000034514 - Guide for replacing the entire chassis on RSA Security Analytics Series 4S Appliance

Document created by RSA Customer Support Employee on Feb 22, 2017Last modified by RSA Customer Support on Aug 7, 2019
Version 8Show Document
  • View in full screen mode

Article Content

Article Number000034514
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: SA Series 4S Security Analytics Appliance
Operating System:  CentOS 6
IssueThis KB outlines a process written for appliances running CentOS 6.  The process is different for appliances running CentOS 7 and the KB, while generally helpful, requires different procedures which have not yet been posted. 

A Security Analytics Series 4S appliance has failed but all disk drives are fully functional and contain valid configuration information for the failed host.

This process assumes the SD Cards have been disabled in the appliance and are not in use.  

It is possible to swap appliances if the SD Cards are in use but in that case please contact Support and open a case until a KB article for that process is posted. 

Note that you may encounter exceptions to this flow and this document does not necessarily cover every set of circumstances you might encounter.  If you encounter a problem and are unsure how to proceed please contact  Support for guidance. 
TasksYou can use these steps to complete the process of swapping the drives from an old appliance into a new appliance. 

  1. Start the new Core or Hybrid appliance connected to a crash cart.  It does not have to be connected to the network for this step. 
  2. Review /etc/udev/rules.d/70-persistent-net.rules and note which MAC addresses are assigned to which network interface.  This may help when modifying this file after replacing the chassis.  
  3. OPTIONAL:  Configure the iDRAC interface in the new Core or Hybrid appliance to match the iDRAC configuration in the existing appliance. When you swap the appliances you will have access to the new appliance using the same IP Address.  DO NOT implement this step if both iDRAC interfaces will be live at the same time.  

Swapping the Hardware:

  1. Label each drive denoting which bay it is installed in on the existing Core or Hybrid appliance. 
  2. Label each drive denoting which bay it is installed on the new Core or Hybrid appliance. 
  3. Remove the drives from the new Core or Hybrid and set aside. 
  4. Install the drives from the existing Core or Hybrid into the same drive bay in the new Core or Hybrid appliance. 
  5. Remove the existing appliance from the rack. 
  6. Install the new appliance in the rack. 
  7. Connect power, network, SAS and iDRAC cables. 
  8. Turn on the appliance.  
  9. If prompted for a BIOS password, use the default "rsabios" password. 
  10. During POST, if you encounter "There are offline or missing virtual drives with preserved cache" you must boot into the RAID configuration utility and clear the cached memory.  Use this link for additional information on this step.  
  11. During POST, if you encounter drives found in a "foreign" configuration, import those drives when prompted on the POST screen which may look like the following.  

Import Foreign Drives

  1. Check the network configuration and adjust any network configuration files that might reference the old MAC addresses from the existing (now old) Core or Hybrid. Make sure to check /etc/udev/rules.d/70-persistent-net.rules for the correct MAC addresses.  See the sample rules file below.  
  2. Reboot the new appliance and make sure it boots, connects to the network and resumes capture and aggregation. 
ResolutionVerify the appliance is operational at the ssh prompt and at the Security Analytics WebUI.
NotesChanging the /etc/udev/rules.d/70-persistent-net.rules File

Make a backup of the file before making any changes in case you need to refer to the original configuration later. Copy or rename the /etc/udev/rules.d/70-persistent-net.rules to /etc/udev/rules.d/70-persistent-net.rules.bak

Either delete the etc/udev/rules.d/70-persistent-net.rules file after you back it up, or manually edit the /etc/udev/rules.d/70-persistent-net.rules file to delete the MAC addresses left over from the old appliance.  

Once you delete old file or older lines save the file.  

Reboot the server which will rebuild the 70-persistent-net.rules file with the new MAC addresses.  

Be aware that the rebuilt file may name the interfaces as "eth0," "eth1," eth2," and "eth3" rather than "em1," "em2," em3," and "em4."  You may need to edit the file after the initial reboot, changing the NAME value to the "em1," "em2," em3," and "em4" naming convention to match what is defined in the /etc/sysconfig/network-scripts/ifcfg-em# scripts. You should run the "start_udev" command after making this change.  

The MAC addresses are highlighted in the sample file below.  

Sample File:  /etc/udev/rules.d/70-persistent-net.rules

# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.

# PCI device 0x8086:0x1528 (ixgbe) (custom name provided by external tool)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="ec:f4:bb:ee:af:fa", ATTR{type}=="1", KERNEL=="eth*", NAME="em4"

# PCI device 0x8086:0x1521 (igb) (custom name provided by external tool)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="ec:f4:bb:ee:af:fd", ATTR{type}=="1", KERNEL=="eth*", NAME="em2"

# PCI device 0x8086:0x1528 (ixgbe) (custom name provided by external tool)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="ec:f4:bb:ee:af:f8", ATTR{type}=="1", KERNEL=="eth*", NAME="em3"

# PCI device 0x8086:0x1521 (igb) (custom name provided by external tool)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="ec:f4:bb:ee:af:fc", ATTR{type}=="1", KERNEL=="eth*", NAME="em1"