Juniper Secure Analytics Virtual Appliance Installation Guide PDF Free Download

2y ago

57 Views

1 Downloads

418.26 KB

24 Pages

Report/dmca

Download PDF

Transcription

Juniper Networks, Inc.1194 North Mathilda AvenueSunnyvale, California 94089USA408-745-2000www.juniper.netCopyright 2014, Juniper Networks, Inc. All rights reserved.Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the UnitedStates and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All othertrademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,transfer, or otherwise revise this publication without notice.Juniper Secure Analytics Virtual Appliance Installation GuideCopyright 2014, Juniper Networks, Inc.All rights reserved.The information in this document is current as of the date on the title page.YEAR 2000 NOTICEJuniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through theyear 2038. However, the NTP application is known to have some difficulty in the year 2036.END USER LICENSE AGREEMENTThe Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networkssoftware. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted athttp://www.juniper.net/support/eula.html. By downloading, installing or using such software, you agree to the terms and conditions ofthat EULA.iiCopyright 2014, Juniper Networks, Inc.

Table of ContentsAbout the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vDocumentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vDocumentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vDocumentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiRequesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiiSelf-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . viiiOpening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiiPart 1Virtual Appliance InstallationChapter 1Virtual Appliance Installations for JSA and Log Analytics . . . . . . . . . . . . . . . . 3Juniper Secure Analytics (JSA) and Log Analytics Installation Overview . . . . . . . . . 3Overview of Supported Virtual Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4JSA Virtual All-in-One or JSA Virtual Console Deployment . . . . . . . . . . . . . . . . 4JSA Virtual Distributed Event or Flow Processors . . . . . . . . . . . . . . . . . . . . . . . 4JSA Virtual Distributed Event or Flow Processors . . . . . . . . . . . . . . . . . . . . . . . 5JSA VFlow Collector 1290 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5JSA 1590 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5System Requirements for Virtual Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Creating Your Virtual Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Installing the JSA Software on a Virtual Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Adding Your Virtual Appliance to Your Deployment . . . . . . . . . . . . . . . . . . . . . . . . . 9Part 2IndexIndex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Copyright 2014, Juniper Networks, Inc.iii

About the Documentation Documentation and Release Notes on page v Documentation Conventions on page v Documentation Feedback on page vii Requesting Technical Support on page viiiDocumentation and Release Notes To obtain the most current version of all Juniper Networks technical documentation,see the product documentation page on the Juniper Networks website athttp://www.juniper.net/techpubs/.If the information in the latest release notes differs from the information in thedocumentation, follow the product Release Notes.Juniper Networks Books publishes books by Juniper Networks engineers and subjectmatter experts. These books go beyond the technical documentation to explore thenuances of network architecture, deployment, and administration. The current list canbe viewed at http://www.juniper.net/books.Documentation ConventionsTable 1 on page vi defines notice icons used in this guide.Copyright 2014, Juniper Networks, Inc.v

Juniper Secure Analytics Virtual Appliance Installation GuideTable 1: Notice IconsIconMeaningDescriptionInformational noteIndicates important features or instructions.CautionIndicates a situation that might result in loss of data or hardware damage.WarningAlerts you to the risk of personal injury or death.Laser warningAlerts you to the risk of personal injury from a laser.TipIndicates helpful information.Best practiceAlerts you to a recommended use or implementation.Table 2 on page vi defines the text and syntax conventions used in this guide.Table 2: Text and Syntax ConventionsConventionDescriptionExamplesBold text like thisRepresents text that you type.To enter configuration mode, type theconfigure command:user@host configureFixed-width text like thisItalic text like thisItalic text like thisviRepresents output that appears on theterminal screen.user@host show chassis alarms Introduces or emphasizes importantnew terms. Identifies guide names.A policy term is a named structurethat defines match conditions andactions. Identifies RFC and Internet draft titles. Junos OS CLI User Guide RFC 1997, BGP Communities AttributeRepresents variables (options for whichyou substitute a value) in commands orconfiguration statements.No alarms currently activeConfigure the machine’s domain name:[edit]root@# set system domain-namedomain-nameCopyright 2014, Juniper Networks, Inc.

About the DocumentationTable 2: Text and Syntax Conventions (continued)ConventionDescriptionExamplesText like thisRepresents names of configurationstatements, commands, files, anddirectories; configuration hierarchy levels;or labels on routing platformcomponents. To configure a stub area, include thestub statement at the [edit protocolsospf area area-id] hierarchy level. The console port is labeled CONSOLE. (angle brackets)Encloses optional keywords or variables.stub default-metric metric ; (pipe symbol)Indicates a choice between the mutuallyexclusive keywords or variables on eitherside of the symbol. The set of choices isoften enclosed in parentheses for clarity.broadcast multicast# (pound sign)Indicates a comment specified on thesame line as the configuration statementto which it applies.rsvp { # Required for dynamic MPLS only[ ] (square brackets)Encloses a variable for which you cansubstitute one or more values.community name members [community-ids ]Indention and braces ( { } )Identifies a level in the configurationhierarchy.; (semicolon)Identifies a leaf statement at aconfiguration hierarchy level.(string1 string2 string3)[edit]routing-options {static {route default {nexthop address;retain;}}}GUI ConventionsBold text like thisRepresents graphical user interface (GUI)items you click or select. (bold right angle bracket)Separates levels in a hierarchy of menuselections. In the Logical Interfaces box, selectAll Interfaces. To cancel the configuration, clickCancel.In the configuration editor hierarchy,select Protocols Ospf.Documentation FeedbackWe encourage you to provide feedback, comments, and suggestions so that we canimprove the documentation. You can provide feedback by using either of the followingmethods: Online feedback rating system—On any page at the Juniper Networks TechnicalDocumentation site at http://www.juniper.net/techpubs/index.html, simply click thestars to rate the content, and use the pop-up form to provide us with information aboutyour experience. Alternately, you can use the online feedback form pyright 2014, Juniper Networks, Inc.vii

Juniper Secure Analytics Virtual Appliance Installation Guide E-mail—Send your comments to techpubs-comments@juniper.net. Include the documentor topic name, URL or page number, and software version (if applicable).Requesting Technical SupportTechnical product support is available through the Juniper Networks Technical AssistanceCenter (JTAC). If you are a customer with an active J-Care or JNASC support contract,or are covered under warranty, and need post-sales technical support, you can accessour tools and resources online or open a case with JTAC. JTAC policies—For a complete understanding of our JTAC procedures and policies,review the JTAC User Guide located guides/7100059-en.pdf. Product warranties—For product warranty information, visithttp://www.juniper.net/support/warranty/. JTAC hours of operation—The JTAC centers have resources available 24 hours a day,7 days a week, 365 days a year.Self-Help Online Tools and ResourcesFor quick and easy problem resolution, Juniper Networks has designed an onlineself-service portal called the Customer Support Center (CSC) that provides you with thefollowing features: Find CSC offerings: http://www.juniper.net/customers/support/ Search for known bugs: http://www2.juniper.net/kb/ Find product documentation: http://www.juniper.net/techpubs/ Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/ Download the latest versions of software and review release e/ Search technical bulletins for relevant hardware and software notifications:http://kb.juniper.net/InfoCenter/ Join and participate in the Juniper Networks Community Forum:http://www.juniper.net/company/communities/ Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/To verify service entitlement by product serial number, use our Serial Number Entitlement(SNE) Tool: earch/Opening a Case with JTACYou can open a case with JTAC on the Web or by telephone.viii Use the Case Management tool in the CSC at http://www.juniper.net/cm/. Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).Copyright 2014, Juniper Networks, Inc.

