Installing a Data Aggregator in KVM
Important: Stellar Cyber recommends that you deploy an aggregator using a Modular Sensor with the Aggregator feature enabled in its Sensor Profile rather than using the purpose-built aggregator image. Installation of aggregators using the purpose-built images is officially a deprecated feature, although the images are still available.
You can install a KVM data aggregator on:
- CentOS 7.3 (or later)
- Ubuntu Server 16.04
To install you must:
Preparing
Click to see the minimum system requirements for installing a data aggregator.
To prepare for the installation:
- Open firewall ports.
-
Contact Stellar Cyber support (support@stellarcyber.ai) for login credentials.
- Using those credentials, download the image from https://acps.stellarcyber.ai/release/4.3.7/datasensor/aella-device-agg-4.3.7.qcow2.
Installation links point to the most recent release. To download a different version, simply substitute the version you want for the version specified in the link.
Before installing any software, verify whether the system has the VM capabilities required. This can be done from the command line. For Intel-based systems use the command:
cat /proc/cpuinfo | grep vmx
If no lines are listed then VM hardware support is not available. It must be enabled in the system BIOS.
For AMD-based systems use:
cat /proc/cpuinfo | grep svm
One line will be listed for each secure-VM core available. If no lines are listed then VM hardware support must be enabled in the system BIOS.
If VM capability is not reported by these commands, do not proceed until it is enabled.
The system will require the KVM, tools, and Linux bridge tools installed. On Ubuntu these can be installed as follows:
apt-get install -y net-tools qemu-utils qemu-kvm virt-manager libvirt-bin virtinst virt-viewer bridge-utils
For CentOS use the following command:
yum install net-tools qemu-kvm qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils
systemctl start libvirtd
systemctl enable libvirtd
Installing in Bridge Mode
Create Bridge
This process creates a Linux bridge named br-aio to be used by the aggregator. The installation script takes an existing configured port and transfers its settings (IP address) to the bridge interface. The VM itself requires a new IP address in the same subnet.
Skip this section if the bridge has already been created due to a prior installation of a Stellar Cyber sensor, aggregator, or data processor (DP).
Contact Stellar Cyber support (support@stellarcyber.ai) for login credentials.
To get a helper script that will create the Linux bridge, use the following curl command:
curl -k -u login:password https://acps.stellarcyber.ai/release/4.3.7/dataprocessor/create_bridge.sh -o create_bridge.sh
The script is executed as follows. In this example the host port eno1 is used. Substitute the correct interface name when used.
bash create_bridge.sh eno1
Because this script reconfigures the network, any connection that uses the network port may become non-responsive for some period of time. This includes the shell session that is executing this procedure if the user is using SSH via the named port. The script will ask for confirmation that this is acceptable.
Install Sensor VM
Contact Stellar Cyber support (support@stellarcyber.ai) for login credentials.
To get the installation script:
curl -k -u login:password -o virt_deploy_device_agg.sh https://acps.stellarcyber.ai/release/4.3.7/datasensor/virt_deploy_device_agg.sh
To complete the installation where the aggregator will obtain its management IP address from a DHCP server use the following command. Substitute the desired value in place of aggr41 for the hostname.
sudo bash virt_deploy_device_agg.sh -- --hostname=aggr41 --release=4.3.7 --span=eno2 --bridge=br0-aio
To configure a static IP address, use the following format:
sudo bash virt_deploy_device_agg.sh -- --hostname=aggr41 --release=4.3.7 --bridge=br0-aio --local-ip=192.168.23.13 --ip=192.168.23.41 --netmask=255.255.0.0 --gw=192.168.0.1 --dns=192.168.23.103 --dns-search=sc.com --installdir=/home/aella/agg --cm=192.168.23.18
The command parameters can be supplied as follows. Note the presence of the -- string in the first parameter position.
This is required by the script.
-
--featurecontrols the mode of installation when installing a sensor. Not necessary for an aggregator. -
--hostnamespecifies the name of the host. The VM name and the name of the aggregator within Stellar Cyber are both set to this value. -
--releaseis the version number of the software to download. -
--bridgenames the bridge to use for the management interface. This will be the same bridge that was created earlier. -
--ipprovides the static IPv4 address. -
--netmaskmust be set to the net mask of the form255.255.255.0. -
--gatewayspecifies the IP address of the gateway. -
--dnsspecifies the IP addresses of the DNS servers to use. -
--dns-searchprovides the default domain name for DNS searches. -
--installdiroptionally specifies what directory will be used for the VM image installation. -
--spanprovides a list of host Ethernet ports to be included in theaio-spanbridge.
When the script is executed it will download and install the VM, and create a Linux bridge of the name aio-span. The ports in the --span parameter will be added.
Installing in NAT Mode
The process for installation in NAT mode is the same as for bridge mode except that the create bridge.sh script is not run. Instead the VM will connect to the virbr0 bridge that was created by the KVM installation.
The ip and associated parameters will be set to a desired private address.
You must provide the necessary NAT services either through the host iptables system or externally to the box.
Connecting the Aggregator to the DP
To connect to the DP:
- Log in to your new
-
Change the password.
After you change the password, your session closes automatically. When you log back in with your new credentials, the prompt changes to DataSensor>.
-
Set IP parameters for the management port. You can use either a static IP address or a DHCP server, if available.
Stellar Cyber recommends using a static IP address for ease of troubleshooting.
The commands are as follows:
Configuration Type
Commands
Static IP Substitute your own IP parameters for those shown in bold.
set interface management ip 192.168.14.100/255.255.255.0set interface management gateway 192.168.14.1set interface management dns 8.8.8.8DHCP set interface management ip dhcp -
Verify the IP settings with the
show interfacescommand. -
Set the host name. The host name is displayed in Stellar Cyber and should be unique for each sensor:
set hostname <new hostname> -
If necessary, set the proxy HTTP server:
set proxy http://<proxy IP address:port> -
If this
set tenant_id <Tenant ID>command to specify the name of that tenant. For example:set tenant_id MyTenant -
Use the
set cmcommand to specify the IP address to reach the management interface of the Data Processor. For a DP cluster, this is the IP address of the DL-master's management interface. For a single DP deployment, this is simply the DP's management IP address. You can specify either an IP address or a hostname. For example:set cm 192.168.44.10or:
set cm example.company.com
If you specify a hostname rather than an IP address, the system attempts to verify the hostname with the DNS server. If the DNS server is not reachable, the system reports the error and lets you either proceed with the configured hostname or quit. This way, you can specify a hostname for the set cmdestination in an offline environment without access to a DNS server. - Verify your settings with the
show cmcommand. You should see the IP address of the DP listed as the CM Controller and the Status should be Established. - Log out with the
quitcommand.
The
Authorize the Aggregator
You must authorize the aggregator when it appears in the network.
You can authorize multiple aggregators at a time. So if you're installing multiple aggregators, install them all, then authorize them all at once.
Configure Sensors to Use the Aggregator
After you install the aggregator, you can configure sensors to use the aggregator.
