This section provides information about installing Identity Intelligence.
Launch the CDF Management Portal using the link (https://master_FQDN:3000) displayed after CDF installation in Step 7.
Ensure that the browser is not using proxy to access CDF because this might result in inaccessible web pages.
NOTE:Use port 3000 when you are setting up the CDF for the first time. After the initial setup, use port 5443 to access the CDF Management Portal.
Log in with the following credentials:
User name: admin
Password: Use the password that you provided during CDF installation.
Select the metadata file version inand click .
Read the license agreement and select. .
In the Capabilities page, select the following and click:
Analytics. Prerequisite for ArcSight Investigate and Identity Intelligence.
In the Database page, retain the default values, select, and click .
In the Deployment Size page, select the required cluster and click.
(Conditional) For worker node configuration, select.
The installation will not proceed if the minimal hardware requirements are not met. For information about the hardware requirements, see Hardware Requirements and Tuning Guidelines.
In the Connection page, an external host name is automatically populated. This is resolved from the virtual IP (VIP) specified during the CDF installation (--ha-virtual-ip parameter). Confirm that the VIP is correct and then click.
(Conditional) If you want to set up high availability, selectand add at least two additional master nodes in the Master High Availability page.
NOTE:If you do not configure high availability in this step, you cannot add master nodes and configure high availability after installation.
In the Add Master Node page, specify the following details:
Host: Fully qualified domain name (FQDN) of the node you are adding.
Ignore Warnings: If selected, the installer will ignore any warnings that occur during the pre-checks on the server. If deselected, the add node process will stop and a window will display any warning messages. We recommend that you start with deselected in order to view any warnings displayed. You may then evaluate whether to ignore or rectify any warnings, clear the warning dialog, and then click again with the box selected to avoid stopping.
User Name: User credential for login to the node.
Verify Mode: Choose the verification mode as Password or Key-based, and then either enter your password or upload a private key file. If you choose Key-based, you must first enter a username and then upload a private key file when connecting the node with a private key file.
Thinpool Device: (optional) Enter the Thinpool Device path, that you configured for the master node (if any). For example: /dev/mapper/docker-thinpool. You must have already set up the Docker thin pool for all cluster nodes that need to use thinpools, as described in the CDF Planning Guide.
flannel IFace: (optional) Enter the flannel IFace value if the master node has more than one network adapter. This must be a single IPv4 address or name of the existing interface and will be used for Docker inter-host communication.
Click. Repeat the same for other master nodes.
(Conditional) For multi-node deployment, add additional worker nodes in the Add Worker Node page and click. To add a worker node click (Add) and enter the required configuration information . Repeat this process for each of the worker nodes.
(Conditional) If you want to run the worker node in the master node, then selectand then click .
NOTE:Before selecting this option, ensure that the master node meets the system requirements specified for the worker node.
To configure each NFS volume, complete the following steps:
Navigate to thepage.
For, select .
Self-hosted NFS refers to the external NFS that you created while preparing the environment for CDF installation.
For, specify the IP address or FQDN of the NFS server.
For, specify the following paths for the NFS volumes:
Ensure that you have validated all NFS volumes successfully before continuing with the next step.
To start deploying master and worker nodes, clickin the Confirmation dialog box.
Continue with Uploading Images to Local Registry.
For the docker registry to deploy Identity Intelligence, it needs the following images associated with the deployment:
You must upload those images to the local registry.
Launch a terminal session, then log in to the master node as root or a sudo user.
Change to the following directory:
Upload each of the software images to the local registry:
./uploadimages.sh -d <downloaded_image_file_path> -u registry-admin -p <password>
./uploadimages.sh -d <download_directory>/identityintelligence-x.x.x./suite_images/analytics-x.x.x.x -u registry-admin -p password
Continue with Deploying Transformation Hub and Identity Intelligence.
After you upload the images to the local directory, CDF uses these images to deploy the respective software in the cluster.
Switch back to the CDF Management Portal.
Clickin the page because all the required packages are already downloaded and uncompressed.
After the All images are available in the registry, click .page displays
If the page displays any missing image error, upload the missing image.
After thepage displays the status of the node in green, click .
The deployment process can take up to 15 minutes to complete.
(Conditional) If any of the nodes show a red icon in thepage, click the icon.
CDF might display the red icon if the process times out for a node. Because the retry operation executes the script again on that node, ensure that you clickonly once.
After thepage indicates that all the services are deployed and the status indicates green, click .
Themessage appears after the deployment process is complete and it can take up to 15 minutes to complete.
(Optional) To monitor the progress of service deployment, complete the following steps:
Launch a terminal session.
Log in to the master node as root.
Execute the command:
watch 'kubectl get pods --all-namespaces'
(Conditional) If you want to use mutual SSL authentication between Transformation Hub and its clients by enabling client authentication, you must change the default CA that is generated during the installation. For steps to change the CDF CA, see Changing the Certificate Authority of CDF.
To configure pre-deploy settings for all the following software, complete the following steps:
Set the values based on the workload or high availability configuration. For information about this value for your deployment, see the
Transformation Hub Tuning section in the Hardware Requirements and Tuning Guidelines.
Set False to disable plain text communication between Transformation Hub (Kafka) and all the components outside the Kubernetes cluster.to
When you set this option to False, ensure to configure SSL between Transformation Hub (Kafka) and all the components outside the Kubernetes cluster, such as Identity Governance, Identity Manager Driver for Entity Data Model, Vertica, and so on.
mutual SSL authentication between Transformation Hub (Kafka) and all the components outside the Kubernetes cluster, such as Identity Governance, Identity Manager Driver for Entity Data Model, Vertica, and so on.: This option is used to enable client authentication between Transformation Hub and all the components outside the Kubernetes cluster. When you enable this option, ensure that you configure
Specify Vertica connection details.
(Optional) Specify SMTP server details to enable users of Identity Intelligence to receive email notification.
Specify the values forand for Single Sign-On.
To finish the deployment, click.
Copy the Management portal link displayed in thepage.
Some of the pods in the Labeling Nodes.page might remain in a pending status until the product labels are applied on worker nodes. To label the nodes, see
(Conditional) For high availability and multi-master deployment, after the deployment has been completed, manually restart the keepalive process.
Log in to the master node.
Change to the directory:
Run the script:
Continue with the following activities: