SIEM Foundations: VM Installation and Configuration

Version 4

    The McAfee SIEM VM guest images are provided for use in ESX (5.0+) environments. Each virtual appliance must be installed as an OVF template using a licensed copy of VSphere connected to an appropriate installation of VCenter.

     

    Each guest image contains three files – a VM Virtual Disk file (.vmdk), an Open Virtualization Format Package file (.ovf) and a Manifest file (.mf). All three VM files should be located in the same directory on the VSphere client machine.

     

    To install and configure a virtual SIEM Appliance:

    1. Launch the VSphere client and connect to the VCenter management server hosting the ESX infrastructure.
    2. From the File menu, select Deploy OVF Template.
      VSphere_File_DeployOVF.png
    3. Browse to the location of the VM SIEM appliance and select the .ovf file.
      DeployOVF_Source.png
    4. Click Next >.
    5. The OVF Template Details window displays the Product, Download size and Size on disk (both thin and thick provisioned) for the selected virtual SIEM image.
      DeployOVF_Details.png
    6. Click Next >.
    7. The Name and Location window allows the unique naming of the virtual SIEM image as well as the location in the ESX inventory.
      DeployOVF_NameLoc.png
    8. Click Next >.
    9. From the Resource Pool window, select the appropriate ESX resource pool within which you wish to deploy the virtual SIEM template.
      DeployOVF_ResourcePool.png
    10. Click Next >.
    11. From the Storage window, select an appropriate destination for the virtual SIEM image. Make certain you select a location that has sufficient free disk space to host the entire guest image.
      DeployOVF_Storage.png
    12. Click Next >.
    13. From the Disk Format window, choose Thick Provision Eager Zeroed.
      DeployOVF_DiskFormat.png
    14. Click Next >.
    15. From the Network Mapping window select an appropriate Destination Network for the guest virtual SIEM appliance NIC0. (Additional NICs can be configured at a later time).
      DeployOVF_NetworkMapping.png
    16. Click Next >.
    17. From the Deploy OVT Template Summary window, confirm the virtual SIEM appliance configuration options.
      DeployOVF_Complete.png
    18. Click Next >.
    19. As the virtual SIEM appliance is deployed, a progress bar will show the percent complete.
      DeployOVF_Progress.png
    20. Once the OVF template has been fully deployed, a Success dialog box will indicate completion.
      DeployOVF_Success.png
    21. Click Close.
    22. To make additional changes to the virtual SIEM appliance guest configuration, click Edit virtual machine settings.
      VSphere_EditVMcircle.png
    23. Adjust the Memory, CPUs and/or Network Adapters as appropriate.  Note that it is acceptable to decrease the number of CPUs and or allocated memory if desired.  This will decrease the overall performance of your virtual appliance, below the advertised specifications.
      ESX_VM_Settings.png

    NOTE: Each guest virtual SIEM image has a maximum Memory and CPU core limit that cannot be exceeded. It is possible to configure values from the minimum of 8 Gb memory and 8 CPU cores to the maximum allowed for the OVF image.

     

    « previousoutlinenext »