NetWitness Community

Yes

Installation Tasks

This topic contains the tasks you must complete to install NetWitness 12.5 on physical hosts.

Checklist

Complete the installation tasks in the following order.

Step	Description	Instructions
1	Install 12.5 on NetWitness hosts.	Install 12.5 on the NetWitness Server (NW Server) Host and Other Component Host
2	Set up ESA hosts.	Set Up ESA Hosts
3	Install component services on your hosts.	Install Component Services on Hosts
4	Complete licensing requirements for services.	Complete Licensing Requirements
5	(Optional) Install warm standby NW Server host.	(Optional) Install Warm Standby NW Server

Caution: Before you begin the installation process, open all your firewall ports. The "Network Architecture and Ports" topic in the Deployment Guide for NetWitness Platform 12.4.1 lists all the ports in a deployment. Do not proceed with the installation until the ports on your firewall are configured.

Install 12.5 on the NetWitness Server (NW Server) Host and Other Component Host

Complete the following steps to install 12.5 on NW Server host and other component hosts. Steps that are specific to the NW Server host or to component hosts are noted.

Create a Base Image on the RSA Appliance

Series 6

Attach media (ISO) to the host.
See the USB Build Stick Instructions for NetWitness for more information. Go to the NetWitness 12.5 Documents page and find NetWitness Platform guides to troubleshoot issues.

Hypervisor installations - see the Virtual Host Installation Guide for NetWitness Platform 12.5
Physical media - use the ISO image to create bootable flash drive media. You can use Rufus or another suitable imaging tool to create a Linux file system on the USB drive. Rufus is available at https://rufus.ie

iDRAC installations - the virtual media type is:
- Virtual Floppy for mapped flash drives
- Virtual CD for mapped optical media devices or ISO file.

Log in to the host and reboot it.
Select F11 (boot menu) during reboot to select a boot device and boot to the connected media.
After system checks, the Welcome to NetWitness Platform 12.5 installation menu is displayed.
Select Install NetWitness Platform 12.5 (default selection) and press Enter.
The Appliance Type selection menu is displayed.
You must enter 1 to select RSA appliance.
The Installation program runs and stops at the Enter (y/Y) to clear drives prompt that asks you to format the drives.

Caution: You must respond y or Y to this prompt even if the host does not have an internal RAID configuration or the installation will fail.
Type y to continue. The default action is No, so if you ignore the prompt, it will select No in 30 seconds, and will not clear the drives.

The system displays all the installation tasks it is performing. This can take a minute or so.
After it completes the tasks, the installation program reboots the host.
Caution: Do not reboot with the attached media attached (media that contains the ISO file, for example a build stick).

Series 7

Attach media (ISO) to the host.
See the USB Build Stick Instructions for NetWitness for more information. Go to the NetWitness 12.5 Documents page and find NetWitness Platform guides to troubleshoot issues.

Hypervisor installations - see the Virtual Host Installation Guide for NetWitness Platform 12.5
Physical media - use the ISO image to create bootable flash drive media. You can use Rufus or another suitable imaging tool to create a Linux file system on the USB drive. Rufus is available at https://rufus.ie

iDRAC installations - the virtual media type is:
- Virtual Floppy for mapped flash drives
- Virtual CD for mapped optical media devices or ISO file.

Log in to the host and reboot it.
Select F11 (boot menu) during reboot to select a boot device and boot to the connected media.
After system checks, the Welcome to NetWitness Platform 12.5 installation menu is displayed.
Select Install NetWitness Platform 12.5 (default selection) and press Enter.
The Appliance Type selection menu is displayed.
You must enter 1 to select RSA appliance.

The Installation program runs and stops at the Enter (y/Y) to clear drives prompt that asks you to format the drives.

Caution: You must respond y or Y to this prompt even if the host does not have an internal RAID configuration or the installation will fail. If y or Y is not selected at this prompt or n / N is selected, the system shall reboot after 30 seconds.
Type y to continue. The default action is No, so if you ignore the prompt, it will select No in 30 seconds, and will not clear the drives.

The system displays all the installation tasks it is performing. This can take a minute or so.
After it completes the tasks, the installation program reboots the host.
Caution: Do not reboot with the attached media attached (media that contains the ISO file, for example a build stick).

Create a Base Image on the Third Party Server Hardware

Prerequisites

NetWitness recommends that the Third party Server Hardware meets the criteria defined in Appendix D. Third Party Server System Requirement.

Attach media (ISO) to the host.
See the USB Build Stick Instructions for NetWitness for more information. Go to the NetWitness 12.5 Documents page and find NetWitness Platform guides to troubleshoot issues.
- Physical media - use the ISO image to create bootable flash drive media. You can use Rufus or another suitable imaging tool to create a Linux file system on the USB drive. Rufus is available at https://rufus.ie.
Log in to the host and reboot it.
Select F11 (boot menu) during reboot to select a boot device and boot to the connected media.
After system checks, the Welcome to NetWitness Platform 12.5 installation menu is displayed.
Select Install Netwitness Platform 12.5 (default selection) and press Enter. The Appliance Type selection menu is displayed.
Enter 2 to select the THIRD PARTY SERVER menu item.
All the available block devices are displayed. Select a block device larger than 150 GB to install the Netwitness Platform.

Note: You must configure the system boot settings with selected block device else the system will not boot after imaging.

The system displays all the installation tasks running, and it may take few minutes to complete the installation. Once the installation is complete, the installation program reboots the host.

Caution: Do not reboot with the attached media that contains the ISO file, for example, build stick.

Install NetWitness Platform

Caution: If you want to install the Endpoint Relay Server, do not run the nwsetup-tui script. Follow the instructions in "(Optional) Installing and Configuring Relay Server" in the NetWitness Endpoint Configuration Guide.

IMPORTANT: Deployment account password must contain at least one number, one upper and lower case letter, and one special characters (!@#%^,+ . ) along with the existing policy. The same password policy applies while updating deploy_admin password using nw-manage script.
If deploy_admin password is changed on Primary NW Server, It must be changed on the Warm Standby Server if it exists.

Log in to the host with the root credentials and run the nwsetup-tui command to set up the host.

This initiates the nwsetup-tui (Setup program) and the EULA is displayed.

Note: Use the following options to navigate the Setup prompts.
1.) When you navigate through the Setup program prompts, use the down and up arrows to move among fields, and use the Tab key to move to and from commands (such as <Yes>, <No>, <OK>, and <Cancel>). Press Enter to register your command response and move to the next prompt.
2.) The Setup program adopts the color scheme of the desktop or console you use to access the host.
3.) If you specify DNS servers during the Setup program (nwsetup-tui) execution, they MUST be valid (valid in this context means valid during setup) and accessible for the nwsetup-tui script to proceed. Any misconfigured DNS servers cause the Setup program to fail. If you need to reach a DNS server after setup that is unreachable during setup, (for example, to relocate a host after setup that would have a different set of DNS Servers), see "Change Host Network Configuration" topic in the System Maintenance Guide.
If you do not specify DNS Servers during setup (nwsetup-tui), you must select 1 The Local Repo (on the NW Server) in the NetWitness Update Repository prompt in step 12 (the DNS servers are not defined so the system cannot access the external repo).
Tab to Accept and press Enter.
The Is this the host you want for your 12.5 NW Server prompt is displayed.
Tab to Yes and press Enter to install 12.5 on the NW Server.
Tab to No and press Enter to install 12.5 on other component hosts.
Caution: If you choose the wrong host for the NW Server and complete the Setup, you must restart the Setup Program (step 2) and complete steps all the subsequent steps to correct this error.
The Install prompt is displayed (Recover does not apply to the installation.).
NW Server Host prompt:

Note: Other Component Hosts, the prompt is the same, but does not include option 3 Install (Warm/Standby).
Press Enter. Install (Fresh Install) is selected by default.
The System Host Name prompt is displayed.
NW Server prompt:

Other Component Hosts prompt says <non-nwserver-host-name>

Press Enter if want to keep this name. If not, edit the host name, tab to OK, and press Enter to change it.

Caution: If you include "." in a host name, the host name must also include a valid domain name.
This step applies only to NW Server hosts.
The Master Password prompt is displayed.

The following list of characters are supported for Master Password and Deployment Password:

Symbols: ! @ # % ^ +
Numbers: 0-9
Lowercase Characters: a-z
Uppercase Characters: A-Z

No ambiguous characters are supported for Master Password and Deployment Password. For example:
space { } [ ] ( ) / \ ' " ` ~ ; : .< > -

Type the Password, down arrow to Verify, retype the password, tab to OK, and press Enter.

This step applies to both NW Server hosts and component hosts.
The Deployment Password prompt is displayed.

Type the Password, down arrow to Verify, retype the password, tab to OK, and press Enter.
One of the following conditional prompts is displayed.

If the Setup program finds a valid IP address for this host, the following prompt is displayed.

Press Enter if you want to use this IP and avoid changing your network settings. Tab to Yes and press Enter if you want to change the IP configuration on the host.
If you are using an SSH connection, the following warning is displayed.
Note: If you connect directly from the host console, the following warning is not displayed.

Press Enter to close warning prompt.
If the Setup Program finds an IP configuration and you choose to use it, the Update Repository prompt is displayed. Go to step 12 and complete the installation.
If the Setup Program did not find an IP configuration or if you choose to change the existing IP configuration, the Network Configuration prompt is displayed.
Caution: Only select "Use DHCP" as an IP address configuration for the NW Server if DHCP issues static IP addresses.

OK

and press

Enter

to use

Static IP

.

If you want to use DHCP, down arrow to

2 Use DHCP

and press

Enter

.

The

Network Configuration

prompt is displayed.

Down arrow to the network interface you want, tab to OK, and press Enter. If you do not want to continue, tab to Exit.
The following Static IP Configuration prompt is displayed.
Type the configuration values, tab to OK, and press Enter. If you do not complete all the required fields, an All fields are required error message is displayed (Secondary DNS Server and Local Domain Name fields are not required). If you use the wrong syntax or character length for any of the fields, an Invalid <field-name> error message is displayed.
Caution: If you select DNS Server, make sure that the DNS Server is correct and the host can access it before proceeding with the installation.
The Use Network Address Translation (NAT) prompt is displayed.

For the NW Server, tab to No and press Enter.
For component hosts, if this host requires the use of NAT-based addresses to communicate with the NW Server, tab to Yes. Otherwise, tab to No and press Enter.
The Update Repository prompt is displayed.

For the NW Server:
- Press Enter to choose the Local Repo.
- If you want to use an external repo, down arrow to External Repo, tab to OK, and press Enter. If you select 1 The Local Repo (on the NW Server) in the Setup program, make sure that you have the appropriate media attached to the host (media that contains the ISO file, for example a build stick) from which it can install NetWitness 12.5. If the program cannot find the attached media, you receive the following prompt.
- If you select 2 An External Repo (on an externally-managed server), the UI prompts you for a URL. The repositories give you access to NetWitness updates and CentOS updates. Refer to "Appendix B. Create an External Repo" in this guide for instructions on how to create this repo and its external repo URL so you can enter it in the following prompt.
  
  Enter the base URL of the NetWitness external repo and click OK. The Start Install prompt is displayed.
For component hosts:
- Select the same repo that you selected when you installed the NW Server host and follow the steps above.
- The NW Server IP Address prompt is displayed.
  
  Type the NW Server IP address. Tab to OK and press Enter.
The Disable firewall prompt is displayed.

Tab to No (default), and press Enter to use the standard firewall configuration.
To disable the standard firewall configuration, tab to Yes, and press Enter.
If you select Yes, confirm your selection(select Yes again) or select No to use the standard firewall configuration.
The Start Install prompt is displayed.
Press Enter to install 12.5.
When Installation complete is displayed, you have installed 12.5 on this host.
Note: Ignore the hash code errors similar to the errors shown in the following figure that are displayed when you initiate the nwsetup-tui command. Yum does not use MD5 for any security operations so they do not affect the system security.
(Optional) If your system configuration requires that a component host must use a NAT IP address to reach the NW Server host, you must configure the NAT IP address of the NW Server by running the following command:
nw-manage --update-host --host-id <NW Server Host UUID> --ipv4-public <NAT IP address>

Set Up ESA Hosts

After you install your NW Server and component hosts, follow these steps to set up your ESA hosts.

Install your primary ESA host following the instructions in "Install 12.5 on the NetWitness Server (NW Server) Host and Other Component Hosts" in this guide, and install the ESA Primary service on it after you finish the Set Up program in the UI in (Admin) > Hosts > :
(Conditional) If you have a secondary ESA host, install it and install the ESA Secondary service on it after you finish the Set Up program in the UI in (Admin) > Hosts > :

Install Component Services on Hosts

After you have installed NW Server and component hosts, and set up your ESA hosts, follow these steps to install component services, such as Decoders and Concentrators, on your host systems.

Install a component service on the host.
1. Log into NetWitness and go to > Hosts.
  The New Hosts dialog is displayed with the Hosts view greyed out in the background.
  Note: If the New Hosts dialog is not displayed, click Discover in the Hosts view toolbar.
2. Select the host in the New Hosts dialog and click Enable.
  The New Hosts dialog closes and the host is displayed in the Hosts view.
3. Select that host in the Hosts view and click .
  The Install Services dialog is displayed.
4. Select the appropriate host type (for example, Concentrator) in Category and click Install.

Complete Licensing Requirements

Complete licensing requirements for installed services. See the NetWitness Platform Licensing Management Guide for 12.5 for more information. Go to the NetWitness 12.5 Documents page and find NetWitness Platform guides to troubleshoot issues.

(Optional) Install Warm Standby NW Server

Refer to "Warm Standby NW Server Host" under "Deployment Option Setup Procedures" in the Deployment Guide for NetWitness Platform 12.5 for instructions on how to set up a Warm Standby NW Server.