McAfee Enterprise Security Manager 9.5 · · 2015-02-18Identifying network cables ... 3 Setting...
Transcript of McAfee Enterprise Security Manager 9.5 · · 2015-02-18Identifying network cables ... 3 Setting...
Installation Guide
McAfee Enterprise Security Manager 9.5.0
COPYRIGHT
Copyright © 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com
TRADEMARK ATTRIBUTIONSIntel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee ActiveProtection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence,McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfeeTotal Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries.Other marks and brands may be claimed as the property of others.
LICENSE INFORMATION
License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.
2 McAfee Enterprise Security Manager 9.5.0 Installation Guide
Contents
Preface 5About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1 Introduction 7
2 Installing McAfee ESM devices 9Preparing to install McAfee ESM devices . . . . . . . . . . . . . . . . . . . . . . . . . 9
Hardware and software requirements . . . . . . . . . . . . . . . . . . . . . . . 9Inspect packaging and device . . . . . . . . . . . . . . . . . . . . . . . . . . 10Identifying a location for installation . . . . . . . . . . . . . . . . . . . . . . . 10
Connect and start the devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Identifying connector and equipment types . . . . . . . . . . . . . . . . . . . . 12Identifying network cables . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Identifying network ports . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3 Setting up McAfee ESM devices 23Configure the network interface on the Nitro IPS . . . . . . . . . . . . . . . . . . . . . 23Configure the network interface on the Receiver, ELM, and ACE . . . . . . . . . . . . . . . 24Configure the network interface on the DEM and ADM . . . . . . . . . . . . . . . . . . . 24Configure the network interface on the ESM . . . . . . . . . . . . . . . . . . . . . . . 25Configure for IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Log on to McAfee ESM console . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
A About FIPS mode 29FIPS mode information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Select FIPS mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Check FIPS integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Adding a keyed device in FIPS mode . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Backup and restore information for a device in FIPS mode . . . . . . . . . . . . . . 32Enable communication with multiple ESM devices in FIPS mode . . . . . . . . . . . . 33
Troubleshooting FIPS mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
B VM ESXi requirements 37VM models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Stripe the storage drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Install the virtual machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Configure the virtual machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Key the VM device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
C Install the qLogic 2460 or 2562 SAN adapters 43
D Install DAS 45
McAfee Enterprise Security Manager 9.5.0 Installation Guide 3
E Installing devices in a rack 47Install AXXVRAIL rail set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Remove the chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
F Regulatory notices 53
Index 57
Contents
4 McAfee Enterprise Security Manager 9.5.0 Installation Guide
Preface
This guide provides the information you need to work with your McAfee product.
Contents About this guide Find product documentation
About this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.
AudienceMcAfee documentation is carefully researched and written for the target audience.
The information in this guide is intended primarily for:
• Administrators — People who implement and enforce the company's security program.
• Users — People who use the computer where the software is running and can access some or all ofits features.
ConventionsThis guide uses these typographical conventions and icons.
Book title, term,emphasis
Title of a book, chapter, or topic; a new term; emphasis.
Bold Text that is strongly emphasized.
User input, code,message
Commands and other text that the user types; a code sample; a displayedmessage.
Interface text Words from the product interface like options, menus, buttons, and dialogboxes.
Hypertext blue A link to a topic or to an external website.
Note: Additional information, like an alternate method of accessing anoption.
McAfee Enterprise Security Manager 9.5.0 Installation Guide 5
Tip: Suggestions and recommendations.
Important/Caution: Valuable advice to protect your computer system,software installation, network, business, or data.
Warning: Critical advice to prevent bodily harm when using a hardwareproduct.
Find product documentationAfter a product is released, information about the product is entered into the McAfee online KnowledgeCenter.
Task1 Go to the Knowledge Center tab of the McAfee ServicePortal at http://support.mcafee.com.
2 In the Knowledge Base pane, click a content source:
• Product Documentation to find user documentation
• Technical Articles to find KnowledgeBase articles
3 Select Do not clear my filters.
4 Enter a product, select a version, then click Search to display a list of documents.
PrefaceFind product documentation
6 McAfee Enterprise Security Manager 9.5.0 Installation Guide
1Introduction
This guide describes how to install and set up these devices:
• McAfee® Nitro Intrusion Prevention System(IPS)
• McAfee Enterprise Log Manager (ELM)
• McAfee® Enterprise Security Manager(McAfee ESM)
• McAfee Advanced Correlation Editor (ACE)
• McAfee Event Receiver • McAfee Direct Attached Storage (DAS)
• McAfee ESM/Event Receiver (ESMREC) • McAfee Receiver/ELM (ELMERC)
• McAfee Database Event Monitor (DEM) • McAfee ESM/Receiver/ELM (ESMELM)
• McAfee Application Data Monitor (ADM)
It is divided into two main sections:
• Installing a McAfee ESM device, which provides you with the steps to follow to inspect, mount,connect, and start the device.
• Setting up a McAfee ESM device, which describes how to configure the network interface for eachdevice type, configure for IPv6, log on to the McAfee ESM console, and key the device.
1
McAfee Enterprise Security Manager 9.5.0 Installation Guide 7
1 Introduction
8 McAfee Enterprise Security Manager 9.5.0 Installation Guide
2Installing McAfee ESM devices
You must install your McAfee devices before you can use them to protect your network from intrusionsor collect network data. These installation instructions apply to all current models of McAfee ESMdevices.
Contents Preparing to install McAfee ESM devices Connect and start the devices
Preparing to install McAfee ESM devicesBefore you install devices, verify that your system meets minimum requirements and that theequipment was not damaged during shipping. Select the location to set up the equipment.
Hardware and software requirementsYour system must meet the minimum hardware and software requirements.
System requirements
• Processor — P4 class (not Celeron) or higher (Mobile/Xeon/Core2,Corei3/5/7) or AMD AM2 class orhigher (Turion64/Athlon64/Opteron64,A4/6/8)
• RAM — 1.5 GB
• Windows Operating System — Windows 2000, Windows XP, Windows 2003 Server, Windows Vista,Windows 2008 Server, Windows Server 2012, Windows 7, Windows 8, Windows 8.1
• Browser — Internet Explorer 7.x or later, Mozilla Firefox 3.0.0.0 or later, Google Chrome12.0.742.91 or later
• Flash Player — Version 11.2.x.x or later
ESM features use pop-up windows when uploading or downloading files. Disable the pop-up blocker forthe IP address or host name of your ESM.
2
McAfee Enterprise Security Manager 9.5.0 Installation Guide 9
Virtual Machine requirements
• Processor — 8 cores 64-bit, Dual Core2/Nehalem, or higher or AMD Dual Athlon64/Dual Opteron64or higher
• RAM — Depends on the model (4 GB or more)
• Disk space — Depends on the model (250 GB or more)
• ESXi 5.0 or later
• Thick versus thin provisioning — You must decide the hard disk requirements needed for yourserver. The minimum requirement is 250 GB unless the VM purchased has more. See thespecifications for your VM product.
The ENMELM VM uses many features that require CPU and RAM. If the ESXi environment shares theCPU/RAM requirements with other VMs, the performance of the ENMELM VM is impacted. Make surethat you include what the CPU and RAM need within the requirements.
Inspect packaging and deviceBefore installing your equipment, make sure that there is no sign of damage or tampering.
Task1 As soon as you receive your device, inspect the packaging and the device for signs of damage or
mishandling.
If you are performing a FIPS installation, inspect the tamper-evident packing tape that is securingthe shipping container. If there is evidence of tampering, contact McAfee Support immediately forinstructions, and do not install the product.
2 Verify that all items listed on the packing slip are included in the package.
3 When performing a FIPS installation, find the tamper-evident seal in the shipping container'saccessories package. Apply the seal so it completely blocks the USB ports, preventing their usewithout leaving evidence of tampering (see Diagram 1).
Diagram 1: Placement of third tamper-evident seal.
Contact McAfee Support immediately if not fully satisfied with the inspection.
Identifying a location for installationYou must analyze your existing network and identify a network and physical location for your device.Proper location selection impacts the effective use of your devices.
When selecting a location for your devices:
2 Installing McAfee ESM devicesPreparing to install McAfee ESM devices
10 McAfee Enterprise Security Manager 9.5.0 Installation Guide
• Install your ESM device in a network location where it can manage devices and be accessible byany systems accessing the ESM. If direct communication between devices managed by the ESM orsystems running ESM is not possible, configure your network to route network traffic betweenthem.
• Place the Nitro IPS device between the trusted and untrusted sides of your network. Trusted is theside you want to protect and untrusted is the side you intend to leave unprotected. For example,you could locate your Nitro IPS between your firewall (untrusted side) and your switch (trustedside). Because network configurations vary greatly, the location you select depends on yourindividual security requirements and network environment.
This equipment is intended for installation in a restricted-access location.
• Your Receiver and DEM devices must be accessible to the devices they are monitoring. If directcommunication isn't possible, you must configure your network to allow proper routing of networktraffic between them.
Connect and start the devicesAfter inspecting the device and identifying the preferred location for installation, perform the steps inthis section to install it.
Task1 Mount the device.
To protect the device and the cabling from accidental damage or disconnection, mount the device ina rack (see Appendix F - Install AXXVRAIL rail set).
a Prepare a space for the device in the mounting location.
b Mount the device securely in the location you selected.
2 Connect the power supply to the device. Properly install and ground the equipment in accordancewith this instruction manual and national, state, and local codes.
We highly recommend connecting all ESM devices to an uninterruptible power supply (UPS).Redundant power cords and power modules operating at normal conditions balances the load sharethrough its parallel design, resulting in a reliable power system. Since the Nitro IPS device is inline,it must be connected to a UPS.
3 Start the device.
a Cable with turn off and make sure that traffic is passing.
b Turn on the device.
4 Select the network cable.
Installing McAfee ESM devicesConnect and start the devices 2
McAfee Enterprise Security Manager 9.5.0 Installation Guide 11
5 Connect the cables to the untrusted and trusted ports. If you are connecting fiber cables, removethe cable and network connector covers only when you are ready to connect the cables.
6 Verify the connectivity of the device by pinging from the trusted side of your network to a valid IPaddress on the untrusted side.
See also Identifying connector and equipment types on page 12Identifying network cables on page 12Identifying network ports on page 13
Identifying connector and equipment typesYou can connect your Nitro IPS device to the network using either copper or fiber connectors,depending on the model of your device.
Table 2-1 Connection type per device
Nitro IPS model Connector type
TX RJ-45 (Copper)
SX LC-Multimode (Fiber)
LX LC-Singlemode (Fiber)
Connect your ESM, Receiver, and DEM devices to the network using copper connectors, and identifythe copper or fiber cables by looking at the connectors. The CAT5 copper cable has RJ-45 connectors(1) while LC fiber cable uses fiber connectors (2).
We recommend using CAT5 or higher for your copper connection. For gigabit connection, werecommend CAT5e.
Equipment type
There are two types of equipment you can connect your ESM devices to: Data Circuit-TerminatingEquipment (DCE) and Data Terminal Equipment (DTE). Firewall and routers are DTE and switches areDCE. The ESM devices are DTE.
Identifying network cablesIf your device uses a fiber connection, you must select the fiber cables and connect them to the ports.If your device uses a copper connection, use either a straight-through or a crossover copper cable.
To connect an ESM device RJ-45 port to DCE, use a straight-through cable. To connect to a DTE, use acrossover cable. To distinguish between a straight-through and crossover cable, hold the two ends ofthe cable as illustrated:
2 Installing McAfee ESM devicesConnect and start the devices
12 McAfee Enterprise Security Manager 9.5.0 Installation Guide
On a straight-through cable, the colored wires are the same sequence at both ends. On a crossovercable, the first (far left) colored wire at one end is the same color as the third wire at the other end ofthe cable.
Identifying network portsAfter identifying the cables you need for your network, identify the ports in the McAfee device that youconnect these cables to.
Always turn off any laser sources before you inspect fiber connectors, optical components, orbulkheads. Fiber optic laser radiation might be emitted from connected fiber cables or connectors. Donot stare directly into fiber optic equipment. Always keep a protective cap on unplugged fiberconnectors.
The devices contain management ports so they can be managed from McAfee ESM. In addition, yourNitro IPS and ADM devices contain trusted and untrusted ports to connect the device to the trustedand untrusted sides of your network.
To identify the management ports and the trusted and untrusted ports on all your devices, see thistable.
Device type Model number Figure
ACE ACE-2600 or 3450 2-8
ADM APM-1250, 1260 2-1
APM-3450, 3460 2-3
DEM DSM-2600 or 3450 2-3
DSM-4600 2-4
ELM ELM-4600, 5600 or 6000 2-8
ELM/Receiver ELMERC-2600, 3450, or 4600 2-8
ESM/ELM ENMELM- 4600, 5600, or 6000 2-8
ESM or ESM/Receiver combo ETM-5600, 6000, X4, or X6 2-8
DAS-10, 25, 50, or 100 2-9
IPS NTP-1250 2-2
NTP-2600, 3450-4BTX 2-3
NTP-2600, 3450-8BTX 2-4
NTP-2600, 3450-4BSX 2-5
Installing McAfee ESM devicesConnect and start the devices 2
McAfee Enterprise Security Manager 9.5.0 Installation Guide 13
Device type Model number Figure
NTP-3450-2BSX 2-6
McAfee Reporter ERU-5600 2-8
Receiver ERC-1250,1260 2-2
ERC-2600, 3450, or 4600 2-7
Receiver-HA 1U HA - ERC-1250-HA, 1260-HA 2-10, 2-11
2U HA - ERC-2600 or 4600-HA 2-12, 2-13
1 IPMI 4 Trusted
2 Mgmt 2 5 Untrusted
3 Mgmt 1
Figure 2-1 NTP-1250
1 IPMI
2 Mgmt 2
3 Mgmt 1
For APM-1250 and 1260 devices, ports 4-7 are collection (sniffer) ports not management ports.
For ERC-1250 devices, ports 4-7 are additional management ports.
Figure 2-2 ERC-1250, APM-1250, 1260
2 Installing McAfee ESM devicesConnect and start the devices
14 McAfee Enterprise Security Manager 9.5.0 Installation Guide
1 Trusted 5 Unused
2 Untrusted 6 Unused
3 Mgmt 1 7 Unused
4 Mgmt 2
Figure 2-3 NTP-2600/3450-4BTX, 3460
1 Trusted 6 Mgmt 2
2 Untrusted 7 Unused
3 Trusted 8 Unused
4 Untrusted 9 Unused
5 Mgmt 1
Figure 2-4 NTP-2600/3450-8BTX, DSM-4600
1 Trusted
2 Untrusted
Installing McAfee ESM devicesConnect and start the devices 2
McAfee Enterprise Security Manager 9.5.0 Installation Guide 15
3 Mgmt 1
4 Mgmt 2
Figure 2-5 NTP-2600/3450-4BSX
1 Trusted
2 Untrusted
3 Mgmt 1
4 Mgmt 2
Figure 2-6 NTP-3450-2BSX
1 IPMI NIC 5 Mgmt
2 HB 6 Data
2 Installing McAfee ESM devicesConnect and start the devices
16 McAfee Enterprise Security Manager 9.5.0 Installation Guide
3 Mgmt 2 7 IPMI
4 Mgmt 3
For DSM-2600/3450 and APM-3450/3460devices, ports 4-7 are collection (sniffer) ports notmanagement ports.
Figure 2-7 ERC-2600/3450/4600, DSM-2600/3450, and APM-3450/3460
Installing McAfee ESM devicesConnect and start the devices 2
McAfee Enterprise Security Manager 9.5.0 Installation Guide 17
1 Mgmt 1
2 Mgmt 2
Figure 2-8 ETM-5600/6000/X4/X6, ELMERC-2600/3450/4600, ELM-4600/5600/6000, ACE-2600/3450, ENMELM-4600/5600/6000, ERU-5600
Figure 2-9 DAS data cables
2 Installing McAfee ESM devicesConnect and start the devices
18 McAfee Enterprise Security Manager 9.5.0 Installation Guide
1 Primary IPMI 4 Secondary IPMI
2 Mgmt 2 5 Heart Beat (HB)
3 Mgmt 1 6 Mgmt 3
Figure 2-10 Step 1: Create connection between 1U HA receivers
1 IPMI 5 MGMT4 (eth3)
2 MGMT2 (eth1) 6 MGMT5 (eth4)
Installing McAfee ESM devicesConnect and start the devices 2
McAfee Enterprise Security Manager 9.5.0 Installation Guide 19
3 MGMT1 (eth0) 7 MGMT6 (eth5)
4 MGMT3 (eth2)
Figure 2-11 Step 2: Connect 1U HA receivers to the network switch/router
1 IPMI 5 MGMT4 (eth3)
2 MGMT2 (eth1) 6 MGMT5 (eth4)
2 Installing McAfee ESM devicesConnect and start the devices
20 McAfee Enterprise Security Manager 9.5.0 Installation Guide
3 MGMT1 (eth0) 7 MGMT6 (eth5)
4 MGMT3 (eth2)
Figure 2-12 Step 1: Create connection between 2U HA receivers
1 IPMI 5 MGMT4 (eth3)
2 MGMT2 (eth1) 6 MGMT5 (eth4)
3 MGMT1 (eth0) 7 MGMT6 (eth5)
4 MGMT3 (eth2)
Figure 2-13 Step 2: Connect 2U HA receivers to the network switch/router
See also Identifying a location for installation on page 10
Installing McAfee ESM devicesConnect and start the devices 2
McAfee Enterprise Security Manager 9.5.0 Installation Guide 21
2 Installing McAfee ESM devicesConnect and start the devices
22 McAfee Enterprise Security Manager 9.5.0 Installation Guide
3Setting up McAfee ESM devices
Setting up the devices is essential for proper operation. To set them up, configure IPv6 and thenetwork interface for each device type, and log on to McAfee ESM.
Contents Configure the network interface on the Nitro IPS Configure the network interface on the Receiver, ELM, and ACE Configure the network interface on the DEM and ADM Configure the network interface on the ESM Configure for IPv6 Log on to McAfee ESM console
Configure the network interface on the Nitro IPSFollow these steps to configure your IP information.
Before you beginTurn on the Nitro IPS and ensure that the boot process is complete. Attach a monitor andkeyboard to the device.
Task1 Press Alt + F1 to go to the LCD page, then press Esc twice.
2 Scroll down to MGT IP Conf and press Enter.
3 Select Mgt 1 and press Enter.
4 On the Active menu, select IP Address and press Enter.
5 Set the value and press Enter.
6 Scroll down to Netmask and set the value.
7 Scroll down to Done and press Enter.
8 Scroll down to Gateway and press Enter.
3
McAfee Enterprise Security Manager 9.5.0 Installation Guide 23
9 Set the gateway address, scroll down to Done, and press Enter.
10 Scroll down to Port Number, set the value, and press Enter.
Make note of the new port number and enter it when keying the device. If the system operates inFIPS mode, do not change the communication port number.
11 Scroll down to Save Changes and press Enter.
Configure the network interface on the Receiver, ELM, and ACEFollow these steps to configure the network interface on a Receiver, ELM, or ACE device.
Before you beginAttach a monitor and keyboard to the device.
Task1 Press Alt + F1 to go to the LCD page, press Esc twice, then scroll down to MGT IP Conf and press Enter.
2 Select Mgt 1 and press Enter, then select IP Address and press Enter.
3 Set the value and press Enter.
4 Scroll down to Netmask and set the value.
5 Scroll down to Done and press Enter.
6 Scroll down to Gateway and press Enter.
7 Set the gateway address, scroll down to Done, and press Enter.
8 Scroll down to DNS 1, press Enter, and set the value.
9 Scroll down to Done and press Enter.
10 If in FIPS mode, scroll down to Port Number, change the value if needed, and press Enter.
Make note of the new port number. Enter it when keying the device. Do not change the TCPcommunication port.
11 Scroll down to Save Changes and press Enter.
Configure the network interface on the DEM and ADMFollow these steps to configure the network interface on a DEM or ADM device.
Before you beginAttach a monitor and keyboard to the device.
Task1 Press Alt + F1 to go to the LCD page, then press Esc twice.
2 Scroll down to MGT IP Conf and press Enter.
3 Select Mgt 1 and press Enter.
3 Setting up McAfee ESM devicesConfigure the network interface on the Receiver, ELM, and ACE
24 McAfee Enterprise Security Manager 9.5.0 Installation Guide
4 On the Active menu, select IP Address and press Enter.
5 Set the value and press Enter.
6 Scroll down to Netmask and set the value.
7 Scroll down to Done and press Enter.
8 Scroll down to Gateway and press Enter.
9 Set the gateway address, scroll down to Done, and press Enter.
10 If in FIPS mode, scroll down to Port Number, change the value if needed, and press Enter.
Make note of the new port number and enter it when keying the device. Do not change the TCPcommunication port.
11 Scroll down to Save Changes and press Enter.
Configure the network interface on the ESMFollow these steps to configure the network interface on an ESM.
Before you beginTurn on the ESM and make sure that the restart process is complete, then attach a monitorand keyboard to the device.
Task1 Press Alt + F1 to go to the LCD page, press Esc twice, then scroll down to MGT IP Conf and press Enter.
2 Select Mgt 1 and press Enter, then select IP Address and press Enter.
3 Set the value and press Enter.
4 Scroll down to Netmask and set the value.
5 Scroll down to Done and press Enter.
6 Scroll down to Gateway and press Enter.
7 Set the gateway address, scroll down to Done, and press Enter.
8 Scroll down to DNS 1, press Enter, and set the value.
9 Scroll down to Done and press Enter.
10 Scroll down to Save Changes and press Enter.
Setting up McAfee ESM devicesConfigure the network interface on the ESM 3
McAfee Enterprise Security Manager 9.5.0 Installation Guide 25
Configure for IPv6If you want to use IPv6 on any of your devices and your network supports IPv6 stateless autoconfiguration, configure your system to manage IPv6.
Before you beginAttach a monitor and keyboard to the device.
To manually configure an address for the ESM, see the Network Settings section in the McAfeeEnterprise Security ManagerProduct Guide. To manually configure an address for each type of device,see the Interfaces section for the specific device.
Task1 Press Alt + F1 to go to the LCD page, then press Esc twice.
2 Scroll down to IPv6 Config and press Enter.
3 Select Mgt 1 and press Enter.
4 Scroll down to Save and press Enter.
5 To locate the automatically configured IPv6 address:
a Start the device and wait for the menu to load.
b Scroll down to MGT IP Conf and press Enter.
c Scroll down to IPv6 Global and press Enter.
d Confirm the IPv6 address, then press Enter to return to the menu.
e Scroll down to Done and press Enter.
f Scroll down to Cancel Changes and press Enter.
Log on to McAfee ESM consoleWhen you have installed and set up ESM and devices, you can log on the console to begin configuringthe system and device settings.
Before you beginVerify whether you are required to operate the system in FIPS mode (see Step 5).
Task1 Open a web browser on your client computer and go to the IP address you set when you configured
the network interface.
2 Click Login, select the language for the console, then type the default user name and password.
• Default user name: NGCP
• Default password: security.4u
3 Click Login, read the End User License Agreement, then click Accept.
4 When prompted, change your user name and password, then click OK.
3 Setting up McAfee ESM devicesConfigure for IPv6
26 McAfee Enterprise Security Manager 9.5.0 Installation Guide
5 Select whether to enable FIPS mode.
If you must work in FIPS mode, enable it the first time you log on so all future communication withMcAfee devices is in FIPS mode. Do not enable FIPS mode if you are not required to. For moreinformation on FIPS, see Appendix A.
6 Follow the instructions that appear to obtain your user name and password, which are necessaryfor access to rule updates.
7 Perform initial ESM configuration:
a Select the language to be used for system logs.
b Select the time zone this ESM is in and the date format to be used with this account, then clickNext.
c Define the settings on the five Initial ESM Configuration wizard pages, clicking the Help icon oneach page for instructions.
8 Click OK.
You are ready to key and configure the devices. See the McAfee Enterprise Security Manager ProductGuide.
Setting up McAfee ESM devicesLog on to McAfee ESM console 3
McAfee Enterprise Security Manager 9.5.0 Installation Guide 27
3 Setting up McAfee ESM devicesLog on to McAfee ESM console
28 McAfee Enterprise Security Manager 9.5.0 Installation Guide
AAbout FIPS mode
The Federal Information Processing Standard (FIPS) consists of publicly announced standardsdeveloped by the United States Federal government. If you are required to meet these standards, youmust operate this system in FIPS mode.
FIPS mode must be selected the first time you log on to the system and can't subsequently be changed.
Contents FIPS mode information Select FIPS mode Check FIPS integrity Adding a keyed device in FIPS mode Troubleshooting FIPS mode
McAfee Enterprise Security Manager 9.5.0 Installation Guide 29
FIPS mode informationDue to FIPS regulations, some ESM features aren't available, some available features are notcompliant, and some features are only available when in FIPS mode. These features are notedthroughout the document and are listed here.
Featurestatus
Description
Removedfeatures
• High Availability Receivers.
• GUI Terminal.
• Ability to communicate with the device using SSH protocol.
• On the device console, the root shell is replaced by a device management menu.
Featuresavailable only inFIPS mode
• There are four user roles that do not overlap: User, Power User, Audit Admin, and Key &Certificate Admin.
• All Properties pages have a Self-Test option that allows you to verify that the system isoperating successfully in FIPS mode.
• If FIPS failure occurs, a status flag is added to the system navigation tree to reflectthis failure.
• All Properties pages have a View option that, when clicked, opens the FIPS Identity Tokenpage. It displays a value that must be compared to the value shown in thosesections of the document to ensure that FIPS hasn't been compromised.
• On System Properties | Users and Groups | Privileges | Edit Group, the page includes the FIPSEncryption Self Test privilege, which gives the group members the authorization to runFIPS self-tests.
• When you click Import Key or Export Key on IPS Properties | Key Management, you areprompted to select the type of key you want to import or export.
• On the Add Device Wizard, TCP protocol is always set to Port 22. The SSH port can bechanged.
Select FIPS modeThe first time you log on to the system you are prompted to select whether you want the system tooperate in FIPS mode. Once this selection is made, it can't be changed.
TaskFor option definitions, click ? in the interface.
1 The first time you log on to the ESM:
a In the Username field, type NGCP.
b In the Password field, type security.4u.
You are prompted to change your password.
2 Enter and confirm your new password.
A About FIPS modeFIPS mode information
30 McAfee Enterprise Security Manager 9.5.0 Installation Guide
3 On the Enable FIPS page, click Yes.
The Enable FIPS warning displays information requesting confirmation that you want this system tooperate in FIPS mode permanently.
4 Click Yes to confirm your selection.
Check FIPS integrityIf you are operating in FIPS mode, FIPS 140-2 requires software integrity testing on a regular basis.This testing must be performed on the system and each device.
TaskFor option definitions, click ? in the interface.
1 On the system navigation tree, select System Properties, and make sure that System Information isselected.
2 Do any of the following.
Inthisfield...
Do this...
FIPSStatus
View the results of the most recent FIPS self-test performed on the ESM.
Test orFIPSSelf-Test
Run the FIPS self-tests, which test the integrity of the algorithms used within thecrypto-executable. The results can be viewed on the Message Log.
If the FIPS self-test fails, FIPS is compromised or device failure is occurring. Contact McAfeeSupport.
View orFIPSIdentity
Open the FIPS Identity Token page to perform power-up software integrity testing. Compare thevalue below to the public key that appears on this page:
If this value and the public key don't match, FIPS is compromised. Contact McAfee Support.
About FIPS modeCheck FIPS integrity A
McAfee Enterprise Security Manager 9.5.0 Installation Guide 31
Adding a keyed device in FIPS mode There are two methods in FIPS mode to add a device that has already been keyed to an ESM. Thisterminology and file extensions are useful as you follow these processes.
Terminology
• Device key — Contains the management rights that an ESM has for a device, and is not used forcrypto.
• Public key — The ESM public SSH communication key, which is stored in the authorized keys table ofa device.
• Private key — The ESM private SSH communication key, which is used by the SSH executable on anESM to establish the SSH connection with a device.
• Primary ESM — The ESM that was originally used to register the device.
• Secondary ESM — The additional ESM that communicates with the device.
File extensions for the different export files
• .exk — Contains the device key.
• .puk — Contains the public key.
• .prk — Contains the private key and the device key.
Backup and restore information for a device in FIPS modeThis method is used to back up and restore communication information for a device on the ESM.
It is primarily intended for use in the event of a failure that requires ESM replacement. If thecommunication information is not exported prior to the failure, communication with the device can't bere-established. This method exports and imports the .prk file.
The private key for the primary ESM is used by the secondary ESM to establish communication withthe device initially. Once communication is established, the secondary ESM copies its public key to thedevice's authorized keys table. The secondary ESM then erases the private key for the primary ESM,and initiates communication with its own public or private key pair.
A About FIPS modeAdding a keyed device in FIPS mode
32 McAfee Enterprise Security Manager 9.5.0 Installation Guide
Action Steps
Export the .prkfile from theprimary ESM
1 On the system navigation tree of the primary ESM, select the device withcommunication information you want to back up, then click the Properties icon.
2 Select Key Management, then click Export Key.
3 Select Backup SSH Private key, then click Next.
4 Type and confirm a password, then set the expiration date.
After the expiration date passes, the person who imports the key is unable tocommunicate with the device until another key is exported with a future expirationdate. If you select Never Expire, the key never expires if imported into another ESM.
5 Click OK, select the location to save the .prk file created by the ESM, then log outof the primary ESM.
Add a device tothe secondaryESM and importthe .prk file
1 On the system navigation tree of the secondary device, select the system orgroup level node you want to add the device to.
2 From the actions toolbar, click Add Device.
3 Select the type of device that you want to add, then click Next.
4 Enter a name for the device that is unique in this group, then click Next.
5 Enter the target IP address of the device, enter the FIPS communication port,then click Next.
6 Click Import Key, browse to the previously exported .prk file, then click Upload.
Type the password specified when this key was initially exported.
7 Log out of the secondary ESM.
Enable communication with multiple ESM devices in FIPS modeYou can allow multiple ESMs to communicate with the same device by exporting and importing .pukand .exk files.
This method uses two export and import processes. First, the primary ESM is used to import thesecondary ESM device exported .puk file and send the contained secondary ESM public key to thedevice, thus allowing both ESM devices to communicate with the device. Second, the device's .exk fileis exported from the primary ESM and imported into the secondary ESM, thus giving the secondaryESM the ability to communicate with the device.
About FIPS modeAdding a keyed device in FIPS mode A
McAfee Enterprise Security Manager 9.5.0 Installation Guide 33
Action Steps
Export the .puk filefrom the secondaryESM
1 On the System Properties page of the secondary ESM, select ESM Management.
2 Click Export SSH, then select the location to save the .puk file.
3 Click Save, then log out.
Import the .puk fileto the primary ESM
1 In the system navigation tree of the primary ESM, select the device you wantto configure.
2 Click the Properties icon, then select Key Management.
3 Click Manage SSH Keys.
4 Click Import, select the .puk file, then click Upload.
5 Click OK, then log out of the primary ESM.
Export thedevice's .exk filefrom the primaryESM
1 In the system navigation tree of the primary ESM, select the device you wantto configure.
2 Click the Properties icon, then select Key Management.
3 Click Export Key, select the backup device key, then click Next.
4 Type and confirm a password, then set the expiration date.
After the expiration date passes, the person who imports the key is unable tocommunicate with the device until another key is exported with a futureexpiration date. If you select Never Expire, the key never expires if imported intoanother ESM.
5 Select the .exk file privileges, then click OK.
6 Select the location to save this file, then log out of the primary ESM.
Import the .exk fileto the secondaryESM
1 In the system navigation tree of the secondary device, select the system orgroup level node that you want to add the device to.
2 From the actions toolbar, click Add Device.
3 Select the type of device you want to add, then click Next.
4 Enter a name for the device that's unique to this group, then click Next.
5 Click Import Key, then browse to the .exk file.
6 Click Upload and enter the password that was specified when this key wasinitially exported.
7 Log out of the secondary ESM.
A About FIPS modeAdding a keyed device in FIPS mode
34 McAfee Enterprise Security Manager 9.5.0 Installation Guide
Troubleshooting FIPS modeIssues might arise when operating the ESM in FIPS mode.
Issue Description and resolution
Can't talk tothe ESM
• Check the LCD on the front of the device. If it says FIPS Failure, contact McAfeeSupport.
• Check for an error condition through the HTTP interface by viewing the ESM FIPSSelf-test webpage in a browser.- If a single digit 0 is displayed, indicating that the device has failed a FIPS self-test,reboot the ESM device and attempt to correct the problem. If the failure conditionpersists, contact Support for further instructions.
- If a single digit 1 is displayed, the communication problem is not due to FIPSfailure. Contact Support for further troubleshooting steps.
Can't talk tothe device
• If there is a status flag next to the device on the system navigation tree, place thecursor over it. If it says FIPS Failure, contact McAfee Support by going to the supportportal.
• Follow the description under the Can't talk to the ESM issue.
The file is invaliderror whenadding adevice
You cannot export a key from a non-FIPS device and then import it to a deviceoperating in FIPS mode. Also, you cannot export a key from an FIPS device and thenimport it to a non-FIPS device. This error appears when you attempt either scenario.
About FIPS modeTroubleshooting FIPS mode A
McAfee Enterprise Security Manager 9.5.0 Installation Guide 35
A About FIPS modeTroubleshooting FIPS mode
36 McAfee Enterprise Security Manager 9.5.0 Installation Guide
BVM ESXi requirements
The VM must meet the following minimum requirements.
• Processor — 8 cores or higher, depending on model, 64-bit, Dual Core2/Nehalem or higher or AMDDual Athlon64/Dual Opteron64 or later
• RAM — Depends on the model (4 GB or more)
• Disk — Depends on the model (250 GB or more)
• ESXI — 5.0 or later
You can select the hard disk requirement needs for your server. But, the VM requirement depends onthe model of the device (250 GB or more). If you don't have a minimum of 250 GB available, youreceive an error when deploying the VM.
The VM uses many features that require CPU and RAM. If the ESXi environment in any way shares theCPU or RAM requirements with other VMs, the performance of the VM is impacted. Plan CPU and RAMneeds within the requirements outlined here.
McAfee recommends setting the provisioning option to Thick.
Contents VM models Stripe the storage drive Install the virtual machine Configure the virtual machine Key the VM device
McAfee Enterprise Security Manager 9.5.0 Installation Guide 37
VM modelsThis table lists the available VM models, how many events per second (EPS) each model can process,the recommended mechanical storage, the storage capacity of the solid-state drive (SSD), and therequirements for the platform that runs the VM.
Modelnumber
EPScapacity Mechanical storage SSD Platform requirements
ELU4ELU12
1,0005,000
Recommended VMenvironment of 250GBRecommended VM
Environment of 500GB minimum
None240 GBminimum
VMware ESX/ESXi Server v.5.x+,8 processor cores
(Intel® Xeon® Processor E5 or E7),4 GB of memory
VMware ESX/ESXi Server v.5.x+,12 processor cores
(Intel® Xeon® Processor E5 or E7),64 GB of memory
ENU4ENU12
ENU32
1,500*40,000*
85,000*
Recommended VMenvironment of 250GB
Recommended VMenvironment of 500GB minimum
Recommended VMenvironment of 2 TBminimum
None
480 GBminimum
3 TBminimum
VMware ESX/ESXi Server v.5.x+,8 processor cores
(Intel® Xeon® Processor E5 or E7),4 GB of memory
VMware ESX/ESXi Server v.5.x+,12 processor cores
(Intel® Xeon® Processor E5 or E7),64 GB of memory
VMware ESX/ESXi Server v.5.x+,32 processor cores
(Intel® Xeon® Processor E5 or E7),96 GB of memory
ELM4
ELM12
ELM32
1,500*
30,000*
70,000*
Recommended VMenvironment of 250GB
Recommended VMenvironment of 500GB minimum
Recommended VMenvironment of 2 TBminimum
None
480 GBminimum
3 TBminimum
VMware ESX/ESXi Server v.5.x+,8 processor cores
(Intel® Xeon® Processor E5 or E7),4 GB of memory
VMware ESX/ESXi Server v.5.x+,12 processor cores
(Intel® Xeon® Processor E5 or E7),64 GB of memory
VMware ESX/ESXi Server v.5.x+,32 processor cores
(Intel® Xeon® Processor E5 or E7),96 GB of memory
B VM ESXi requirementsVM models
38 McAfee Enterprise Security Manager 9.5.0 Installation Guide
Modelnumber
EPScapacity Mechanical storage SSD Platform requirements
EV2
EV5
EV10
500
5,000
15,000
Recommended VMEnvironment of 250GB
Recommended VMEnvironment of 500GB minimum
Recommended VMEnvironment of 2 TBminimum
None
480 GBminimum
3 TBminimum
VMware ESX/ESXi Server v.5.x+,8 processor cores
(Intel® Xeon® Processor E5 or E7),4 GB of memory
VMware ESX/ESXi Server v.5.x+,12 processor cores
(Intel® Xeon® Processor E5 or E7),64 GB of memory
VMware ESX/ESXi Server v.5.x+,32 processor cores
(Intel® Xeon® Processor E5 or E7),96 GB of memory
ELMERCVM4
ELMERCVM12
1,500
5,000
Recommended VMEnvironment of 250GB
Recommended VMEnvironment of 500GB minimum
None
240 GBminimum
VMware ESX/ESXi Server v.5.x+,8 processor cores
(Intel® Xeon® Processor E5 or E7),4 GB of memory
VMware ESX/ESXi Server v.5.x+,12 processor cores
(Intel® Xeon® Processor E5 or E7),64 GB of memory
ACV12
ACV32
<30,000*
<80,000*
Recommended VMenvironment of 250GB
Recommended VMenvironment of 500GB minimum
480 GBminimum
3 TBminimum
VMware ESX/ESXi Server v.5.x+,12 processor cores
(Intel® Xeon® Processor E5 or E7),64 GB of memory
VMware ESX/ESXi Server v.5.x+,32 processor cores
(Intel® Xeon® Processor E5 or E7),96 GB of memory
APM4
APM12
250 Mbps
500 Mbps
Recommended VMenvironment of 250GB
Recommended VMenvironment of 500GB minimum
None
480 GBminimum
VMware ESX/ESXi Server v.5.x+,8 processor cores
(Intel® Xeon® Processor E5 or E7),4 GB of memory
VMware ESX/ESXi Server v.5.x+,12 processor cores
(Intel® Xeon® Processor E5 or E7),64 GB of memory
VM ESXi requirementsVM models B
McAfee Enterprise Security Manager 9.5.0 Installation Guide 39
Stripe the storage driveIf the model is more than 250 GB and needs the 256 MB to 2 MB setting, stripe the virtual machine'sstorage drive.
Task1 Select the ESX server, click the Configuration tab, then click Storage in the Hardware section.
The VM uses many features that require CPU and RAM. If the ESXi environment shares the CPU/RAMrequirements with other VMs, the performance of the VM is impacted. Plan CPU and RAM needswithin the requirements.
2 Click Add Storage, then select Disk/LUN.
3 Select an available disk, then select the correct option for your available disk space. Use 'Free space'for an existing drive or Use all available partitions for an available drive.
You can select the hard disk requirement needs for your server but the requirement for the VM is500 GB. If you do not have 500 GB available, you receive an error when deploying the VM. McAfeerecommends setting the provisioning to Thick.
4 Give the storage drive a name, then select 512 GB, Block size: 2 MB on the Maximum file size drop-down listto make sure that the 500-GB drive space is available.
Install the virtual machineOnce you install and key a VM, it mimics normal ESM operation.
Before you beginVerify that your equipment meets minimum requirements.
Task1 Access the root of the CD drive (for CD installation) or download the files provided by McAfee
support to the local computer.
2 In vSphere Client, click the server IP address in the device tree.
3 Click File and select Deploy OVF Template.
4 Designate the name, the folder to install the VM, the disk provisioning setting, and the VM Networkingoption.
5 Deploy the files to the ESXi server, select the VM, and ensure the following are set on the Edit VirtualMachine setting.
6 Select the correct networking settings for your ESXi network switches/adapters, then click Play tostart the VM.
7 Using the VM menu, set MGT1 IP, netmask, gateway, and DNS addresses, then press Esc toactivate the menu.
8 Configure the network interface on the VM, save the changes before exiting the Menu window, thenkey the device.
B VM ESXi requirementsStripe the storage drive
40 McAfee Enterprise Security Manager 9.5.0 Installation Guide
Configure the virtual machineOnce you have installed the VM, configure the network interface.
Task1 Click Esc, then scroll down to MGT IP Conf on the LCD and click Enter twice.
2 Set the IP address using the arrows to change the value of the current digit and to switch betweendigits, then click Enter.
3 Scroll to Netmask and set it using the arrows.
4 Scroll to Done and click Enter. Then scroll to Gateway and click Enter.
5 Set the gateway address using the arrows, then scroll down to Done and click Enter.
6 Scroll down to DNS1, click Enter, then select the DNS server address using the arrows.
7 Scroll down to Done and press Enter.
8 To change the communication port when the system is in FIPS mode (see About FIPS Mode), pressthe down arrow twice, then press Enter.
Do not change the TCP communication port.
9 Change the port number, then press Enter.
Make note of the new port number. Enter it when keying the device.
10 Scroll to Save Changes and click Enter.
Key the VM deviceYou must key the device to establish a link between the device and the ESM.
Before you beginPhysically connect the device to your network (see Installing McAfee ESM devices).
TaskFor option definitions, click ? in the interface.
1 On the system navigation tree, click the system or a group, then click the Add Device icon in theactions pane.
2 Enter the information requested on each page of the Add Device Wizard (see Add devices to the ESMconsole in the McAfee Enterprise Security Manager Product Guide).
VM ESXi requirementsConfigure the virtual machine B
McAfee Enterprise Security Manager 9.5.0 Installation Guide 41
B VM ESXi requirementsKey the VM device
42 McAfee Enterprise Security Manager 9.5.0 Installation Guide
CInstall the qLogic 2460 or 2562 SANadapters
The qLogic QLE2460 is a single, Fibre Channel PCIe x4 adapter, rated at 4 GB. The QLE2562 is asingle, Fiber Channel PCIe x8 adapter, rated at 8 GB. They can connect directly to the SAN device orthrough a SAN switch.
Before you begin• Make sure that the SAN device or SAN switch you are attaching to auto-negotiates.
• Make sure that the SAN administrator allocates and creates space on the SAN andassigns it to the channel where the qLogic adaptor is attached. Use the World Wide PortName (WWPN) for the adaptor. The WWPN is on the adapter's card, anti-static bag, andbox.
Task1 Turn off the device where you are installing the SAN adapter.
2 Insert the adapter, then place the device back on the rack and connect the cables.
For a 3U device, insert the adapter in the slot closest to the protective memory cover.
The adapter BIOS boot message informs you that the adapter is installed and functioning. If you donot see this message or if the card does not have red, yellow, or green lights, the card is notrecognized. If so, make sure that the card is seated correctly or insert it into a different PCI slot.
3 Start the device.
The operating environment detects it and loads the QLAXXX driver. The Mounting Storage Facilitiesmessage displays OK and continues starting.
4 Using the ESM console, key the device.
When the device is keyed, the Properties page includes the SAN Volumes option.
McAfee Enterprise Security Manager 9.5.0 Installation Guide 43
C Install the qLogic 2460 or 2562 SAN adapters
44 McAfee Enterprise Security Manager 9.5.0 Installation Guide
DInstall DAS
The DAS is an add-on device to a 4xxx/5xxx/6xxx series ESM or ELM.
The DAS unit ships with a chassis and an LSI 9280-8e RAID card for:
• ETM-5205 • ENMELM-4600
• ETM-5510 • ENMELM-5205
• ETM-5600 • ENMELM-5510
• ETM-5750 • ENMELM-5600
• ETM-6000 • ENMELM-6000
• ETM-X3 • ELM-4600
• ETM-X4 • ELM-5205
• ETM-X5 • ELM-5510
• ETM-X6 • ELM-5600
• ESMREC-5205 • ELM-5750
• ESMREC-5510 • ELM-6000
Task1 Turn off the ESM following a normal shutdown procedure.
2 Pull the device from the rack and open the top case. You might need to remove a small screw atthe front or rear of the top case.
3 Install the LSI 9280-8e RAID card in slot 4 of the ESM.
• For devices with an orange face, if the Areca or 3Ware RAID card is in slot 4, move the RAIDcard to slot 6. If the McAfee ESM device has an Areca or 3Ware RAID card and also has an SSDcard installed, install the LSI 9280-8e RAID card in slot 5.
• For devices with a black face, install the card in an open slot.
4 Replace the top on the McAfee ESM and reinsert it back in the rack.
McAfee Enterprise Security Manager 9.5.0 Installation Guide 45
5 Insert the cable connectors into slot 1 and slot 2 on the LSI 9280-8e RAID card external slots. Thecable clicks into place.
6 Verify that all drives are fully inserted in the DAS, then attach the inner rails to the DAS device andinsert the device into the rack.
7 Insert the data cables into the first and third slots on the rear of the DAS device. The cables clickinto place.
8 Insert power cables, then turn on the DAS device.
9A test light appears for all drives. The drive with the red light is the “hot spare” for the DAS.
10 Turn on the McAfee ESM device and look for the LSI 9280-8e RAID card BIOS utility.
The DAS device is preformatted and doesn't require configuring a RAID set on the device. If you seea RAID not present message, call McAfee support to create the RAID.
11 Log on and run a df –h command to make sure that you have a /das1_hd drive.
On System Properties of the ESM console, the Hardware field on the System Information tab reflects theincreased size of the hard drive labeled /data_hd.
D Install DAS
46 McAfee Enterprise Security Manager 9.5.0 Installation Guide
EInstalling devices in a rack
We recommend installing devices in a rack to protect the devices and the cabling from accidentaldamage or getting disconnected.
Contents Install AXXVRAIL rail set Remove the chassis
McAfee Enterprise Security Manager 9.5.0 Installation Guide 47
Install AXXVRAIL rail setAn AXXVRAIL rail set is shipped with each device so you can install it in a rack.
Task1 Install rails in the rack.
a Pull the release button (F) to remove the inner member (D) from the slides.
ComponentsA - front bracket
B - outer member
C - rear bracket
D - inner member
E - safety locking pin
F - release button
E Installing devices in a rackInstall AXXVRAIL rail set
48 McAfee Enterprise Security Manager 9.5.0 Installation Guide
b Align the brackets to the wanted vertical position on the rack, then insert the fasteners.
c Move the ball retainer to the front of the slides.
Installing devices in a rackInstall AXXVRAIL rail set E
McAfee Enterprise Security Manager 9.5.0 Installation Guide 49
2 Install the chassis.
a Align the inner member key holes to standoffs on the chassis.
b Move the inner member in the direction shown in the following picture.
c Install the chassis to the fixed slides by pulling the release button in the inner member torelease the lock and allow the chassis to close.
E Installing devices in a rackInstall AXXVRAIL rail set
50 McAfee Enterprise Security Manager 9.5.0 Installation Guide
Remove the chassisYou can remove the chassis from the rails.
Task1 Fully extend the slides until the slides are in a locked position.
2 Pull the release button to release the lock and disconnect the inner member from the slides.
3 Press the safety locking pin to release the inner member from the chassis.
Installing devices in a rackRemove the chassis E
McAfee Enterprise Security Manager 9.5.0 Installation Guide 51
E Installing devices in a rackRemove the chassis
52 McAfee Enterprise Security Manager 9.5.0 Installation Guide
FRegulatory notices
This regulatory information applies to the different platforms you might use.
Table F-1 SuperMicro-based platforms
McAfee 1U McAfee 2U or 3U
Electromagnetic emissions FCC Class B, EN 55022 Class B,
EN 61000-3-2/-3-3
CISPR 22 Class B
FCC Class B, EN 55022 Class B,
EN 61000-3-2/-3-3
CISPR 22 Class B
Electromagnetic immunity EN 55024/CISPR 24,
(EN 61000-4-2, EN 61000-4-3,
EN 61000-4--4, EN 61000-4-5,
EN 61000-4-6, EN 61000-4-8,
EN 61000-4-11) 55024
EN 55024/CISPR 24,
(EN 61000-4-2, EN 61000-4-3,
EN 61000-4--4, EN 61000-4-5,
EN 61000-4-6, EN 61000-4-8,
EN 61000-4-11) 55024
Safety EN 60950/IEC 60950-Compliant,
UL Listed (USA)
CUL Listed (Canada)
TUV Certified (Germany)
CE Marking (Europe)
EN 60950/IEC 60950-Compliant,
UL Listed (USA)
CUL Listed (Canada)
TUV Certified (Germany)
CE Marking (Europe)
Table F-2 DAS-based platforms
DAS-50, DAS-100
Input voltage 100/240 VAC
Input frequency 50/60 Hz
Power supply 1400 W X3
Power consumption 472W@120VAC
461W@240VAC
Amps (Max) 9.4A
Altitude (Max) -45 to 9,500 feet
McAfee Enterprise Security Manager 9.5.0 Installation Guide 53
Table F-2 DAS-based platforms (continued)
DAS-50, DAS-100
Temperature (Max) 10º to 35º C (operating)
-40º to 70º C (non-operating)
Altitude -45 to 9500 feet (operating) -45 to 25,000 feet (non-operating)
BTU BTU/HR 1609
Humidity Operating — 10% to 85%
(non-condensing)
non-operating — 10% to 90%
Table F-3 Intel-based platform 1U
Parameter Limits
Operating temperature +10° C to +35° C with the maximum rate of change not to exceed10° C per hour
Non-operating temperature -40° C to +70°
Non-operating humidity 90%, non-condensing at 35° C
Acoustic noise Sound Power: 7.0 BA in an idle state at typical office ambienttemperature. (23 +/- 2 degrees C)
Shock, operating Half sine, 2 g peak, 11 msec
Shock, unpackaged Trapezoidal, 25 g, velocity change 136 inches/sec (≧ 40 lbs to > 80lbs)
Shock, packaged Non-palletized free fall in height 24 inches (≧40 lbs to > 80 lbs)
Shock, operating Half sine, 2 g peak, 11 mSec
Vibration, unpackaged 5 Hz to 500 Hz, 2.20 g RMS random
ESD +/-12kV for air discharge and 8K for contact
System cooling requirement inBTU/Hr
1660 BTU/hour
Table F-4 Intel-based platform 2U
Parameter Limits
Temperature Operating • ASHRAE Class A2 — Continuous operation. 10°C to 35°C(50°F to 95°F) with the maximum rate of change not toexceed 10°C per hour.
• ASHRAE Class A3 — Includes operation up to 40°C for up to900 hrs per year
• ASHRAE Class A4 — Includes operation up to 45°C for up to90 hrs per year
Shipping -40°C to 70°C (-40°F to 158°F)
Altitude (Operating) Support operation up to 3050 m with ASHRAE class deratings
Humidity (Shipping) 50% to 90%, non-condensing with a maximum wet bulb of28°C (at temperatures from 25°C to 35°C)
Shock Operating Half sine, 2 g, 11 mSec
Unpackaged Trapezoidal, 25 g, velocity change is based on packaged weight
F Regulatory notices
54 McAfee Enterprise Security Manager 9.5.0 Installation Guide
Table F-4 Intel-based platform 2U (continued)
Parameter Limits
Packaged Product Weight: ≥ 40 to < 80
Non-palletized free fall height = 18 inches
Palletized (single product) free fall height = NA
Vibration 5 Hz to 500 Hz2.20 g RMS random
Packaged 5 Hz to 500 Hz1.09 g RMS random
AC-DC Voltage 90 Hz to 132 V and 180 V to 264 V
Frequency 47 Hz to 63 Hz
Source Interrupt No loss of data for power line drop-out of 12 mSec
Surge non-operatingand operating
Unidirectional
Regulatory notices F
McAfee Enterprise Security Manager 9.5.0 Installation Guide 55
F Regulatory notices
56 McAfee Enterprise Security Manager 9.5.0 Installation Guide
Index
Aabout this guide 5ACE, configure network interface 24
ADM, configure network interface 24
AXXVRAIL railsinstall 48
remove chassis 51
Ccables, identify network 12
connect device 11
connector type, identify 12
conventions and icons used in this guide 5
DDAS, install 45
DEM, configure network interface 24
device, inspect 10
devicesconnect 11
set up 23
start 11
devices, identify network ports 13
documentationaudience for this guide 5product-specific, finding 6typographical conventions and icons 5
EELM, configure network interface 24
equipment type, identify 12
ESM, configure network interface 25
export and importexk file 33
puk file 33
Ffile extensions for export files 32
FIPSenable 26
FIPS modebackup information 32
FIPS mode (continued)check integrity 31
communicate with multiple ESM devices 33
enable 30
features available only in FIPS mode 30
file extensions 32
keyed device, add 32
non-compliant available features 30
removed features 30
restore information 32
select 30
terminology 32
troubleshoot 35
Hhardware, minimum requirements 9
Iinspect packaging and device 10
installidentify location 10
install deviceprepare to 9
IPv6, configure 26
Llocation for installation 10
log on to ESM console 26
MMcAfee ServicePortal, accessing 6minimum requirements for hardware and software 9
Nnetwork cables, identify 12
network interfaceconfigure DEM and ADM 24
configure ESM 25
configure Nitro IPS 23
network interface, configureACE 24
ELM 24
McAfee Enterprise Security Manager 9.5.0 Installation Guide 57
network interface, configure (continued)Receiver 24
network ports, identify for each device 13
Nitro IPS, configure network interface 23
Ppackaging, inspect 10
password for ESM console 26
platforms, regulatory notices for 53
ports, identify network for each device 13
QqLogic 2460 SAN adapter, install 43
RReceiver, configure network interface 24
regulatory notices for platforms 53
SSAN adapter, install 43
ServicePortal, finding product documentation 6software, minimum requirements 9start device 11
Ttechnical support, finding product information 6troubleshoot FIPS mode 35
Uuser name for ESM console 26
Vvirtual machine
configure 41
install 40
key 41
requirements 37
strip storage drive 40
VM models 38
VM requirements 38
Index
58 McAfee Enterprise Security Manager 9.5.0 Installation Guide
0-00