Virtual Host Setup: Task 3. Add New Volume and Extend Existing File Systems

Document created by RSA Information Design and Development on Apr 10, 2019
Version 1Show Document
  • Comment0
  • View in full screen mode
 

After reviewing your initial datastore configuration, you may determine that you need to add a new volume. This topic uses a Virtual Packet/Log Decoder host as an example.

Complete these tasks in the following order.

  1. Add New Disk
  2. Create New Volumes on the New Disk
  3. Create LVM volume on New Partition
  4. Extend Volume Group with Physical Volume
  5. Expand the File System
  6. Start the Services
  7. Make Sure the Services Are Running
  8. Reconfigure LogDecoder Parameters

Add New Disk

Add New Disk in VMware ESXi

Add New Disk in Hyper-V

Add New Disk in VMware ESXi

This procedure shows you how to add a new 100 GB disk on the same datastore.

Note: The procedure to add a disk on different datastore is similar to the procedure shown here.

  1. Shut down the machine, edit Virtual Machine Properties, click Hardware tab, and click Add.

    Add

  2. Select Hard Disk as the device type.

    Hard disk as a device type

  3. Select Create a new virtual disk.

    create new virtual disk

  4. Choose the size of the new disk and where you want to create it (on the same datastore or a different datastore).

    Note: Choose data provisioning based on your requirements

    Thick provision eager zeroed

  5. Approve the proposed Virtual Device Node.

    Approve the proposed Virtual Device Node

    Note: The Virtual Device Node can vary, but it is pertinent to /dev/sdX mappings.

  6. Confirm the settings.

    Confirm the settings

Add New Disk in Hyper-V

  1. Shut down the VM and click Settings and IDE Controller, select the Hard Drive and click Add.

    Click Add

  2. Select the New Virtual Hard disk.

    Select New Virtual Hard disk

  3. Select VHDX as a disk format.

    Select VHDX as a disk format

  4. Select Dynamically expanding as a disk type.

    Select Dynamically expanding as a disk type.

  5. Specify the Name and Location of the virtual hard disk file.

    Specify the Name and Location of the virtual hard disk file

  6. Select create a new blank virtual hard disk and specify the size.

    create a new blank virtual hard disk

  7. In the Summary, review the settings and click Finish.

    Summary review

Extending File Systems

Follow the below instructions to extend the file systems for the various components.

AdminServer

Attach external disk for extension of /var/netwitness/ (refer to the steps in attaching the disk) partition. Create an additional disk with suffix as nwhome.

Follow these steps:

  1. Execute lsblk and get the physical volume name, for example if you attach one 2TB disk.
  2. pvcreate <pv_name> suppose the PV name is /dev/sdc
  3. vgextend netwitness_vg00 /dev/sdc
  4. lvextend –L 1.9T /dev/netwitness_vg00/nwhome
  5. xfs_growfs /dev/mapper/netwitness_vg00-nwhome

RSA recommended partition for AdminServer (Can be changed based on the retention days).

                     
LVMFolderSizeDisk Type
/dev/netwitness_vg00/nwhome /var/netwitness/ 2TBSSD

ESAPrimary/ESASecondary/Malware

Attach external disk for extension of /var/netwitness/ partition, create an external disk with suffix as nwhome.

Follow these steps:

  1. Execute lsblk and get the physical volume name, for example, if you attach one 6TB disk
  2. pvcreate <pv_name> suppose the PV name is /dev/sdc
  3. vgextend netwitness_vg00 /dev/sdc
  4. lvextend –L 5.9T /dev/netwitness_vg00/nwhome
  5. xfs_growfs /dev/mapper/netwitness_vg00-nwhome

RSA recommended partition for ESAPrimary/ESASecondary/Malware (Can be changed based on the retention days).

                     
LVMFolderSizeDisk Type
/dev/netwitness_vg00/nwhome /var/netwitness/ 6TBHDD

LogCollector

Attach an external disk for extension of /var/netwitness/ partition, create an external disk with suffix as nwhome.

