Submit a Request

Support Center

  1. Introduction to this Guide
  2. Preparation of the Installation
  3. Installing the redBorder Platform
  4. Next Steps: Start Using redBorder Enterprise

Introduction to this Guide

What’s in this Guide

This installation guide gives you the information needed to develop an installation of 1 node/instance redBorder Enterprise Edition with a Global License mode configuration:

  • System requirements and recommended configuration
  • Installation procedures
  • How to upgrade from a previous version

Other Related Documents

  • For the installation of a redBorder Enterprise Intrusion IPS probe, please refer to the document redBorder Enterprise Intrusion IPS Sensor Installation
  • For a cluster configuration, please refer to the document redBorder Cluster Deployment Guide
  • For the installation of a redborder ClientProxy, please refer to the document redBorder ClientProxy Installation
  • For other guides and more information check the online redborder platform documentation available on the redborder Support Website (https://support.redborder.com)

Preparation of the Installation

Installing the redborder Enterprise Manager edition is the first step to start monitoring and securing your network data with the redborder solution. You should check the contents of this chapter before beginning the installation of the platform (also referred as the redborder Manager).

Obtaining the ISO

Redborder Enterprise Edition is distributed as an ISO file that can be obtained in different ways. If you don’t have the ISO file, please contact our sales team (sales@redborder.com) or our support team (support@redborder.com) to provide you the last available ISO file or a way to download it.

Burning / Handling the ISO Image

In case of installation on physical machine, it is possible to burn the ISO image on a DVD or USB storage device to proceed with its installation

In case of installation in virtual machine, it will be enough to mount the ISO image in a virtual DVD device.

Linux / Unix

In order to burn the ISO image from a Linux system to a USB device, the following command could be used (i.e the USB device is mapped in /dev/sdd):

[root@machine ~]# dd if=redBorder-3.1.80-10-x86_64-6.5-enterpise.iso of=/dev/sdd bs=10M

Be careful. This is only an example command to burn the ISO. The selected destination will be formatted, and all the data will be erased.

 

Windows

In order to burn the ISO image from a Windows system to a USB device, you should use an appropiate 3rd party program.

Installation Requirements

To test redborder Manager Enterprise before moving to a production deployment, use hardware or virtual machines like that running in production. The machine used to deploy the redborder manager should meet or exceed the minimum requirements provided in this guide.

Scaling and dimensioning an installation of the redborder platform will depend on the deployment scenario. Each scenario must be evaluated and planned to plan the most adequate configuration.

In many scenarios, a single node installation can be enough to collect, index and process the data with adequate performance, scaling vertically.

In other scenarios, adding more machines (cluster configuration) should be considered to adjust and optimize the deployment. In a cluster configuration capacity can be reasigned among the available nodes to achive a higher performance or configure them in high availability mode. For more information about planning and dimensioning a redborder platform installation, please refer to the online documentation or contact our support team (support@redborder.com).

Single Node Minimum Requirements

The following requirements are related to a single node installation with light to moderate use. Please consider that if you run the platform in a virtual environment you should usually get the performance somehow decreased comparing to a similar physical machine deployment.

Spec

Minimum

Recommended

RAM

16GB

20GB

CPU

4 cores

4 cores

HDD (SSD)

30 GB

100 GB

Number of NIC

1

1

 

Scaling Up a single Node Installation

The following table shows the recommend values for a single node installation of redborder platform.

Please, note that the storage resources you dedicate to redborder will be directly affected by how much historic you plan to be saved by the platform.

Events per seconf implies any kind of information entering redborder Manager (i.e: IPS/IDS events, network flow, SNMP messages, log events, etc).

 

   

Physical

Virtual

 

Storage

Events/s

MB/day

Threads

CPUs

RAM (GB)

