Deployment: NetWitness Suite Deployment

Document created by RSA Information Design and Development on Oct 17, 2017Last modified by Susan Ewald on Oct 17, 2017
Version 3Show Document
  • View in full screen mode
 

This guide describes the basic requirements of a NetWitness Suite deployment and outlines optional scenarios to address needs of your enterprise. You can use distributed networks to install Brokers, Concentrator, Decoders, and Log Decoders in diverse geographical locations before the NetWitness Server is installed and brought online. Even in small networks, planning can ensure that all goes smoothly when you are ready to bring the hosts online.

Note: This document refers to several additional documents available on RSA Link. Go to the Master Table of Contents for Version 11.0 to find NetWitness Suite 11.0 documents.

There are many factors you must consider before you deploy NetWitness Suite. The following items are just some of these factors. You need to estimate growth and storage requirements when you consider these factors.

  • The size of your enterprise (that is, the number of locations and people that will use NetWitness Suite.
  • The volume of packets and logs you need to process.
  • The performance each NetWitness Suite user role needs to do their jobs effectively.
  • The prevention of downtime (that is, how to avoid a single point of failure).
  • The environment in which you plan to run NetWitness Suite
    • RSA Appliances (software running on hardware supplied by RSA)
      See the RSA NetWitness® Suite Physical Host Installation Guide for detailed instructions on how to deploy RSA Appliances.
    • Software Only provided by RSA:
      • On-Premises (On-Prem) Virtual Hosts
      • VCloud:
        • Amazon Web Services (AWS)
        • Azure

Basic Deployment Process

Before you can deploy NetWitness Suite you need to:

  • Consider the requirements of your enterprise and understand the deployment process.
  • Have a high-level picture of the complexity and scope of a NetWitness Suite deployment.

Process

The components and topology of a NetWitness Suite network can vary greatly between installations, and should be carefully planned before the process begins. Initial planning includes:

  • Consideration of site requirements and safety requirements.
  • Review of the network architecture and port usage.
  • Support of group aggregation on Archivers and Concentrators, and virtual hosts.

When ready to begin deployment, the general sequence is:

  • For RSA Appliances:
    1. Install appliances and connect to the network as described in the RSA NetWitness® Suite Hardware Setup Guides and the RSA NetWitness® Suite Physical Host Installation Guide .
    2. Set up licensing for NetWitness Suite as described in the RSA NetWitness® Suite Licensing Guide.
    3. Configure individual appliances and services as described in RSA NetWitness® Suite Host and Services Getting Started Guide. This guide also describes the procedures for applying updates and preparing for version upgrades.
  • For On-Prem virtual hosts, follow the instructions in the RSA NetWitness® Suite Virtual Host Setup Guide.
  • For AWS, follow the instructions in the RSA NetWitness® Suite AWS Deployment Guide
  • For Azure, follow the instructions in the RSA NetWitness® Suite Azure Deployment Guide

When updating hosts and services, follow recommended guidelines under the "Running in Mixed Mode" topic in the RSA NetWitness Suite Host and Services Getting Started Guide.

NetWitness Suite Deployment Diagram

The following diagram illustrates a basic, multi-site NetWitness Suite Deployment.

RSA Physical Appliance Environment

The following diagram illustrates a basic NetWitness Suite deployment hosted on RSA hardware.

The following diagram illustrates a basic NetWitness Suite deployment hosted virtually. See the RSA NetWitness® Suite On-Prem Virtual Host Setup Guide for details.

 

You are here

Table of Contents > Deployment: The Basics

Attachments

    Outcomes