  1. Execute lsblk and get the physical volume name, for example if you attach one 500GB disk
  2. pvcreate <pv_name> suppose the PV name is /dev/sdc
  3. vgextend netwitness_vg00 /dev/sdc
  4. lvextend –L 488G /dev/netwitness_vg00/nwhome
  5. xfs_growfs /dev/mapper/netwitness_vg00-nwhome

RSA recommended partition for LogCollector (Can be changed based on the retention days).

                     
LVMFolderSizeDisk Type
/dev/netwitness_vg00/nwhome /var/netwitness/ 500GBHDD

LogDecoder

Attach an external disk for extension of /var/netwitness/ partition, create an external disk with suffix as nwhome, attach other external disks for LogDecoder database partition. For extending /var/netwitness partition follow these steps:

Note: No other partition should reside on this volume, only to be used for /var/netwitness/

  1. Execute lsblk and get the physical volume name, suppose if you had add attach one 2TB disk
  2. pvcreate <pv_name> suppose the PV name is /dev/sdc
  3. vgextend netwitness_vg00 /dev/sdc
  4. lvextend –L 1.9T /dev/netwitness_vg00/nwhome
  5. xfs_growfs /dev/mapper/netwitness_vg00-nwhome

Other partitions are also required. Create the following four partitions on volume group logdecodersmall

                                 
FolderLVMVolume Group
/var/netwitness/logdecoder decorootlogdecodersmall
/var/netwitness/logdecoder/index indexlogdecodersmall

/var/netwitness/logdecoder/metadb

metadb

logdecodersmall

/var/netwitness/logdecoder/sessiondb sessiondblogdecodersmall

Follow these steps to create the partitions mentioned in the table above:

  1. Execute lsblk and get the physical volume names from the output
  2. pvcreate /dev/sdd
  3. vgcreate –s 32 logdecodersmall /dev/sdd
  4. lvcreate –L <disk_size> -n <lvm_name> logdecodersmall
  5. mkfs.xfs /dev/logdecodersmall/<lvm_name>
  6. Repeat steps 4 and 5 for all the LVM’s mentioned

The following partition should be on volume group LogDecoder

                  
FolderLVMVolume Group
/var/netwitness/logdecoder/packetdb packetdblogdecoder

Follow these steps:

  1. Execute lsblk and get the physical volume names from the output
  2. pvcreate /dev/sde
  3. vgcreate –s 32 logdecoder /dev/sde
  4. lvcreate –L <disk_size> -n packetdb logdecoder
  5. mkfs.xfs /dev/logdecoder/packetdb

RSA recommends below sizing partition for LogDecoder (Can be changed based on the retention days)

                                                   
LVMFolderSizeDisk Type
/dev/netwitness_vg00/nwhome /var/netwitness/ 1TB

HDD

/dev/logdecodersmall/decoroot /var/netwitness/logdecoder 10GBHDD

/dev/logdecodersmall/index

/var/netwitness/logdecoder/index

30GB

HDD

/dev/logdecodersmall/metadb /var/netwitness/logdecoder/metadb 370GBHDD

/dev/logdecodersmall/sessiondb

/var/netwitness/logdecoder/sessiondb

3TB

HDD

/dev/logdecoder/packetdb /var/netwitness/logdecoder/packetdb 18TBHDD

Create each directory and mount the LVM on it in a serial manner, except /var/netwitness which will be already created.

Note: Create the folder /var/netwitness/logdecoder and mount on /dev/logdecodersmall/decoroot then create the other folders and mount them.

After that add the below entries in /etc/fstab in the same order and mount them using mount –a.

/dev/logdecodersmall/decoroot /var/netwitness/logdecoder xfs noatime,nosuid 1 2

/dev/logdecodersmall/index /var/netwitness/logdecoder/index xfs noatime,nosuid 1 2

/dev/logdecodersmall/metadb /var/netwitness/logdecoder/metadb xfs noatime,nosuid 1 2

/dev/logdecodersmall/sessiondb /var/netwitness/logdecoder/sessiondb xfs noatime,nosuid 1 2

/dev/logdecoder/packetdb /var/netwitness/logdecoder/packetdb xfs noatime,nosuid 1 2

Concentrator

Attach external disk for extension of /var/netwitness/ partition, Create an external disk with suffix as nwhome, attach other external disks for Concentrator database partition.

For extending /var/netwitness partition follow below steps:

Note: No other partition should reside on this volume, only to be used for /var/netwitness/

  1. Execute lsblk and get the physical volume name, for example if you attach one 2TB disk
  2. pvcreate /dev/sdc suppose the PV name is /dev/sdc
  3. vgextend netwitness_vg00 /dev/sdc
  4. lvextend –L 1.9T /dev/netwitness_vg00/nwhome
  5. xfs_growfs /dev/mapper/netwitness_vg00-nwhome

Below partitions are also required on volume group concentrator.

                            
FolderLVMVolume Group
/var/netwitness/concentrator rootconcentrator
/var/netwitness/concentrator/sessiondb sessiondbconcentrator

/var/netwitness/concentrator/metadb

metadb

concentrator

Follow these steps:

  1. Execute lsblk and get the physical volume names from the output
  2. pvcreate /dev/sdd
  3. vgcreate –s 32 concentrator /dev/sdd
  4. lvcreate –L <disk_size> -n <lvm_name> concentrator
  5. mkfs.xfs /dev/concentrator/<lvm_name>
  6. Repeat steps 4 and 5 for all the LVM’s mentioned

Below partition should be on volume group index

                  
FolderLVMVolume Group
/var/netwitness/concentrator/index indexindex

Follow these steps:

  1. Execute lsblk and get the physical volume names from the output
  2. pvcreate /dev/sde
  3. vgcreate –s 32 index /dev/md1
  4. lvcreate –L <disk_size> -n index index
  5. mkfs.xfs /dev/index/index

RSA recommends below sizing partition for Concentrator (Can be changed based on the retention days)

                                             
LVMFolderSizeDisk Type
/dev/netwitness_vg00/nwhome/var/netwitness/1TB

HDD

/dev/concentrator/root/var/netwitness/concentrator10GBHDD

/dev/concentrator/metadb

/var/netwitness/concentrator/metadb

370GB

HDD

/dev/concentrator/sessiondb/var/netwitness/concentrator/sessiondb3TBHDD

/dev/index/index

/var/netwitness/concentrator/index

2TB

SSD

Create each directory and mount the LVM on it in a serial manner, except /var/netwitness which will be already created.

Note: Create the folder /var/netwitness/concentrator and mount on /dev/concentrator/root then create the other folders and mount them.

After that add the below entries in /etc/fstab in the same order

/dev/concentrator/root /var/netwitness/concentrator xfs noatime,nosuid 1 2

/dev/concentrator/sessiondb /var/netwitness/concentrator/sessiondb xfs noatime,nosuid 1 2

/dev/concentrator/metadb /var/netwitness/concentrator/metadb xfs noatime,nosuid 1 2 2

/dev/index/index /var/netwitness/concentrator/index xfs noatime,nosuid 1 2

Archiver

Attach an external disk for extension of /var/netwitness/ partition, create an external disk with suffix as nwhome, attach other external disks for Archiver database partition.

For extending /var/netwitness partition follow these steps:

Note: No other partition should reside on this volume, only to be used for /var/netwitness

  1. Execute lsblk and get the physical volume name, suppose if you had add attach one 2TB disk
  2. pvcreate /dev/sdc suppose the PV name is /dev/sdc
  3. vgextend netwitness_vg00 /dev/sdc
  4. lvextend –L 1.9T /dev/netwitness_vg00/nwhome

Below partition is required for volume group archiver

                  
FolderLVMVolume Group
/var/netwitness/archiver archiverarchiver

Follow these steps:

  1. Execute lsblk and get the physical volume names from the output
  2. pvcreate /dev/sde
  3. vgcreate –s 32 archiver /dev/sde
  4. lvcreate –L <disk_size> -n archiver archiver
  5. mkfs.xfs /dev/archiver/archiver

RSA recommends below sizing partition for archiver (Can be changed based on the retention days)

                           
LVMFolderSizeDisk Type
/dev/netwitness_vg00/nwhome /var/netwitness/ 1TB

HDD

/dev/archiver/archiver /var/netwitness/archiver 4TBHDD

Create each directory and mount the LVM on it in a serial manner, except /var/netwitness which will be already created.

