AWS 10.6.6.x to 11.3 Upgrade: Set Up Virtual Hosts in 11.3

Document created by RSA Information Design and Development on Apr 12, 2019Last modified by RSA Information Design and Development on Jul 12, 2019
Version 6Show Document
  • View in full screen mode
 

There two phases to set up your 11.3 virtual stack that you must complete in the order shown.

Phase 1 - Set Up NW Server, Event Stream Analysis, Malware Analysis, and Broker or Concentrator Hosts

Task 1 - Set Up 11.3 NetWitness Server

Follow the instructions under Set Up 11.3 NW Server Host.

Task 2 - Setup 11.3 ESA

Caution: If you had C2 modules enabled in 10.6.4.x, the modules will enter a warm-up after you upgrade the Event Stream Analysis service to 11.0 and they will not be available until the warm up completes.

Follow the instructions under Set Up 11.3 Non-NW Server Host to set up your ESA hosts.

  1. Set up your primary ESA host through the Setup program and install ESA Primary on the host in the user interface on the Admin Hosts view.

    Note: If you have multiple ESA hosts in your enterprise, you must upgrade the ESA Primary host, where all the mongodb (Mongo Database) backup tar files are located, first, before you upgrade ESA Secondary hosts.

  2. (Conditional) If you have a secondary ESA host, set it up through the Setup program and install ESA Secondary on the host in the user interface on the Admin Hosts view.

Task 3 - Set Up 11.3 Malware Analysis

Follow the instructions under Set Up 11.3 Non-NW Server Host.

Task 4 - Set Up 11.3 Broker or Concentrator

Follow the instructions under Set Up 11.0 Non-NW Server Host.

Note: If you do not have a Broker, upgrade your Concentrator hosts. The 11.3 NW Server cannot communicate with 10.6.6.x core services for the new Investigate functionality. This is why you must upgrade the Broker or Concentrator hosts in Phase 1.

Phase 2 - Set Up The Rest of the Component Hosts

See Appendix B. Stopping and Restarting Data Capture and Aggregation for instructions on how to stop and restart data capture and aggregation when upgrading the Decoder, Concentrator, and Log Collection hosts.

Decoder and Concentrator Hosts

  1. Stop data capture and aggregation.
  2. Complete the steps in Set Up 11.3 Non-NW Server Host.
  3. Restart data capture and aggregation.

Log Decoder Host

  1. Make sure you have prepared the Log Collector as described in the Log Collectors (LC) and Virtual Log Collectors (VLCs): Run prepare-for-migrate.sh in the Backup Instructions.

  2. Stop data capture on the Log Decoder.
  3. Complete the steps in Set Up 11.3 Non-NW Server Host.
  4. Restart data capture on Log Decoder.

    Note: After you upgrade, you will restart log collection after completing the in the Post Upgrade Tasks

Virtual Log Collector Host

  1. Make sure you have prepared the Virtual Log Collector as described in the Log Collectors (LC) and Virtual Log Collectors (VLCs): Run prepare-for-migrate.sh.
  2. Back up your 10.6.6.x VLC by editing the all-systems file on host where you performed the backup.

    1. Make sure your all-systems file contents has this information before you perform this step.
      vlc,<host-name>,<IP-address>,<UUID>,10.6.6.0
    1. Run the following command to create backup.
      ./nw-backup.sh -u
      See Backup Instructions for detailed procedures on how to back up the host.
    1. Make sure the backup host contains the VLC backup in the following format.
      <hostname>-<IPaddress>-root.tar.gz
      <hostname>-<IPaddress>-root.tar.gz.sha256
      <hostname>-<IPaddress>-backup.tar.gz
      <hostname>-<IPaddress>-backup.tar.gz.sha256
      <hostname-IPaddress>-network.info.txt
      all-systems-master-copy

    1. Power off the 10.6.6.x VLC so that a new 11.3 VM can be created with the same network configuration.
    2. Deploy a fresh Non-NW Server host using the 11.0 NetWitness Platform ova.
    3. Connect to the VM console of the new VLC.
    4. Update the network configuration to be the same as the 10.6.6.x VLC.
      This information is stored in the <hostname-IPaddress>-network.info.txt 10.6.6.x VLC backup file.

      Note: Make sure IPv6 is disabled.

      1. Edit the /etc/sysconfig/network-scripts/ifcfg-eth0 file and update the settings. Contents of ifcfg-eth0 should be as follows.
        TYPE=Ethernet
        DEFROUTE=yes
        NAME=eth0
        UUID=<uuid>
        DEVICE=eth0
        DNS1=<nameserver from <hostname>-<ipaddress>-network-info.txt>
        DNS2=<nameserver from <hostname>-<ipaddress>-network-info.txt>
        BOOTPROTO=static
        IPADDR=<ipaddress from <hostname>-<ipaddress>-network-info.txt>
        NETMASK=<netmask from <hostname>-<ipaddress>-network-info.txt>
        GATEWAY=<gateway from <hostname>-<ipaddress>-network-info.txt>
        NM_CONTROLLED=no
        ONBOOT=yes
      2. Submit the following command string.
        systemctl restart network.service
    5. Create the backup directory.
      # mkdir –p /var/netwitness/database/nw-backup/
    6. Copy the backup from the backup host from /var/netwitness/database/nw-backup to the new VLC in the /var/netwitness/database/nw-backup directory.

    7. Complete the steps 2 through 12 inclusive in AWS 10.6.6.x to 11.3 Upgrade: Set Up Virtual Hosts in 11.3Set Up 11.3 Non-SA Server Host for the rest of the NetWitness Platform components . Make sure that you select Log Collector for the service in step 12.

    Set Up 11.3 NW Server Host

  • Make sure that you have backed up 10.6.6.x data for the SA Server host. You must follow the instructions in Backup Instructions to back up the host.

    Caution: Run the backup immediately before upgrading the SA Server to 11.3 so that the data is as recent as possible. You must create the all-systems file before you upgrade the SA Server because you cannot do this after the SA Server has been upgraded to 11.3.

  • Complete the following steps to set up the 11.3 NW Server host.

    1. Power on the NW Server VM and run the nwsetup-tui command.

      This initiates the Setup program and the EULA is displayed.

      Note: 1.) When you navigate through the Setup program prompts, use the down and up arrows to move among fields, use Tab key to move to and from commands (such as <Yes>, <No>, <OK>, and <Cancel>. Press the Enter key to register your command response and move to the next prompt.
      2.) The Setup program adopts the color scheme of the desktop or console you use access the host.


    2. Tab to Accept and press Enter.
      The "Is this the NW Server" prompt is displayed.

      Caution: If you choose the wrong host for the NW Server and complete the upgrade, you must repeat steps 1 through 11 of Set Up 11.3 NW Server Host to correct this error.

    3. Tab to Yes and press Enter.
      Choose No if you already upgraded the NW Server to 11.3.
      The Install or Upgrade prompt is displayed.

      The backup path is displayed.

      Caution: The backup path in the following prompt must be the same as the path in which your backup is stored. For example, the backup script assigns /var/netwitness/database/nw-backup as the default path. If you used the default backup path during backup and did not change it subsequently, you must keep /var/netwitness/database/nw-backup as the path in the following prompt.

    4. Use down arrow to select 2 Upgrade (From Previous Vers.), tab to OK, and press Enter.

    5. Tab to OK and press Enter if want to keep this path. If not, edit the path, tab to OK and press Enter to change it.
      The Master Password prompt is displayed.

      The following list of characters are supported for Master Password and Deployment Password:

      • Symbols : ! @ # % ^ + ,
      • Numbers :0-9
      • Lowercase Characters : a-z
      • Uppercase Characters : A-Z

      No ambiguous characters are supported for Master Password and Deployment Password (for example: space { } [ ] ( ) / \ ' " ` ~ ; : . < > -.

    6. Type in the Password, down arrow to Verify, retype the password, tab to OK, and press Enter.
      The Deployment Password prompt is displayed.

    7. Type in the Password, down arrow to Verify, retype the password, tab to OK, and press Enter.
      The Update Repo prompt is displayed.

