Académique Documents
Professionnel Documents
Culture Documents
COPYRIGHT
Copyright 2016 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com
TRADEMARK ATTRIBUTIONS
Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee Active
Protection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence,
McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfee
Total Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries.
Other marks and brands may be claimed as the property of others.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS
FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU
HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR
SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A
FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET
FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF
PURCHASE FOR A FULL REFUND.
Installation Guide
Contents
Preface
5
5
5
6
6
7
7
Introduction
11
23
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
11
11
12
12
13
14
14
15
23
24
24
25
25
26
29
. . . . . .
. . . . . .
. . . . . .
. . . . . .
device in FIPS
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . .
mode . . . . . . . . . . . . . .
30
30
31
32
32
VM ESXi requirements
37
37
38
38
39
Installation Guide
Contents
41
Install DAS
43
45
Regulatory notices
51
KVM requirements
55
Index
57
Installation Guide
Preface
This guide provides the information you need to work with your McAfee product.
Contents
About this guide
Find product documentation
Audience
McAfee documentation is carefully researched and written for the target audience.
The information in this guide is intended primarily for:
Administrators People who implement and enforce the company's security program.
Users People who use the computer where the software is running and can access some or all of
its features.
Conventions
This guide uses these typographical conventions and icons.
Italic
Bold
Monospace
Commands and other text that the user types; a code sample; a displayed message
Narrow Bold
Words from the product interface like options, menus, buttons, and dialog boxes
Installation Guide
Preface
Find product documentation
In the Knowledge Base pane under Content Source, click Product Documentation.
Select a product and version, then click Search to display a list of documents.
Tasks
Chinese, Simplified
Japanese
Chinese, Traditional
Korean
English
Portuguese, Brazilian
French
Spanish
German
Log on to ESM.
Click the Help icon in the upper right corner of the ESM windows or select the Help menu. The Help
displays in the language you selected.
If the Help appears in English only, localized Help is not yet available. A future update installs
localized Help.
Installation Guide
Preface
Find product documentation
Version 9.6.0
On the page with the PDF icon, scroll down until you see language links on the right side. Click the
relevant language.
Click the PDF link to open the localized version of the product document.
Click the question mark in the upper right of ESM screens to find context-sensitive Help specific
to that screen.
Use the Search field to find any word in the Help. Results appear below the Search field. Click the
relevant link to display the Help topic in the pane on the right.
Use the Contents tab (table of contents) to view a sequential list of topics in the Help.
Use the Index to find a specific term in the Help. Keywords are organized alphabetically so you
can scroll through the list until you find the keyword you want. Click the keyword to display that
Help topic.
Print the current Help topic (without scroll bars) by clicking the printer icon in the upper right of
the Help topic.
Find links to related Help topics by scrolling to the bottom of the Help topic.
Installation Guide
Preface
Find product documentation
Log on to the Knowledge Center and subscribe to the KB75608 article. You will receive
notifications when the article is changed.
For information about content packs, read the KB article on the Knowledge Center.
Installation Guide
Introduction
Installing a McAfee ESM device, which provides you with the steps to follow to inspect, mount,
connect, and start the device.
Setting up a McAfee ESM device, which describes how to configure the network interface for each
device type, configure for IPv6, log on to the McAfee ESM console, and key the device.
Installation Guide
Introduction
10
Installation Guide
You must install your McAfee devices before you can use them to protect your network from intrusions
or collect network data. These installation instructions apply to all current models of McAfee ESM
devices.
Contents
Preparing to install McAfee ESM devices
Connect and start the devices
System requirements
RAM 1.5 GB
Windows operating system Windows 2000, Windows XP, Windows 2003 Server, Windows Vista,
Windows 2008 Server, Windows Server 2012, Windows 7, Windows 8, Windows 8.1
Browser Internet Explorer 9 or later, Mozilla Firefox 9 or later, Google Chrome 33 or later
Processor 8-core 64-bit, Dual Core2/Nehalem, or higher or AMD Dual Athlon64/Dual Opteron64
or higher
Installation Guide
11
Thick versus thin provisioning You must decide the hard disk requirements for your server. The
minimum requirement is 250 GB unless the VM purchased has more. See the specifications for
your VM product.
The ENMELM VM uses many features that require CPU and RAM. If the ESXi environment shares the
CPU/RAM requirements with other VMs, the performance of the ENMELM VM is impacted. Make sure
that you include what the CPU and RAM need within the requirements.
As soon as you receive your device, inspect the packaging and the device for signs of damage or
mishandling.
If you are performing a FIPS installation, inspect the tamper-evident packing tape that is securing
the shipping container. If there is evidence of tampering, contact McAfee Support immediately for
instructions, and do not install the product.
Verify that all items listed on the packing slip are included in the package.
When performing a FIPS installation, find the tamper-evident seal in the shipping container's
accessories package. Apply the seal so it completely blocks the USB ports, preventing their use
without leaving evidence of tampering (see Diagram 1).
Diagram 1: Placement of third tamper-evident seal.
Contact McAfee Support immediately if not fully satisfied with the inspection.
12
Installation Guide
Install your ESM device in a network location where it can manage devices and be accessible by
any systems accessing the ESM. If direct communication between devices managed by the ESM or
systems running ESM is not possible, configure your network to route network traffic between
them.
Place the Nitro IPS device between the trusted and untrusted sides of your network. Trusted is the
side you want to protect and untrusted is the side you intend to leave unprotected. For example,
you could locate your Nitro IPS between your firewall (untrusted side) and your switch (trusted
side). Because network configurations vary greatly, the location you select depends on your
individual security requirements and network environment.
This equipment is intended for installation in a restricted-access location.
Your Receiver and DEM devices must be accessible to the devices they are monitoring. If direct
communication isn't possible, you must configure your network to allow proper routing of network
traffic between them.
Connect the power supply to the device. Properly install and ground the equipment in accordance
with this instruction manual and national, state, and local codes.
We highly recommend connecting all ESM devices to an uninterruptible power supply (UPS).
Redundant power cords and power modules operating at normal conditions balances the load share
through its parallel design, resulting in a reliable power system. Since the Nitro IPS device is inline,
it must be connected to a UPS.
Cable with turn off and make sure that traffic is passing.
Installation Guide
13
Connect the cables to the untrusted and trusted ports. If you are connecting fiber cables, remove
the cable and network connector covers only when you are ready to connect the cables.
Verify the connectivity of the device by pinging from the trusted side of your network to a valid IP
address on the untrusted side.
See also
Identifying connector and equipment types on page 14
Identifying network cables on page 14
Identifying network ports on page 15
Connector type
TX
RJ-45 (Copper)
SX
LC-Multimode (Fiber)
LX
LC-Singlemode (Fiber)
Connect your ESM, Receiver, and DEM devices to the network using copper connectors, and identify
the copper or fiber cables by looking at the connectors. The CAT5 copper cable has RJ-45 connectors
(1) while LC fiber cable uses fiber connectors (2).
We recommend using CAT5 or higher for your copper connection. For gigabit connection, we
recommend CAT5e.
Equipment type
There are two types of equipment you can connect your ESM devices to: Data Circuit-Terminating
Equipment (DCE) and Data Terminal Equipment (DTE). Firewall and routers are DTE and switches are
DCE. The ESM devices are DTE.
14
Installation Guide
On a straight-through cable, the colored wires are the same sequence at both ends. On a crossover
cable, the first (far left) colored wire at one end is the same color as the third wire at the other end of
the cable.
The devices contain management ports so they can be managed from McAfee ESM. In addition, your
Nitro IPS and ADM devices contain trusted and untrusted ports to connect the device to the trusted
and untrusted sides of your network.
The following images identify the management ports and the trusted and untrusted ports on your
devices.
