Installing CDF

With the CDF bootstrap procedure completed, the next step in installing CDF and the ArcSight Suite is to connect to the CDF web installation UI, then proceed through the installation wizard.

Accessing the CDF Installation UI

At the end of the CDF bootstrap process, you were prompted to connect to the URL https://<external access host>:3000, which is part of the standard CDF installation procedure.

The CDF installation port 3000 is now accessible through the chosen Route 53 record set, but only within the VPC. The VPC and any resources inside it are isolated from access from the internet (except for the bastion host, which is accessible on port 22, the SSH port).

You cannot access the created DNS record outside the VPC, since that DNS record will resolve to one of the three private subnet IP addresses which are hidden (and, in our case, in a private A-class IP range).

There are two methods for connecting a browser to the CDF port 3000: forwarding DISPLAY and forwarding local ports.

Forwarding DISPLAY

Prerequisite: An operating system capable of running X-server, such as *nix, linux, or MacOS.

For connection to the bastion, the easiest and fastest option is to connect to the bastion using SSH with the -X or -Y switch. This will set the remote DISPLAY accordingly, so the process running remotely will render its UI on the local X-server. The bastion host you configured earlier has the Mozilla Firefox browser installed.

The drawback of this method is that only one user can be connected and use the web browser, and the browser response might be quite slow. Any subsequent user will receive a message that the browser is already running, and results in significant lag while in the browser. However, the browser is used only for installation and configuration tasks, which are typically done once and by a single user, so the impact will likely be small.

To connect with this method:

  1. Using SSH, connect to the bastion host with the additional parameters for dbus. Example command:
    ssh -i /{path to ssh key} /aws.pem -X centos@54.188.142.125 'firefox https://srgdemo.arcsight-dev.com:3000'
  2. Browse to the URL that CDF returned at the end of its CLI installation. For example:
    https://srgdemo.arcsight-dev.com:3000

Forwarding local ports

Prerequisite: Ability to execute SSH with command line switches, as well as the Web UI ability to edit the system file /etc/hosts or the corresponding file.

To connect with this method, connect to the bastion host, adding the -L parameter. Example:
ssh -i .ssh/srgdemo.pem -L 3000:srgdemo.arcsight-dev.com:3000 centos@3.120.237.11

The -L parameter opens local port 3000 and connects each request to the srgdemo.arcsight-dev.com port 3000 on the remote side. So, the bastion resolves srgdemo.arcsight-dev.com and opens a connection to it on port 3000.

The second part of this approach is to edit /etc/hosts, and add your domain to the line containing localhost. Example: 127.0.0.1 localhost srgdemo.arcsight-dev.com.

When editing your etc/hosts file, ensure that the IP address specified each host is unique and not duplicated across hosts. A single IP address can be associated with multiple hostnames, but the same IP address may not be used for multiple hosts.

Open your preferred browser and direct it to the address that CDF output at the end of its CLI installation. Here we will use the example: https://srgdemo.arcsight-dev.com:3000.

CDF Web UI Installation

Once you have chosen your connection method and successfully connected to the CDF installation portal, perform the steps outlined to complete the CDF installation. During the usual installation process there are two steps where optional additional tasks or special handling might occur: during downloading images and setting file storage. These are explained in more detail in the following sections.

Downloading Images

Downloading images requires the CDF/K8s access to the ECR and checking for the presence of respective Docker images there. If more than 12 hours has passed between the bootstrapping CDF and checking image availability, then the ECR credentials will expire, and you will need to update credentials for both CDF and Kubernetes (k8s).

Follow this procedure to refresh the ECR credentials: Refresh the ECR credentials in the K8s

Setting File Storage

When setting the File Storage it is not possible to use the auto-discovery feature of remote mount points. You should specify a value for File Server and specify a storage volume manually. For File Server, supply the value of the Filesystem FQDN from the AWS worksheet. Then click the double-arrows and fill in the path to the volume. In our example it will be /srgdemo/arcsight-volume. This value was first displayed as the output of the init_efs script.

Installation finished

At the end of CDF installation, you are prompted to connect to the CDF management portal on the same host, this time using port 5443. Connection to port 5443 is not possible yet, however, as more network resources need to be configured.

Next, perform Performing Post Installation Network Configuration