Deploying Additional Capabilities to an Existing Cluster

You can add capabilities, such as Recon or Intelligence, to an existing cluster in your on premises, AWS, and Azure deployment.

Ensure that you review the capability-specific prerequisites listed in Configuring Elasticsearch Settings.
  1. (Conditional) If you are adding Recon or Intelligence to your deployment, and you do not have a database deployed, deploy the database for your environment:

  2. (Conditional) Log in to the appropriate node or host, based on your environment:

    • For an on-premises deployment: Launch a terminal session and then log in to the master node as the root or as a sudo user.
    • For an Azure deployment: Log in to the jump host.
    • For an AWS deployment: Log in to the bastion host.

  1. Create a directory for the image files that you will download in the next step:

     mkdir /tmp/download

    This directory must contain only the image files and nothing else.

  2. Download the images for the capabilities that you want to add.

    For more information about images, see "Downloading ArcSight Platform Installation Files" in the ArcSight Platform Release Notes.

  3. Validate the digital signature of each file.

    For a complete list of files and file versions to be downloaded, consult the ArcSight Platform Release Notes.

    4. Do not untar the files.

  4. Change to the following directory.

    cd ${K8S_HOME}/scripts/

    For example:

    cd /opt/arcsight/kubernetes/scripts/

  5. To upload the images to the local Docker Registry, run the following commands:

    ./uploadimages.sh -c 2 -F /tmp/download/fusion-x.x.x.x.tar -F /tmp/download/recon-x.x.x.x.tar

    Be aware of the following considerations:

    • For each image to upload, use the -F <image file> option on the command line.

      To increase the speed of the upload, adjust the -c 2 option up to half of your CPU cores.

    • You will be prompted for a password for the Docker container registry-admin user. The registry-admin password is initially set to the same password as the admin user for the CDF Management Portal during installation when Configuring and Running the CDF Installer. However, changing the CDF Management Portal admin password later does not change the registry-admin password, because it is managed separately.

  6. Log in to the CDF Management Portal with the following credentials:

    User name: admin

    Password: <the password you provided during CDF installation>

  7. Click, then clickChange.

  8. On the Capabilities page, select the additional capabilities to deploy.

    If you are deploying Fusion on AWS, ensure that you have already configured a listener and target group for port 32080 prior to Fusion deployment. This port is required to add Transformation Hub to Fusion ArcMC.
  9. Click the arrow next to each capability checkbox to view the description of the each capability to deploy, and determine if it requires additional capabilities. For example, deployment of ArcSight Recon requires the deployment of Transformation Hub and Fusion. 
  10. Click Next until you reach the Configure/Deploy page.
  11. See Configuring the Deployed Capabilities, then return to this page to continue.
  12. Click Next. On the Configuration Complete page, wait until the deployment is complete. The deployment process might take several minutes to complete.
    13. Some of the pods in the Configuration Complete page might remain in a Pending state until the product labels are applied on worker nodes.
  13. Continue with labeling the nodes according to your deployment:
  14. (Conditional) If you deployed the database in the first step, follow the instructions in Completing the Database Setup.

  15. Continue to Performing Post-deployment Configuration.