. Complete the Configuration Wizard Planning Worksheet planning worksheet.
Single Appliance Site in the Configuration Guide

3: Single Appliance Site

21

RSA enVision Hardware Setup and Maintenance Guide

Task

Reference

2. Set up the RSA enVision appliance Set Up a Single Appliance Site on page 22
hardware.
3. Connect to the appliance remotely
using DRAC or using a KVM
switch.

Dell Remote Access Controller Utility in the


Configuration Guide

Connect to the Appliance Using a Keyboard,


Monitor, and Mouse in the Configuration
Guide

4. Configure the single appliance site. Configure a Single Appliance Site in the
Configuration Guide
5. Install content updates.

Content Updates in the Configuration Guide

Set Up a Single Appliance Site


Important: Before you set up your hardware, review Safety and Regulatory

Statements on page 90.


To set up a single appliance site:

1. Plan the installation. Complete the Configuration Wizard Planning Worksheet Single Appliance Site in the chapter Single Appliance Site in the Configuration
Guide.
2. Select a hardware setup location that meets the requirements for the current
installation and for future growth. For location requirements, see Hardware
Specifications on page 77. For information on installing the appliance, see the
manufacturers documentation.

22

3: Single Appliance Site

RSA enVision Hardware Setup and Maintenance Guide

3. Connect the ES appliance to the LAN (through ethernet connector GB1).

4. If your ES appliance has an external DAS storage, connect the storage system to
the ES appliance (through ethernet connector GB2). Connect a cable from GB2 on
the ES appliance to the MGMT port on the RSA DAS 2000. For instructions, see
Configure the RSA DAS 2000 on page 24.
Note: You can connect to the management UI on the RSA DAS 2000 at

http://10.203.2.90.
5. Connect each of the power cords to a different power circuit for increased
reliability and availability.
6. If you are using external storage, power on the storage appliance. For instructions,
refer to the storage system documentation. Wait five minutes until the external
storage is powered on.
7. Power on the ES appliance.
8. Complete the enVision site configuration, using the enVision Configuration
Wizard. For instructions, see Single Appliance in the Configuration Guide.

3: Single Appliance Site

23

RSA enVision Hardware Setup and Maintenance Guide

Configure the RSA DAS 2000


If your ES appliance has a DAS 2000 external storage array, perform the following
steps to configure the external DAS.
Note: This configuration deletes the existing data on the DAS 2000.
To configure the DAS 2000:

1. Connect the network and power cables as follows:

LAN to the public network

SWITCH (GB1) to the 0-iSCSI port on the attached storage array

GB2 to the Management LAN port on the attached storage array

2. Configure the following network interfaces:

24

SWITCH (GB1) address:

IP Address: 10.203.2.11

Subnet Mask: 255.255.255.0

Gateway: Leave blank

DNS: Leave blank

GB2 address:

IP Address: 10.203.3.11

Subnet Mask: 255.255.255.0

Gateway: Leave blank

DNS: Leave blank

3: Single Appliance Site

RSA enVision Hardware Setup and Maintenance Guide

3. Follow these steps to run the iSCSI setup script:


a. Open a command prompt, and change directories to C:\Program Files
(x86)\EMC\Navisphere CLI.
b. Type:
ax150-iscsi-setup NIC 10.203.2.103

4. Follow these steps to configure the drives on the storage array:


a. To scan for drives and configure two logical partitions, at a command prompt,
type:
disk-init.bat

b. When prompted to format G: and H: drives, type Y. Formatting could take up


to one hour per drive.
5. Continue the setup of the single appliance site, as described in the preceding
section, Set Up a Single Appliance Site.

Configure Free Space on the RSA enVision DAS-2000


The DAS 2000 has additional free space that has not been pre-configured. You can
configure and use the storage as needed for use with the RSA enVision appliance.
To configure free space on RSA enVision DAS-2000:

1. Log into the DAS-2000 from the enVision appliance by performing the following
steps:
a. Open a web browser and navigate to http://10.203.3.90.
b. Answer Yes to the Security Alert message.
c. Login to the DAS management console. For instructions, see the
corresponding DAS documentation.
2. On the left navigation window, click on Disk Pools and check the total free space
for each pool.
3. Create new Logical Unit Numbers (LUNs) from the available free space by
performing the following steps:
a. On the left navigation window, click on Virtual Disks.
b. Select the number of virtual disks for the new LUN.
c. Enter a name and the desired capacity for the new LUN.
d. Select NICAPPLIANCE as the server to assign the new LUN.
e. Click Apply and wait for the process to complete.
4. Verify that the new LUN has been created by performing the following steps:
a. To view the new LUN, click the link View all virtual disks that have been
created so far.
b. Click on the LUN name to view details about the LUN.

3: Single Appliance Site

25

RSA enVision Hardware Setup and Maintenance Guide

c. Review the properties of the LUN and ensure that it is assigned to NIC.
5. You must format the new LUN for use with the enVision platform. Perform the
following steps on the enVision appliance:
a. Open the disk management window. Click Start > Run, type diskmgmt.msc
and press Enter.
The new LUN appears as Unallocated in the lower pane of the disk
management window.
b. Before partition, run the Initialize and Convert Disk Wizard by following
the instructions in the wizard.
c. Right-click on the unallocated disk and select New Partition.
d. Specify the following settings in the New Partition wizard:

Partition type: Primary partition

Partition size in MB: Leave default size

Drive letter: Select desired drive letter

File system: NTFS

Allocation unit size: 64K

Volume label: NIC4

e. Click Next.
f.

Click Finish.

6. Add the new partition as an additional storage for use with the enVision platform.
Perform the following steps:
a. Log into the enVision application GUI at https://<Appliance IP Address>:443.
b. Click System Configuration > Directories > Manage Storage Locations.
c. Click the Add button and point to the path of the newly created drive, for
example, K:\
The new drive appears in the Manage Storage Locations window.

26

3: Single Appliance Site

RSA enVision Hardware Setup and Maintenance Guide

Multiple Appliance Site


The RSA enVision platform can be deployed in different ways based on the type of
site that you have planned. The following topics provide information on the multiple
appliance site:

Multiple Appliance Site Overview

Setup and Configuration Tasks - Multiple Appliance Site

Set Up a Multiple Appliance Site

Cabling Examples

Enhanced Availability

Multiple Appliance Site Overview


The LS series appliances are designed to operate in a distributed installation. Each
RSA enVision componentApplication, Collector, and Databaseis on its own
appliance. The appliances together form a site. Distributed multiple appliance sites
allow multiple installations of any of the three appliance types to be deployed to
manage the variety of network infrastructures found in production environments. All
multiple appliance sites use external storage systems.
Each multiple appliance site contains the following hardware items:

RSA enVision appliances

Storage system

Network switch

Appliance rack

For a complete explanation of multiple appliance sites and multiple site deployments,
and for instructions on configuring enVision on these sites, see the chapter Multiple
Appliance Site in the Configuration Guide. For information on the hardware items,
see Hardware Specifications on page 77.

4: Multiple Appliance Site

27

RSA enVision Hardware Setup and Maintenance Guide

Setup and Configuration Tasks - Multiple Appliance Site


You must perform the following tasks to set up and configure a multiple appliance
site.
In a multiple site domain, you must repeat the first three tasks on each site except for
Task 5. Also task 4 only needs to be performed once in a NIC domain.
Task

Reference

1. Plan the installation. Complete the Configuration Wizard Planning Worksheet Configuration Wizard Planning
Multiple Appliance Site in the Configuration Guide
Worksheet.
2. Set up the RSA enVision appliance Set Up a Multiple Appliance Site on page 28
hardware.
3. Connect to the Data Sever (D-SRV
or DS1 if there are multiple
D-SRVs) appliance remotely using
DRAC or using a KVM switch.
4. Configure the multiple appliance
site.

Dell Remote Access Controller Utility in the


Configuration Guide
Connect to the Appliance Using a Keyboard,
Monitor, and Mouse in the Configuration
Guide

Configure a Multiple Appliance Site in the


Configuration Guide

5. (Optional) Configure the additional Preferred or Dedicated D-SRVs for Reports or


D-SRVs to handle specific service Event Data Interchange in the Configuration Guide
requests.
6. Verify that replication is working
correctly within the NIC domain.

NIC DB Replication in the Configuration Guide

7. (Optional) Install the Task Triage


database.

Task Triage Database Setup in the Configuration


Guide

8. Install content updates.

Content Updates in the Configuration Guide

Set Up a Multiple Appliance Site


Important: Before you set up your hardware, review Safety and Regulatory

Statements on page 90.

28

4: Multiple Appliance Site

RSA enVision Hardware Setup and Maintenance Guide

To set up a multiple appliance site:

1. Plan the installation. Complete the Configuration Wizard Planning Worksheet Multiple Appliance Site in the chapter Multiple Appliance Site in the
Configuration Guide.
2. Select a hardware setup location that meets the requirements for the current
installation and for future growth. For location requirements, see Hardware
Specifications on page 77. For information on installing the appliance, see the
manufacturers documentation.
3. Connect the storage system. Note the IP address for the storage device in the
Identify External Storage section of the Configuration Wizard Planning
Worksheet - Multiple Appliance Site in Multiple Appliance Site in the
Configuration Guide.
4. Connect each LS appliance in the site to the LAN (through ethernet connector
GB1) and the switch (through ethernet connector GB2).

Note: Ignore any warning messages that you receive about IP conflicts when

you are making the physical connections to the LAN.

4: Multiple Appliance Site

29

RSA enVision Hardware Setup and Maintenance Guide

5. Connect each of the power cords to a different power circuit for increased
reliability and availability. For powerline redundancy, the appliance and the
switch have dual power supplies.

6. Power on the storage system. For instructions, refer to the storage system
documentation. Wait five minutes.
7. Power on the network switch and LS appliances.
The LS Typing Wizard starts automatically on the appliances.
If you click Cancel at any time while using the wizard, you must restart the
wizard to type the appliance. To restart the wizard, double-click the
lsconfigurationwizard.exe file in the C:\windows\installations directory.
8. On each appliance in the site, follow these steps to assign the LS appliance type:

30

4: Multiple Appliance Site

RSA enVision Hardware Setup and Maintenance Guide

a. Connect to the appliance.


b. Select the LS checkbox.
c. Select one of the following LS types for the appliance:

AS1 (Application Server)

AS2 (Application Server)

AS3 (Application Server)

DS1 (Database Server)

DS2 (Database Server)

DS3 (Database Server)

DS4 (Database Server)

RC (Remote Collector)

LC1 (Local Collector)

LC2 (Local Collector)

LC3 (Local Collector)

d. Click Next.
e. Verify that the information is correct, and click Finish.
If the information is not correct, click Cancel.
9. Apply the appropriate labels for the appliance type to the front and back of the
appliance to identify it.
10. Repeat step 8 to step 9 for each appliance in your site.
11. Complete the enVision site configuration using the enVision Configuration
Wizard. For instructions, see Multiple Appliance Site in the Configuration
Guide.

4: Multiple Appliance Site

31

RSA enVision Hardware Setup and Maintenance Guide

Cabling Examples
This section shows examples of cabled multiple appliance sites.
The following figure shows an example of a multiple appliance site with a Local
Collector (LC), an Application Server (A-SRV), and a Database Server (D-SRV). The
site is connected to the switch. The switch is connected to the ENV-NAS53-1 or
ENV-NAS53-2 (external storage).

32

4: Multiple Appliance Site

RSA enVision Hardware Setup and Maintenance Guide

The following figure shows an example of a multiple appliance site with a Local
Collector (LC), an Application Server (A-SRV), and a Database Server (D-SRV). The
site is connected to the switch. The switch is connected to the RSA NAS 3500 or RSA
NAS 7000 (external storage).

