15.2 Installing the Sentinel ISO Appliance

This section provides information about installing Sentinel, Collector Managers, and Correlation Engines using the ISO appliance image. This image format allows you to generate a full disk image format that can be deployed directly to hardware, either physical (bare metal) or virtual (uninstalled virtual machine in a hypervisor) by using a bootable ISO DVD image.

15.2.1 Installing Sentinel

To install the Sentinel ISO appliance:

  1. Download the ISO virtual appliance image from the Download Website.

  2. (Conditional) If you are using a hypervisor:

    Set up the virtual machine using the ISO virtual appliance image and power it on.

    or

    Burn the ISO image into a DVD, set up the virtual machine using the DVD, and then power it on.

  3. (Conditional) If you are installing the Sentinel appliance on bare metal hardware:

    1. Boot the physical machine from the DVD drive with the DVD.

    2. Follow the installation wizard on-screen instructions.

    3. Select Install sentinel server <version>.

  4. Select the language of your choice.

  5. Select the keyboard layout.

  6. Click Next.

  7. Read and accept the SUSE Enterprise Server Software License Agreement. Click Next

  8. Read and accept the Sentinel Server Appliance License Agreement. Click Next

  9. Set the Sentinel appliance passwords, NTP configuration, and the time zone.

    Set vaadmin user credentials for logging on to Sentinel Appliance Management Console.

    NOTE:After installation, you can change the NTP configuration and time zone in the following ways:

    • Go to the command prompt and enter yast->Network Services->NTP Configuration

    • Go to Sentinel Appliance Management Console and click Time.

    If the time appears out of sync immediately after the install, run the following command to restart NTP:

    rcntp restart

  10. On the Sentinel Server Appliance Network Settings page, specify the hostname and domain name. Select either Static IP Address or DHCP IP Address.

  11. Click Next.

  12. (Conditional) If you have selected Static IP Address in Step 10, specify the network connection settings.

  13. Click Next.

  14. Set the password for Sentinel user admin, then click Next.

    Appliance is installed.

  15. Make a note of the appliance IP address that is shown in the console.

  16. Log in as root user at the console to log in to the appliance.

    Enter the username as root and enter the password you set in Step 9.

  17. Proceed with Post-Installation Configuration for the Appliance.

15.2.2 Installing Collector Managers and Correlation Engines

The procedure to install a Collector Manager or a Correlation Engine is the similar to the procedure to installing Sentinel except that you need to download the appropriate ISO appliance file from the Download website.

  1. Complete Step 1 through Step 13 in Installing Sentinel.

    The installation checks for the available memory and disk space. If the available memory is less than 1 GB, the installation will not let you proceed and the Next button is greyed out.

  2. Specify the following configuration for the Collector Manager or the Correlation Engine:

    • Sentinel Server Hostname or IP Address: Specify the host name or IP address of the Sentinel server that the Collector Manager or Correlation Engine should connect to.

    • Sentinel Communication Channel Port: Specify the Sentinel server communication channel port number. The default port number is 61616.

    • Sentinel Web Server Port: Specify the Sentinel web server port. The default port is 8443.

    • User name with Administrator role: Specify username of any user in Administrator role.

    • Password for user with Administrator role: Specify the password for the user name you have specified in the above field.

  3. (Conditional) If your environment uses multi-factor or strong authentication, you must provide the Sentinel client id and Sentinel client secret. For more information about authentication methods, see Authentication Methods in the Sentinel Administrator Guide.

    To retrieve the Sentinel client ID and Sentinel client secret, go to the following URL:

    https://Hostname:port/SentinelAuthServices/oauth/clients

    Where:

    • Hostname is the host name of the Sentinel server.

    • Port is the port Sentinel uses (typically 8443).

    The specified URL uses your current Sentinel session to retrieve the Sentinel client ID and Sentinel client secret.

  4. Click Next.

  5. Accept the certificate when prompted.

  6. Make a note of the appliance IP address that is shown in the console.

    The console displays a message that this appliance is the Sentinel Collector Manager or Correlation Engine depending on what you chose to install, along with the IP address. The Console also displays the Sentinel server user interface IP address.

  7. Complete Step 16 through Step 17 in Installing Sentinel.