After that add the below entries in /etc/fstab in the same order

/dev/archiver/archiver /var/netwitness/archiver xfs noatime,nosuid 1 2

Decoder

Attach an external disk for extension of /var/netwitness/ partition, create an external disk with suffix as nwhome, attach other external disks for decoder database partition. For extending /var/netwitness partition follow these steps:

Note: No other partition should reside on /var/netwitness/

  1. Execute lsblk and get the physical volume name, suppose if you had add attach one 2TB disk
  2. pvcreate /dev/sdc
  3. vgextend netwitness_vg00 /dev/sdc
  4. lvextend –L 1.9T /dev/netwitness_vg00/nwhome
  5. xfs_growfs /dev/mapper/netwitness_vg00-nwhome

Below four partition should be on volume group decodersmall

                                 
FolderLVMVolume Group
/var/netwitness/decoder decorootdecodersmall
/var/netwitness/decoder/index indexdecodersmall

/var/netwitness/decoder/metadb

metadb

decodersmall

/var/netwitness/decoder/sessiondb sessiondbdecodersmall

Follow these steps:

  1. Execute lsblk and get the physical volume names from the output
  2. pvcreate /dev/sdd
  3. vgcreate –s 32 decodersmall /dev/sdd
  4. lvcreate –L <disk_size> -n <lvm_name> decodersmall
  5. mkfs.xfs /dev/decodersmall/<lvm_name>
  6. Repeat steps 4 and 5 for all the LVM’s mentioned

Below partition should be on volume group decoder

                  
FolderLVMVolume Group
/var/netwitness/decoder/packetdb packetdbdecoder
  1. Execute lsblk and get the physical volume names from the output
  2. pvcreate /dev/sde
  3. vgcreate –s 32 decoder /dev/sde
  4. lvcreate –L <disk_size> -n packetdb decoder
  5. mkfs.xfs /dev/decoder/packetdb

RSA recommends below sizing partition for Decoder (Can be changed based on the retention days)

                                                   
LVMFolderSizeDisk Type
/dev/netwitness_vg00/nwhome /var/netwitness 1TB

HDD

/dev/decodersmall/decoroot /var/netwitness/decoder 10GBHDD

/dev/decodersmall/index

/var/netwitness/decoder/index

30GB

HDD

/dev/decodersmall/metadb /var/netwitness/decoder/metadb 370GBHDD

/dev/decodersmall/sessiondb

/var/netwitness/decoder/sessiondb

3TB

HDD

/dev/decoder/packetdb /var/netwitness/decoder/packetdb 18TBHDD

Create each directory and mount the LVM on it in serial manner, except /var/netwitness which will be already created.

Note: Create the folder /var/netwitness/decoder and mount on /dev/decodersmall/decoroot then create the other folders and mount them.

After that add the below entries in /etc/fstab in the same order and mount them using mount –a.

/dev/decodersmall/decoroot /var/netwitness/decoder xfs noatime,nosuid 1 2

/dev/decodersmall/index /var/netwitness/decoder/index xfs noatime,nosuid 1 2

/dev/decodersmall/metadb /var/netwitness/decoder/metadb xfs noatime,nosuid 1 2

/dev/decodersmall/sessiondb /var/netwitness/decoder/sessiondb xfs noatime,nosuid 1 2

/dev/decoder/packetdb /var/netwitness/decoder/packetdb xfs noatime,nosuid 1 2

You are here
Table of Contents > Install SA Virtual Host in Virtual Environment > Step 3. Configure Datastore Space > Task 3. Add New Volume and Extend Existing File Systems

Attachments

    Outcomes