Deployment Overview

The following diagrams show the recommended AWS network architectures for NetWitness deployment.

NetWitness Deployment without Internet Connectivity (Air-Gapped Environment)

architecture_without_internet.png

NetWitness Deployment with Restricted Internet through Firewall Configuration

privatesubnet2.png

  1. Set up the NetWitness platform on a dedicated VPC with VPC flow logs enabled to isolate any network issues is recommended. Create a VPC with one Public and Private subnet within the VPC. For more information, see Create a VPC.

  2. Specify your own CIDR block for the subnets, which is a subset of the VPC CIDR block.

  3. Create two subnets (public and private) and two route tables for NetWitness deployment without Internet connectivity (air-gapped environment).

    • Set up Public Subnet: Include the internet gateway in a custom route table. If a subnet is associated with this route table, its traffic will be routed to the internet, making it a public subnet.

    • Set up a Private Subnet: Create a custom route table. Keep the default route (same as main table route). The subnet associated to this route table will be the private subnet.

    Create two private subnets and three route tables for NetWitness deployment with restricted internet. Additionally, a route table is needed for an additional subnet.

  4. Create an internet gateway and attach it to the public subnet to enable communication with the internet.

  5. Create a NAT gateway in a public subnet and attach it to the private subnet's route table to allow instances in private subnets to access the Internet.

  6. Create two separate security groups is recommended - one for the Bastion instance and another for the private instances as a security best practice.

    IMPORTANT:
    - If the preferred approach is to set up NetWitness in an air-gapped environment where NW servers have no internet connectivity, a firewall is not required, and all outbound ports can be closed. As a result, the NW Admin server cannot access CMS.netwitness.com and must manage content offline. For more information, see the diagram NetWitness Deployment without Internet Connectivity (Air-Gapped Environment).
    - To access the NetWitness repo package without a firewall configuration, you must open the outbound ports 80 and 443 in the private security group for the NetWitness instance. This will allow you to access the internet and download the NetWitness repo package. After downloading the package, ensure that you close all outbound ports.
    - If customers want to provide internet access to specific domains or URLs in private instances, they can limit outbound traffic by using a firewall. This can be done by whitelisting the URLs in the firewall group and opening ports 80 and 443 in the outbound rules of a private security group. For more information, see the diagram NetWitness Deployment with Restricted Internet through Firewall Configuration.

  7. Launch the Bastion instance, use the security group created for the Bastion instance in the previous step 6; it's important to allocate an Elastic IP address to ensure communication with the Internet.

  8. launch the Bastion instance, generate a key pair and keep it safe. This key pair will be required to SSH into Bastion instance for troubleshooting purposes.

  9. Subscribe to NetWitness Product from the AWS Marketplace service. For more information, see Subscribe to AWS NetWitness Marketplace Product.

  10. Launch a private NetWitness instance using the NetWitness AMI from AWS Marketplace, within a private subnet and use the security group created in step 6. For more information, see Deploy EC2 Instance from AWS Marketplace and Configure a Host.

 

Subscribe to AWS NetWitness Marketplace Product

This topic describes the steps required to subscribe to NetWitness through the AWS Marketplace.

To subscribe to NetWitness through the AWS Marketplace

  1. Log in to the AWS Management Console.

  2. Navigate to AWS Marketplace Subscriptions AWS Service and click Discover Products in the left panel.

    discover_products.png

  3. Search for NetWitness product and select NetWitness Platform 12.4.

    12.4_AWS_1.png

  4. Click Continue to Subscribe in the upper right corner of the page.

    12.4_AWS_2.png

     

  5. Verify the terms and the pricing and click Create Contract.

    12.4_AWS_5.png

    A success message is displayed that you subscribed to the product.

  6. Click Continue to Configuration.

    12.4_AWS_3.png

  7. Under Configure this Software view, keep the default settings and click Continue to Launch.

    AWS4_12.4.png

  8. Select Launch through EC2 from the Choose Action drop-down list and click Launch.

    12.4_AWS_6.png

Next steps, Launch button redirects you to the EC2 > Instances > Launch an instance setup view to configure and deploy the EC2 instance.

Deploy EC2 Instance from AWS Marketplace and Configure a Host

Configure the NetWitness Platform on an AWS instance by using the provided Amazon Machine Image (AMI).

  1. Enter the name under the Name and tags for your instance

    (Optional) To add other tags, click Add additional tags. Then, for each tag, click Add tag and enter the Key, Value, and Resource Types.

    Note: For Resource Types, add Instances and Volume.

    name_a_instance.png

  2. Under Application and OS Images (Amazon Machine Image), the AMI is pre-selected by default from the AMI from catalog section as you have subscribed.

    12.4_AWS_7.png

  3. Select an instance size from the Instance type drop-down list.

    instance_type_latest.png

    NetWitness recommends creating an m7a.4xlarge instance type with 16 CPUs and 64 GB of RAM for NW Server (node-0) and suggests choosing the appropriate instance type based on specific requirements. For further guidance on selecting the recommended instance type for each NW Service, please refer to the Storage Guide for NetWitness® Platform 12.4.

  4. Under Key pair (login), create or select the key pair for SSH authentication.

    Note: If you are creating an instance for the first time, you need to generate a key pair. For subsequent instances, you can reuse the same key pair.

    key_pair_initial_page.png

    1. To create a new key pair, select Create new key pair.

      The Create key pair dialog is displayed.

      create_new_key_pair.png

    2. In the Key pair name text box, type a name for the new key pair and keep other values as default.

    3. Click Create key pair.

      The .PEM file that contains the private key is downloaded.

    4. Save the private key to a location that is secure and accessible. You cannot download the private key file again.

      Note: AWS EC2 instances are accessed with the help of key pairs and do not proceed without selecting a key pair.

  5. Under Network Settings, select a VPC, Subnet, and Security group.

    To select or create, click Edit and configure the details:

    1. Select a virtual private cloud (VPC) from the VPC drop-down list.

    2. Select a private subnet for your VPC from the Subnet drop-down list.

    3. Select Disable from the Auto-assign public IP drop-down menu.

    4. Under Firewall (security groups), Choose the Select existing security group option and under Common security groups drop-down list, select an existing private instance security group that allows ports for the NetWitness, to create an allowlist of trusted IP addresses that can access your NetWitness deployment. In the security group you must add the inbound and outbound rules. For more information on the ports used by NetWitness components, see the topic Network Architecture and Ports topic in the Deployment Guide for NetWitness Platform 12.4.

      security_group1.png

  6. Under Configure storage, specify the size and type of the volume.

    • (Optional) Click Add new volume if you need more storage and configure the details. For information about available disk options, see AWS Volume Types.

      Configure_storage.png

      For more information, see the Storage Guide for NetWitness® Platform 12.4 for guidelines on how to configure storage based on based on the requirements of the NetWitness component (that is, service) for which you are launching an instance.

  7. Under Summary, you can specify the number of instances required and review your instance configuration.

  8. Click Launch Instance.

    12.4_AWS_8.png

  9. Wait a few minutes for the provisioning and initialization to finish.

  10. Click Connect to instance, which navigates you to the instances tab where you can see all information about our instance.

    status_ec2.png

    Note: Wait at the Instances view until the Instance State shows Running and Status checks shows 2/2 checks passed.

  11. Select the instance, right-click, and click Connect.

    connect_screen.png

    IMPORTANT: You must contact NetWitness Customer Support to procure NetWitness repositories to continue orchestrating the software. Please provide the NAT gateway IP address (not the Bastion host IP) to whitelist, which allows access to the NetWitness repository package.

  12. On your computer, open a terminal program, then navigate to the location where the .pem file is stored to open an SSH connection using the aws user account.

  13. Enter the following command to connect to the Bastion instance:

    ssh -i <.pem file> ec2-user@<Public IP>

    For example: ssh -i aws.pem ec2-user@150.0.0.0

  14. Enter the following command to connect to your private (NW server) instance from the Bastion instance:

    Note: Make sure to copy the downloaded .pem key of the private NetWitness instance to the Bastion instance to connect to the NetWitness private instance.

    ssh -i <.pem file> ec2-user@<Private IP>

    For example: ssh -i aws.pem ec2-user@10.0.0.0

  15. Enter the following command to set the root privileges for the aws user:

    sudo su

  16. Enter the following command to copy the NetWitness 12.4.0.0 package to this location:

    wget -m -nH --no-parent https://repo.netwitness.com/12.4.0.0/

    Caution: Do not proceed with the installation until the ports on your firewall are configured.

  17. Install the NetWitness Platform. For more information, see Installation Tasks section under the topic Launch an Instance and Configure a Host.

    To configure the other Component hosts, for example, Packet Decoder Host, you must repeat the steps 1-11 to launch a new EC2 instance and perform the Installation Tasks procedure and then log in to the NetWitness Platform and follow the procedure Install Component Services on Hosts under the topic Launch an Instance and Configure a Host.

  18. If you use the Enterprise network to access AWS resources such as EC2 instances, you can access the NetWitness Platform UI using the private IP address of the NetWitness instance (node-0). However, suppose you are not connected to an Enterprise network. In that case, you must set up port forwarding within your Bastion instance to access the NetWitness Platform UI from your local system using the public IP of the Bastion instance.