Installing the Data Processor in OCI Using Separate DL-m/DA-m VMs

This topic describes how to deploy the data processor (DP) with separate Data Lake Master (DL-m) and Data Analyzer Master (DAm) VMs in OCI. This model also provides optional cluster support for deployment of additional DL and DA worker nodes as you need to scale up capacity and retention.

You can also deploy the DP as an all-in-one (AIO), with both the DL and the DA on the same VM. However, this model does not provide the efficiency and scalability of installing components on separate VMs. Stellar Cyber recommends using either the standard model described here or scaling up to a cluster.

Deployment Summary

Deployment of Stellar Cyber in OCI using separate DL-m and DA-m VMs consists of the following major steps:

Before You Begin

Make sure the target system meets the minimum system requirements for installing a DP. The installation requires:

  • An OCI account with sufficient authorization to deploy Stellar Cyber.

  • OCI Security Groups.

  • Management IP addresses for all VMs:

    • 1 public IP address for each non- clustered DP (for management access).

    • 2 public IP addresses for each DP in a cluster (1 for management access, and 1 for the cluster).

    • 1 public IP address for each sensor, if the sensor will be receiving packets or logs from a sensor or application outside of OCI.

  • Oracle Cloud object storage access for data and configuration backup.

  • Open ports on your firewall

  • Login credentials and One Time Password (OTP) from Stellar Cyber

The internal network of the DP uses the 172.17.0.0/16 and 10.244.x.0/24 subnets. If you use these subnets elsewhere in your network, change them to avoid conflicts. If you cannot change them, contact Stellar Cyber technical support.

Firewall Ports

You must open ports on your firewall for communication.

When configuring the DP with separate VMs for the DL and DA (or in a cluster with additional worker nodes), all nodes must be in the same VCN and all ports between the nodes must be open in your firewall.

Open All TCP Ports Between Internal Addresses of Associated Stellar Cyber VMs

All TCP ports must be open between the internal network addresses of associated Stellar Cyber VMs, either in a cluster or a standard deployment with separate DL-m and DA-m VMs. For example, in a standard deployment with the DL-m on 172.31.7.0/24 and the DA-m on 172.31.10.0/24, the following rules must exist:

  • The DL-m must have a rule that allows all inbound TCP traffic from the 172.31.10.0/24 subnet.

  • The DA-m must have a rule that allows all inbound TCP traffic from the 172.31.7.0/24 subnet.

Stellar Cyber recommends that you add a firewall rule to allow all for clustered VMs (or just the DA and DL VMs in a standard deployment) and set the priority of that rule higher than the standard rule for the VCN.

One Time Password

Contact Stellar Cyber support (support@stellarcyber.ai) for login credentials and a one-time password (also known as a License Key).

You will need to provide:

  • The OCI region for the DP and sensors.

Complete this step at least a day before installing so Stellar Cyber has enough time to generate a time-sensitive link you can use to import the images in your region.

After license activation, you can find the OTP for your installation in the Licensing page.

Minimum System Requirements

You start the deployment procedure by importing the Stellar Cyber platform image using the time-sensitive link provided to you by Stellar Cyber support.

Once you've imported the Stellar Cyber platform image to your Compute | Custom Images page in OCI, you can create multiple instances based on it. Each instance is based on an OCI shape. In OCI, the shape specifies the combination of processors and memory for the instance.

In addition to selecting shapes for your instances, you'll also assign and configure a boot volume and, for Data Lake instances, a block volume for data storage.

Stellar Cyber supports the following minimum requirements for the DL and DA instances:

DL Instance Minimums:

  • Shape: VM.Standard.E4.Flex
    • OCPUs: 8 (16 cores)
    • Memory: 128 GB
  • Boot Volume: 500 GB
  • Data Lake Block Volume: 2 TB (16 TB recommended)

DA Instance Minimums:

  • Shape: VM.Standard.E4.Flex
    • OCPUs: 8 (16 cores)
    • Memory: 64 GB
  • Boot Volume: 500 GB

Stellar Cyber only supports full-SSD deployments. Spinning-disk-based storage (HDD) and hybrid drives (SSHD) are not supported. All deployments must adhere to this SSD-only policy in order to qualify for performance guarantees and technical support.
Refer to Stellar Cyber Requires Full SSD Disks for further details.

Configure the number of Data Analyzer and Data Lake VMs based on your ingestion requirements:

Data Ingestion (GB) Data Replica? DA Count DL Count Tenants Reports ATH Playbooks Concurrent Sessions Notes
50 N/A N/A 1 10 10 100 5 AIO
100 – 250 N/A 1 1 25 100 1000 15 Without multi-tenancy, can support 300 GB ingestion
300 N/A 1 2 50 100 1000 15  
350 N/A 2 2 50 100 1000 15  
500 No 2 2 75 200 1500 20 MDS mode required
600 No 2 3 75 300 2000 30  
900 No 3 4 100 400 3000 45  
400 Yes 2 3 75 300 2000 30  
600 Yes 2 4 100 400 3000 45  
800 Yes 3 4 100 400 2000 45 MDS mode enabled