MB/day

GB/year

25

1750

4

5

20

116,67

41,59

50

3500

4

5

20

233,33

83,17

100

7000

4

5

20

466,67

166,34

200

14000

4

5

24

933,33

332,68

300

21000

5

7

24

1400

499,02

400

28000

5

7

24

1866,67

665,36

500

35000

6

8

26

2333,33

831,71

750

52500

7

9

28

3500

1247,56

1000

70000

8

10

32

4666,67

1663,41

1250

87500

10

13

40

5833,33

2079,26

1500

105000

12

15

48

7000

2495,12

1750

122500

13

17

56

8166,67

2910,97

2000

140000

14

18

64

9333,33

3326,82

2500

175000

16

20

72

11666,67

4158,53

3000

210000

23

29

87

14000

4990,23

3500

245000

23

29

90

16333,33

5821,94

4000

280000

24

30

92

18666,67

6653,65

4500

315000

24

30

95

21000

7485,35

5000

350000

24

30

96

23333,33

8317,06

5500

385000

26

33

99

25666,67

9148,76

6000

420000

26

33

102

28000

9980,47

6500

455000

27

34

104

30333,33

10812,17

7000

490000

27

34

107

32666,67

11643,88

7500

525000

27

34

108

35000

12475,59

8000

560000

31

39

119

37333,33

13307,29

 

Connectivity Requirements

In a typical single node installation redborder manager will need to be able to communicate/receive data from sensors and allow connections for the regular dashboard users and for the machine administrators. The following table shows the communication requirements for a 1 node typical standard installation.

Manager => Sensor

Sensor => Manager

Users => Manager

ICMP-type 8 (ping)*

TCP/22 (SSH)

UDP/161 (SNMP)

TCP/9092 (Kafka)

TCP, UDP / 514 (Syslog)

UDP/162 (traps SNMP)

TCP/443 (Chef)

UDP/123 (NTP)

UDP/2055 (Flow – netflow)

UDP/6343 (Flow – sflow)

ICMP-type 8 (ping)*

TCP/22 (SSH)

UDP/443 (HTTPS)

These requirements are referred to a standard installation where following types of sensor data are received:

  • Traffic probes, sending flow information (netflow and sflow)
  • Intrusions probes
  • Vault probes (using syslog)
  • Infrastructure monitoring done using snmp
  • Snmp trap servers are connected

For more advanced scenarios, like the connection of wireless controllers with location analytics, addional requirementes will apply. Please refer to the corresponding online documentation.

Installing the redBorder Platform

This chapter describes the process for installing the redborder platform, also referred as manager, in a virtual or physical machine.

Before proceeding with the installation, please check the following:

  • You have a machine with the minimum requirements for the installation
  • In case of installing in a physical machine, you have the burned ISO image in a DVD or USB and you configured the drive as bootable in your system
  • In case of installing on a virtual machine, you have configured a bootable device and mounted the ISO in it.

Installation

1. As soon as your system boots with the redborder ISO image you will see the redborder     Enterprise installation Welcome Screen.

  • Select Install Manager option to start the installation process.

ch02_img002.png

2. System will show a screen to select the drive to install the platform, the root user password     and the Licensing model:

  • Select the drive you want to use for the redborder system.
  • Enter the password for the root user (redborder by default).
  • Select Global as licensing mode.

Be careful. The selected unit drive will be formatted by the installer and all the data will be erased.

 

mceclip1.png

3. The installation process will take several minutes. Wait until the installation is 100% complete.   Once the installation is completed, the system will be restarted.

1.png

4. During the first boot, the system will proceed to perform a set of actions to be configured for   the first time for the system. This configuration process will take also several minutes.

4.png

5. After completing the initial configuration process, the system will prompt you to enter the login   information. Enter root as login user and the password you configured for the root user   (redborder in case you did not change the default value).

mceclip2.png

In this point redborder manager is already installed in your system. Now you will need to proceed with the system configuration.

Initial Configuration - Automatic Mode

If the machine where the redborder manager is being installed meet the following conditions, the system will be at this point already automatically configured.

  • The machine has at least 2 network interfaces,
  • The first 2 interfaces are connected to to different networks with a DHCP Server enabled and the system was able to assign an IP address for each interface

The first interface detected by the system it will be configured as bond0, which is called the management interface, and the next bond1, called the synchronization interface. This second interface is typically used for cluster configurations.

The first installed manager on the network, not finding others in the synchronization network, will be autoconfigured as master inside the cluster. If another redborder manager is found inside the synchronization network, the new node will be configured will be configured in custom mode (later you can activate the services you want).

If you don’t plan to use a cluster configuration you can ignore this configuration and go to the following section Initial configuration - Wizard

For cluster configurations, please refer to the document redBorder Cluster Deployment Guide.

Initial Configuration - Wizard

This is the normal way for a single node configuration of the redborder platform. If the network is not prepared for automatic configuration by DHCP or only a network interface is available, you must proceed to the installation through the wizard:

1. Once logged into the manager as root, run the command rb_sysconf to start the redborder     system configuration tool.

[root@rbmanager ~]# rb_sysconf
  • System Configuration: basic system paramaeters configuration (hostname, IP of the manager, time and status of the manager)
  • Network Configuration: creation of bonding interfaces, DNS, routes and IPMI configuration.

For single-node installations, only one network interface is required for management.

  • Passwords: this option is used to modify the passwords of system users.
    • w) start simple wizard: start a wizard that will allow you to easily and quickly perform the installation and configuration of the manager.
    • q) quit: Exit. It returns us to the main system configuration screen.

2.png

2. Select w) option to start the configuration wizard. Follow the steps of the wizard to complete   the configuration.

3. First, the wizard will ask you to configure the DNS and Domain settings. You can accept   the default values (indicated in brackets) just pressing Enter key or alternatively you can enter   your own values.

Hostname and DNS Settings

Insert Hostname [rbmanager]. The name for the manager node machine. Default value is rbmanager. This name is used to identify the machine inside the network

In the case of a cluster configuration, this name is used to identify the machine inside the cluster and should describe the position or role of the node inside the cluster. Every node of the cluster needs to have a unique name inside the cluster itself. For Cluster configurations, please refer to the please refer to the document Redboder Enterprise Cluster Configuration.

Insert domain: [redborder.cluster]. Domain for the manager (and the cluster).

Insert DNS Primary. IP address of the primary Domain Name Server.

Insert DNS Secondary (optional). IP address of the secondary Domain Name Server.

4. Once the values have been introduced, the system will validate and apply the changes,   showing a message when the configuration has been applied: DNS and domain settings   applied successfully and a summary with the configurated values.

 ch02_img004.png

5. The next step is to configure time server settings:

NTP server [pool.ntp.org]: If there is an NTP server in your network that you want to use, you must indicate it here. Otherwise, the indicated value will be assigned by default.

6. The system will ask you to configure bondings. The system will show a message indicating   that bond0 is already configured, asking if you want to overwrite it. Select yes so you can   check the assigned values and change them if needed.

For a single node configuration, you will need a single network interface. In this step you will configure only one bonding that will be used as management bonding.

The system will try to get the values using DHCP and, if so, it will show you the assigned values in brackets in order to check the assigned values and change them if needed.

Insert bonding number [0]: The default value is "0" and indicates the link index.

Insert bonding first port [0]: The default value is "0" and allows us to indicate the network port index to use in the management link.

Insert second port (y/N): use the default value "N".

Insert management IP address: enter the IP that we want to assign to redborder.

Insert management Netmask: enter the network mask that we want to assign to bonding network.

Insert default gateway for this management interface (Y/n): Indicates whether or not we want to assign a link port to redborder. Por defecto indicaremos Y.

Insert default gateway []: We will enter the gateway IP address.

Insert a route for this bonding (y/N): Indicates whether or not we want to indicate a route for the link created. Use the default value "N".

Once these values have been entered, the system will notify you that the bonding has been created successfully.

3.png

7. After the network configuration the system will ask for some values related to the remote   storage configuration. Accept the default values for a standard installation with local storage.

4.png

8. The wizard will ask you to confirm that you want to apply the configuration. Select y to apply   the settings and finish the configuration.

Once the wizard is done, it is required to wait from 5 to 10 min for the system to run all the necessary services.

 

Accessing to the Manager Web Console

Once the software has been installed and configured, you can access the redborder manger web application using a browser and connecting

to the URL https: // <manager_ip_address>. You will see the login page.

The default values for accessing the we console are:

  • User: admin
  • Password: redborder.

You can change these values later using the user profile settings menu option.

mceclip8.png

Next Steps: Start Using redBorder Enterprise

License Configuration

The default installation comes with a preconfigured trial license limited to a 30 days period of use (for a limited number of sensors to connect). You can start connecting sensors and using the system right now using this trial license.

For a valid license to use for your installation, learn how to request and configure new licenses in the system, by checking the article Request a new license for enterprise edition (global mode).

If you don’t have an Enterprise license for using the system you can alternatively contact our sales team or (sales@redborder.com) our support team (support@redborder.com).

First Steps With redBorder Enterprise

Now that you installed the redborder manager and have a valid license configured, you can start using redborder to monitor and protect your network. You can check the following guides as a starting point:

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk