Appendix F. Sample Storage Configuration Scenarios for Meta Disk Kits

This appendix illustrates the examples of how to configure a Meta Disk Kit described in Configure Block devices for Drive pack section for Network Decoder in the below scenarios.

Meta-Only (One kit – 3 SED drives configured as RAID 5)

Configure one Meta Disk kit as decodersmall volume for Network Decoder:

Note:
1. The configuration for Log Decoder is the similar as that of a Network Decoder. Substitute the service and volume names that correspond to Log Decoder.
2. A single Meta Disk pack is configured as RAID5 (3 drives) and two Meta Disk packs (6 drives) are configured as RAID6.
3. When configuring two Meta Disk Packs or adding the second Meta Disk pack, use appropriate disk slot numbers when creating the virtual drive (step 5 below).

On the Series 6 (RSA R640) appliance, the Meta Drive Pack disks are installed in slots 4, 5 and 6. The virtual drive configuration requires identifying the controller ID and Enclosure ID (EID). On Series 6 appliance, the controller ID and Enclosure IDs are 0 and 64. However, the nwraidtool.py script that is installed on every server can help to confirm these ID numbers, or the PercCLI commands as shown in the below steps.

Identify controller/enclosures:

  1. Identify the controller ID (Ctl) for the internal controller (PERC H740P Mini/ PERC H750). In the below figure the controller ID is 0 and highlighted in yellow. The drive count is displayed under PDs.

    /opt/MegaRAID/perccli/perccli64 show

    netwitness_identifycontroller1.png

  2. Identify the Enclosure ID (EID) for controller ‘0’. In this case the EID is ‘64’ and highlighted in yellow.

    /opt/MegaRAID/perccli/perccli64 /c0 /eall show

    netwitness_identifycontroller2.png

  3. Identify the new Meta Disk kit disk slot numbers (Slots 4 through 9) on the controller PERC H740P Mini. These drives do not belong to any Drive Group (DG). The DG column for these drives display a dash ‘-‘, the State column shows ‘UGood’, and the SED value as ‘Y’. See the entries highlighted in yellow.

    netwitness_identifycontroller3.png

  4. Identify the existing block devices (sda and sdb) on the host used by the OS and NetWitness. Use the command ‘lsblk’ to list out the block devices.

    lsblk

    netwitness_identifycontroller4.png

    Configure the virtual drive(s) on the installed Meta Disk kit (slots 4,5, and 6):

  5. Create the Virtual Drive/Drive Group (DG) on the internal controller using the disks in slot 4 through 6 using the below command.

    /opt/MegaRAID/perccli/perccli64 /c0 add vd type=raid5 drives=64:4-6 strip=128

    netwitness_identifycontroller5.png

  6. The new virtual drive shows up as ‘2/2’ under DG/VD column. See the entry highlighted in yellow.

    /opt/MegaRAID/perccli/perccli64 /c0 /vall show

    netwitness_identifycontroller6.png

  7. Identify the new block device on the host. The block device name is identified under the NAME column. In this example the new block device is 'sdc'. This block device name is required when configuring storage. Use ‘lsblk’ to list the block devices. See entry highlighted in yellow.

    lsblk

    netwitness_identifycontroller7.png

  8. Now, you must Configure the above block device as decodersmall for Network Decoder. Use the REST API (Ex: https://<HostIP>:50106, HostIP is the ip address of the decoder host) to retrieve the existing raid list. Note the block device name corresponding to the Meta Disk kit. In this case it is ‘sdc’.

    Note: If a second Meta Disk kit is being configured, the block device would be ‘sdd’.

    netwitness_identifycontroller8.png

  9. Make partitions on the block device (‘sdc’) for decoder service with the following parameters:

    name=sdc service=decoder volume=decodersmall commit=1

    For logdecoder use: name=sdc service=logdecoder volume=logdecodersmall commit=1

    Note: If a second Meta Disk kit is being configured, the volume for decoder would be ‘decodersmall0’. For logdecoder, it is ‘logdecodersmall0’.

    netwitness_identifycontroller10.png

  10. Allocate the decodersmall to Decoder service using ‘srvAlloc’.

    service=decoder volume=decodersmall commit=1

    Note: For logdecoder: service=logdecoder volume=logdecodersmall commit=1

    netwitness_identifycontroller11.png

    netwitness_identifycontroller12.png

    Maximize PowerVault Storage Capacity (One Kit – 3 SED Drives Configured as RAID 5)

    Configure one Meta Disk kit as decodersmall volume for Network Decoder maximizing the PowerVault Storage.

    Note:
    1. Best practice – when 1-4 PowerVaults are configured, a single Meta Disk kit is recommended and when 5-8 PowerVaults are configured two (2) Meta Disk kits are recommended (optional).
    2. The configuration for Log Decoder is the similar as that of a Network Decoder. Substitute the service and volume names that correspond to Log Decoder.
    3. A singe Meta Disk kit is configured as RAID5 (3 drives) and two Meta Disk kits (6 drives) are configured as RAID6.
    4. When configuring two Meta Disk kits or adding thea second Meta Disk kit, use appropriate disk slot numbers when creating the virtual drive (step 5 below).