A-SRV

D-SRV

LC

4
0

3
7

No Serviceable Parts Within


Ne contient pas de pieces reparables
No contiene piezas reparables
Enthalt keine reparierbaren Teile
Non contlene parti riparabili

PRI

046-002-567_A02

2 MIN

046-002-000

EXP

PRI

EXP

PRI

2 MIN
EXP

EXP

PRI

046-002-567_A02

Disk Array Enclosure

No Serviceable Parts Within


Ne contient pas de pieces reparables
No contiene piezas reparables
Enthalt keine reparierbaren Teile
Non contlene parti riparabili

Switch

MG MT

CS

Control Station

10/100

cge 0

DO NOT
REMOVE

DO NOT
REMOVE

DO NOT
REMOVE

DO NOT
REMOVE

Storage Processor

Second Power Supply

cge 2

cge 1

10/100

cge 3

cge 0

cge 1

cge 2

cge 3

Data Movers

SP

B
BE0

4: Multiple Appliance Site

BE1

Aux 0

Aux 1

BE0

BE1

Aux 0

Aux 1

33

RSA enVision Hardware Setup and Maintenance Guide

The following figure shows an example of a cabled multiple appliance site with one
D-SRV, two A-SRVs, and three LCs. The site is connected to the switch. The switch is
connected to the ENV-NAS53-1 or ENV-NAS53-2 (external storage).

34

4: Multiple Appliance Site

RSA enVision Hardware Setup and Maintenance Guide

The following figure shows an example of a cabled multiple appliance site with one
D-SRV, two A-SRVs, and three LCs. The site is connected to the switch. The switch is
connected to the RSA NAS 3500 or NAS 7000 (external storage).

4: Multiple Appliance Site

35

RSA enVision Hardware Setup and Maintenance Guide

The following figure shows an example of a cabled multiple appliance site with three
D-SRVs, two A-SRVs, and three LCs. The site is connected to the switch. The switch
is connected to the ENV-NAS 53-1 or ENV-NAS53-2 (external storage).

36

4: Multiple Appliance Site

RSA enVision Hardware Setup and Maintenance Guide

The following figure shows an example of a cabled multiple appliance site with three
D-SRVs, two A-SRVs, and three LCs. The site is connected to the switch. The switch
is connected to the RSA NAS 3500 or NAS 7000 (external storage).

A-SRV1

A-SRV2

D-SRV1

D-SRV2

D-SRV3

LC1

LC2

LC3

EXP

PRI
0

EXP

PRI

EXP

EXP

046-002-567_A02

Disk Array Enclosure

PRI

PRI

2 MIN

No Serviceable Parts Within


Ne contient pas de pieces reparables
No contiene piezas reparables
Enthalt keine reparierbaren Teile
Non contlene parti riparabili

Switch

No Serviceable Parts Within


Ne contient pas de pieces reparables
No contiene piezas reparables
Enthalt keine reparierbaren Teile
Non contlene parti riparabili

046-002-567_A02

2 MIN

046-002-000

Control Station

MG MT

CS
A

10/100

cge 0

cge 2

cge 1

10/100

cge 3

DO NOT
REMOVE

cge 0

cge 1

cge 2

cge 3

Data Movers

SP

B
BE0

4: Multiple Appliance Site

DO NOT
REMOVE

DO NOT
REMOVE

DO NOT
REMOVE

Storage Processor

Second Power Supply

BE1

Aux 0

Aux 1

BE0

BE1

Aux 0

Aux 1

37

RSA enVision Hardware Setup and Maintenance Guide

Enhanced Availability
Optionally, you can set up enhanced availability (EA) for the Local Collectors (LCs).
This allows you to define up to six cluster appliances (CAs) for a site to perform the
LC roles.
Contact RSA Professional Services to set up EA.

38

4: Multiple Appliance Site

RSA enVision Hardware Setup and Maintenance Guide

Remote Collector Site


The LS series appliances, used in multiple appliance sites, are designed to operate in a
distributed installation. You can also connect a remote collector in such a distributed
installation. The following topics describe this process in detail:

Remote Collector Site Overview

Setup and Configuration Tasks - Remote Collector Site

Set Up a Remote Collector Site

Remote Collector Site Overview


Remote Collectors (RCs) capture incoming events remotely and forward the data
collected to the D-SRV1 in an RSA enVision multiple appliance site using the NIC
Forwarder Service. All RCs must be connected to the D-SRV1.
The RCs use the LS series appliances. For specifications for the LS series appliance,
see Hardware Specifications on page 77.
Note: Starting with the enVision 4.1 platform, you can deploy an RC on a virtual

infrastructure. For information, see the Virtual Deployment Guide.


A multiple appliance site can have up to 16 RCs including both physical and virtual
appliances. The total events per second (EPS) for all Collectors per site cannot exceed
30,000 EPS.

Setup and Configuration Tasks - Remote Collector Site


You must perform the following tasks to set up and configure a Remote Collector
(RC) site.
Task

Reference

1. Plan the installation. Complete the Configuration Wizard Planning Worksheet planning worksheet.
Remote Collector Site in the Configuration Guide
2. Set up the RSA enVision appliance Set Up a Remote Collector Site on page 40
hardware.
3. Connect to the RC appliance using Connect to the Appliance Using a Keyboard,
a KVM switch.
Monitor, and Mouse in the Configuration Guide
4. Configure the Remote Collector
site.

5: Remote Collector Site

Configure a Remote Collector Site in the


Configuration Guide

39

RSA enVision Hardware Setup and Maintenance Guide

Task

Reference

5. Verify the RC configuration


through the GUI.

Verify the Remote Collector Configuration in the


Configuration Guide

6. Configure the data forwarding


scheduled task on the A-SRV for
the master site of the RC.

Configure the Data Forwarding Task in the


Configuration Guide

7. Test the configuration.

Test the Configuration in the Configuration Guide

Set Up a Remote Collector Site


Important: Before you set up your hardware, review Safety and Regulatory

Statements on page 90.


Before You Begin

Ensure that the D-SRV1 to which the RC connects is configured and is running.
To set up a remote collector site:

1. Plan the installation. Complete the Configuration Wizard Planning Worksheet Remote Collector Site in the chapter Remote Collector Site in the Configuration
Guide.
2. Select a hardware setup location that meets the requirements for the current
installation and for future growth. For information on installing the appliance, see
the manufacturers documentation.
3. Connect the RC appliance to the LAN (through ethernet connector GB1).

40

5: Remote Collector Site

RSA enVision Hardware Setup and Maintenance Guide

4. Connect each of the power cords to a different power circuit for increased
reliability and availability.
5. If you are using external storage, power on the storage appliance. Wait five
minutes.
6. Power on the network switch and RC appliance.
7. Complete the enVision site configuration using the enVision Configuration
Wizard. For complete information, see the chapter Remote Collector Site in the
Configuration Guide.

5: Remote Collector Site

41

RSA enVision Hardware Setup and Maintenance Guide

Adding an Appliance to an Existing Site


This chapter describes how to add an LC, A-SRV, D-SRV, or RC to an existing
RSA enVision multiple appliance site that uses 60 series appliances. The following
topics describe in detail the tasks that you must perform to add an appliance:

Prepare to Add an Appliance

Add an LC, A-SRV, or D-SRV to a Site

Add an RC to a Site

The implementation of the Enhanced Availability feature for the Local Collectors is a
Professional Service package. To add a cluster appliance (CA) to perform the LC role
in a site, contact RSA Professional Services.

Prepare to Add an Appliance


Before you add a new appliance to an existing multiple appliance site, you must
complete the following tasks.
To prepare to add an appliance:

1. Connect a mouse, keyboard, and monitor to each of the new appliances and the
D-SRV1 appliance in a site. You can also use a Dell remote Access Controller
(DRAC) utility, if it is installed. See the Configuration Guide for more
information.
2. On each appliance in the multiple appliance site, install the latest service pack for
your version of the RSA enVision platform.
3. Determine Whether to Update Files on the D-SRV1
4. Update Files on the D-SRV1 if needed.

6: Adding an Appliance to an Existing Site

43

RSA enVision Hardware Setup and Maintenance Guide

Determine Whether to Update Files on the D-SRV1


Depending on the model numbers of the D-SRV1 appliance and the appliance that you
are adding, you may need to download and install a new set of files on D-SRV1 before
adding a new appliance to the site.
To determine if you must update files on the D-SRV1:

1. On the D-SRV1 appliance, open the nie-oe.dat file in the


C:\WINDOWS\system32\drivers\etc directory, and locate the line that begins
with Hardware= to determine the model number of the D-SRV1 appliance.
2. On the appliance that you are adding, open the nie-oe.dat file in the
C:\WINDOWS\system32\drivers\etc directory, and locate the line that begins
with Hardware= to determine the model number of the new appliance.
3. Determine from the following table whether you must update files on the
D-SRV1.
Model Number of
D-SRV1 Appliance

Model Number of New


Appliance

Hardware=60
(SYS-G-RSA400)

Hardware=60
(SYS-G-RSA400)

None

Hardware=60
(SYS-G-RSA400)

Hardware=RSA5xx
(SYS-G-RSA500)

Update the files on D-SRV1

Hardware=RSA5xx
(SYS-G-RSA500)

Hardware=RSA5xx
(SYS-G-RSA500)

None

Action Needed

Update Files on the D-SRV1


If you determined that you must update files on the D-SRV1 appliance, use this
procedure to download and install the required files.
To update the files on the D-SRV1:

1. To download the files, follow these steps:


a. Go to https://knowledge.rsasecurity.com/, and log on to RSA SecurCare
Online.
b. Click Products > RSA enVision.
c. On the Version Upgrade tab, enter your RSA enVision maintenance serial
number, and click Submit.
d. Select the version of enVision that you are running, and click Submit.
e. Click Download Software > RSA enVision Version Upgrades.
f.

Click the version of enVision that you are running.

g. Click Download Manager, and download the file to the D-SRV1 desktop.

44

6: Adding an Appliance to an Existing Site

RSA enVision Hardware Setup and Maintenance Guide

2. Extract the following file to the specified location on the D-SRV1.


RSA
enVision
Version

Files to Extract

Directory to Which to
Extract Files

4.1 SP1

RSA_enVisionAPP4101b<buildnumber>.exe

E:\nic\installables

Add an LC, A-SRV, or D-SRV to a Site


To add an LC, A-SRV, or D-SRV:

1. Install the new appliance in the rack.


2. Connect the new appliance to the LAN (through Ethernet connector GB1) and the
switch (through Ethernet connector GB2).
Note: Ignore any warning messages that you receive about IP conflicts when

you are making the physical connections to the LAN.


The following figure shows the connections for a model SYS-G-RSA400.

6: Adding an Appliance to an Existing Site

45

RSA enVision Hardware Setup and Maintenance Guide

The following figure shows the connections for a model SYS-G-RSA500.

3. Connect each of the power cords to a different power circuit for increased
reliability and availability.
4. Power on the new appliance.
5. To reimage and type the new appliance, follow the instructions in Factory
Reimaging and Typing on page 73. When you are typing the appliance, use the
following parameters:
Note: You must change the passwords on the new appliance to match the

passwords on the existing appliances in the site.

Select LS for the license type.

If you are typing an LC, select LC1, LC2, or LC3 for the appliance type
(select the next LC in the site in the sequence of LC1, LC2, and LC3).

If you are typing an A-SRV, select AS1, AS2, or AS3 for the appliance type
(select the next A-SRV in the site in the sequence of AS1, AS2, and AS3).

If you are typing a D-SRV, select DS2, DS3, or DS4 for the appliance type
(select the next D-SRV in the site in the sequence of DS2, DS3, and DS4).

6. On the D-SRV1, configure the new appliance as follows:


a. To start the RSA enVision Configuration Wizard, double-click the
lsconfigurationwizard.exe file in the C:\Windows\installations directory.
b. When prompted, enter the master password.
c. Follow the on-screen instructions to complete the configuration.
d. When the wizard displays the Review Page window, verify that the
information is correct, and click Finish.
If the information is not correct, click Cancel.
e. Wait until the wizard successfully completes the configuration and
automatically restarts the new appliance.

46

6: Adding an Appliance to an Existing Site

RSA enVision Hardware Setup and Maintenance Guide

7. Apply the appropriate label to the front and back of the new appliance to identify
it.
Note: RSA recommends that you install the latest RSA enVision service pack on the

new appliances that you have added.

Add an RC to a Site
To add an RC:

1. Install the new appliance in the rack.


2. Connect the RC appliance to the LAN (through Ethernet connector GB1).
The following figure shows the connections for a model SYS-G-RSA400.

The following figure shows the connections for a model SYS-G-RSA500.

6: Adding an Appliance to an Existing Site

47

RSA enVision Hardware Setup and Maintenance Guide

3. Connect each of the power cords to a different power circuit for increased
reliability and availability.
4. Power on the new appliance.
5. To reimage and type the new appliance, follow the instructions in Factory
Reimaging and Typing on page 73. When you are typing the appliance, use the
following parameters:

Select LS for the license type.

Select RC1 for the appliance type.

6. On the RC, configure the appliance as follows:


a. To start the enVision Configuration Wizard, double-click the
lsconfigurationwizard.exe file in the C:\Windows\installations directory.
b. Follow the on-screen instructions. Configure the RC to connect to the
D-SRV1.
c. When the wizard displays the Review Page window, verify that the
information is correct, and click Finish.
If the information is not correct, click Cancel.
d. Wait until the wizard successfully completes the configuration. The wizard
automatically restarts the new appliance.
7. Apply the appropriate label to the front and back of the new appliance to identify
it.
Note: RSA recommends that you install the latest RSA enVision service pack on the

new RC that you have added.

48

6: Adding an Appliance to an Existing Site

RSA enVision Hardware Setup and Maintenance Guide

NAS Configuration
The storage options available for an RSA enVision site depend on the type of setup.
RSA enVision multiple appliance sites (using LS series appliances) and high-end
single appliance sites (ES 3060, ES 5060, and ES 7560) require external storage. The
following topics explain in detail the external storage options available:

Supported NAS Storage for RSA enVision

Storage Specifications

NAS Configuration Values for VNX

NAS Configuration Values for Celerra

Important: The ENV-NAS and the RSA NAS series storage arrays are preconfigured

and ready to use with the enVision platform. If you are using a third-party NAS, use
the information in the topics listed above to configure the NAS for use with the
enVision platform.

Supported NAS Storage for RSA enVision


For single appliance sites, RSA recommends using the RSA DAS 2000.
For multiple appliance sites, recommended and supported storage arrays are listed
below:
Name

Description

ENV-NAS53-1

Based on EMC VNX 5300. This has 15 disks.

ENV-NAS53-2

Based on EMC VNX 5300. This has 30 disks.

RSA NAS 3500

Based on the EMC Celerra NS-120.

RSA NAS 7000

Based on the EMC Celerra NS-120.

If you use a storage system other than as listed above, the storage system must meet
the specifications defined in Storage Specifications on page 50. RSA preconfigures
the NAS. If you want to make changes to the preconfigured system, or use another
storage system, you must configure the storage system with the same features and
values described in NAS Configuration Values for VNX on page 51 or NAS
Configuration Values for Celerra on page 62.
Note: RSA does not provide support for installing or configuring third-party storage
systems. For information on configuring third-party storage, see the vendor
documentation.

7: NAS Configuration

49

RSA enVision Hardware Setup and Maintenance Guide

You must install and configure the storage system before you install the RSA enVision
appliances and configure the enVision site. For information on configuring the
enVision site, see the Configuration Guide.
The complete VNX documentation is available to EMC Powerlink users at the
Powerlink site.
The complete Celerra NS-120 documentation is available to EMC Powerlink users at
http://powerlink.emc.com/km/appmanager/km/secureDesktop?_nfpb=true&_pa
geLabel=image6b&internalId=0b014066803bc36d&_irrt=true.

Storage Specifications
The NAS must support local user authentication and a standalone CIFS server. The
RSA enVision appliance includes four predefined local user accounts. The enVision
appliance is designed to integrate with a NAS that includes the same four local users.
Note: If you use a third-party storage system with your enVision appliance site, the

storage must meet these specifications.


This minimum specification information for the ENV-NAS53 series is based on the
EMC VNX 5300. The full specification sheet can be found at:
http://www.emc.com/collateral/software/specification-sheet/h8514-vnx-series-ss.
pdf

Component

Specifications

Drives (Min/Max)

4/125

Raw Capacity

6.5 TB when packaged with 15 disks


13 TB when packaged with 30 disks

Disk Processor
Enclosure Content

10K RPM 15 x3.5'' 600 GB drives (when packaged with 15 disks)


10K RPM 30 x3.5'' 600 GB drives (when packaged with 30 disks)
1.6 GHz, four-core Xeon 5600 processor with 8 GB RAM

Data Movers (1
minimum 2
recommended, x + 1
required for
redundancy)

2.13 GHz, four-core Xeon 5600 processor with 6 GB RAM


Four 10/100/1000 Base T Ethernet ports

The minimum required specifications for the NAS 3500 and the NAS 7000 are based
on an EMC NS-120 unified storage platform. For the full specification sheet, go to
www.emc.com/collateral/hardware/specification-sheet/
h5804-celerra-ns120-ss.pdf.

50

7: NAS Configuration

RSA enVision Hardware Setup and Maintenance Guide

The following table lists the specifications for the Celerra NS-120 that must be met by
any third-party storage system.
Component

Specifications

Data Movers (1 minimum,


2 recommended, x + 1
required for redundancy)

Dual 2.8 GHz Intel Xeon CPU


4GB DDR800 (266 MHz) RAM
Four 10/100/1000 BaseT Ethernet ports

Storage Processors
(2 minimum)

Dual 2.8 GHz Intel Xeon CPU


4GB DDR800 (266 MHz) RAM
Four 10/100/1000 BaseT Ethernet ports

Storage (Hard Drives)

10K RPM 450GB Fibre Channel hard drives


The number of drives depends on the number of event
sources from which the enVision platform collects:
Up to 3,072 event sources - 15 hard drives
Up to 6,144 event sources - 30 hard drives
Note: You must use Fibre Channel drives. Other types of

drives are not fast enough.

NAS Configuration Values for VNX


Note: Refer to this section if your RSA enVision setup uses the ENV-NAS53 series.

This section describes, at a high level, the tasks that are involved in configuring the
NAS to work with the enVision platform. For each task, this section provides the
specific values that must be configured. Use the default values for settings that are not
described in this document.
For information on secure deployment of your NAS, see the Security Configuration
Guide.
Note: RSA recommends that you configure the NAS to send logs to the enVision

platform. For information on how to configure the NAS to send logs to the enVision
platform, see RSA enVision Device Configurations on RSA SecurCare Online at
https://knowledge.rsasecurity.com.
Configuration of the VNX involves the following high-level tasks:
1. Creation of Storage Pools
2. Network Interface Configuration
3. Creation of the File Systems
4. Creation of the Standalone CIFS Server
5. Creation of the CIFS Shares

7: NAS Configuration

51

RSA enVision Hardware Setup and Maintenance Guide

6. iSCSI Configuration Settings


7. Enable E-mail Connect Home
8. Proxy Address Resolution Protocol
This section describes the information required to complete each of the above tasks.

Creation of Storage Pools


You must create the following system-defined storage pool:

clarsas_archive. This storage pool is a 4+1 RAID 5 configuration.

For the Disk Type, use CLSAS (Standard CLARiiON disk volumes). System-defined
storage pools are set to extend automatically.

Network Interface Configuration


You must configure an interface to which the copper media can connect. You can
configure the values in the following table through the command line or in the
Unisphere Manager.
Setting

Value

Data Mover

server_2

Device Name

cge-1-0
By default, Copper Gigabit Interface zero (CGE-1-0) is the first
port available. Creating a Fail Safe Network (FSN) using the
Copper Ethernet interface provides a medium through which to
connect to the VNX.

IP Address

10.203.2.101
Configure this IP address for the physical port (CGE-1-0) on the
data mover.

Name

10-203-2-101 (optional)

Subnet Mask (Netmask in 255.255.255.0


the Unisphere Manager)
Broadcast Address

10.203.2.255 (read-only)

Other values

MTU: 1500
VLAN ID: 0

State

Informational Only

Creation of the File Systems


You must create the file systems required by your configuration of the RSA enVision
platform. The D-SRV1 requires vol0, and the first Local Collector (LC1) requires
vol1. A second Local Collector (LC2) would require vol2, and a third Local Collector
would require vol3.

52

7: NAS Configuration

RSA enVision Hardware Setup and Maintenance Guide

Four volumes are used by default. If no LC2 or LC3 is in place, those volumes are not
needed, but you can choose to create these volumes as placeholders. You can create
vol2 and vol3, and give each volume 1 GB or less of space. If you decide to add
additional Local Collectors to your deployment, it is much easier to expand an
existing volume than it is to configure another volume.
Create the file system using either the command line interface or the Unisphere
Manager.
Important: Do not create the file systems with performance tuning options.
Setting

Value

Vol0 Vol3
Data Mover

server_2

Storage Pool

clarsas_archive

Name

vol0, vol1, vol2, or vol3

Slice Volumes

Yes

Ensure that the file systems appear as shown in the following figure, with no
additional options. Performance tuning settings can cause problems with the enVision
platform.

7: NAS Configuration

53

RSA enVision Hardware Setup and Maintenance Guide

Creation of the Standalone CIFS Server


The RSA enVision platform requires a NAS that supports local user authentication
and a standalone CIFS server. The enVision platform contains log data from many
sensitive event sources on your network that must be protected.
RSA recommends the following best practices for creating the CIFS server:
Create a standalone CIFS server. The enVision platform contains log data from
many sensitive event sources on your network, which must be protected.
Give the CIFS server a unique name. The CIFS server is a Windows file server.
Do not bind to all network interfaces. Ensure that you bind the CIFS server to
the 10.203.2.101 interface only. When enVision multiple appliance sites share a
VNX, the enVision platform requires that the share names be the same. If your
sites are sharing a VNX, or if you have only one multiple appliance site but want
to allow for further expansion, do not bind to all. Bind to all is not reversible.
Select only the 10.203.2.101 interface. You can then add a second multiple
appliance site to the existing VNX.
Note: Ensure that the DNS is appropriately configured.

Create the CIFS Server using the settings in the following table.
Setting

Value

CIFS Server
Data Mover

server_2

Interface

10.203.2.101 (cge-1-0)

Server Type

Standalone

Administrator Password

temp
After you complete the initial configuration, you must change
the administrator password to the value that you entered in the
Password Manager page while installing the enVision platform.
For more information, see the following section, Local Users
and Passwords.

Workgroup

WORKGROUP

NetBIOS Name

RSAVNX

Interfaces

10.203.2.101

Note: The CIFS server IP address must be the same as the enVision default switch

schema. If your enVision setup does not use the default 10.203.2.101, the CIFS server
IP address must be changed to match the address specified in the enVision setup.

