Ubulula bobunjiniyela

Khipha Amanothi
JSA 7.5.0 Buyekeza Iphakheji 5 qcow2
Ishicilelwe
2023-06-25

Amanothi omlawuli

Lo mhlahlandlela uhlanganisa izici zokufaka, ukuthuthukisa nokusebenzisa i-vJSA (i-virtual Juniper Secure Analytics) into esebenza ngayo phezu kwe-Kernel Virtual Machine (KVM) noma indawo ye-Open Stack. Kucatshangwa ukuthi umfundi ujwayelene ne-KVM, kanye ne-virtualization kanye ne-Ubuntu Linux, noma izindawo ze-Open Stack. I-exampLes kulo mhlahlandlela isetshenziswa kanje:

• Ukufakwa kokuqala nokwandiswa kwesitoreji kwesithombe se-vJSA ku-Ubuntu 18.04 ukuthunyelwa kwe-KVM.
• Izifanekiso zokushisa ezisetshenziselwa ukuthunyelwa kwe-OpenStack.

Izimfuneko zokufaka i-JSA 7.5.0 Update Package 5 qcow2

Sincoma izilungiselelo zesistimu ezilandelayo ngaphambi kokuthi uthuthukele ku-JSA Release 7.5.0 Update Package 5 qcow2:

• Qinisekisa imishini ebonakalayo ye-JSA ekufinyeleleni kwimemori engalingani (NUMA) efanayo njengesilawuli sediski noma isilawuli se-RAID kusistimu yokusingatha. Lokhu kuthuthukisa ukusebenza kwe-disk I/O futhi kugwema ukuwela i-QuickPath Interconnect (QPI).
• Setha inqubomgomo ye-NUMA njengeqinile kumshini obonakalayo osuselwa ku-kernel (KVM) ukuze inkumbulo nezinsiza ze-CPU zinikezwe zonke zisuka ku-NUMA efanayo.
• Ngokusebenza okungcono kakhulu kwe-I/O, ukwabiwa kwangaphambili kwemethadatha kunconywa njengokuncane. Ukwabiwa okuphelele kwediski kuyadingeka ekusebenzeni okuphezulu futhi kunconywa kukho konke ukufakwa ku-KVM.
• Khulisa inani lesitoreji esabelwe ukwahlukanisa okuthile esithombeni sediski.

QAPHELA: IJuniper Networks ayinikezi noma yikuphi ukusekelwa kokufaka nokumisa iseva ye-KVM. Kufanele ufake isithombe sikagesi esibonakalayo futhi usilungiselele njengokucaciswa okunconyiwe kwento esebenzayo ebonakalayo. I-Juniper Networks izohlinzeka ngosekelo kuphela ngemuva kokuthi i-Juniper Secure Analytics iqale ngempumelelo.
Izimfuneko zokusebenzisa i-Juniper Secure Analytics kuseva ye-KVM zimi kanje:

• Ulwazi mayelana nokumisa nokufaka iseva ye-KVM.
• Iseva ye-KVM namaphakheji asekelwe kufanele afakwe ohlelweni lwakho olusekelwe ku-Linux. Xhumana nomthengisi wakho we-Linux noma imibhalo ukuze uthole ulwazi mayelana nokufaka i-KVM.
• Isicelo noma indlela yoku view imonitha ebonakalayo yesistimu yesilawuli kude, njenge-Virtual Machine
  Umphathi (VMM), i-Virtual Network Computing (VNC) Viewer, nanoma yiluphi olunye uhlelo lokusebenza.
• I-Bridge Interface ilungiselelwe ngokuya ngendawo okuyo kanye namakheli okungenani amabili amahhala we-IP amile.

Izidingo Ezincane Zesofthiwe Zokufaka I-JSA 7.5.0 Update Package 5 qcow2
Izidingo ezincane zesofthiwe zokufaka i-JSA 7.5.0 Update Package 5 qcow2 zimi kanje:

• 32-GB RAM
• 16 CPU cores
• Isikhala sediski esingu-512 GB

Izesekeli Ezidingekayo Zezingxenyekazi zekhompuyutha ze-JSA 7.5.0 Update Package 5 qcow2

Ngaphambi kokufaka imikhiqizo ye-JSA, qinisekisa ukuthi uyakwazi ukufinyelela izinsiza zehadiwe ezidingekayo kanye nesofthiwe yedeskithophu.

Hardware Izesekeli

Qiniseka ukuthi uyakwazi ukufinyelela izingxenye zehadiwe ezilandelayo:

• Gada kanye nekhibhodi, noma ikhonsoli ye-serial
• Ukunikezwa Kwamandla Okungaphazanyiswa (i-UPS) kwawo wonke amasistimu agcina idatha, njengekhonsoli ye-JSA, izingxenye ze-Event Processor, noma izingxenye ze-JSA flow processor
• Intambo yemodemu engenalutho uma ufuna ukuxhuma isistimu kukhonsoli ye-serial

QAPHELA: Imikhiqizo ye-JSA isekela ukuqaliswa kwe-Redundant Array esekelwe ku-hardware ye-Independent Disks (RAID), kodwa ayisekeli ukufakwa kwe-RAID okusekelwe kusofthiwe noma ukufakwa kwe-RAID okusizwa ngehadiwe.

Ukufaka i-JSA emshinini obonakalayo

Dala umshini obonakalayo. Ukuze uthole ulwazi olwengeziwe, bheka Isihloko esithi Akukho Isixhumanisi.
QAPHELA: Imenyu yokufaka isofthiwe ngeke ibonakale kuwizadi yokufaka ngokuzenzakalelayo. Uma ufuna ukufaka isofthiwe ye-JSA, bheka ku-JSA Software kuphela Ukufakwa.
Ngemva kokudala umshini wakho we-virtual, kufanele ufake isofthiwe ye-JSA emshinini wokubuka.

