Xavier Trepanier-Taupier

How to add a virtual hard disk in RSA NetWitness Archiver

Blog Post created by Xavier Trepanier-Taupier Employee on Apr 30, 2018

Virtualization is now an industry standard and RSA NetWitness offers a 100% virtual deployment. The RSA NetWitness Archiver module offers the possibility of using multiple virtual hard disks to increase the retention of the platform. To be able to increase the available space you will need to do the following:

 

 The first step is to add another VMDK to your Virtual RSA NetWitness Archiver :

 

 

Change the size of the Virtual Hard Disk to meet your requirement:

We do recommend to use different SCSI controller per VMDK. In this case, SCSI (0:1) is used by our operating system for the second VMDK, we will use SCSI (1:1):

Press Finish to complete the process:

When the virtual hard disk has been added to our virtual Archiver, we need to add this hard disk to our LVM. We will need to identify our new hard disk using the fdisk -l command. In our case, in the virtual hard disk is /dev/sdb

Create the new partition on the /dev/sdb disk with the following command fdisk /dev/sdb

Press n to create a new partition and p for a primary partition

Type w to write the configuration to the partition table

 

We need to create a Physical Volume for our new partition using the following command pvcreate /dev/sdb1 

 

We need to create a Volume Group for our new partition using the following command vgcreate vg_customer /dev/sdb1. The name of the Volume Group can be changed to meet your requirement

 

We need to create a Logical Volume for our new partition using the following command lvcreate --name customer1_lvm -l 100%FREE vg_customer. The name of the Logical Volume can be changed to meet your requirement

 

RSA Netwitness leverage XFS for best performance. Our new partition needs to be format to XFS using the following command : mkfs.xfs /dev/mapper/vg_customer-customer1_lvm . The LVM name can differ base on your use case.

Create your folder for the mount point

Mount your LVM in your folder created earlier

Validate your mount point with the df command

 

Edit your /etc/fstab file with your mount point information

 

When your LVM is created and available to the operating system , we need to add this storage to your RSA NetWitness Archiver. In our case, we are adding 500 GB to the hot storage. Press the gear button   for the hot storage.

 

Add your mount point to the hot storage and press save

 

Our hot storage have now 639.89 GB

 

We will create a new Collection with 450 GB for our Customer1.  

 

Once the Collection is created, RSA Netwitness will automatically create the following directories for each type of data. 

Outcomes