54

7: NAS Configuration

RSA enVision Hardware Setup and Maintenance Guide

Local Users and Passwords


You must create the following users and passwords on the CIFS server to allow the
RSA enVision platform to access the CIFS shares.

master

NIC_System

NIC_sshd

NIC_sftp

For information on changing NAS passwords, refer to Changing Passwords on


page 91.

Creation of the CIFS Shares


Depending on your RSA enVision platform configuration, you must create the
following CIFS shares. The enVision Configuration Wizard, lsconfigwizard.exe, is
hard-coded to expect these values:

vol0 used by the D-SRV

vol1 used by LC1

vol2 used by LC2 (if part of the deployment)

vol3 used by LC3 (if part of the deployment)

7: NAS Configuration

55

RSA enVision Hardware Setup and Maintenance Guide

Ensure that you select the CIFS server on which to make the share available, and do
not let the system select ALL.
Setting

Value

Vol0

Data Mover

server_2

File System

vol0

CIFS Server

RSAVNX

CIFS Share Name

vol0

Vol1

Data Mover

server_2

File System

vol1

CIFS Server

RSAVNX

CIFS Share Name

vol1

Vol2

56

Data Mover

server_2

File System

vol2

CIFS Server

RSAVNX

CIFS Share Name

vol2

7: NAS Configuration

RSA enVision Hardware Setup and Maintenance Guide

Setting

Value

Vol3
Data Mover

server_2

File System

vol3

CIFS Server

RSAVNX

CIFS Share Name

vol3

iSCSI Configuration Settings


Note: This configuration is optional and required only if your setup uses enhanced

availability.
If your RSA enVision site uses Enhanced Availability (EA), you must configure
iSCSI.
Configure iSCSI with the settings in the following table.
Setting

Value

Creation of RAID Group and LUN assignment


Note: You must use unbound disks for this configuration.

RAID Group Type

1/0

LUN

Size

1 GB

Configuration of SP A and SP B iSCSI IP Addresses


SP A

10.203.2.110

SP B

10.203.2.111

Gateway

10.203.2.11

Subnet Mask

255.255.255.0

Addition of Host Initiators

7: NAS Configuration

57

RSA enVision Hardware Setup and Maintenance Guide

Setting

Value

Host Initiators

iqn.2006-01.nic.niceacluster:CA1.niceacluster.nic
iqn.2006-01.nic.niceacluster:CA2.niceacluster.nic
iqn.2006-01.nic.niceacluster:CA3.niceacluster.nic
iqn.2006-01.nic.niceacluster:CA4.niceacluster.nic
iqn.2006-01.nic.niceacluster:CA5.niceacluster.nic
iqn.2006-01.nic.niceacluster:CA6.niceacluster.nic
iqn.2006-01.nic.niceacluster:CA7.niceacluster.nic
iqn.2006-01.nic.niceacluster:CA8.niceacluster.nic
iqn.2006-01.nic.niceacluster:DS1.niceacluster.nic
iqn.2006-01.nic.niceacluster:DS2.niceacluster.nic

Creation of Storage group and addition of LUN and Host Initiators

Storage Group

StorageGroup_enVision

iSCSI Configuration Verification


Verify that your configuration is correct by comparing the screens to the following
examples.
Compare your iSCSI LUN properties to the properties shown in the following figure.

58

7: NAS Configuration

RSA enVision Hardware Setup and Maintenance Guide

7: NAS Configuration

59

RSA enVision Hardware Setup and Maintenance Guide

Compare your iSCSI storage group properties to the properties shown in the following
figure.

Enable E-mail Connect Home


RSA recommends that you enable the E-mail Connect Home feature on the VNX (or
an equivalent feature for other NAS types). This feature automatically notifies EMC
Customer Support (or another storage provider) if a failure occurs or if a failure is
predicted.
To enable the E-mail Connect Home feature using SMTP or FTP, you must move the
control station to the public network. After you have confirmed that the LAN can
communicate with the control station, you can configure E-mail Connect Home.
Note: You must ensure that the DNS is appropriately configured for the E-mail

Connect Home feature to work.


To enable E-mail Connect Home:

1. Log on as the sysadmin user.


2. Select System.
3. From the task list, under Service Tasks, click on Manage Connect Home
4. Complete the fields with required information.
5. Select a delivery method from the Test Type drop-down box and click Test.

60

7: NAS Configuration

RSA enVision Hardware Setup and Maintenance Guide

Proxy Address Resolution Protocol


RSA recommends that you configure the proxy Address Resolution Protocol (ARP).
The proxy ARP allows EMC to use your network and the VNX control station to
access the VNX storage processors. The proxy ARP provides EMC with the ability to
view the storage configuration, such as RAID groups and the number of LUNs.
Important: The proxy ARP does not allow EMC to access data on the storage array.

EMC uses this feature for upgrading the code level on the back-end storage. For more
information, contact Customer Support.

7: NAS Configuration

61

RSA enVision Hardware Setup and Maintenance Guide

NAS Configuration Values for Celerra


Note: Refer to this section if your RSA enVision setup uses RSA NAS 3500 or

RSA NAS 7000.


This section describes, at a high-level, the tasks that are involved in configuring the
NAS to work with the RSA enVision platform. For each task, this section provides the
specific values that must be configured. Use the default values for settings that are not
described in this document.
For information on secure deployment of your NAS, see the Security Configuration
Guide.
Important: These settings must be implemented by advanced technical users. RSA
does not provide support for installing the NAS. RSA recommends that you engage
EMC to install the NAS storage array.

Configuration of the NAS involves the following high-level tasks:


1. Creation of Storage Pools
2. Network Interface Configuration
3. Creation of the File Systems
4. Creation of the Standalone CIFS Server
5. Creation of the CIFS Shares
6. iSCSI Configuration Settings
7. Enable Celerra Connect Home
8. Proxy Address Resolution Protocol
This section describes the information required to complete each of the above tasks.

Creation of Storage Pools


You must create the following system-defined storage pools:

Performance Pool clar_r5_performance template. This is a 4+1 RAID 5


configuration.

1.1TB Minimum for 15 Fibre Channel drives

2.3TB Minimum for 30 Fibre Channel drives

Economy Pool clar_r5_economy template. This is an 8+1 RAID 5


configuration.

2.9TB Minimum for 15 Fibre Channel drives

5.8TB Minimum for 30 Fibre Channel drives

For the Disk Type, use CLSTD (Standard CLARiiON disk volumes). System-defined
storage pools are set to extend automatically.

62

7: NAS Configuration

RSA enVision Hardware Setup and Maintenance Guide

Network Interface Configuration


You must configure an interface to which the copper media can connect. You can
configure the values in the following table through the command line or in the Celerra
Manager.
Setting

Value

Data Mover

server_2

Device Name

cge0
By default Copper Gigabit Interface zero (CGE0) is the first port
available. Creating a Fail Safe Network (FSN) using the Copper
Ethernet interface provides a medium through which to connect
to the NAS.

IP Address

10.203.2.101
Configure this IP address for the physical port (CGE0) on the
data mover.
The second IP address that the Celerra requires is configured by
default. The Celerra ships with the default Control Station IP
address 10.203.2.100 for connecting to the Celerra Manager UI.

Name

10-203-2-101 (optional)

Subnet Mask (Netmask in 255.255.255.0


the Celerra Manager)
Broadcast Address

10.203.2.255 (read-only)

Other values

MTU: 1500
VLAN ID: 0

State

Informational Only

Creation of the File Systems


You must create the file systems required by your configuration of the RSA enVision
platform. The D-SRV1 requires vol0, and the first Local Collector (LC1) requires
vol1. The second Local Collector (LC2) requires vol2, and a third Local Collector
requires vol3.
Four volumes are used by default. If no LC2 or LC3 is in place, those volumes are not
needed, but you might choose to create these volumes as placeholders. You can create
vol2 and vol3, and give each volume 1 GB or less. If you decide to add additional
Local Collectors to your deployment, it is much easier to expand an existing volume,
than it is to configure another volume.
Vol0 uses the Performance storage pool, and vol1, vol2, and vol3 use the Economy
storage pool.

7: NAS Configuration

63

RSA enVision Hardware Setup and Maintenance Guide

Create the file system using the Celerra command line mode. Use the nas_fs
command to create the file systems, and the server_mountpoint and server_mount
commands to mount them.
Important: Do not create the file systems with performance tuning options.
Setting

Value

Vol0
Data Mover

server_2

Storage Pool

clar_r5_performance

Name

vol0

Size (15 Fibre Channel drives)

1363148 MB

Size (30 Fibre Channel drives)

2936012 MB

Slice Volumes

Yes

Vol1 Vol3

64

Data Mover

server_2

Storage Pool

clar_r5_economy

Name

vol1, vol2, or vol3

Size (15 Fibre Channel drives)

1048576MB

Size (30 Fibre Channel drives)

2202009MB

Slice Volumes

Yes

7: NAS Configuration

RSA enVision Hardware Setup and Maintenance Guide

After you have created all of the file systems that you require, use server_mount
server_2 to list the file systems. Ensure that the file systems appear exactly as shown
in the following figure, with no additional options. Performance tuning settings can
cause problems with the enVision platform.

Creation of the Standalone CIFS Server


The RSA enVision platform requires a NAS that supports local user authentication
and a standalone CIFS server. RSA enVision contains log data from many sensitive
event sources on your network that must be protected.
RSA recommends the following best practices for creating the CIFS server:
Create a standalone CIFS server. The enVision platform contains log data from
many sensitive event sources on your network, which must be protected.
Give the CIFS server a unique name. The CIFS server is a Windows file server.
Do not bind to all network interfaces. When enVision multiple appliance sites
share a NAS, the enVision platform requires that the share names be the same. If
your sites are sharing a NAS, or if you have only one multiple appliance site but
want to allow for further expansion, do not use bind to ALL. Bind to all is not
reversible. Instead, select specific network interfaces for the CIFS server. You can
then add a second multiple appliance site to the existing NAS.
Create the CIFS Server using the settings in the following table.
Setting

Value

Services
Unicode Enabled

7: NAS Configuration

Yes

65

RSA enVision Hardware Setup and Maintenance Guide

Setting

Value

Data Mover DNS

10.203.2.11 (Default back-end IP address of enVision D-SRV)

NTP

10.203.2.11 (Default back-end IP address of enVision D-SRV)

CIFS Services Running

Yes

CIFS Server
Data Mover

server_2

Interface

10.203.2.101 (cge0)

Server Type

Standalone

Administrator Password

temp
After you complete the initial configuration, you must change
the administrator password to the value that you entered in the
Password Manager page while installing the enVision platform.
For more information, see the following section, Local Users
and Passwords.)

Workgroup

WORKGROUP

NetBIOS Name

NICELERRA

Local Users Enabled

Yes

Interfaces

10.203.2.101

Local Users and Passwords


You must create the following users and passwords on the CIFS server to allow the
enVision platform to access the CIFS shares.

master

NIC_System

NIC_sshd

NIC_sftp

For information on changing NAS passwords, see Changing Passwords on page 91.

