Appendix D. Sample Storage Configuration Scenarios for 15-Drive DACs

This appendix illustrates the following example of how to configure storage on two non-encrypted 15-drive DAC external storage devices.

Configure Storage for Archiver

The following scenario configures storage on one, non-encrypted, 15-Drive DAC for an Archiver physical host.

  1. Execute the raidList command.
    1. Record the Controller Number, Enclosure Number, In Use, Drives, and Devices.
      You should see the following information.
      In Use: FALSE
      Devices: <empty>

    2. Verify the Drive Count, Size, and Vendor.
      The following example illustrates what you should see before you create a RAID array.
      netwitness_samples-1_1110x570.png
  2. Execute the raidNew command with the following parameters using the controller number and the enclosure number you just recorded.
    controller=1 enclosure=0 scheme=archiver commit=1
    The following example illustrates what you should see after you create a RAID array.
    netwitness_samples-2_1149x372.png
  3. Execute the raidList command to verify the new RAID array.
    You should now see the following information.
    In Use: TRUE
    Devices: <device>
    (for example, sdc)
    netwitness_samples-3_1184x640.png
  4. Execute the partNew command with the following parameters to create partitions and mount points in the etc/fstab file.
    name=<device> (for example, sdc) service=archiver volume=archiver commit=1
  5. Execute the srvAlloc command with the following parameters to allocate the space to the archiver service. This adds storage to the archiver service configuration and restarts the service every time it is executed.
    service=archiver volume=archiver0 commit=1
    netwitness_samples-6.png
    netwitness_samples-7_518x304.png
  6. Confirm the “Hot Storage” in “Data Retention”.
    netwitness_samples-8_951x787.png
  7. Reconfigure the following Archiver service to detect and take advantage of all of the free space as described in Task 5 - (Optional) Reconfigure Storage Configuration for 10G Capture.

Configure Storage for Network (Packet) Decoder

The following scenario configures storage on two, non-encrypted, 15-Drive DACs for a Network Decoder for 10G Capture physical host.

  1. Execute the raidList command.
    1. Record the Controller Number, Enclosure Number, In Use, Drives, and Devices.
      You should see the following information.
      In Use: FALSE
      Devices: <empty>

    2. Verify the Drive Count, Size, and Vendor.
      The following example illustrates what you should see before you create a RAID array.
      netwitness_samples-9_993x637.png
  2. Execute the raidNew command with the following parameters using the controller number and the enclosure number you just recorded.
    • Parameters for the first enclosure:
      controller=1 enclosure=0 scheme=decoder commit=1
      netwitness_samples-10_1113x458.png
    • Parameters for the second enclosure:
      controller=1 enclosure=2 scheme=decoder commit=1
      netwitness_samples-11_318x597.png
  3. Use the raidList command to display block devices for enclosures so you can verify In Use: TRUE.
  4. SSH to the Network Decoder and use the lsblk command to confirm sizes for decodersmall.
    netwitness_samples-12_1155x576.png

Note: For RAID configuration, when you use the decoder for 10G Capture you use decoder for both enclosures for performance reasons. When you do not use the decoder for 10G Capture, you use the decoder and archiver for the enclosures to maximize storage for becuase the second enclosure is a single RAID under the archiver configuration.

  1. Execute the partNew command to create the decodersmall partition first (decoder dir, index, metadb, sessiondb) (First Enclosure, SDC, SDD) with the following parameters.
    name=sdc service=decoder volume=decodersmall commit=1
    netwitness_samples-13_1204x749.png
    netwitness_samples-14_1153x422.png
  2. Execute the partNew command to create the decoder volume (packetdb) (First Enclosure, SDC, SDD) with the following parameters.
    name==sdd service=decoder volume=decoder commit=1
    netwitness_samples-15_1150x713.png
    netwitness_samples-16_1154x425.png
    In the following example, the following partions are created for SDC, SDD (Enclosure 0).
    netwitness_samples-17_1152x631.png
    At this point, you add the second DAC enclosure.
  1. Execute the partNew command to create the decodersmall partition first (Second Enclosure, SDE, SDF) with the following parameters.
    name=sde service=decoder volume=decodersmall commit=1
    netwitness_samples-18sde_1076x673.png
    netwitness_samples-19_1154x438.png
  2. Execute the partNew command to create the packetdb decoder volume (Second Enclosure SDE, SDF) with the following parameters.
    name=sdf service=decoder volume=decoder commit=1
    netwitness_samples-20_1148x717.png
    netwitness_samples-21_1153x505.png
    netwitness_samples-22_1153x788.png
  3. Execute the srvAlloc command with the following parameters to add the storage information into the Service Configuration settings.
    • service=decoder volume=decodersmall commit=1
    • service=decoder volume=decodersmall0 commit=1
    • service=decoder volume=decoder commit=1
    • service=decoder volume=decoder0 commit=1

    netwitness_samples-23_1148x1032.png

  4. Reconfigure the following Network Decoder service and its database to detect and take advantage of all of the free space as described in Task 5 - (Optional) Reconfigure Storage Configuration for 10G Capture.

Configure Storage for Network Concentrator

The following scenario configures storage on one, non-encrypted, 15-Drive DAC for a Network Concentrator physical host.

  1. Execute the raidList command.
    netwitness_samples-24_287x489.png
  2. Execute the raidNew command with the following parameters.

    controller=1 enclosure=6 scheme=concentrator
    netwitness_samples-25_1150x472.png

    netwitness_samples-26_1151x499.png

  1. Execute the partNew command to create the concentrator partition first with the following parameters. You must create the concentrator volume before index volume or it will fail.

    name=sdd service=concentrator volume=concentrator commit=1
    netwitness_samples-27_1154x725.png
    netwitness_samples-28_1151x513.png

  2. Execute the partNew command with the following parameters with the following parameters to create an index on SSDs.
    name=sdc service=concentrator volume=index commit=1
    netwitness_samples-29_1152x719.png
    netwitness_samples-30_1151x517.png
    netwitness_samples-31_1152x377.png
  3. Execute the srvAlloc command with the following parameters.
    service=concentrator volume=index commit=1
    netwitness_samples-32.png
    netwitness_samples-33_1152x272.png
  4. Execute the srvAlloc command with the following parameters.
    service=concentrator volume=concentrator commit=1
    netwitness_samples-34_991x352.png
    netwitness_samples-35_1151x467.png
  5. Reconfigure the following Network Concentrator service and its database to detect and take advantage of all of the free space as described in Task 5 - (Optional) Reconfigure Storage Configuration for 10G Capture.

Configure Storage for Log Decoder Hybrid

The following scenario configures storage on one, non-encrypted, 15-Drive DAC for a Log Decoder Hybrid physical host.

  1. Execute the raidList command.
    netwitness_samples-36_250x489.png
  2. Execute the raidNew command with the following parameters.
    controller=1 enclosure=31 scheme=log-hybrid commit=1
    netwitness_samples-37_1150x384.png
    netwitness_samples-38_1151x638.png
  3. Execute the partNew command with the following parameters with the following parameters.
    • name=sdf service=concentrator volume=concentrator commit=1
      netwitness_samples-39_1114x375.png
      netwitness_samples-40_1117x750.png
    • name=sdg service=logdecoder volume=logdecoder commit=1
      netwitness_samples-41_1118x381.png
      netwitness_samples-42_1119x805.png
  4. Execute the srvAlloc command with the following parameters.
    • service=concentrator volume=concentrator0 commit=1
      netwitness_samples-43_1118x275.png
      netwitness_samples-44_1123x376.png
    • service=logdecoder volume=logdecoder0 commit=1
      netwitness_samples-46_1124x32.png
  5. Reconfigure the following Log Decoder service and its database to detect and take advantage of all of the free space as described in Task 5 - (Optional) Reconfigure Storage Configuration for 10G Capture.