NTP-1260
ERC-1260, APM-1260
Installation Guide
15
For APM-1250 and 1260 devices, ports 47 are collection (sniffer) ports, not management ports. For
APM-1250 devices, port 2 = Mgmt 2 and port 3 = Mgmt 1. For ERC-1250 devices, ports 47 are
management ports.
NTP-2600/3450-4BTX, 3460
For NTP-1250 and 1260 devices, ports are collection (sniffer) ports, not management ports.
NTP-2600/3450-8BTX, DSM-4600
16
Installation Guide
NTP-2600/3450-4BSX
NTP-3450-2BSX
Installation Guide
17
18
Installation Guide
Installation Guide
19
20
Installation Guide
Installation Guide
21
See also
Identifying a location for installation on page 12
22
Installation Guide
Setting up the devices is essential for proper operation. To set them up, configure IPv6 and the
network interface for each device type, and log on to McAfee ESM.
Contents
Configure the network
Configure the network
Configure the network
Configure the network
Configure for IPv6
Log on to McAfee ESM
interface
interface
interface
interface
on
on
on
on
the
the
the
the
Nitro IPS
Receiver, ELM, and ACE
DEM and ADM
ESM
console
Set the gateway address, scroll down to Done, and press Enter.
10 Scroll down to Port Number, set the value, and press Enter.
Make note of the new port number and enter it when keying the device. If the system operates in
FIPS mode, do not change the communication port number.
Installation Guide
23
Press Alt + F1 to go to the LCD page, press Esc twice, then scroll down to MGT IP Conf and press Enter.
Select Mgt 1 and press Enter, then select IP Address and press Enter.
Set the gateway address, scroll down to Done, and press Enter.
10 If in FIPS mode, scroll down to Port Number, change the value if needed, and press Enter.
Make note of the new port number. Enter it when keying the device. Do not change the TCP
communication port.
24
Installation Guide
Set the gateway address, scroll down to Done, and press Enter.
10 If in FIPS mode, scroll down to Port Number, change the value if needed, and press Enter.
Make note of the new port number and enter it when keying the device. Do not change the TCP
communication port.
Press Alt + F1 to go to the LCD page, press Esc twice, then scroll down to MGT IP Conf and press Enter.
Select Mgt 1 and press Enter, then select IP Address and press Enter.
Set the gateway address, scroll down to Done, and press Enter.
Task
1
Installation Guide
25
Confirm the IPv6 address, then press Enter to return to the menu.
Open a web browser on your client computer and go to the IP address you set when you configured
the network interface.
Click Login, select the language for the console, then type the default user name and password.
Click Login, read the End User License Agreement, then click Accept.
When prompted, change your user name and password, then click OK.
Follow the instructions that appear to obtain your user name and password, which are necessary
for access to rule updates.
Select the time zone this ESM is in and the date format to be used with this account, then click
Next.
26
Define the settings on the five Initial ESM Configuration wizard pages, clicking the Help icon
each page for instructions.
Click OK.
Installation Guide
on
You are ready to key and configure the devices. See the McAfee Enterprise Security Manager Product
Guide.
Installation Guide
27
28
Installation Guide
The Federal Information Processing Standard (FIPS) consists of publicly announced standards
developed by the United States Federal government. If you are required to meet these standards, you
must operate this system in FIPS mode.
FIPS mode must be selected the first time you log on to the system and can't subsequently be changed.
Contents
FIPS mode information
Select FIPS mode
Check FIPS integrity
Adding a keyed device in FIPS mode
Troubleshooting FIPS mode
Installation Guide
29
Description
Removed
features
Features
available only in
FIPS mode
There are four user roles that do not overlap: User, Power User, Audit Admin, and Key &
Certificate Admin.
All Properties pages have a Self-Test option that allows you to verify that the system is
operating successfully in FIPS mode.
If FIPS failure occurs, a status flag is added to the system navigation tree to reflect
this failure.
All Properties pages have a View option that, when clicked, opens the FIPS Identity Token
page. It displays a value that must be compared to the value shown in those
sections of the document to ensure that FIPS hasn't been compromised.
On System Properties | Users and Groups | Privileges | Edit Group, the page includes the FIPS
Encryption Self Test privilege, which gives the group members the authorization to run
FIPS self-tests.
When you click Import Key or Export Key on IPS Properties | Key Management, you are
prompted to select the type of key you want to import or export.
On the Add Device Wizard, TCP protocol is always set to Port 22. The SSH port can be
changed.
30
Installation Guide
On the system navigation tree, select System Properties, and make sure that System Information is
selected.
View the results of the most recent FIPS self-test performed on the ESM.
Test or Run the FIPS self-tests, which test the integrity of the algorithms used within the
FIPS
crypto-executable. The results can be viewed on the Message Log.
Self-Test
If the FIPS self-test fails, FIPS is compromised or device failure is occurring. Contact McAfee
Support.
View or
FIPS
Identity
Open the FIPS Identity Token page to perform power-up software integrity testing. Compare the
value below to the public key that appears on this page:
If this value and the public key don't match, FIPS is compromised. Contact McAfee Support.
Installation Guide
31
Terminology
Device key Contains the management rights that an ESM has for a device, and is not used for
crypto.
Public key The ESM public SSH communication key, which is stored in the authorized keys table of
a device.
Private key The ESM private SSH communication key, which is used by the SSH executable on an
ESM to establish the SSH connection with a device.
Primary ESM The ESM that was originally used to register the device.
Secondary ESM The additional ESM that communicates with the device.
32
Installation Guide
Action
Steps
1 On the system navigation tree of the primary ESM, select the device with
communication information you want to back up, then click the Properties icon.
5 Click OK, select the location to save the .prk file created by the ESM, then log out
of the primary ESM.
Add a device to 1 On the system navigation tree of the secondary device, select the system or
the secondary
group level node you want to add the device to.
ESM and import
the .prk file
2 From the actions toolbar, click Add Device.
3 Select the type of device that you want to add, then click Next.
4 Enter a name for the device that is unique in this group, then click Next.
5 Enter the target IP address of the device, enter the FIPS communication port,
then click Next.
6 Click Import Key, browse to the previously exported .prk file, then click Upload.
Type the password specified when this key was initially exported.
Installation Guide
33
Action
Steps
Export the .puk file 1 On the System Properties page of the secondary ESM, select ESM Management.
from the secondary
2 Click Export SSH, then select the location to save the .puk file.
ESM
3 Click Save, then log out.
Import the .puk file 1 In the system navigation tree of the primary ESM, select the device you want
to the primary ESM
to configure.
2 Click the Properties icon, then select Key Management.
3 Click Manage SSH Keys.
4 Click Import, select the .puk file, then click Upload.
5 Click OK, then log out of the primary ESM.
Export the
device's .exk file
from the primary
ESM
1 In the system navigation tree of the primary ESM, select the device you want
to configure.
2 Click the Properties icon, then select Key Management.
3 Click Export Key, select the backup device key, then click Next.
4 Type and confirm a password, then set the expiration date.
After the expiration date passes, the person who imports the key is unable to
communicate with the device until another key is exported with a future
expiration date. If you select Never Expire, the key never expires if imported into
another ESM.
34
Installation Guide
Can't talk to
the ESM
Check the LCD on the front of the device. If it says FIPS Failure, contact McAfee
Support.
Check for an error condition through the HTTP interface by viewing the ESM FIPS
Self-test webpage in a browser.
- If a single digit 0 is displayed, indicating that the device has failed a FIPS self-test,
reboot the ESM device and attempt to correct the problem. If the failure condition
persists, contact Support for further instructions.
- If a single digit 1 is displayed, the communication problem is not due to FIPS
failure. Contact Support for further troubleshooting steps.
Can't talk to
the device
If there is a status flag next to the device on the system navigation tree, place the
cursor over it. If it says FIPS Failure, contact McAfee Support by going to the support
portal.
Follow the description under the Can't talk to the ESM issue.
You cannot export a key from a non-FIPS device and then import it to a device
operating in FIPS mode. Also, you cannot export a key from an FIPS device and then
import it to a non-FIPS device. This error appears when you attempt either scenario.
Installation Guide
35
36
Installation Guide
VM ESXi requirements
Processor 8 cores or higher, depending on model, 64-bit, Dual Core2/Nehalem or higher or AMD
Dual Athlon64/Dual Opteron64 or later
You can select the hard disk requirement needs for your server. But, the VM requirement depends on
the model of the device (at least 250 GB). If you don't have a minimum of 250 GB available, you
receive an error when deploying the VM.
The VM uses many features that require CPU and RAM. If the ESXi environment shares the CPU or
RAM requirements with other VMs, the performance of the VM is impacted.
McAfee recommends setting the provisioning option to Thick.
Contents
Stripe the storage drive
Install the virtual machine
Configure the virtual machine
Key the VM device
Select the ESX server, click the Configuration tab, then click Storage in the Hardware section.
Select an available disk, then select the correct option for your available disk space. Use 'Free space'
for an existing drive or Use all available partitions for an available drive.
The requirement for the VM is 500 GB. If you do not have 500 GB available, you receive an error
when deploying the VM. McAfee recommends setting the provisioning to Thick.
Give the storage drive a name, then select 512 GB, Block size: 2 MB on the Maximum file size drop-down list
to make sure that the 500-GB drive space is available.
Installation Guide
37
VM ESXi requirements
Install the virtual machine
Access the root of the CD drive (for CD installation) or download the files from the download site.
Designate the name, the folder to install the VM, the disk provisioning setting, and the VM Networking
option.
Deploy the files to the ESXi server, select the VM, and set the Edit Virtual Machine setting.
Select the correct networking settings for your ESXi network switches/adapters, then click Play to
start the VM.
Using the VM menu, set MGT1 IP, netmask, gateway, and DNS addresses, then press Esc to
activate the menu.
Configure the network interface on the VM, save the changes before exiting the Menu window, then
key the device.
Click Esc, then scroll down to MGT IP Conf on the LCD and click Enter twice.
Set the IP address using the arrows to change the value of the current digit and to switch between
digits, then press Enter.
Scroll to Done and press Enter. Then scroll to Gateway and pressEnter.
Set the gateway address using the arrows, then scroll down to Done and pressEnter.
Scroll down to DNS1, press Enter, then select the DNS server address using the arrows.
To change the communication port when the system is in FIPS mode (see About FIPS Mode), press
the down arrow twice, then press Enter.
Do not change the TCP communication port.
38
Installation Guide
VM ESXi requirements
Key the VM device
On the system navigation tree, click the system or a group, then click the Add Device icon in the
actions pane.
Enter the information requested on each page of the Add Device Wizard.
Installation Guide
39
VM ESXi requirements
Key the VM device
40
Installation Guide
The qLogic QLE2460 is a single, Fibre Channel PCIe x4 adapter, rated at 4 GB. The QLE2562 is a
single, Fiber Channel PCIe x8 adapter, rated at 8 GB. They can connect directly to the SAN device or
through a SAN switch.
Before you begin
Make sure that the SAN device or SAN switch you are attaching to auto-negotiates.
Make sure that the SAN administrator allocates and creates space on the SAN and
assigns it to the channel where the qLogic adaptor is attached. Use the World Wide Port
Name (WWPN) for the adaptor. The WWPN is on the adapter's card, anti-static bag, and
box.
Task
1
Turn off the device where you are installing the SAN adapter.
Insert the adapter, then place the device back on the rack and connect the cables.
For a 3U device, insert the adapter in the slot closest to the protective memory cover.
The adapter BIOS boot message informs you that the adapter is installed and functioning. If you do
not see this message or if the card does not have red, yellow, or green lights, the card is not
recognized. If so, make sure that the card is seated correctly or insert it into a different PCI slot.
3
When the device is keyed, the Properties page includes the SAN Volumes option.
Installation Guide
41
42
Installation Guide
Install DAS
ETM-5205
ENMELM-4600
ETM-5510
ENMELM-5205
ETM-5600
ENMELM-5510
ETM-5750
ENMELM-5600
ETM-6000
ENMELM-6000
ETM-X3
ELM-4600
ETM-X4
ELM-5205
ETM-X5
ELM-5510
ETM-X6
ELM-5600
ESMREC-5205
ELM-5750
ESMREC-5510
ELM-6000
Task
1
Pull the device from the rack and open the top case. You might need to remove a small screw at
the front or rear of the top case.
For devices with an orange face, if the Areca or 3Ware RAID card is in slot 4, move the RAID
card to slot 6. If the McAfee ESM device has an Areca or 3Ware RAID card and also has an SSD
card installed, install the LSI 9280-8e RAID card in slot 5.
For devices with a black face, install the card in an open slot.
Replace the top on the McAfee ESM and reinsert it back in the rack.
Insert the cable connectors into slot 1 and slot 2 on the LSI 9280-8e RAID card external slots. The
cable clicks into place.
Verify that all drives are fully inserted in the DAS, then attach the inner rails to the DAS device and
insert the device into the rack.
Insert the data cables into the first and third slots on the rear of the DAS device. The cables click
into place.
Installation Guide
43
Install DAS
8
9
10 Turn on the McAfee ESM device and look for the LSI 9280-8e RAID card BIOS utility.
The DAS device is preformatted and doesn't require configuring a RAID set on the device. If you see
a RAID not present message, call McAfee support to create the RAID.
11 Log on and run a df h command to make sure that you have a /das1_hd drive.
On System Properties of the ESM console, the Hardware field on the System Information tab reflects the
increased size of the hard drive labeled /data_hd.
44
Installation Guide
We recommend installing devices in a rack to protect the devices and the cabling from accidental
damage or getting disconnected.
Contents
Install AXXVRAIL rail set
Remove the chassis
Installation Guide
45
Pull the release button (F) to remove the inner member (D) from the slides.
Components
A - front bracket
B - outer member
C - rear bracket
D - inner member
E - safety locking pin
F - release button
46
Installation Guide
Align the brackets to the wanted vertical position on the rack, then insert the fasteners.
Installation Guide
47
48
Move the inner member in the direction shown in the following picture.
Install the chassis to the fixed slides by pulling the release button in the inner member to
release the lock and allow the chassis to close.
Installation Guide
Fully extend the slides until the slides are in a locked position.
Pull the release button to release the lock and disconnect the inner member from the slides.
Press the safety locking pin to release the inner member from the chassis.
Installation Guide
49
50
Installation Guide
Regulatory notices
This regulatory information applies to the different platforms you might use.
Table F-1
SuperMicro-based platforms
Electromagnetic emissions
Electromagnetic immunity
Safety
McAfee 1U
McAfee 2U or 3U
EN 61000-3-2/-3-3
EN 61000-3-2/-3-3
CISPR 22 Class B
CISPR 22 Class B
EN 55024/CISPR 24,
EN 55024/CISPR 24,
EN 61000-4--4, EN 61000-4-5,
EN 61000-4--4, EN 61000-4-5,
EN 61000-4-6, EN 61000-4-8,
EN 61000-4-6, EN 61000-4-8,
EN 61000-4-11) 55024
EN 61000-4-11) 55024
EN 60950/IEC 60950-Compliant,
EN 60950/IEC 60950-Compliant,
UL Listed (USA)
UL Listed (USA)
CE Marking (Europe)
CE Marking (Europe)
100/240 VAC
Input frequency
50/60 Hz
Power supply
1400 W X3
Power consumption
472W@120VAC
461W@240VAC
Amps (Max)
9.4A
Altitude (Max)
Temperature (Max)
10 to 35 C (operating)
-40 to 70 C (non-operating)
Altitude
Installation Guide
51
Regulatory notices
BTU/HR 1609
Humidity
Limits
Operating temperature
Non-operating temperature
-40 C to +70
Non-operating humidity
90%, non-condensing at 35 C
Acoustic noise
Shock, operating
Shock, unpackaged
Shock, packaged
Shock, operating
Vibration, unpackaged
ESD
1660 BTU/hour
Limits
Temperature Operating
Shipping
Altitude (Operating)
Humidity (Shipping)
Shock
Operating
Unpackaged
Packaged
52
Installation Guide
Regulatory notices
Limits
Vibration
5 Hz to 500 Hz
2.20 g RMS random
Packaged
5 Hz to 500 Hz
1.09 g RMS random
AC-DC
Voltage
Frequency
47 Hz to 63 Hz
Source Interrupt
Surge non-operating
and operating
Unidirectional
Installation Guide
53
Regulatory notices
54
Installation Guide
KVM requirements
This appendix describes how to deploy McAfee ESM on Linux Kernel-based Virtual Machine (KVM)
servers.
Minimum requirements
KVM must meet the following minimum requirements:
Processor 8 cores or higher, depending on model, 64-bit, Dual Core2/Nehalem or higher or AMD
Dual Athlon64/Dual Opteron64 or higher (for processors)
Contents
VM models for KVM
Deploy KVM
EPS
capacity
Mechanical storage
(recommended VM
environment)
SSD
Platform requirements
ELU4
1000
250 GB
ETM4
1500
250 GB
EV2
500
250 GB
ELM4
1500
250 GB
Installation Guide
55
KVM requirements
Deploy KVM
Deploy KVM
To run McAfee ESM in a KVM environment, you must import the hard drive image from the tarball
(.Tgz file).
Before you begin
Obtain the current tarball (.Tgz) file from the McAfee Enterprise Security Manager
download page.
The tarball contains sample config files.
8 vCPUs
4 GB RAM
1 Virtio/Virtio-SCSI Disk Controller, which controls the Virtio virtual hard drive
Task
1
Move the tarball file to the directory where you want the virtual hard drive to reside.
56
Point the VM image to the existing virtual hard drive (Virtio disk .raw file) where you extracted the
tarball.
Installation Guide
Index
A
about this guide 5
ACE, configure network interface 24
ADM, configure network interface 24
AXXVRAIL rails
install 46
remove chassis 49
C
cables, identify network 14
connect device 13
connector type, identify 14
conventions and icons used in this guide 5
DAS, install 43
DEM, configure network interface 24
device, inspect 12
devices
connect 13
set up 23
start 13
devices, identify network ports 15
documentation
audience for this guide 5
product-specific, finding 6
typographical conventions and icons 5
I
inspect packaging and device 12
install
identify location 12
install device
prepare to 11
IPv6, configure 25
K
KVM
deploy 56
requirements 55
VM models 55
E
ELM, configure network interface 24
equipment type, identify 14
ESM, configure network interface 25
export and import
exk file 33
puk file 33
L
location for installation 12
log on to ESM console 26
F
file extensions for export files 32
FIPS
enable 26
FIPS mode
backup information 32
N
network cables, identify 14
Installation Guide
57
Index
network interface
configure DEM and ADM 24
configure ESM 25
configure Nitro IPS 23
network interface, configure
ACE 24
ELM 24
Receiver 24
network ports, identify for each device 15
Nitro IPS, configure network interface 23
S
SAN adapter, install 41
ServicePortal, finding product documentation 6
software, minimum requirements 11
start device 13
T
technical support, finding product information 6
troubleshoot FIPS mode 35
P
packaging, inspect 12
password for ESM console 26
platforms, regulatory notices for 51
ports, identify network for each device 15
Q
qLogic 2460 SAN adapter, install 41
V
virtual machine
configure 38
install 38
key 39
requirements 37
strip storage drive 37
58
Installation Guide