cancel
Showing results for 
Search instead for 
Did you mean: 

SIEM Foundations: VM Installation and Configuration

SIEM Foundations: VM Installation and Configuration

The McAfee SIEM VM guest images are provided for use in ESX (5.0+) environments. Each virtual appliance must be installed as an OVF template using a licensed copy of VSphere connected to an appropriate installation of VCenter.

Each guest image contains three files – a VM Virtual Disk file (.vmdk), an Open Virtualization Format Package file (.ovf) and a Manifest file (.mf). All three VM files should be located in the same directory on the VSphere client machine.

To install and configure a virtual SIEM Appliance:

  1. Launch the VSphere client and connect to the VCenter management server hosting the ESX infrastructure.
  2. From the File menu, select Deploy OVF Template.
    VSphere_File_DeployOVF.png
  3. Browse to the location of the VM SIEM appliance and select the .ovf file.
    DeployOVF_Source.png
  4. Click Next >.
  5. The OVF Template Details window displays the Product, Download size and Size on disk (both thin and thick provisioned) for the selected virtual SIEM image.
    DeployOVF_Details.png
  6. Click Next >.
  7. The Name and Location window allows the unique naming of the virtual SIEM image as well as the location in the ESX inventory.
    DeployOVF_NameLoc.png
  8. Click Next >.
  9. From the Resource Pool window, select the appropriate ESX resource pool within which you wish to deploy the virtual SIEM template.
    DeployOVF_ResourcePool.png
  10. Click Next >.
  11. From the Storage window, select an appropriate destination for the virtual SIEM image. Make certain you select a location that has sufficient free disk space to host the entire guest image.
    DeployOVF_Storage.png
  12. Click Next >.
  13. From the Disk Format window, choose Thick Provision Eager Zeroed.
    DeployOVF_DiskFormat.png
  14. Click Next >.
  15. From the Network Mapping window select an appropriate Destination Network for the guest virtual SIEM appliance NIC0. (Additional NICs can be configured at a later time).
    DeployOVF_NetworkMapping.png
  16. Click Next >.
  17. From the Deploy OVT Template Summary window, confirm the virtual SIEM appliance configuration options.
    DeployOVF_Complete.png
  18. Click Next >.
  19. As the virtual SIEM appliance is deployed, a progress bar will show the percent complete.
    DeployOVF_Progress.png
  20. Once the OVF template has been fully deployed, a Success dialog box will indicate completion.
    DeployOVF_Success.png
  21. Click Close.
  22. To make additional changes to the virtual SIEM appliance guest configuration, click Edit virtual machine settings.
    VSphere_EditVMcircle.png
  23. Adjust the Memory, CPUs and/or Network Adapters as appropriate.  Note that it is acceptable to decrease the number of CPUs and or allocated memory if desired.  This will decrease the overall performance of your virtual appliance, below the advertised specifications.
    ESX_VM_Settings.png

NOTE: Each guest virtual SIEM image has a maximum Memory and CPU core limit that cannot be exceeded. It is possible to configure values from the minimum of 8 Gb memory and 8 CPU cores to the maximum allowed for the OVF image.

« previousoutlinenext »

Comments
vagner.silva

Can I add more HDs to use in ESM ? How it should be done?

Thank you!

Version history
Revision #:
1 of 1
Last update:
‎08-08-2014 08:55 PM
Updated by: