Warehouse Connector: Step 5: Configure the Destination Using SFTP

Document created by RSA Information Design and Development on Jul 31, 2016
Version 1Show Document
  • View in full screen mode
 

This topic describes the tasks to configure Warehouse Connector to write to a remote destination using Secure File Transfer Protocol (SFTP). The remote destination can be a remote server that is NFS mounted to the MapR cluster or it can be a remote staging server. 

By default, in the remote destination the Warehouse Connector writes data in the following directory structure:

  • /<staging_folder>/rsasoc/v1/sessions/data/<year>/<month>/<day>/<hour>/
  • /<staging_folder>/rsasoc/v1/logs/data/<year>/<month>/<day>/<hour>/

Where <staging_folder> is the folder on the remote server where the Warehouse Connector writes the data.

If you are using a remote staging server as the remote destination, you need to manually copy or move the directory structure to any of the following deployments:

  • RSA Analytics Warehouse (MapR)
  • Commercial MapR M5 Enterprise Edition for Apache Hadoop
  • Pivotal HD

Caution:  To generate reports from the data written by Warehouse Connector, make sure that in your Hadoop deployment you maintain a similar directory structure that is created by Warehouse Connector in the remote destinations.

The following illustration describes how you can use SFTP to write data from Warehouse Connector to a remote destination.

SFTP-image.jpg

Prerequisites

Make sure that you have:

  • Installed the Warehouse Connector service or virtual appliance in your network environment.
  • Added the Warehouse Connector service to Security Analytics. For more information, see Add a Service to a Host in the Getting Started Guide.
  • For the SFTP destination type, the destination host should be listed in the /root/.ssh/known_hosts file used by the ssh service (i.e. sshd) running on the Warehouse Connector.

    To add the destination host to the /root/.ssh/known_hosts file, from the Warehouse Connector host, initiate a secure connection to the destination host. Perform the following steps:

    1. Login to the Warehouse Connector.
    2. Enter ssh root@<SAWIP> or ssh username@<SAWIP>.
    3. Select Yes and enter the password.
    4. Add the host key in the /root/.ssh/known_hosts file.

    Note: After you upgrade Warehouse Connector to 10.5, you must make sure that the destination host is listed in the /root/.ssh/known_hosts file used by the ssh service (i.e. sshd) running on the Warehouse Connector. If you do not perform this action, the streams configured with SFTP in Warehouse Connector will not start.

  • If you want to use SFTP to write data into the destination using SSH key-based access, you need to configure SSH key-based access between the Warehouse Connector and the Warehouse host or hadoop node.

    Note: If you want to enable checksum validation to validate the integrity of the AVRO files that are transferred from the Warehouse Connector to the destinations, make sure that you generate the keys without setting the passphrase and do a key exchange between warehouse connector and the warehouse nodes.

Configure Warehouse Connector to Write to a Remote Destination

To configure the destination:

  1. Log on to Security Analytics.
  2. In the Security Analytics menu, select Administration > Services.
  3. In the Services view, select the added Warehouse Connector service, and Actions menu cropped > View > Config.
    The Services Config view of Warehouse Connector is displayed.
    WCSourcDestTab.png
  4. On the Sources and Destinations tab, in the Destination Configuration section, click .
  5. In the Add Destination dialog, select SFTP from the Type drop-down list.
    AddSFTPDest.png
  6. In the Name field, enter a unique symbolic name for the destination.

    Note: The Name field does not support space or special characters except underscore (_).

  7. In the Host field, enter the remote server IP address.
  8. In the Port field, retain the default port, 22.
  9. In the Username field, enter the SSH username.

    Note: In the case of Pivotal HD, ensure that the username is gpadmin and for password-based access the password for gpadmin should be used or for passphrase-based access, the passphrase used to generate the keys for gpadmin user should be used.

  10. In the Password/Passphrase field, enter one of the following:
    • SSH password, if you are using SFTP to write data into the destination using password-based access.
    • SSH passphrase, if you are using SFTP to write data into the destination using SSH key-based access.
  11. In the Remote Path field, enter the path of the directory present on the SFTP server.
  12. Click Save.
  13. (Optional) If you want to enable checksum validation, perform the following:
    1. In the Security Analytics menu, select Administration > Services.
    2. In the Services view, select the added Warehouse Connector service, and Actions menu cropped > View > Explore
      The Explore view of Warehouse Connector is displayed.
      WCExpVw.png
    3. In the options panel, navigate to warhouseconnector/destinations/sftp/config.
    4. Set the parameter isChecksumValidationRequired to 1.WCExpVwEx.png
    5. Restart the respective stream.

Configure SSH Keys

Follow these steps to configure SSH key-based access between the Warehouse Connector and the Warehouse host or hadoop node.

  1. Generate SSH keys on the Warehouse Connector at the default location. Perform the following:
    1. Log on to the Warehouse Connector.
    2. Type the following command and press ENTER:
       $ ssh-keygen -t dsa
    3. The command prompts you to enter the file in which to save the generated key.
       Enter file in which to save the key (/root/.ssh/id_dsa):
    4. Enter the file in which you want to save the key and press ENTER.
      The command prompts you to enter and confirm the passphrase.

       Enter passphrase (empty for no passphrase): Enter same passphrase again:

      The public key is generated and is saved in the location that you provided.

      Note: If you want to enable checksum validation to validate the integrity of the AVRO files that are transferred from the Warehouse Connector to the destinations, make sure that you do not set the passphrase.

  2. Append the generated public key to the remote Warehouse host or hadoop node's authorized keys list located at:~/.ssh/authorized_keys

Result

You can now securely communicate between Warehouse Connector and Warehouse nodes or hadoop nodes.

You are here: Configure Warehouse Connector > Step 5: Configure the Destination Using SFTP

Attachments

    Outcomes