CHAPTER 1Virtual Appliance Installations for JSA andLog AnalyticsThis chapter describes about the following section: Juniper Secure Analytics (JSA) and Log Analytics Installation Overview on page 3 Overview of Supported Virtual Appliances on page 4 System Requirements for Virtual Appliances on page 6 Creating Your Virtual Machine on page 7 Installing the JSA Software on a Virtual Machine on page 8 Adding Your Virtual Appliance to Your Deployment on page 9Juniper Secure Analytics (JSA) and Log Analytics Installation OverviewYou can install Juniper Secure Analytics (JSA) and Log Analytics on a virtual appliance.Ensure that you use a supported virtual appliance that meets the minimum systemrequirements.To install a virtual appliance, complete the following tasks in sequence: Create a virtual machine. Install JSA software on the virtual machine. Add your virtual appliance to the deployment.CAUTION: When deploying a JSA appliance with image 2013.2.r3.607582,you must reimage the appliance to the common image 2013.2.r3.615469. Formore information, see Installing JSA Using a Bootable USB Flash-DriveTechnical Note.RelatedDocumentation Overview of Supported Virtual Appliances on page 4 System Requirements for Virtual Appliances on page 6 Creating Your Virtual Machine on page 7 Installing the JSA Software on a Virtual Machine on page 8Copyright 2014, Juniper Networks, Inc.3

Juniper Secure Analytics Virtual Appliance Installation Guide Adding Your Virtual Appliance to Your Deployment on page 9Overview of Supported Virtual AppliancesA virtual appliance is a Juniper Secure Analytics (JSA) system that consists of JSA softwarethat is installed on a VMWare ESX 5.0 virtual machine. Use the procedures in this topicto install your virtual appliance.A virtual appliance provides the same visibility and functionality in your virtual networkinfrastructure that JSA appliances provide in your physical environment.After you install your virtual appliances, use the deployment editor to add your virtualappliances to your deployment. For more information on how to connect appliances, seethe Juniper Secure Analytics Administration Guide.JSA Virtual All-in-One or JSA Virtual Console DeploymentThis virtual appliance is a Juniper Secure Analytics (JSA) system that can profile networkbehavior and identify network security threats. The JSA Virtual All-in-One or JSA Virtualconsole deployment virtual appliance includes an on-board Event Collector and internalstorage for events.The JSA Virtual All-in-One or JSA Virtual console deployment virtual appliance supportsthe following items: Up to 1,000 network objects 50,000 flows per interval, depending on your license 1,000 events per second (eps), depending on your license 750 event feeds (additional devices can be added to your licensing) External flow data sources for NetFlow, sFlow, J-Flow, Packeteer, and Flowlog files QFlow Collector and Layer 7 network activity monitoringTo expand the capacity of the JSA Virtual All-in-One or JSA Virtual console deploymentbeyond the license-based upgrade options, you can add one or more of the JSA VirtualDistributed Event or Flow processors or JSA Virtual Distributed Event or Flow processorsvirtual appliances:JSA Virtual Distributed Event or Flow ProcessorsThis virtual appliance is a dedicated Event Processor that allows you to scale your JuniperSecure Analytics (JSA) deployment to manage higher EPS rates. The JSA VirtualDistributed Event or Flow processors includes an on-board Event Collector, EventProcessor, and internal storage for events.The JSA Virtual Distributed Event or Flow processors appliance supports the followingitems: 4Up to 1,000 events per secondCopyright 2014, Juniper Networks, Inc.

Chapter 1: Virtual Appliance Installations for JSA and Log Analytics 2 TB or larger dedicated event storageThe JSA Virtual Distributed Event or Flow processors virtual appliance is a distributedEvent Processor appliance and requires a connection to any series appliance.JSA Virtual Distributed Event or Flow ProcessorsThis virtual appliance is deployed with any series appliance. The virtual appliance is usedto increase storage and includes an on-board Event Processor, and internal storage.JSA Virtual Distributed Event or Flow processors appliance supports the following items: 50,000 flows per interval depending on traffic types 2 TB or larger dedicated flow storage 1,000 network objects QFlow Collector and Layer 7 network activity monitoringYou can add JSA Virtual Distributed Event or Flow processors appliances to any seriesappliance to increase the storage and performance of your deployment.JSA VFlow Collector 1290This virtual appliance provides the same visibility and functionality in your virtual networkinfrastructure that a QFlow Collector offers in your physical environment. The QFlowCollector virtual appliance analyzes network behavior and provides Layer 7 visibility withinyour virtual infrastructure. Network visibility is derived from a direct connection to thevirtual switch.The JSA VFlow Collector 1290 virtual appliance supports a maximum of the followingitems: 10,000 flows per minute Three virtual switches, with one additional switch that is designated as the managementinterface.The JSA VFlow Collector 1290 virtual appliance does not support NetFlow.JSA 1590This virtual appliance is a dedicated Event Collector, which is required if you want toenable the store and forward feature. The store and forward feature allows you to manageschedules that control when to start and stop forwarding events from your dedicatedEvent Collector appliances to Event Processor components in your deployment.A dedicated Event Collector does not process events and it does not include an on-boardEvent Processor.By default, a dedicated Event Collector continuously forwards events to an EventProcessor that you must connect using the deployment editor. The maximum Event PerSecond (EPS) is controlled by the Event Processor.Copyright 2014, Juniper Networks, Inc.5

Juniper Secure Analytics Virtual Appliance Installation GuideRelatedDocumentation Juniper Secure Analytics (JSA) and Log Analytics Installation Overview on page 3 System Requirements for Virtual Appliances on page 6 Creating Your Virtual Machine on page 7 Installing the JSA Software on a Virtual Machine on page 8 Adding Your Virtual Appliance to Your Deployment on page 9System Requirements for Virtual AppliancesTo ensure that Juniper Secure Analytics (JSA) works correctly, ensure that virtual appliancethat you use meets the minimum software and hardware requirements.Table 3 on page 6 describes the minimum requirements for virtual appliances.Table 3: Requirements for Virtual AppliancesRequirementDescriptionVMware clientVMware ESXi Version 5.0VMware ESXi Version 5.1For more information about VMWare clients, see the VMware website atwww.vmware.comVirtual disk size on all appliance except QFlowCollector appliancesMinimum: 256 GBNOTE: For optimal performance, ensure that an extra 2-3 times of theminimum disk space is available.Virtual disk size for QFlow Collector appliancesMinimum: 70 GBTable 4 on page 6 describes the minimum memory requirements for virtual appliances.Table 4: Minimum and Optional Memory Requirements for JSA Virtual Appliances6ApplianceMinimum memoryrequirementSuggested memoryrequirementJSA VFlow Collector 12906 GB6 GBJSA 159012 GB16 GBJSA Virtual Distributed Event or Flow processors12 GB48 GBJSA Virtual Distributed Event or Flow processors12 GB48 GBJSA Virtual All-in-One or JSA Virtual console deployment24 GB48 GBLog Analytics Virtual 179024 GB48 GBCopyright 2014, Juniper Networks, Inc.

Chapter 1: Virtual Appliance Installations for JSA and Log AnalyticsRelatedDocumentation Juniper Secure Analytics (JSA) and Log Analytics Installation Overview on page 3 Overview of Supported Virtual Appliances on page 4 Creating Your Virtual Machine on page 7 Installing the JSA Software on a Virtual Machine on page 8 Adding Your Virtual Appliance to Your Deployment on page 9Creating Your Virtual MachineTo install a virtual appliance, you must first use VMware vSphere Client 5.0 to create avirtual machine.1.From the VMware vSphere Client, click File New Virtual Machine.2. Use the following steps to guide you through the choices:a. In the Configuration pane of the Create New Virtual Machine window, select Custom.b. In the Virtual Machine Version pane, select Virtual Machine Version: 7.c. For the Operating System (OS), select Red Hat Enterprise Linux 6 (64-bit).

Table2:TextandSyntaxConventions(continued) Convention Description Examples Toconfigureastubarea,includethe stubstatementatthe[editprotocols ospfareaarea-id]hierarchylevel. TheconsoleportislabeledCONSOLE. Rep