66

7: NAS Configuration

RSA enVision Hardware Setup and Maintenance Guide

Creation of the CIFS Shares


Depending on your RSA enVision configuration, you must create the following CIFS
shares. The RSA enVision Configuration Wizard, lsconfigwizard.exe, is hard-coded
to expect these values:

vol0 used by the D-SRV

vol1 used by LC1

vol2 used by LC2 (if part of the deployment)

vol3 used by LC3 (if part of the deployment)

Ensure that you select the CIFS server on which to make the share available, and do
not let the system select ALL.
Setting

Value

Vol0

Data Mover

server_2

File System

vol0

CIFS Server

NICELERRA

CIFS Share Name

vol0

Vol1

Data Mover

server_2

File System

vol1

CIFS Server

NICELERRA

CIFS Share Name

vol1

Vol2

Data Mover

server_2

File System

vol2

CIFS Server

NICELERRA

CIFS Share Name

vol2

7: NAS Configuration

67

RSA enVision Hardware Setup and Maintenance Guide

Setting

Value

Vol3
Data Mover

server_2

File System

vol3

CIFS Server

NICELERRA

CIFS Share Name

vol3

iSCSI Configuration Settings


If your RSA enVision site uses Enhanced Availability (EA), you must configure
iSCSI.
Configure iSCSI with the settings in the following table.
Setting

Value

LUN
Data Mover

server_2

Target Alias Name

quorum

Auto Generate Alias Name

Yes

Interface

10.203.2.101 (cge0)

iSCSI File System

Storage Pool

clar_r5_economy

Name

iscsi_quorum_fs

Size

1024MB

LUN Info

68

LUN

Size

1007 MB

7: NAS Configuration

RSA enVision Hardware Setup and Maintenance Guide

Setting

Value

Grant List for LUN


Access (Set Enable
Multiple Access)

iqn.2006-01.nic.niceacluster:CA1.niceacluster.nic
iqn.2006-01.nic.niceacluster:CA2.niceacluster.nic
iqn.2006-01.nic.niceacluster:CA3.niceacluster.nic
iqn.2006-01.nic.niceacluster:CA4.niceacluster.nic
iqn.2006-01.nic.niceacluster:CA5.niceacluster.nic
iqn.2006-01.nic.niceacluster:CA6.niceacluster.nic
iqn.2006-01.nic.niceacluster:CA7.niceacluster.nic
iqn.2006-01.nic.niceacluster:CA8.niceacluster.nic
iqn.2006-01.nic.niceacluster:DS1.niceacluster.nic
iqn.2006-01.nic.niceacluster:DS2.niceacluster.nic

iSCSI Configuration Verification


Verify that your configuration is correct by comparing your Windows to the examples
that follow.
Compare your iSCSI LUN properties to the properties shown in the following figure.

7: NAS Configuration

69

RSA enVision Hardware Setup and Maintenance Guide

Compare your iSCSI target properties to the properties shown in the following figure.

Compare your iSCSI LUN Mask to the properties shown in the following figure.

70

7: NAS Configuration

RSA enVision Hardware Setup and Maintenance Guide

Enable Celerra Connect Home


RSA recommends that you enable the Celerra Connect Home feature on the NAS (or
an equivalent feature for other NAS types). This feature automatically notifies EMC
Customer Support (or another storage provider) if a failure occurs or if a failure is
predicted.
By default, the NAS system has the non-routable control station IP address of
10.203.2.100. To enable the Connect Home feature using SMTP or FTP, you must
move the control station to the public network. After you have confirmed that the
LAN can communicate with the control station, you can configure Connect Home.
To enable Celerra Connect Home:

1. Log on as Root.
2. Click Celerras > Celerras Name > Support.
3. On the Connect Home tab, complete the fields.
4. Click Test to test the feature.

Proxy Address Resolution Protocol


RSA recommends that you configure the proxy Address Resolution Protocol (ARP).
The proxy ARP allows EMC to use your network and the NAS control station to
access the Celerra storage processors. The proxy ARP provides EMC with the ability
to view the storage configuration, such as RAID groups and the number of LUNs.
Important: The proxy ARP does not allow EMC to access data on the storage array.
EMC uses this feature for upgrading the code level on the back-end storage. For more
information, contact Customer Support.

7: NAS Configuration

71

RSA enVision Hardware Setup and Maintenance Guide

Factory Reimaging and Typing


RSA enVision appliances are shipped ready to use. If you want to restore an appliance
to factory default values, you must reimage the appliance. Reimaging an appliance
erases any prior data that may exist in the hardware drive array of the appliance.
Before performing this procedure, contact RSA Customer Support.

Factory Reimaging and Typing an Appliance


You can reimage the appliance by using the DVD that was shipped to you along with
the appliance. If the DVD is not compatible with your hardware, contact RSA
Customer Support to obtain the correct version.
CAUTION: Reimaging your appliance restores the factory defaults. You will lose any

existing data.

To reimage and type an appliance, you must complete the following tasks:
1. Disable Virtual Drives.
2. Reimage the Appliances.
3. Factory Type the Appliances.

Disable Virtual Drives


Before You Begin

Complete these tasks:

Set up either a keyboard, video, and mouse (KVM) or Dell Remote Access
Controller (DRAC) utility to connect to the appliances. See either Connect to the
Appliance Using a Keyboard, Monitor, and Mouse or Dell Remote Access
Controller Utility in the Configuration Guide.

Ensure that you have physical access to the appliance to use the DVD drive.

To disable a virtual drive:

1. Restart the RSA enVision appliance.


2. During the initial boot phase, press CTRL+E to access the Remote Access
Configuration utility.
3. When prompted for a password, type rsabios, and press ENTER.
4. Use the up and down cursor keys to select Virtual Media Configuration, and
press ENTER.
5. Use the left and right cursor keys to set Virtual Media to Detached.

8: Factory Reimaging and Typing

73

RSA enVision Hardware Setup and Maintenance Guide

6. Use the left and right cursor keys to set Virtual Flash to Disabled.
7. Press ESC twice, and select Save Changes and Exit.
Repeat this procedure for each appliance in the multiple appliance site.

Reimage the Appliances


For multiple appliance sites, reimage the appliances in the following order:
1. LC3
2. LC2
3. LC1
4. A-SRV3
5. A-SRV2
6. A-SRV1
7. D-SRV4
8. D-SRV3
9. D-SRV2
10. D-SRV1
The reimaging process takes fifteen to ninety minutes.
Before You Begin

Remove any USB drives from the appliance.


To reimage each appliance:

1. Insert the Factory Reimaging DVD in the DVD drive.


2. Press ALT+CTRL+DEL, and click Shutdown > Restart to restart the appliance.
At the end of POST boot, the appliance automatically ejects the DVD.
3. Close the DVD tray to complete the reimaging.
The system pauses for sixty seconds and resumes the reimaging process.
At the end of the reimaging process, the appliance automatically ejects the DVD,
and the appliance restarts.
Repeat this procedure for each appliance in the site.

Factory Type the Appliances


To factory type an appliance:

1. Double-click C:\Windows\installations\lsconfigwizard.exe to start the Factory


Typing wizard.
2. From the list of license types, select the appropriate one of the following types:

74

ES

8: Factory Reimaging and Typing

RSA enVision Hardware Setup and Maintenance Guide

ES with Storage

LS

3. Click Next.
4. Click Finish.
5. Click Restart.
6. For an LS appliance, select the appropriate one of the following types from the list
of appliance types:

AS1, AS2, or AS3 (A-SRVs)

DS1, DS2, DS3, or DS4 (D-SRVs)

RC1

LC1, LC2, or LC3

Note: Select Switched Network if it is not selected by default.

7. Click Next.
8. Click Finish.
9. Click Restart.

8: Factory Reimaging and Typing

75

RSA enVision Hardware Setup and Maintenance Guide

Hardware Specifications
An RSA enVision setup may include one or more appliances, depending on the type of
setup and the type of storage used. The following topics list in detail the appliance and
storage specifications:

Hardware Location Requirements

ES Appliance Specifications

LS Appliance Specifications

Appliance Specifications

ES Storage Array Specifications

LS Storage Array Specifications

Appliance Rack Specifications

Safety and Regulatory Statements

Hardware Location Requirements


Select a hardware setup location that meets the requirements for the current
installation and for future hardware expansion. The following list summarizes the
location requirements:

Proper temperature control: 10 to 35 C (50 to 95 F) with a maximum


temperature gradation of 10C per hour.

Proper humidity control: 20% to 80% (noncondensing) with a maximum humidity


gradation of 10% per hour.

Adequate floor loading capacity. This depends on the rack and the number of
hardware items in it.

Appropriate AC outlets and adequate electrical supply.

Adequate ethernet hubs or individual jacks (10/100/1000 Base-T cables cannot be


longer than 100 meters).

Enough clearance in the front and the back of the rack to allow for sufficient
airflow and to enable you to access appliance components.

Important: Installation or operation of appliances stacked on a desktop table is not

supported.

A: Hardware Specifications

77

RSA enVision Hardware Setup and Maintenance Guide

ES Appliance Specifications
The following table describes the specifications of the models of the ES appliance.
560-ES

1060-ES

1260-ES

2560-ES

3060-ES

5060-ES

7560-ES

Sustained
Performance Per
Appliance (Events
Per Second)

Up to
500 EPS

Up to
Up to
Up to
Up to
Up to
Up to
1,000 EPS 1,200 EPS 2,500 EPS 3,000 EPS 5,000 EPS 7,500 EPS

Recommended
Maximum Event
Sources per
Appliance

Up to 100 Up to 200 Up to 600 Up to 400 Up to


1,500

Up to 750 Up to
1,250

Up to 6
Simultaneous
RSA enVision Users

Up to 8

Up to 9

Up to 10

Up to 11

Up to 12

Up to 14

Internal
300 GB

Internal
300 GB

Internal
300 GB

Internal
300 GB

External
2.5 TB

External
2.5 TB

External
2.5 TB

Base Storage1

Data Protection

Hardware-accelerated RAID 1 controller with


auto-rebuild and battery-backed 256-MB
on-controller cache

Hardware-accelerated RAID 5
controller with auto-rebuild, and
battery-backed 256-MB
on-controller cache

Appliance Power
Options

Redundant, load-sharing 570-watt power supplies; 120/240 volt auto-switching

Operating
Environment

Security-hardened, embedded operating system featuring real-time data encryption to


protect sensitive event data

Application
Software

RSA enVision with two-phase Real-Time Data Compression (RTDC)

Regulatory
Approvals

http://www.dell.com/downloads/global/corporate/environ/comply/pedge_r710.pdf

1Base storage of 300 GB is raw

storage. Data storage for events is 220 GB, once you take out formatting, OS partition, and temporary nugget
partition. External storage is either the DAS 2000, RSA NAS series or ENV-NAS series.

78

A: Hardware Specifications

RSA enVision Hardware Setup and Maintenance Guide

LS Appliance Specifications
The four models of collection (LC and RC) appliances are: LS-R601, LS-R602,
LS-L605, and LS-L610. The model of application appliance (A-SRV) is LS-A60. The
model of database appliance (D-SRV) is LS-D60.

Description

Sustained
Performance Per
Appliance (Events
Per Second)

R601

R602

L605

L610

A60

D60

Remote
Collector
1,000 EPS

Remote
Collector
2,000 EPS

Local
Collector
5,000 EPS

Local
Collector
10,000 EPS

Application
Server

Database
Server

Up to
1,000 EPS

Up to
2,000 EPS

Up to
5,000 EPS

Up to
10,000 EPS

NA

Up to
30,000 EPS
from
Collectors

512

1,024

1,500

2,048

NA

3,072
(NAS 3500)
or 6,144
(NAS 7000)
from
Collectors

NA

NA

NA

Up to 16

NA

Maximum Event
Sources Possible

NA
Simultaneous
RSA enVision Users
Operating
Environment

Security-hardened, embedded operating system featuring real-time data encryption


to protect sensitive event data

Base Storage

3500 GB (requires the ENV-NAS53 series or the RSA NAS series for external
storage). The D60 supports a maximum of 3,072 or 6,144 (depending on the NAS
used) event sources. An additional NAS increases the storage space. It does not
increase the supported event sources.

Data Protection

Hardware-accelerated RAID 5 controller with auto-rebuild and battery-backed


256-MB cache

Application
Software

RSA enVision platform with two-phase Real-Time Data Compression (RTDC)

Regulatory
Approvals

http://www.dell.com/downloads/global/corporate/environ/comply/pedge_r710.pdf

A: Hardware Specifications

79

RSA enVision Hardware Setup and Maintenance Guide

Appliance Specifications
The following table describes several aspects for the ES and LS Series appliances.
Category

Description

Form Factor

2U Rack mount

Operating System

Windows 2008 Server R2 SP1 Enterprise 64-bit

Processor

Two Quad Core Intel Xeon E5504, 4 MB Cache, 2.00 GHz,


1333 MHz FSB

Memory

Four 2-GB (total 8 GB) Dual Ranked 1066 MHz

Hard Disks

Two RAID 1 SAS 300 GB (3.5-inch SAS 15K Disk Drives). Data
storage for events is 220 GB, once you take out formatting, OS
partition, and temp nugget partition.
LS series A-SRV only: Six RAID 5 SAS 300 GB (3.5-inch SAS
15K Disk Drives). Usable space is 1.29 TB.

RAID

PERC 6i

Optical Drives

CD/DVD ROM (no -R)

Connectors

Front

Two USB
One Video

Back

Network

AC Power Supply

80

One 9-pin serial


Two USB
One video
Four 1000-MB 10 Base-T Copper Ports

Six GBE network ports


Two dual port embedded Broadcom 5709C GBE
One Intel PRO/1000PT dual port
Wattage

2 Redundant 570W (Energy Smart)

Voltage

90264 VAC, auto-ranging, 4763 Hz

Maximum inrush
current

Under typical line conditions and over the entire system ambient
operating range, the inrush current may reach 55 A per power
supply for 10 ms or less

Power cables

Two power cables

Heat dispersion

1944.9 Btu per hour

A: Hardware Specifications

RSA enVision Hardware Setup and Maintenance Guide

Category
Batteries

Dimensions

Temperature

Relative Humidity

Description
System battery

CR 2032 3.0-V lithium-ion coin cell

RAID battery

4.1-V lithium-ion

Height

8.64 cm (3.40 inch)

Width

44.31 cm (17.44 inch)

Depth

68.07 cm (26.80 inch)

Gross weight

26.1 kg (57.54 lb)

Operating

10 to 35 C (50 to 95 F) with a maximum temperature


gradation of 10 C per hour

Storage

-40 to 65 C (-40 to 149 F) with a maximum temperature


gradation of 20 C per hour

Operating

20% to 80% (noncondensing) with a maximum humidity


gradation of 10% per hour

Storage

5% to 95% (noncondensing) with a maximum humidity gradation


of 10% per hour

Maximum Vibration Operating

Maximum Shock

Altitude

0.26 Grms at 5350 Hz in all operational orientations

Storage

1.54 Grms at 10250 Hz in all operational orientations

Operating

Half-sine shock in all operational orientations of 31 G 5% with


a pulse duration of 2.6 ms 10%

Storage

Half-sine shock on all six sides of 71 G 5% with a pulse


duration of 2 ms 10%

Operating

-16 to 3048 m (-50 to 10,000 ft)


Note: For altitudes above 900 m (2,950 feet), the maximum

operating temperature is derated 1 F per 152 m (550 feet)


Storage

A: Hardware Specifications

-16 to 10,600 m (-50 to 35,000 ft)

81

RSA enVision Hardware Setup and Maintenance Guide

ES Storage Array Specifications


The ES single appliance site with external storage uses the EMC CLARiiON storage
array for the RSA DAS 2000. For complete information on the storage array, see the
EMC CLARiiON documentation. The following table contains specification
information.
Category

Description

Storage Connection

iSCSI

Dimensions

Operating
Environment

Power

82

Height

8.689 cm (3.5 inch)

Width

44.45 cm (17.5 inch)

Depth

50.8 cm (20 inch)

Gross weight

25.86 kg (57 lb)

Temperature

10 to 40 C (50 to 104 F)

Temperature gradient

10 C (18 F)

Relative humidity

20% to 80% noncondensing

Altitude

2,438.4 m (8,000 feet) at 40 C (104 F) maximum


3,048 m (10,000 feet) at 37 C (98.6 F) maximum

Power supplies per array

Frequency

4763 Hz

AC voltage

100240 Vrms, single phase

Power factor

0.98 (typical)

Power consumption

450 W (maximum)

Heat dissipation

1,535 Btu per hour (maximum)

Protection

12 A, internally fused (each supply)

AC circuits

Redundant, external AC circuits

Inlet type

Dual inlet, rack-mount: IE320-C14 appliance coupler

A: Hardware Specifications

RSA enVision Hardware Setup and Maintenance Guide

LS Storage Array Specifications


The LS multiple appliance site uses the EMC VNX as the ENV-NAS53-1 or
ENV-NAS53-2 storage array. For complete information on the storage array, see the
EMC VNX documentation. The following table contains specification information.

Category

Description

Storage Connection

Network Attached Storage

Dimensions - each
DPE or SPE

Operating
Environment

Height

5.25 in or 13.34 cm

Width

17.5 in or 44.45 cm

Depth

24.25 in or 61.6 cm

Weight (lb/kg)

Full: 96.8/44/0

(with and without drives)

Empty: 61.8/28.1

Ambient temperature

10 to 40 C (50 to 104 F)

Temperature gradient

10 C (18 F) per hour

Relative humidity

20% to 80% noncondensing

Altitude

2,286 m (7,500 ft) at 40 C (104 F) maximum

3,048 m (10,000 ft) at 37 C (98.6 F) maximum

A: Hardware Specifications

83

RSA enVision Hardware Setup and Maintenance Guide

Category
AC Power and
Dissipation

84

Description
AC line voltage

100240 VAC 10%, single phase

Frequency

4763 Hz, full auto-ranging

AC line current

4.8 A maximum at 100 V (configured with 15 disks)


2.4 A maximum at 200 V (configured with 15 disks)

Power consumption

480 VA (455 W) maximum (configured with 15 disks)

Startup surge current

29 A rms max for 50 ms, at any line voltage

Power factor

0.98 minimum at full load, low voltage

Heat dissipation

1.64 x 106 J per hour (1,560 Btu per hour) estimate


configured with 15 disks

In-rush current

15 A max for line cycle per line cord at 240 VAC


8 A max for line cycle per line cord at 120 VAC

AC protection

12.5 A fuse one each power supply, both phases

AC inlet type

IEC320-C14 appliance coupler, per power zone

Ride-through

30 ms minimum at full load

Current sharing

15% of full load between power supplies

A: Hardware Specifications

RSA enVision Hardware Setup and Maintenance Guide

The LS multiple appliance site uses the EMC Celerra as the RSA NAS 3500 or
NAS 7000 storage array. For complete information on the storage array, see the
EMC Celerra documentation. The following table contains specification information.
Category

Description

Storage Connection

Network Attached Storage

Dimensions

Operating
Environment

AC Power and
Dissipation

Height

35.56 cm (14 inch)

Width

48.06 cm (18.92 inch)

Depth

80.21 cm (31.58 inch)

Gross weight

112.22 kg (247.4 lb)

Ambient temperature

10 to 40 C (50 to 104 F)

Temperature gradient

10 C (18 F) per hour

Relative humidity

20% to 80% noncondensing

Altitude

2,286 m (7,500 ft) at 40 C (104 F) maximum

3,048 m (10,000 ft) at 37 C (98.6 F) maximum

AC line voltage

100240 VAC 10%, single phase

Frequency

4763 Hz, full auto-ranging

AC line current

11.2 A maximum at 100 V (configured with 15 disks)


5.6 A maximum at 200 V (configured with 15 disks)

Power consumption

1,115 VA (970 W) maximum (configured with 15 disks)

Startup surge current

59 A peak (configured with 15 disks) at any line voltage

Power factor

0.98 minimum at full load, 100 VAC

Heat dissipation

3,490 KJ per hour (3,400 Btu per hour) estimate


configured with 15 disks

In-rush current

138 A peak estimate for line cycle per power supply


at 240 VAC
69 A peak estimate for line cycle per power supply
at 120 VAC

AC protection

10-A internal fuse (non-serviceable)

AC inlet type

IEC320-C14 appliance coupler

Ride-through

30 ms minimum at full load

Current sharing

60% maximum, 40% minimum between power supplies

A: Hardware Specifications

85

RSA enVision Hardware Setup and Maintenance Guide

Rack Specifications for ENV-NAS53-1 and ENV-NAS53-2


The ENV-NAS53-1 and ENV-NAS53-2 are shipped in a rack provided by EMC. The
following table contains the environmental details of the rack.
Category
Dimensions

Operating
Environment

Description
Height

91.90 m (75 in.)

Width

0.60 m (24 in.)

Depth

1.12 m (44 in.)

Gross weight possible

1,182 kg (2600 lb) floor support

Site temperature

+15C to +32C (59F to 89.6F)


(A fully configured cabinet may produce up to 36,400
BTUs per hour.)

Temperature gradient

AC Power

Relative humidity

40% to 55%

Altitude

0 to 2,439 m (0 to 8,000 feet) above sea level

Operating Voltage/Frequency 200240 VAC


5060 Hz
Power Cord Connector

86

Each AC circuit requires a maximum of 4,800 VA of


single phase, 200-240 VAC input power.

A: Hardware Specifications

RSA enVision Hardware Setup and Maintenance Guide

Rack Specifications for RSA NAS 3500 and RSA NAS 7000
The NAS 3500 and NAS 7000 are shipped in a rack provided by EMC. The following
table contains the environmental details of the rack.
Category
Dimensions

Operating
Environment

Description
Height

91.90 m (75 in.)

Width

0.60 m (24 in.)

Depth

0.91 m (36 in.)

Gross weight

728 kg (1,600 lb) floor support

Site temperature

+15C to +32C (59F to 89.6F)


(A fully configured cabinet may produce up to 16,400
BTUs per hour.)

Temperature gradient

AC Power

Relative humidity

30% to 80%

Altitude

0 to 2,439 m (0 to 8,000 feet) above sea level

Operating Voltage/Frequency 200240 VAC


5060 Hz
Power Cord Connector

A: Hardware Specifications

Each AC circuit requires a maximum of 4,800 VA single


phase, 244-240 VAC input power.

87

RSA enVision Hardware Setup and Maintenance Guide

LS Network Switch Specifications


The multiple appliance site uses a network switch. For complete information on the
network switch, see the vendor documentation.
The RSA enVision platform requires a dedicated switch with all ports set to 1 Gbps. If
the connection cannot automatically negotiate the connection speed, it will decrease to
100 MB full duplex. The ports must always be set to auto-negotiate and full duplex.
Each of the power supplies in the dual fixed array is able to handle the full system load
in the event that the other fails. The power supplies cannot be removed, but normal
operations can continue until you obtain a replacement switch. To take full advantage
of powerline redundancy, plug the switch into more than one power circuit.
The following table contains the requirements for the network switch.
Category
Dimensions

Operating
Environment

Power
Characteristics

88

Specification
Height

4.369 cm (1.72 inch)

Width

44.054 cm (17.344 inch)

Depth

25.4 cm (10.0 inch)

Gross weight

3.79 kg (8.35 lb)

Operating temperature

0 to 50 C (32 to 122 F)

Storage temperature

-25 to 70 C (-13 to 158 F)

Operating humidity

5% to 80% noncondensing

Storage humidity

5% to 95% noncondensing

Operating altitude range

Up to 3,048 m (10,000 ft)

Dual-load sharing power supplies operating in 1+1 mode.


Voltage

100240 V AC (10% auto-ranging)

Surge Current Max

1A (Safety Rating)

Measured Current Max 24


ports 10/100/1000T + 4 x
SPSX at full traffic load

0.3621 A rms at 120 v (+ or - 10%)

Frequency

47-63Hz

Measured power
consumption

24.4W (+/- 10%)

Maximum acoustic noise

39 dB

A: Hardware Specifications

RSA enVision Hardware Setup and Maintenance Guide

Appliance Rack Specifications


For complete information on the rack, see the vendor documentation. The following
table contains the requirements for a rack.
Note: To add the LS storage array to your own rack, see the installation guides for

EMC Celerra and the rails at


https://knowledge.rsasecurity.com/scolcms/set.aspx?id=8384.
Category
Dimensions

AC Power

Specification
Height

190.8 cm (75.0 in.)

Width

61.1 cm (24.0 in.)

Depth

91.6 cm (36.0 in.)

Gross weight (empty)

136 kg (300 lb)

Operating Voltage/Frequency 200240 VAC


5060 Hz
Power Cord Connector

Service Type

Two 30-amp services, single phase

International connector

IEC-309-332P6

A: Hardware Specifications

89

RSA enVision Hardware Setup and Maintenance Guide

Safety and Regulatory Statements


Caution

90

Do not attempt to connect an Ethernet cable, regular or cross-over, between the


EMC Celerra and the RSA enVision appliance. Connect the EMC Celerra through
a Gigabit Ethernet switch, the same as any other networked device.

When installing disk shelves and a storage system into a movable cabinet or rack,
install from the bottom up for the best stability.

Power supplies can contain over 240 volts. If mishandled, this high voltage can
cause serious injury or death. Do not touch or handle a power cable or power
supply unless you have been trained and prepared to perform this task. Always
remove the power cord before attempting to remove or work on a Power Unit.

Electronic components are sensitive to damage from Electrostatic Discharge


(ESD). Observe appropriate precautions at all times when handling the RSA
enVision appliance and EMC Celerra or its subcomponents.

To reduce the risk of personal injury or equipment damage, allow internal


components time to cool before touching them and ensure that the equipment is
properly supported or braced when installing options.

This equipment is designed for connection to a grounded outlet. The grounding


type plug is an important safety feature. To avoid the risk of electrical shock or
damage to the equipment, do not disable this feature.

This equipment has one or more replaceable batteries. There is danger of


explosion if the battery is incorrectly replaced. During the hardware warranty
period, the batteries can only be replaced by RSA. Dispose of used batteries
according to the manufacturers instructions.

If your storage system or disk shelf has more than one power supply cord,
disconnect all power supply cords before servicing to reduce the risk of electrical
shock.

A: Hardware Specifications

RSA enVision Hardware Setup and Maintenance Guide

Changing Passwords
When you set up an RSA enVision site, you must create and enter certain user
passwords. The topics listed below describe how to change the passwords on the RSA
enVision appliances and the NAS in a multiple appliance site. The procedures
described in this document are limited to those components that interact directly with
enVision appliances and the NAS.
Note: The NAS password information in this section is applicable to Celerra, VNX

and any third-party storage that may be used in your enVision setup.
The following topics explain in detail how to change passwords and verify changes
made:

Passwords for the RSA enVision Platform and the NAS

Change Passwords on the NAS

Change Passwords on the enVision Appliance Using the Password Manager


Utility

Verify Remote Collector Connectivity

Change the DRAC (root) Password

Verify Read/Write Permissions After Changing Passwords

Additional Passwords

Troubleshooting

Passwords for the RSA enVision Platform and the NAS


The RSA enVision appliance and the NAS have four key users:

master

NIC_System

NIC_SSHD

NIC_SFTP

Important: You must configure the NAS with the same password values that you

specified in the Password Manager page while configuring the enVision platform.
New passwords must meet the following criteria:

Not contain more than two consecutive characters of the user account name or
parts of the users full name

Be at least 10 characters in length

B: Changing Passwords

91

RSA enVision Hardware Setup and Maintenance Guide

Contain at least one upper case letter

Contain at least one lower case letter

Contain at least one number

Contain at least one special character

Important: Use the same passwords on the NAS and the enVision appliances. If you
change the passwords on the enVision appliances so that they do not match the
passwords on the NAS, your connection to the NAS stops working.

For information on other passwords that you can change, see Additional Passwords
on page 98.

Change Passwords on the NAS


This section describes how to change the passwords on your NAS. Change the
passwords on the NAS before changing the passwords on the RSA enVision
appliance.
Important: The passwords for the enVision user accounts on the NAS must be the
same as the passwords on the enVision appliance. If you have set a minimum age for
NAS password expiration, ensure that the NAS passwords meet the password policy
criteria specified for the enVision user accounts. If you change the default NAS
password policy ensure that the NAS passwords meet the password policy criteria
specified for the enVision user accounts in the Password Manager page.
Note: While changing the NAS passwords, you will be prompted for the older

passwords. Ensure that you have the older passwords for the user accounts master,
NIC_SFTP, NIC_SSHD, and NIC_System.
To change the local user passwords:

1. Log on to D-SRV1.
2. Press CTRL+ALT+DEL.
3. Click Change Password in the Windows dialog box.
4. Complete the fields in the Change Password dialog box as follows.

92

Field

Value

Username

The name of the user whose password you


want to change, for example, master

Log on to

The CIFS Server IP address, for example,


10.203.2.101

Old Password

The old password

B: Changing Passwords

RSA enVision Hardware Setup and Maintenance Guide

Field

Value

New Password

The new password

Confirm New Password

The new password

5. Click OK.
6. When prompted that you have successfully changed the password, click OK.
7. Click Cancel to exit the Windows Security dialog box.
8. Repeat step 2 through step 7 for each of the default user passwords (master,
NIC_System, NIC_sshd, and NIC_sftp).
9. To verify that the new passwords have been accepted by the NAS, follow these
steps:
a. On D-SRV1, click Start > Run.
b. In the Run field, type \\IP address for the NAS on the SWITCH network\,
for example, \\10.203.2.101\.
c. Click OK.
The Authentication dialog box opens and forces you to enter the new
password. This dialog box verifies that pass-through authentication did not
work and that the new passwords were accepted.
d. Enter the new master password to log on to the NAS. This verifies that the
master password works.
Similarly, you can log on using the other default users to ensure that the
passwords work.

Change Passwords on the enVision Appliance Using the Password


Manager Utility
Note: You must install the mandatory hot fix (see ENV-41180) before you run this

script.
You must use the Password Manager Utility in the RSA enVision appliance to change
the password for the enVision appliance.
Important: To change the passwords in a multiple appliance site, you must run the
Password Manager Utility on each of the appliances. If you change the passwords on
any one of the appliances in a multiple appliance site or a multiple site domain, you
must change the passwords of all the other appliances and the NAS in the site to the
same value.
Note: You must not change the passwords manually on the enVision appliance.

B: Changing Passwords

93

RSA enVision Hardware Setup and Maintenance Guide

You can change the following passwords using the Password Manager Utility:
1. master
2. NIC_System
3. NIC_SSHD
4. NIC_SFTP
5. DBA
To change passwords using the Password Manager Utility:
CAUTION: Do not stop or terminate the script when it is running. This may result in

the system behaving in an inconsistent manner.

1. In the appliance, open a new command shell, and change directories to


E:\nic\4100\node-name\password\update scripts.
2. Run the Password Manager Utility. Type:
cscript ChangePassword.vbs

3. When prompted, enter the master password.


4. When prompted, enter serial number of the password that you want to change
from the list. For example, if you want to change the NIC_System password, enter
2.
5. When prompted, enter the new password value. The new password must meet the
following security criteria:

Should not contain the user account name or parts of the users full name that
exceed two consecutive characters

Be at least ten characters in length

Contains at least one uppercase letter

Contains at least one lowercase letter

Contains at least one number

Contains at least one special character

6. Re-enter the password value when prompted.


7. If you want to change any other password values, enter Y, otherwise enter N to
exit the Password Manager Utility.

94

B: Changing Passwords

RSA enVision Hardware Setup and Maintenance Guide

Verify Remote Collector Connectivity


This section describes how to verify that the Remote Collector (RC) can transfer event
data. This confirms that the NIC_sshd password was reset correctly.
To verify RC connectivity:

1. Log on to the RC.


2. Press CTRL+ALT+DELETE to open the Task Manager.
3. On the Processes tab, confirm that the NIC_Forwarder service,
pi_ls_forwarder.exe, is not running.
4. Open a new command shell, and change directories to %_Envision%\bin.
5. To test a data transfer, type:
pi_ls_fowarder.exe v

Check that the forwarder process is running successfully on the command line
utility.

Change the DRAC (root) Password


To change the DRAC (root) password:

On the appliance, open a command prompt, and type:


racadm config -g cfgUserAdmin -o cfgUserAdminPassword -i 2
newpassword

where newpassword is the new password.


For more information, go to the Dell support site.

Verify Read/Write Permissions After Changing Passwords


You should verify that the permissions are correct after you change the system
passwords.

Verify Permissions on D-SRVs


To verify permissions on D-SRVs:

1. Restart all D-SRVs. If you have multiple D-SRVs, ensure that you restart D-SRV1
first.
2. Log on to the D-SRV that you are verifying. If the password change has
succeeded, you should not be prompted for authentication. If you are prompted,
this means the password change has failed.

B: Changing Passwords

95

RSA enVision Hardware Setup and Maintenance Guide

3. Click Start > Run, type \\10.203.2.101, and click OK.


A dialog box opens that shows the NAS storage mount points (vol0, vol1, vol2,
vol3).
4. Double-click vol0.
5. To ensure that the D-SRV has the correct privileges to read and write data to the
NAS, in the right pane, right-click the desktop, and select New > Text Document.
6. Delete the newly created text document, and close the window.
7. Repeat step 3 to step 6 for vol1, vol2, and vol3.
8. Log out of the D-SRV.
9. Repeat step 2 to step 8 on each D-SRV in the site.

Verify Permissions on Collectors


To verify permissions on Collectors:

1. Restart all Collectors.


2. Log on to a Collector that you are verifying.
3. Click Start > Run, type \\10.203.2.101, and click OK.
A dialog box opens that shows the NAS storage mount points (vol0, vol1, vol2,
vol3).
4. Double-click vol0.
5. To ensure that the Collector has the correct privileges to read and write data to the
NAS, in the right pane, right-click the desktop, and select New > Text Document.
6. Delete the newly created text document, and close the window.
7. Repeat step 3 to step 6 for vol1, vol2, and vol3.
8. Log out of the Collector.
9. Repeat step 2 to step 8 on each Collector in the site.

Verify Permissions on A-SRVs


To verify permissions on A-SRVs:

1. Restart all A-SRVs.


2. Log on to an A-SRV that you are verifying.
3. Click Start > Run, type \\10.203.2.101, and click OK.
A dialog box opens that shows the NAS storage mount points (vol0, vol1, vol2,
vol3).
4. Double-click vol0.
5. To ensure that the A-SRV has the correct privileges to read and write data to the
NAS, in the right pane, right-click the desktop, and select New > Text Document.
6. Delete the newly created text document, and close the window.

96

B: Changing Passwords

RSA enVision Hardware Setup and Maintenance Guide

7. Repeat step 2 to step 6 for vol1, vol2, and vol3.


8. Log out of the A-SRV.
9. Repeat step 2 to step 8 on each A-SRV in the site.

B: Changing Passwords

97

RSA enVision Hardware Setup and Maintenance Guide

Additional Passwords
In addition to recommending that you change the passwords of the four key users for
the enVision appliance and the NAS, RSA recommends that you change other default
passwords to protect the RSA enVision appliance, the NAS, and the switch.
Note: Choose strong but memorable passwords. RSA recommends that you develop a

policy around maintaining these passwords.


Password

Description

Reference

Administrator account
password

You must specify the administrator


password while configuring the
enVision platform. You can change
this password after logging into the
enVision platform.

See the Help topic Modify User.

Managed Windows domain


passwords

The NIC Windows Service allows


the enVision platform to retrieve
Windows logs from remote
Windows systems without installing
any third-party software. You can
also use third-party Windows
collection applications to collect the
Windows events.

See the Help topic NIC Windows


Domain.

If you have an Enhanced


Availability (EA) site, the NIC_EA
password is required for tasks such
as recovering a D-SRV in an EA
site.

See the Backup and Recovery Guide.

Change the two default passwords


for the administrative accounts:
nasadmin and root.

See the Celerra Manager Online Help


topic Administrative Users.

RSA enVision Passwords

Note: You can set up the enVision

platform to automatically change the


Windows domain password both within
the enVision platform and on the
Windows domain controller. For
instructions, see the Help topic,
The enVision platform requires a
Windows Domain Password
Windows domain name and the user
Automatic Expiration.
name and password of the Domain
Administrator for each Windows
system that you add to the NIC
Windows Service.
NIC_EA password

NAS Passwords
Default administrative
passwords

98

See the Unisphere Manager Online Help


topic Administrative Users. for VNX.

B: Changing Passwords

RSA enVision Hardware Setup and Maintenance Guide

Password

Description

Reference

RSA provides an unconfigured


switch. You must change the default
password and the Web Management
IP Address.

For information, see the documentation


that RSA provided with your switch, the
AT-9000/28 Gigabit Ethernet ecoSwitch
Installation Guide and the AT-S100
Management Software Users Guide.

Switch Password
Default password and the
Web Management IP
Address.

Note: You must change the default

password for any switch that you are


using for the enVision platform.

Troubleshooting
Change Passwords that were Accidentally Updated Manually
You must not change the passwords manually on the RSA enVision appliance. In case
you have manually changed the passwords on any of the nodes either in a single
appliance site or in a multiple appliance site, the site lockbox does not get updated
with the new password values. The existing site lockbox would still contain the old
password values.
You can bring the enVision system back to a consistent state under the following
circumstances:

If you have manually updated the passwords of the enVision user accounts
NIC_System, NIC_SFTP, or NIC_SSHD, use the Password Manager Utility to
change these password values. If you do not update the passwords in the site
lockbox, the enVision system will be in an inconsistent state. For instructions, see
Change Passwords on the enVision Appliance Using the Password Manager
Utility on page 93.
Note: The Password Manager Utility asks for the master password when it is
run on the DSRV. Ensure that you have not manually updated the master
password in this case.

If you have manually updated the master password, you must use the
SyncPasswords.vbs script to bring back the system to a consistent state.

To update the enVision user account passwords using the SyncPasswords.vbs:

1. On the DSRV1, open a new command shell, and change directories to


E:\nic\4100\node-name\password\update scripts.
2. Run SyncPasswords.vbs. Type:
cscript SyncPasswords.vbs

3. When prompted, enter the manually updated master password and press ENTER.
4. Re-enter the passwords for the enVision user accounts:

B: Changing Passwords

99

RSA enVision Hardware Setup and Maintenance Guide

a. NIC_System
b. NIC_SSHD
c. NIC_SFTP
Ensure that the passwords meet the password policy criteria specified for enVision
user accounts.

100

B: Changing Passwords

RSA enVision Hardware Setup and Maintenance Guide

Glossary
A-SRV
See Application Server.
ad hoc report
An unscheduled report that runs immediately.
ADB
See Asset Database.
administrator
A user responsible for setting up and maintaining the RSA enVision platform. An
administrator has access to all enVision functions.
alert
An indication that an event, or a sequence of events, requires further investigation.
The enVision platform sends alerts based on messages received under a configured set
of circumstances such as filters. The administrator defines alerts for each view.
Alert History tool
The RSA enVision tool that is used to display alerts from the events database.
Alerts module
The RSA enVision module that provides tools to monitor, display, and configure
alerts.
Analysis module
The RSA enVision module that provides tools to view, query, and analyze collected
data.
appliance
The hardware on which RSA enVision software is deployed. See single appliance site
and multiple appliance site.
Application Server (A-SRV)
The appliance or component of the RSA enVision platform that supports interactive
users and runs the suite of enVision analysis tools. In a single appliance site, the
Application Server (A-SRV) is a component of the enVision system. In a multiple
appliance site, the A-SRV is installed on its own appliance. See single appliance site
and multiple appliance site.
asset
A system, such as a host, software system, workstation, or device, that is within a
network and makes up the enterprise environment.
Asset Database (ADB)
A unified view of assets created by merging data from supported vulnerability
assessment (VA) tools and imported asset information in the asset tracking tools. The
ADB provides security managers with insight into their operations.

Glossary

101

RSA enVision Hardware Setup and Maintenance Guide

attribute category
A group of categories defined by the RSA enVision platform for device and asset
attributes. The nine categories are properties, location, organization, owner, physical,
function, importance, vulnerability, and zone. Users can define custom categories.
bind report
A group of reports that can be scheduled to run as a single report.
collection
The process of collecting, analyzing, and storing logs from event sources. the
RSA enVision platform stores the logs, with descriptive metadata, in the Log Smart
Internet Protocol Database (IPDB).
Collector
The appliance or component of the RSA enVision platform that captures incoming
events. In a single appliance site, the Collector is a component of the enVision system.
In a multiple appliance site, the Collector is installed on its own appliance.
Common Storage Directory (CSD)
A single directory that contains the configuration and statistical information for data
collected on a site. The Common Storage Directory (CSD) can be located on a single
appliance site, on the Database Server of a multiple appliance site, or on the Remote
Collector of a distributed system.
computer name
See node.
confidence level filtering
A filter defined by the administrator to determine if a supported intrusion detection
system (IDS) or an intrusion prevention system (IPS) can be trusted for its truthfulness
and applicability. The confidence level detects if a message from an IDS or an IPS
should be considered an alert.
Configuration database (nic.db)
A repository that stores a users configuration settings such as user information,
permissions, and views.
correlation
A relationship between a set of events and a set of specific conditions.
D-SRV
See Database Server.
Database Server (D-SRV)
The appliance or component of the RSA enVision platform that manages access and
retrieval of captured events. In a single appliance site, the Database Server (D-SRV) is
a component of the enVision system. In a multiple appliance site, the D-SRV is
installed on its own appliance. See single appliance site and multiple appliance site.
device
See event source.
device class
Identifies the classification of the event source. A device class provides a framework
for organizing event sources by their general function.

102

Glossary

RSA enVision Hardware Setup and Maintenance Guide

device type (dtype)


An assigned internal name for an event source that is used by RSA enVision tools and
utilities. The dtype value is displayed on the enVision interface, reports, and queries.
EA
See Enhanced Availability.
Enhanced Availability (EA)
A site with Enhanced Availability (EA) is a multiple appliance site where the Local
Collector (LC) functionality runs on Cluster Appliances (CAs).
EPS
See events per second.
event category
System-defined or administrator-defined group of messages for alerting and reporting
that is assigned across device classes.
Event Explorer
RSA enVision module that provides advanced tools for analysis of real-time and
historical data. These tools allow users to sift through logged data and apply security
forensics.
event source
An asset such as a physical device, software, or appliance that produces a message
(log) and is configured to send the log to the RSA enVision platform. Event sources
include firewalls, VPNs, antivirus software, operating systems, security platforms,
routers, and switches.
events per second (EPS)
Events captured per second by the RSA enVision platform.
incident escalation
See task escalation.
incident management
See task triage.
IPDB
See LogSmart IPDB.
LC
See Local Collector.
Local Collector (LC)
A component of an RSA enVision multiple appliance site that captures incoming
events. A multiple appliance site can have up to three Local Collectors (LCs). See
multiple appliance site.
LogSmart IPDB
The LogSmart Internet Protocol Database (IPDB) stores internet protocol-based
information, storing each source element in a separate container. Each log data
message is identified by the IP address of the event source from which the message
originated. The LogSmart IPDB maps this IP address to the originating event source
and determines the format of the incoming message. The log message is the metadata
that describes the event.

Glossary

103

RSA enVision Hardware Setup and Maintenance Guide

message category
A group of messages. Message categories are hierarchical, consisting of up to five
levels: a NIC category, an alert category, and up to three levels of event category.
message variable
Defines a type of data that is extracted from message payloads. Message variables are
useful when analyzing and reporting on data.
monitored device
A supported event source that has been configured to send event messages to the
RSA enVision platform. The enVision platform collects and stores events from
monitored devices.
multiple appliance site
An RSA enVision site in which each enVision component (Application, Collector, and
Database) is on its own appliance.
NIC
The acronym used to label many essential RSA enVision components, services, and
tools.
NIC database
See Configuration database (nic.db).
NIC domain
A group of multiple appliance sites that constitute an organization's entire deployment
of the RSA enVision platform. One site acts as the NIC domain master site.
NIC message ID
A number that identifies a message. This number may or may not be the same as the
vendor message ID.
NIC System device
Generates event messages to indicate the health and activity of the RSA enVision
platform, such as disk space usage, current EPS, data retrieval statistics, and user
activity messages.
NIC_View
Allows users to monitor the health of the RSA enVision system. The NIC_View alerts
users to problems within the enVision software environment.
node
An appliance in an RSA enVision site.
output action
Configured notification method for alerts. The primary output actions are SMTP,
SNMP, SNPP, Instant Messenger, syslog, run a command, text file, and task triage.
Overview module
The RSA enVision module that provides tools to configure the enVision platform and
monitor system health and performance.
RC
See Remote Collector.

104

Glossary

RSA enVision Hardware Setup and Maintenance Guide

Remote Collector (RC)


An optional component of an RSA enVision multiple appliance site that captures
incoming events at a remote location. A Remote Collector (RC) runs on its own
appliance. Up to 16 RCs can be associated with a site.
Reports module
The RSA enVision module that provides tools to run standard network security and
traffic analysis reports, or create and run custom reports.
single appliance site
An RSA enVision site in which all enVision components (Application, Collector, and
Database) are on one appliance.
site
The basis on which the RSA enVision platform is deployed. Each site consists of three
main components: Application Server, Collector, and Database Server.
site name
The name of the site, defined during the configuration of the RSA enVision platform.
standard report
Reports that are supplied within the RSA enVision platform for compliance,
correlated alerts, event sources, as well as for task triage, and vulnerability and asset
management.
task escalation
A function that allows users to send tasks to an external application, such as a
ticketing system, for offline investigation.
task triage
A feature that allows users to group events into tasks for the purpose of investigation.
Tasks can be further analyzed in the RSA enVision Event Explorer module, escalated
to an external ticketing system, or both.
trace view
A set of parameters that define the information that is displayed in the form of tables
and charts. The two forms of trace views are standard and advanced trace views.
UDC
See Universal Device Collection.
Universal Device Collection (UDC)
Allows the RSA enVision platform to collect log data from any event source that logs
through SNMP, ODBC, or File Reader.
VAM
See vulnerability and asset management.
VDB
See Vulnerability Knowledge Database.
view
An administrator-defined set of event sources, messages, correlation rules, and
criteria, within a single site, for which the RSA enVision platform issues alerts.

Glossary

105

RSA enVision Hardware Setup and Maintenance Guide

vulnerability and asset management


A feature that provides unified management of assets and vulnerability incident
analysis.
Vulnerability Knowledge Database (VDB)
An embedded repository of vulnerability information derived from the National
Vulnerability Database (NVD).
watchlist
A named collection of strings that represent a list of like-values. A watchlist can easily
function as a filter for events in reporting and alerting.

106

Glossary