      You must use the same repo that you used for the NW Server hosts for all hosts.
    8. Use the down and up arrows to select 2 An External Repo (on an externally-managed server), the UI prompts you for a URL.

      See "Set Up an External Repository with RSA and OS Updates" under "Hosts and Services Procedures" in the Hosts and Services Getting Started Guide for Version 11.3 for instructions. Go to the Master Table of Contents to find all NetWitness Platform Logs & Network 11.x documents.
    9. Enter the base URL of the NetWitness Platform external repo and click OK.
      The disable or use standard firewall configuration prompt is displayed.

    10. Tab to No, and press Enter to use the standard firewall configuration. Tab to Yes, and press Enter to disable the standard firewall configuration.
      • If you select Yes, confirm your selection.

      • If you select No, the standard firewall configuration is applied.

      The start upgrade prompt is displayed.

    11. Select 1 Upgrade Now, tab to OK, and press Enter.
      When "Installation complete" is displayed, you have upgraded the 10.6.6.x SA Server to the 11.3 NW Server.

      Note: Ignore the hash code errors similar to the errors shown in the following screen shot that are displayed when you initiate the nwsetup-tui command. Yum does not use MD5 for any security operations so they do not affect the system security.

       

    Set Up 11.3 Non-NW Server Host

    Make sure that you Back up your 10.6.6.x data for the host. You must follow the instructions in Backup Instructions to back up the host.

    Caution: Run the backup immediately before upgrading the host to 11.3 so that the data is as recent as possible.

    Complete the following steps to set up an 11.3 Non-NW Server host.

    1. Power On the non-NW Server VM and run the nwsetup-tui command.
      This initiates the Setup program and the EULA is displayed.


    2. Tab to Accept and press Enter.
      The "Is this the NW Server" prompt is displayed.

      Caution: If you choose the wrong the host for the NW Server and complete the upgrade, you must repeat steps 1 through 11 of Set Up 11.3 NW Server Host to correct this error.

    3. Tab to No and press Enter.
      The Install or Upgrade prompt is displayed.

    4. Use down arrow to select 2 Upgrade (From Previous Vers.), tab to OK, and press Enter.
      The backup path prompt is displayed.

    5. Tab to OK and press Enter if want to keep this path. If not, edit the path, tab to OK and press Enter to change it.
      The Deployment Password prompt is displayed.

      Note: You must use the same deployment password that you used when you upgraded the NW Server.

    6. Type in the Password, down arrow to Verify, retype the password, tab to OK, and press Enter.
      The Update Repo prompt is displayed.

    7. Use the down and up arrows to select 1 The Local Repo on the NW Server, tab to OK, and press Enter.
    8. The NW Server IP Address is displayed.

    9. Type the IP address of the NW Server, tab to OK, and press Enter.
      The disable or use standard firewall configuration prompt is displayed.
    10. Tab to No, and press Enter to use the standard firewall configuration. Tab to Yes, and press Enter to disable the standard firewall configuration.
      • If you select Yes, confirm your selection.

      • If you select No, the standard firewall configuration is applied.

      The start upgrade prompt is displayed.

    11. Select 1 Upgrade Now, tab to OK, and press Enter.
      When "Installation complete" is displayed, you have upgraded the host to the 11.3.
    12. Once 'nwsetup-cli' script ran successfully on all the components, follow the below steps to complete NW 11.3 Upgrade or Migration:

      1. Log into NetWitness Platform. (Type https://<NW-Server-IP-Address>/login in your browser to get to the NetWitness Platform Login screen)
      2. Click ADMIN > Hosts. The New Hosts dialog is displayed with the Hosts view grayed out in the background. Note: If the New Hosts dialog is not displayed, click Discover in the Hosts view toolbar.
      3. Click on the host in the New Hosts dialog and click Enable. The New Hosts dialog closes and the host is displayed in the Hosts view.
      4. Select that host (for example, ESA Primary) and click The Install Services dialog is displayed.
      5. Select the appropriate service (for example, ESA Primary) and click Install.

    Previous Topic:Migrate Disk Drive
    You are here
    Table of Contents > Set Up Virtual Hosts

    Attachments

      Outcomes