1. Ngena ngemvume emshinini obonakalayo ngokuthayipha impande yegama lomsebenzisi. Igama lomsebenzisi liyazwela.
2. Yamukela isivumelwano selayisense lomsebenzisi wokugcina.
   ICEBISO: Cindezela inkinobho ye-Spacebar ukuze uqhubekele phambili kudokhumenti.
3. Khetha uhlobo lwesisetshenziswa:
   · Ukufakwa kukagesi (kuthengwe njengesisetshenziswa)
   · Ithuluzi Elitholakalayo Eliphezulu
   · I-App Host Appliance
   · I-Log Analytics Appliance
   QAPHELA: Ungakhetha uhlobo lukagesi ngokusekelwe ekusebenzeni okuhlosiwe kwento kagesi.
4. Uma ukhethe umshini wokutholakala okuphezulu (HA), khetha ukuthi into esetshenziswayo iyikhonsoli yini.
5. Uma ukhethe umshini wokusebenza ku-Log Analytics Appliance, khetha i-LA (I-Log Analytics “All-In-One” noma i-Console 8099).
6. Ngohlobo lokusetha, khetha Ukusethwa Okujwayelekile (okuzenzakalelayo) noma Ukusethwa kokubuyiswa kwe-HA, bese ukhetha Okulandelayo.
7. Ikhasi Lokuhlela Usuku/Isikhathi liyavela. Faka idethi yamanje enkambini yedethi yamanje (YYYY/MM/DD) ngefomethi ebonisiwe. Idethi nayo iboniswa ukuze uthole ireferensi yakho. Faka isikhathi ngefomethi yamahora angama-24 kunkambu yesikhathi sewashi engama-24 (HH:MM: SS). Kungenjalo, ungafaka igama noma ikheli le-IP leseva yesikhathi lapho isikhathi singavunyelaniswa khona kunkambu Yeseva Yesikhathi. Ngemva kokufaka imininingwane yosuku nesikhathi, khetha Okulandelayo.
8. Ikhasi elithi Khetha Izwekazi/Indawo liyavela. Khetha Izwekazi Lendawo Yesikhathi noma Indawo njengoba kudingeka bese ukhetha Okulandelayo. Inani elizenzakalelayo iMelika.
9. Ikhasi Lokukhetha Indawo Yesikhathi liyavela. Khetha Idolobha Lendawo Yesikhathi noma Isifunda njengoba kudingeka bese ukhetha Okulandelayo. Inani elizenzakalelayo yi-New York.
10. Uma ukhethe Ukusethwa Kokubuyisela Kwe-HA, faka ikheli le-IP elibonakalayo leqoqo.
11. Khetha inguqulo ye-Internet Protocol: · Khetha ipv4 noma ipv6.
12. Uma ukhethe i-ipv6, khetha imanuwali noma i-auto yohlobo lokucushwa.
13. Khetha ukusethwa kwesixhumi esibonakalayo esihlanganisiwe.
14. Khetha isixhumi esibonakalayo sokuphatha.
    QAPHELA: Uma isixhumi esibonakalayo sinesixhumanisi (ikhebula lixhunyiwe), uphawu lokuhlanganisa (+) luyavezwa ngaphambi kwencazelo.
15. Kuwindi Lokusethwa Kwemininingwane Yenethiwekhi, lungiselela izilungiselelo zenethiwekhi ezilandelayo bese ukhetha Okulandelayo.
    · Igama lomethuleli: Faka igama lesizinda elifaneleke ngokugcwele njengegama lomethuli wesistimu
    · Ikheli lasesizindeni se-inthanethi: Faka ikheli le-IP lesistimu
    · Imaski Yenethiwekhi: Faka imaski yenethiwekhi yesistimu
    · Isango: Faka isango elizenzakalelayo lesistimu
    · I-DNS eyinhloko: Faka ikheli leseva ye-DNS eyinhloko
    · I-DNS yesibili: (Uma uthanda) Thayipha ikheli lesibili leseva ye-DNS
    · I-IP yomphakathi: (Ngokuzithandela) Faka ikheli le-IP Lomphakathi leseva
    QAPHELA: Uma ulungiselela lo msingathi njengosokhaya oyinhloko weqoqo elitholakalayo eliphezulu (HA), futhi ukhethe Yebo ukuze ulungiselele ngokuzenzakalelayo, kufanele urekhode ikheli le-IP elikhiqizwa ngokuzenzakalelayo. Ikheli le-IP elakhiwe lifakwa phakathi nokucushwa kwe-HA. Ukuze uthole ulwazi olwengeziwe, bheka I-Juniper Secure Analytics High Availability Guide.
16. Uma ufaka ikhonsoli, faka iphasiwedi yomqondisi ehlangabezana nemibandela elandelayo:
    · Iqukethe okungenani izinhlamvu eziyi-8
    · Iqukethe okungenani uhlamvu olulodwa olukhulu
    · Iqukethe okungenani uhlamvu olulodwa olulodwa
    · Iqukethe okungenani idijithi eyodwa
    · Iqukethe okungenani uhlamvu olulodwa olukhethekile: @, #, ^, noma *.
17. Faka iphasiwedi yempande ehlangabezana nemibandela elandelayo:
    · Iqukethe okungenani izinhlamvu eziyi-5
    · Ayinazikhala
    · Ingafaka izinhlamvu ezikhethekile ezilandelayo: @, #, ^, kanye *.
18. Chofoza Okulandelayo.
19. Faka ukhiye wakho welayisensi.
    a. Ngena ngemvume ku-JSA. Igama lomsebenzisi elizenzakalelayo ngumqondisi. Iphasiwedi yiphasiwedi ye-akhawunti yomsebenzisi yomqondisi oyisetha ngesikhathi sokufakwa.
    b. Chofoza Ngena ku-JSA.
    c. Chofoza ithebhu Admin.
    d. Kufasitelana lokuzulazula, chofoza Ukucushwa Kwesistimu.
    e. Chofoza isithonjana Sokuphathwa Kwesistimu Nelayisensi.
    f. Ebhokisini lohlu lokubonisa, khetha Amalayisense, bese ulayisha ukhiye wakho welayisensi.
    g. Khetha ilayisense engabelwe bese uchofoza okuthi Yabela Isistimu Kulayisensi.
    h. Kusukela kuhlu lwezinhlelo, khetha uhlelo, bese uchofoza okuthi Yabela Isistimu Ukuze Ilayisensi.
    i. Chofoza okuthi Sebenzisa Izinguquko Zelayisensi.

Ukufaka i-JSA 7.5.0 Update Package 5 qcow2 kuseva ye-KVM kusetshenziswa i-VMM

Sebenzisa iklayenti lomshini we-VMM ukuze ufake i-JSA 7.5.0 Update Package 5 qcow2 kuseva ye-KVM.
Ukufaka i-JSA 7.5.0 Update Package 5 qcow2 kuseva ye-KVM ngokusebenzisa i-VMM:

1. Landa isithombe se-JSA 7.5.0 Update Package 5 qcow2 kuso https://support.juniper.net/support/downloads/ ohlelweni lwakho lwendawo.
   QAPHELA: Ungalishintshi igama lesithombe se-JSA 7.5.0 Update Package 5 qcow2 file oyilanda kusayithi lokusekela le-Juniper Networks. Uma ushintsha igama lesithombe file, ukudalwa kwe-JSA 7.5.0 Update Package 5qcow2 kungahluleka.
2. Yethula iklayenti le-VMM.
3. Khetha File > Umshini Omusha Obonakalayo Omusha kubha yemenyu ye-VMM ukuze ufake umshini omusha obonakalayo kuseva ye-KVM. Ibhokisi lengxoxo le-VM Entsha liyavela futhi liyaboniswa. Isinyathelo 1 kwezi-4 sokufakwa okusha kwe-VM.
4. Ngaphansi kokuthi Khetha ukuthi ungathanda ukuyifaka kanjani isistimu yokusebenza, chofoza Ngenisa isithombe sediski esikhona.
5. Chofoza okuthi Phambili ukuze uye esinyathelweni esilandelayo. Isinyathelo sesi-2 kwezi-4 siyaboniswa.
6. Ngaphansi kokuthi Nikeza indlela yokugcina ekhona, chofoza okuthi Phequlula.
7. Ngaphansi kokuthi Khetha ivolumu yesitoreji , chofoza okuthi Phequlula Indawo ngaphansi kwebhokisi lengxoxo ukuze uthole bese ukhetha isithombe se-JSA 7.5.0 Buyekeza Iphakheji 5 qcow2 file (.qcow2) ilondolozwe kusistimu yakho.
8. Ngaphansi kokuthi Khetha uhlobo lwesistimu yokusebenza nenguqulo, khetha i-Linux yohlobo lwe-OS kanye nenombolo yenguqulo ye-Red Hat Enterprise Linux yenguqulo.
   QAPHELA: Sincoma ukusebenzisa inguqulo ye-Linux efana ne-JSA 7.5.0 Update Package 5 qcow2 esetshenziswayo.
9. Chofoza okuthi Phambili ukuze uye esinyathelweni esilandelayo.
   Isinyathelo sesi-3 kwezi-4 siyaboniswa.
10. Ngaphansi kokuthi Khetha izilungiselelo zeMemori ne-CPU, qinisekisa ukuthi u-4 usethelwe ama-CPU futhi ukhethe noma ufake inani elilandelayo Lememori (RAM):
    · 32768 MBUkuze i-JSA 7.5.0 Update Package 5 qcow2 isetshenziswe njenge-Junos Space node noma njengenodi ye-FPMM
11. Chofoza okuthi Phambili ukuze uye esinyathelweni esilandelayo.
    Isinyathelo sesi-4 siyaboniswa.
12. Ngaphansi kokukhetha Inethiwekhi, khetha okukhethwa kukho ngokusekelwe endleleni ofuna ukumisa ngayo ukuxhumana kwenethiwekhi ekusethweni kwe-JSA 7.5.0 Update Package 5 qcow2.
13. Ngaphansi kokuthi Ukulungele ukuqalisa ukufakwa, endaweni yegama, faka igama le-JSA 7.5.0 Update Package 5 qcow2.

Ukusula Inqolobane

Ngemva kokuqeda ukufaka, kufanele usule inqolobane yakho ye-Java kanye neyakho web i-browser cache ngaphambi kokuthi ungene ku-JSA appliance.
Ngaphambi kokuthi uqale
Qinisekisa ukuthi unesenzakalo esisodwa kuphela sesiphequluli sakho esivuliwe. Uma unezinguqulo eziningi zesiphequluli sakho ezivuliwe, inqolobane ingase yehluleke ukusula.
Qinisekisa ukuthi i-Java Runtime Environment ifakiwe kusistimu yedeskithophu oyisebenzisayo view interface yomsebenzisi. Ungalanda inguqulo ye-Java 1.7 ku-Java webindawo: http://java.com/.
Mayelana nalo msebenzi
Uma usebenzisa isistimu yokusebenza ye-Microsoft Windows 7, isithonjana se-Java ngokuvamile sitholakala ngaphansi kwefasitelana lezinhlelo.
Ukusula inqolobane:

1. Sula inqolobane yakho ye-Java:
   a. Kudeskithophu yakho, khetha okuthi Qala > Iphaneli yokulawula.
   b. Chofoza kabili isithonjana se-Java.
   c. Ku-inthanethi Yesikhashana Files ifasitelana, chofoza View.
   d. Ku-Cache ye-Java Viewefasiteleni, khetha konke okufakiwe kwe-Deployment Editor.
   e. Chofoza isithonjana esithi Susa.
   f. Chofoza Vala. g. Chofoza KULUNGILE.
2. Vula eyakho web isiphequluli.
3. Sula inqolobane yakho web isiphequluli.
   Uma usebenzisa iMozilla Firefox web kusiphequluli, kufanele usule inqolobane kuMicrosoft Internet Explorer kanye neMozilla Firefox web iziphequluli.
4. Ngena ngemvume ku-JSA.

Izinkinga Ezaziwayo Nemikhawulo

• Uma Ukuhlola ukuthi i-tomcat isebenza futhi ilungile (umzamo 0/30) idlula (umzamo 10/30), kufanele usebenzise enye iseshini ye-SSH ukuze ungene ekhelini le-IP lohlelo ngesikhathi sokufakwa, futhi ususe ukukhiya kwe-imqbroker. file. Qala kabusha insizakalo ye-imqbroker kanje:
  i-systemctl iqalisa kabusha i-imqbroker
  QAPHELA: Uma ukufakwa kuphelelwa yisikhathi, qalisa kabusha isistimu bese wenza ukusetha okwesibili.
• Iphasiwedi yomlawuli ayisethwanga ngokufanelekile yimibhalo yokusetha.
  Ngemva kokufaka ikhonsoli, shintsha iphasiwedi yomqondisi ngokusebenzisa i-CLI ngokusebenzisa lezi zinyathelo ezilandelayo:

1. Xhuma kukhonsoli yakho usebenzisa i-SSH njengomsebenzisi wempande.
   2. Setha iphasiwedi ngokusebenzisa umyalo olandelayo: /opt/qradar/support/changePasswd.sh -a
2. Faka iphasiwedi entsha uma ucelwa.
3. Faka kabusha iphasiwedi entsha uma ucelwa.
4. Qala kabusha isevisi ye-UI ngomyalo olandelayo: service tomcat restart
5. Ngena ngemvume ku-UI nge-akhawunti yomlawuli kanye nephasiwedi entsha.
6. Yenza izinguquko zokuphakela. Iphasiwedi ye-akhawunti yomlawuli manje isishintshiwe.

Izinkinga Ezixazululiwe

Lutho.
I-Juniper Networks, ilogo ye-Juniper Networks, i-Juniper, ne-Junos yizimpawu zokuthengisa ezibhalisiwe ze-Juniper Networks, Inc. e-United States nakwamanye amazwe. Zonke ezinye izimpawu zokuthengisa, izimpawu zesevisi, amamaki abhalisiwe, noma izimpawu zesevisi ezibhalisiwe ziyimpahla yabanikazi bazo. IJuniper Networks ayinaso isibopho sanoma yikuphi ukungalungi kulo mbhalo. I-Juniper Networks igodla ilungelo lokushintsha, ukulungisa, ukudlulisa, noma ukubuyekeza lokhu kushicilelwa ngaphandle kwesaziso. Copyright © 2023 Juniper Networks, Inc. Wonke amalungelo agodliwe.

Amadokhumenti / Izinsiza

JUNIPER NETWORKS JSA Juniper Secure Analytics [pdf] Umhlahlandlela Womsebenzisi I-JSA Juniper Secure Analytics, i-JSA, i-Juniper Secure Analytics, i-Secure Analytics, i-Analytics

Izithenjwa

• Imaniwali yosebenzisayo