Warehouse: Step 5. Configure the Destination Using SFTP

Document created by RSA Information Design and Development on Sep 14, 2017Last modified by RSA Information Design and Development on Nov 16, 2017
Version 5Show Document
  • View in full screen mode
 

Make sure that you have:

  • Installed the Warehouse Connector service or virtual appliance in your network environment.
  • Added the Warehouse Connector service to NetWitness. For more information, see the 'Add a Service to a Host' in the Hosts and Services Getting Started Guide.
  • For the SFTP destination type, the destination host should be listed in the /root/.ssh/known_hosts file used by the ssh service (for example, sshd) running on the Warehouse Connector.

Add Destination from Warehouse Connector Host

To add the destination host to the /root/.ssh/known_hosts file, from the Warehouse Connector host, initiate a secure connection to the destination host:

  1. Login to the Warehouse Connector.
  2. Enter ssh root@<SAWIP> or ssh username@<SAWIP>.
  3. Select Yes and enter the password.
  4. Add the host key in the /root/.ssh/known_hosts file

     

    Note: After you upgrade Warehouse Connector to 11.0, you must make sure that the destination host is listed in the /root/.ssh/known_hosts file used by the ssh service (i.e. sshd) running on the Warehouse Connector. If you do not perform this action, the streams configured with SFTP in Warehouse Connector will not start.

  • If you want to use SFTP to write data into the destination using SSH key-based access, you need to configure SSH key-based access between the Warehouse Connector and the Warehouse host or Hadoop node. For more information, see Configure SSH Keys below.

    Note: If you want to enable checksum validation to validate the integrity of the AVRO files that are transferred from the Warehouse Connector to the destinations, make sure that you generate the keys without setting the passphrase and do a key exchange between warehouse connector and the warehouse nodes.

Configure Warehouse Connector to Write to a Remote Destination

To configure the destination:

  1. Log on to NetWitness
  2. In the main menu, select ADMIN > Services.
  3. In the Services view, select the added Warehouse Connector service, and select  > View > Config.
    The Services Config view of Warehouse Connector is displayed.
    Warehouse connector services config view
  4. On the Sources and Destinations tab, in the Destination Configuration section, click .
  5. In the Add Destination dialog, select SFTP from the Type drop-down list.
    add SFTP destination
  6. In the Name field, enter a unique symbolic name for the destination.

    Note: The Name field does not support spaces or special characters except underscore (_).

  7. In the Host field, enter the remote server IP address.
  8. In the Port field, retain the default port, 22.
  9. In the Username field, enter the SSH username.
  10. Note: In the case of HortonWorks HD, ensure that the username is gpadmin and for password based access the password for gpadmin should be used. For passphrase-based access, the passphrase used to generate the keys for gpadmin user should be used.

  11. In the Password/Passphrase field, enter one of the following:
    • SSH password - If you are using SFTP to write data into the destination using password-based access.
    • SSH passphrase - If you are using SFTP to write data into the destination using SSH key-based access.
  12. In the Remote Path field, enter the path of the directory present on the SFTP server.
  13. Click Save.
  14. (Optional) If you want to enable checksum validation, perform the following:
    1. In the main menu, select ADMIN > Services.
    2. In the Services view, select the added Warehouse Connector service, and select  > View > Explore
      The Explore view of Warehouse Connector is displayed.

    3. In the options panel, navigate to warehouseconnector/destinations/sftp/config.
    4. Set the parameter isChecksumValidationRequired to 1.
      SFTP config param update
    5. Restart the respective stream.

Configure SSH Keys

To configure SSH key-based access between the Warehouse Connector and the Warehouse host or Hadoop node:

  1. Generate SSH keys on the Warehouse Connector at the default location. Perform the following:

    1. Log on to the Warehouse Connector.
    2. Type the following command and press ENTER:

      $ OWB_FORCE_FIPS_MODE_OFF=1 ssh-keygen -t dsa
    3. The command prompts you to enter the file in which to save the generated key.

      Enter file in which to save the key (/root/.ssh/id_dsa):
    4. Enter the file in which you want to save the key and press ENTER.

      The command prompts you to enter and confirm the passphrase.

      Note: If you want to enable checksum validation to validate the integrity of the AVRO files that are transferred from the Warehouse Connector to the destinations, make sure that you do not set the passphrase. Then, the below steps e, f, g, and h are not applicable.

       Enter passphrase (empty for no passphrase):
      Enter same passphrase again:

      The public key is generated and is saved in the location that you provided.

    5. Change the directory by entering the following command:
      cd /root/.ssh/
    6. Move the generated key to the below location:

      mv id_dsa id_dsa.old
    7. Type the following command and press ENTER:

      $ OWB_FORCE_FIPS_MODE_OFF=1 openssl pkcs8 -topk8 -v2 des3 -in id_dsa.old -out id_dsa

      The command prompts you to enter and confirm the passphrase.

    8. Enter the encryption passphrase.
    9. Run the following command to change the file permission:

      chmod 600 id_dsa 
  2. Append the generated public key to the remote Warehouse host or Hadoop node's authorized keys list located at: ~/.ssh/authorized_keys

    Note: Make sure that you copy the public keys to the Hadoop node and while copying the public key ensure that you provide the login details of the user using which the WebHDFS destination would be added.

You can now securely communicate between Warehouse Connector and Warehouse nodes or Hadoop nodes.

You are here
Table of Contents > Configure the Destination > Configure the Destination Using SFTP

Attachments

    Outcomes