Installing an All-In-One Data Processor in VMware

You can deploy an all-in-one (AIO) Stellar Cyber data processor (DP) as a Virtual-50 on a dedicated VMware ESXi server. We support the following ESXi versions:

• 8.0
• 7.0
• 6.7

To install a cluster, contact Stellar Cyber technical support.

To deploy you must:

• Prepare
• Create a VM
• Configure Stellar Cyber

Preparing

Click to see the minimum system requirements for installing a DP. The installation requires:

• Dedicated ESXi server
• Public IP address for the DP (for management access)
• Disks must all be SSD

The internal network of the DP uses the 172.17.0.0/16 and 10.244.x.0/24 subnets. If you use these subnets elsewhere in your network, change them to avoid conflicts. If you cannot change them, contact Stellar Cyber technical support.

To prepare:

1. Open ports on your firewall. These are required for the DP to communicate with sensors.

Contact Stellar Cyber support (support@stellarcyber.ai) for login credentials and a one-time password (also known as a License Key).

2. Follow the link they send you.

3. If you already have credentials: https://acps.stellarcyber.ai/release/5.1.1/dataprocessor/aella-dataprocessor-5.1.1.ova.

   Installation links point to the most recent release. To download a different version, simply substitute the version you want for the version specified in the link.

4. Download the OVA file. Remember where you saved it.

5. Keep your one-time password (OTP, or License Key) handy for configuring the DP.

   After license activation, you can find the OTP for your installation in the Licensing page.

Creating the VM

To create the VM:

Use our example as a guideline, as you might be using a different software version.

1. Open your VMware client (we used ESXi 7.0 for this example).

2. Click Virtual Machines. A list of the existing virtual machines appears.

   

3. Click Create/Register VM. The New virtual machine wizard opens.

   

4. Select Deploy a virtual machine from an OVF or OVA file.

5. Click Next. The Select OVF and VMDK files screen appears.

   

6. Enter a name for your new VM. We entered dataprocessor.
7. Select the OVA file you saved.

8. Click Next. The Select storage screen appears.

   

9. Select your storage.

10. Click Next. The Deployment options screen appears.

    

11. Choose your management network for the VM Network. Our management network is called VM Network in this example.

12. Select Thick for Disk provisioning.

    Make sure that Power on automatically is not selected. If the VM powers on automatically, you cannot change the settings while it powers up, which can take a while.

13. Click Next. The Ready to complete screen appears.

    

14. Review your configuration.
15. Click Finish. The VM is created and appears in the list of recent tasks at the bottom of the screen. It should show 0% completion.

16. Right-click on your new VM in the Virtual Machines window.

    

17. Click Edit settings. The Edit settings screen appears.

    

18. Make sure that:

    • CPU is at least 16
    • Memory is at least 128

19. Click the Virtual Hardware tab and click Add hard disk.

20. Choose the New standard hard disk option. A new Hard Disk entry appears in the Edit Settings dialog box.

21. Cascade open the Hard Disk entry in the Edit Settings dialog box and use the Location option to change the datastore to a location with sufficient free storage to host a 2 TB disk.

22. Set the size of the hard disk to 2 TB. Note that you must specify a size that is less than the total amount of free space in the datastore.

23. Click Save.
24. Right-click on your new VM in the Virtual Machines window.
25. Click Power | Power on. Your VM immediately powers on.

Configuring the DP as an AIO

When the VM is up and running you can configure the DP as an AIO:

1. Access the console of the VM.
2. Log in. The default user/password is aella/changeme. You are immediately prompted to change the password.
3. Change the password.

4. On the DP, enter these commands:

   Note that in an AIO deployment, you specify the same IP address for the set interface management ip and set cm commands shown below.

   set interface management ip [IP address/netmask for your DP; for example, 192.168.14.100/255.255.255.0]
   set interface management gateway [IP address of your gateway]
   set interface management dns [IP address of your DNS, or 8.8.8.8]

   set role AIO
   set cluster_name AIO
   set cluster_size 1
   set cm [IP address of DP Data Lake]
   set otp [OTP/License Key you received from Stellar Cyber]
   reset

5. Confirm the reset. The image is downloaded (which can take a while, depending on your network) and installed.

6. Verify that everything is installed, ready, and running with the show status command. A screen similar to the following appears as it is installing:

   

   When it finishes the status is similar to the screen shown below. Make sure of the following in the show status output:

   • 80-90 images are installed on the host

   • All pods are running

   • All status messages have changed from red to white

   

Connecting to the DP GUI

Connect to the DP GUI with the URL based on the IP address of the DP. For example:

https://192.168.1.101

The default user name is admin with a default password of changeme. Use the User Management page to set the password to an appropriate value.

Add Storage Drive

Next, we need to add the storage drive we created with the VM to the DP. Use the following procedure:

1. Open a console connection to the DP VM.

2. Verify that the new storage is available with the show storage command. The example below shows 2 TB available on sdb.

   

3. Use the add storage blk <bulk storage name> command to add the new disk for use by Elasticsearch. For example, using the sdb disk in our current example:

   

4. Type Y at the warning to format the selected disk.

5. Use the show storage command to verify the disk is now available for use by Stellar Cyber. For example:

   

6. Log in to the DP's graphical user interface with a web browser. For example:

   https://<DP Management IP Address>

7. Navigate to the System | Data Processor | Data Management | Advanced tab.

8. Click the Migrate to New Directory dropdown, select /es-data-lvm, and click the Start Migration button. This migrates saved Elasticsearch data from /esdata to /es-data-lvm.

9. Once the data migration is complete, navigate to the System | Data Processor | Data Lake page and click the 1 items button in the Node List column.

10. Check the Data Storage Space column to verify that the expected capacity is available. For example: