Page 1
QUICK START GUIDE
Fidelis Network™
High Capacity Collector
Rev-I
Collector Controller Appliances
Based on HP DL360-G9 and DL380-G9
Platforms
www.fidelissecurity.com
Page 2
QUICK START GUIDE
2
System
Account
Default Password
SSH / Appliance Console
fidelis
fidelispass
K2 GUI
admin
system
ILO
administrator
(printed on label, top of server)
Fidelis Network™ High Capacity Collector
1. System Overview
The Fidelis Collector is the security analytics database for Fidelis Network. The Fidelis Collector
receives network metadata from Fidelis Network sensors (e.g., Direct, Internal, Mail and Web
Sensors) and stores it for ongoing analysis. A Fidelis Collector cluster of appliances consist of one or
two Collector Controller(s) and typically three or more Collector XA database nodes.
Figure 1: Fidelis Network — Collector Controller 10G (Rev-I)
Figure 2: Fidelis Network — Collector XA4 Appliance (Rev-I)
2. Documentation & References
Fidelis Network product documentation, appliance specifications, and instructions can be found at
http://fidelisssecurity.com/customer-support/login or through the icon in the K2 GUI.
Appliance Default Passwords
Technical Support
For all technical support related to this product, check with your site administrator to determine
support contract details. For support of your product, contact your reseller. If you have a direct
support contract with Fidelis Cybersecurity, contact the Fidelis Cybersecurity support team at:
• Phone: +1 301.652.7190
• Toll-free in the US: 1.800.652.4020 – Use the customer support option.
• Email: support@fidelissecurity.com
• Web: http://www.fidelissecurity.com/customer-support/login
www.fidelissecurity.com ©Fidelis Cybersecurity
Page 3
QUICK START GUIDE
3
Check
Fidelis Network Sensor – Appliance Requirements
Appropriate rack space, power, and cooling (Appendix B)
Rack tools, rails, and connectors
Keyboard and video monitor / KVM switch for temporary appliance setup
Power cables — two per appliance, appropriate for power source and region
Ethernet cables (cat5 and optical) for Admin, DB, SYNC and iLO ports (Section 3)
Network switches with enough physical ports (Section 4)
Optical transceivers for switches
Logical network information: IP addresses, hostnames (Section 5, Appendix A)
For Fidelis Network Software version 9.0.5 and later, the appliance system type (Appendix D)
Port Label
Physical Connection Type (default)
Cable Type
Admin
10GbE LC connector
Fiber SR Patch Cable, Multimode 850nM
DB Net
10GbE LC connector
Fiber SR Patch Cable, Multimode 850nM
ILO
GbE RJ45 (copper)
Cat 5/5e/6 patch cable
Fidelis Network™ High Capacity Collector
Collector Setup Checklist
3. Collector: Network Port and Cabling Requirements
Each appliance must be connected to the various networks with appropriate cables and in some
cases, transceivers. The tables below describe the physical connection and cable type associated
with each port on the appliance.
Collector Controller 10G Appliance
Figure 3: Network Port Assignments — Collector Controller 10G (Rev-I)
www.fidelissecurity.com ©Fidelis Cybersecurity
Page 4
QUICK START GUIDE
4
Port Label
Physical Connection Type (default)
Cable Type
Admin
GbE RJ45 (copper)
Cat 5 patch cable
DB Net
10GbE SFP+ w/ LC Connector
Fiber SR Patch Cable, Multimode 850nM
SYNC net
10GbE SFP+ w/ LC Connector
Fiber SR Patch Cable, Multimode 850nM
ILO
GbE RJ45 (copper)
Cat 5 patch cable
Appliance
Switch Port Type
Qty.
Collector Controller 10G
10GbE Fiber SR, LC connector (may require SFP+ transceiver)
1
Collector XA4
GbE - Copper Cat5 RJ45 port
1
Fidelis Network™ High Capacity Collector
Collector XA4 Database Node
Figure 4: Network Port Assignments — Collector XA4 (Rev-I)
4. Collector Networking Environment
The Collector appliances use multiple networks for service and inter-node communication. Networks
may be deployed as three independent physical switches — or — multiple independent VLANs on
the same switch fabric. The ADMIN, DB, and SYNC switches or VLANs must be different broadcast
domains. (iLO and ADMIN networks may intersect)
Use the tables below to identify the count and type of switch ports necessary to support the number
of appliances for your deployment.
Admin Network
The Admin Network connects the Collector Controller to the Fidelis Network sensors and K2
systems. Also connects the Collector XA nodes to the K2.
www.fidelissecurity.com ©Fidelis Cybersecurity
Page 5
QUICK START GUIDE
5
Appliance
Switch Port Type
Qty.
Collector Controller 10G
10GbE Fiber SR, LC connector (may require SFP+ transceiver)
1
Collector XA4
10GbE Fiber SR, LC connector (may require SFP+ transceiver)
1
Appliance
Switch Port Type
Qty.
Collector Controller 10G
n/a
Collector XA4
10GbE Fiber SR, LC connector (may require SFP+ transceiver)
1
Appliance
Switch Port Type
Qty.
Collector Controller 10G
GbE - Copper Cat5 RJ45 port
1
Collector XA4
GbE - Copper Cat5 RJ45 port
1
Fidelis Network™ High Capacity Collector
DB Network
The DB Network allows communication between Collector Controller and Controller XA nodes. This
network must be independent from other networks. IPv4 addressing only.
SYNC Network
The SYNC Network provides transport for database node synchronization. This network must be
independent from other networks. Only IPv4 addresses are supported.
ILO / IPMI Network
Optional network for remote/out-of-band server administration.
5. Appliance — Logical Network Configuration
Each physical connection must be assigned logical network information. Build a table of the logical
information for each appliance (sample below) that you can reference during configuration. You will
refer to this table multiple times during setup. Appendix A has a worksheet you may use.
www.fidelissecurity.com ©Fidelis Cybersecurity
Page 6
QUICK START GUIDE
6
Network Setting
Assignments
Interface
Admin/eth0
DB/eth1
SYNC/eth2
iLO/IMM
Hostname (FQDN)
collector-xa1.organization.net.
Static IP Address
10.1.2.3
192.168.1.3
172.16.1.3
10.2.3.4
Subnet Mask
255.255.252.0
255.255.255.0
255.255.255.0
255.255.252.0
Gateway
10.1.2.1
Proxy Server
10.5.6.7
DNS Servers
8.8.4.4, 8.8.8.8
NTP Servers
pool.ntp.org.
Time Zone
UTC (+0)
Fidelis Network™ High Capacity Collector
Sample Network Configuration Table
6. Appliance Installation
Rack Installation
Install each appliance in an enclosure/location that has necessary power and cooling.
Power
Connect power cables to the power supplies in the back of the appliance.
Network Cabling
Using the connectors and cables described in sections 4 and 5, begin to connect the appliances to
the networks. Refer to the Collector network diagram for this section.
Cable the Collector Controller 10G appliance(s) to the switches:
1. Connect Admin (eth0) port to the “ADMIN” switch port
2. Connect DB (eth1) port to the “DB” switch port
3. Connect the iLO port to the ADMIN (or ILO) switch port (optional)
4. Repeat for each Collector Controller.
Cable the Collector XA4 Node appliances to the switches:
1. Connect Admin (eth0) port to the “ADMIN” switch port.
2. Connect DB (eth1) port to the “DB” switch port.
3. Connect SYNC (eth2) port to the “SYNC” switch port.
4. Connect the iLO port to the ADMIN (or ILO) switch port. (optional)
5. Repeat for each Collector XA.
www.fidelissecurity.com ©Fidelis Cybersecurity
Page 7
QUICK START GUIDE
7
- Via KVM Console: Connect a keyboard
and monitor to the appliance.
For Fidelis Network appliances version 9.0.5
or later, the screen on the right is displayed:
a. With [Perform Initial Install or Factory Reset] selected, press Enter.
Fidelis Network™ High Capacity Collector
7. Appliance Network Configuration
1. Power on the Appliance(s).
2. Connect to the component CLI using one of the following methods:
3. If you see the screen above, perform the following steps to apply the software. Otherwise
skip to step 4.
Figure 5: Collector Network Diagram
www.fidelissecurity.com ©Fidelis Cybersecurity
Page 8
QUICK START GUIDE
8
b. Use the Up and Down arrow keys to select
the system type Collector Controller (or
Collector XA for cluster), and press Enter.
If you need help determining the system
type, see Appendix C.
The system displays a screen with the
message “Congratulations, your CentOS
installation is complete.”
c. Click Reboot.
Fidelis Network™ High Capacity Collector
4. Login in to the appliance using console or SSH
- Via SSH: Directly attach an Ethernet cable from a client system such as a laptop to the
Admin/eth0 port on the appliance. The default IP address is 192.168.42.11/24. Assign a static IP
from the same subnet to the network interface on the client system and connect to the appliance
using SSH.
5. Use these credentials at the login prompt:
- user: fidelis
- default password: fidelispass
6. From the command line, run: sudo /FSS/bin/setup
You will be prompted for the SU (fidelis) password
7. Within Setup, select Network Settings.
8. Configure the network parameters for the system and each active network interface.
a. Use the Network Configuration table you prepared earlier.
b. When complete, return to the top menu.
9. When complete, select [OK] to leave Setup.
10. From command line, reboot the system: sudo /fss/bin/shutdown.pl --user admin --reboot
Repeat steps for all appliances being added to the Collector cluster.
11. Use the PING command to verify connectivity between the XAs on their SYNC/eth2
interfaces.
8. Cluster Setup
On the Final Collector XA4 Appliance
If you have not completed setup for the XA4 appliances in section 7 above, or you are adding an
XA4 appliance to the Collector, follow these steps:
1. Login via SSH or KVM console.
2. From the command line, run: su - root -c /FSS/bin/setup
3. Navigate to Collector Settings.
4. At the XA4 count, enter the number of XA4 appliances, and select Ok.
www.fidelissecurity.com ©Fidelis Cybersecurity
Page 9
QUICK START GUIDE
9
Fidelis Network™ High Capacity Collector
5. Review the list of IP addresses. Select Confirm if these are correct, or select Edit to correct
them.
9. Fidelis Network Integration
Register Collector Controller 10G with K2
1. Log into the K2 GUI from a web browser.
2. Add the Collector to the K2 at the System>Components page. Click Add Component.
3. Select Collector from the drop down menu. Complete the form:
- name — this is a user-friendly name for the Collector, not the FQDN of the Controller.
- IP address of the ADMIN interface of the primary Collector Controller 10G appliance
- (optional) description — e.g. location, business unit, etc.
- Click Save.
4. Register the Collector to K2. Click Register and accept the End User License Agreement
(EULA). K2 will then communicate with the Collector at the specified IP address.
Register Collector Controller 10Gs with the Fidelis Sensors
1. Log into the K2 GUI from a web browser.
2. Select the appropriate Direct, Internal, Mail or Web sensor and click Config.
3. Click the Advanced page for the sensor and select a Collector at the drop down box.
4. Repeat for each sensor.
www.fidelissecurity.com ©Fidelis Cybersecurity
Page 10
QUICK START GUIDE
10
Network Setting
Assignments
Interface
Admin/eth0
DB/eth1
iLO/IMM
Hostname (FQDN)
Static IP Address
Subnet Mask
Gateway
Proxy Server
DNS Servers
NTP Servers
Time Zone
Network Setting
Assignments
Interface
Admin/eth0
DB/eth1
iLO/IMM
Hostname (FQDN)
Static IP Address
Subnet Mask
Gateway
Proxy Server
DNS Servers
NTP Servers
Time Zone
Fidelis Network™ High Capacity Collector
Appendix A: Network Configuration Worksheet
Collector Controller 10G (Primary)
Collector Controller 10G (Failover)
www.fidelissecurity.com ©Fidelis Cybersecurity
Page 11
QUICK START GUIDE
11
Network Setting
Assignments
Interface
Admin/eth0
DB/eth1
SYNC/eth2
iLO/IMM
Hostname (FQDN)
Static IP Address
Subnet Mask
Gateway
Proxy Server
DNS Servers
NTP Servers
Time Zone
Network Setting
Assignments
Interface
Admin/eth0
DB/eth1
SYNC/eth2
iLO/IMM
Hostname (FQDN)
Static IP Address
Subnet Mask
Gateway
Proxy Server
DNS Servers
NTP Servers
Time Zone
Fidelis Network™ High Capacity Collector
Collector XA4 (A)
Collector XA4 (B)
www.fidelissecurity.com ©Fidelis Cybersecurity
Page 12
QUICK START GUIDE
12
Network Setting
Assignments
Interface
Admin/eth0
DB/eth1
SYNC/eth2
iLO/IMM
Hostname (FQDN)
Static IP Address
Subnet Mask
Gateway
Proxy Server
DNS Servers
NTP Servers
Time Zone
Collector Controller 10G
Collector XA4
Form Factor
1U rack-mount chassis
SFF
2U rack-mount chassis
SFF
CPU
Dual Intel Xeon Gold 6148
20-core 2.4 Ghz
Dual Intel Xeon Gold 6136
12-core 3.0 Ghz
Memory
128 GB
ECC DDR4 2666Mhz
192 GB
ECC DDR4 2666Mhz
Storage Capacity &
Configuration
480 GB
2x SSD, RAID-1 (240GB)
480 GB
2x SSD, RAID-1(240GB)
------------------------
26.4 TB
22x HDD, RAID-10 (13.2TB)
Network Adapters
4x 1GbE
2x 10GbE optical
4x 1GbE
2x 10GbE optical
Out of Band Management
Integrated Lights Out Management (ILO)
Integrated Lights Out Management (ILO)
Dimensions
H: 4.29 cm (1.69 in)
W: 43.46 cm (17.11 in)
D: 70.7 cm (27.83 in)
H: 8.73 cm (3.44 in)
W: 44.54 cm (17.54 in)
D: 67.94 cm (26.75 in)
Weight (appx.)
16.27 kg (35.86 lb)
24.5 kg (54 lb)
Power Supply
Dual hot-swap
800W High Efficiency AC power supplies
Dual hot-swap
800W High Efficiency AC power supplies
Operating Temperature
10° to 35°C (50° to
95°F) at sea level
10° to 35°C (50° to
95°F) at sea level
Fidelis Network™ High Capacity Collector
Collector XA4 (C)
Appendix B: System Specifications
www.fidelissecurity.com ©Fidelis Cybersecurity
Page 13
QUICK START GUIDE
13
• Appliance lid UID decal (see sample on right)
• Shipping carton UID decal (see sample on right)
• Packing list
• Purchase Order
Appliance SKU with:
System Type
FSS-CXA4-I
Collector XA
FSS-CC10G-I
Collector Controller
Fidelis Network™ High Capacity Collector
Appendix C: System Types
For Fidelis Network Software version 9.0.5 and later, the table below shows the software to apply
based on the appliance SKU. You can find the SKU in the following locations:
(Note that the SKU starts with “FSS”.)
QSC_Fidelis_CHC_20180324
www.fidelissecurity.com ©Fidelis Cybersecurity
Loading...