    On the Series 6 (RSA R640) appliance, the Meta Drive Pack disks are installed in slots 4, 5 and 6. The virtual drive configuration requires identifying the controller ID and Enclosure ID (EID). On Series 6 appliance, the controller ID and Enclosure IDs are 0 and 64. However, the nwraidtool.py script that is installed on every server can help to confirm these ID numbers, or the PercCLI commands as shown in the below steps.

    Identify controller/enclosures:

    1. Identify the controller ID (Ctl) for the internal controller (PERC H740P Mini/ PERC H750). In the below figure the controller ID is 0 and highlighted in yellow. The drive count is displayed under PDs.

      /opt/MegaRAID/perccli/perccli64 show

      netwitness_identifycontroller13.png

    2. Identify the Enclosure ID (EID) for controller ‘0’. In this case the EID is ‘64’ (highlighted in yellow).

      /opt/MegaRAID/perccli/perccli64 /c0 /eall show

      netwitness_identifycontroller14.png

    3. Identify the new Meta Disk kit disk slot numbers (Slots 4 through 9) on the controller PERC H740P Mini. These drives do not belong to any Drive Group (DG). The DG column for these drives display a dash ‘-‘, the State column shows ‘UGood’, and the SED value as ‘Y’. See the entries highlighted in yellow.

      netwitness_identifycontroller15.png

    4. Identify the existing block devices (sda and sdb) on the host used by the OS and NetWitness. Use the command ‘lsblk’ to list out the block devices.

      lsblk

      netwitness_identifycontroller16.png

      Configure virtual drive(s) on installed meta pack disks (slots 4,5 and 6):

    5. Create the Virtual Drive/Drive Group (DG) on the internal controller using the disks in slot 4 through 6 using the below command.

      /opt/MegaRAID/perccli/perccli64 /c0 add vd type=raid5 drives=64:4-6 strip=128

      netwitness_identifycontroller17.png

    6. The new virtual drive shows up as ‘2/2’ (highlighted in yellow) under DG/VD column.

      /opt/MegaRAID/perccli/perccli64 /c0 /vall show

      netwitness_identifycontroller18.png

    7. Identify the new block device on the host. The block device name is identified under the NAME column. In this example the new block device is 'sdc'. This block device name is required when configuring storage. Use ‘lsblk’ to list the block devices.

      lsblk

      netwitness_identifycontroller19.png

    8. Configure the above block device as decodersmall volume for Decoder (volume name for Log Decoder is logdecodersmall). Use REST API (Ex: https://<HostIP>:50106, HostIP is the ip address of the decoder host) to retrieve the existing raid list. Note the block device name corresponding to the Meta Disk kit. In this case, it is ‘sdc’ (highlighted in yellow)

      Note: If a second Meta Disk kit is being configured, the block device would be ‘sdd’.

      netwitness_identifycontroller20.png

    9. Make partitions on the block device (‘sdc’) with the following parameters:

      name=sdc service=decoder volume=decodersmall commit=1

      For logdecoder service, use: name=sdc service=logdecoder volume=logdecodersmall commit=1

      Note: If a second Meta Disk kit is being configured, the volume for decoder service is ‘decodersmall0’ and ‘logdecodersmall0’ for logdecoder service.

      netwitness_identifycontroller21.png

    10. Allocate the decodersmall to Decoder service

      service=decoder volume=decodersmall commit=1For logdecoder use: service=logdecoder volume=logdecodersmall commit=1

      Note: If a second Meta Pack is being configured, the volume for decoder is ‘decodersmall0’ and ‘logdecodersmall0’ for logdecoder service.

      netwitness_identifycontroller22.png

      netwitness_identifycontroller23.png

      Configure external storage (PowerVault) as packetDB for Decoder:

    11. Use REST API (Ex: https://<HostIP>:50106, HostIP is the ip address of the decoder host) to configure raid on the attached PowerVault. Identify the controller and enclosure information using raidList. In this example, two PowerVaults are connected to the Decoder appliance (controller 1 with enclosure 246 and 249). REST API is used in the next steps to configure the PowerVault (Enclosure 246) connected to Controller 1.

      netwitness_identifycontroller24.png

    12. Create the raid on the attached PowerVault. Identify the controller and enclosure from ‘raidList’. Use appropriate value for preferSecure to enable encryption. To turn on encryption on SED capable drives, use preferSecure=1 after setting the security key on the controller. Encryption can also be turned on after configuring storage using the steps listed in Appendix B. Encrypt a Series 6E Core or Hybrid Host of the storage guide.

      controller=1 enclosure=246 scheme=packet-expansion preferSecure=0 commit=1

      netwitness_identifycontroller25.png

    13. Identify the block device created in the earlier step. Use ‘raidList’ to retrieve all the block devices. In this case, it is ‘sdd’.

      netwitness_identifycontroller26.png

    14. Make partitions on the block device (‘sdd’) using ‘partNew’.

      name=sdd service=decoder volume=decoder commit=1

      netwitness_identifycontroller27.png

      netwitness_identifycontroller28.png

    15. Allocate the decoder volume to Decoder service using ‘srvAlloc’.

      service=decoder volume=decoder commit=1

      netwitness_identifycontroller29.png

      Note: Additional PowerVaults shall be configured using REST API as outlined in the Storage Guide.