Chat now with support
与支持团队交流

Change Auditor Threat Detection 7.0.2 - Deployment Guide

Deploying a Threat Detection server on Hyper-V

To optimize your server utilization and reduce costs, you can choose to deploy a virtual Threat Detection server using a Hyper-V virtual machine deployment.

The Threat Detection server, which is a a version of Red Hat Enterprise Linux 7 (64 bit), is available as .zip file that must be deployed on a Microsoft Hyper-V host environment by running a PowerShell script.

Begin by downloading the Change Auditor Hyper-V template (https://support.quest.com/change-auditor/download-new-releases) to the Hyper-V server.

Hostname or IP address

The hostname or IP address of the Hyper-V server.

Hyper-V administrator

 

The account used to deploy the Threat Detection server. The user specified must be a Hyper-V administrator.

Hyper-V password

Password for the Hyper-V administrator.

Threat Detection Hyper-V template location

Location of the Threat Detection Hyper-V template zip file on the Hyper-V server.

Folder for the virtual machine HD files

The path of the folder where the Threat Detection server's hard disk files will be installed on the Hyper-V server during deployment. If the folder does not exist, it will be created.

Folder for the virtual machine configuration files

The path of the folder where the Threat Detection server’s configuration files will be installed on the Hyper-V server during deployment. If the folder does not exist, it will be created.

Virtual machine name

The name of the Threat Detection server in the Hyper-V management console.

Number of virtual machine cores

The number of machine cores (8 or 16).

Network adapter

The script returns the list of available network adapters for the Threat Detection server. Select one from the list.

Hostname

Fully qualified domain name of the Threat Detection server registered in DNS.

For example: hostname.yourcompany.com

IP address

Static IPv4 address of the Threat Detection server.

Subnet mask

Subnet mask for the Threat Detection server.

For example: 255.255.255.0

Default gateway

IP address of the default gateway for the Threat Detection server.

DNS

DNS server IP for the Threat Detection server.

Integration Password

Password required for the integration between Change Auditor and the Threat Detection server. The integration password is used during the Threat Detection configuration.

The password must be 8-24 characters and can only include the following supported values: a-z, A-Z, 1-0, @,$.

Maintain this password for use when creating the Threat Detection configuration.

Root Password

The root password. It must be 8-24 characters and can only include the following supported values: a-z, A-Z, 1-0, @,$.

a

Hyper-V resource control settings

After you have deployed the Threat Detection server, you can select to adjust the Hyper-V processor settings to reserve an amount of processor capacity for a specific virtual machine or, alternatively, configure which virtual machine is given priority in your environment.

Change Auditor’s deployment of a Threat Detection server uses the system defaults unless otherwise specified.
To change the values for these properties, open the virtual machine’s setting, select the Processor, and configure the associated resource control setting.

Reserve

The percentage of logical processor resources that are reserved for the Threat Detection server. For example, if the host machine has 8 logical CPUs, then setting this value to 25% would reserve 2 of those CPUs for the Threat Detection server.

The default value is dynamic based on the CPU.

Set this value to 100% to ensure the Threat Detection server will have access to the resources that it requires.

Relative Weight

Determines how the CPU is distributed when you want to set which virtual machine takes priority when there is contention for the processor. For example, a virtual machine with a relative weight of 200, receives twice as much processor time than one set to 100.

The default value for all virtual machines is 100.

The weight ranges from 1-10000. To give the Threat Detection server priority, assign it with a higher weight than all other computers in your environment.

Upgrading the Threat Detection server

For the Threat Detection system to function properly, the Threat Detection server must be compatible with the installed version of Change Auditor. To see if your Threat Detection server is compatible or if an upgrade is required see Reviewing configuration status.

You can upgrade your existing Threat Detection server by running an update script and a series of configuration commands on the Threat Detection server. This will ensure that your existing configuration and Threat Detection information is maintained.

To upgrade the Threat Detection server:

Download the update package (UpdateTDServer-<Change Auditor version>.zip) from https://support.quest.com/change-auditor/download-new-releases.

Upload the update package the Threat Detection server

相关文档