Skip to content
  • There are no suggestions because the search field is empty.

Guide for replacing the entire chassis on RSA Security Analytics Series 4S Appliance

Issue

This KB outlines a process written for appliances running CentOS 6.  The process is different for appliances running CentOS 7. The KB article for CentOS7 is article number 000001127 or link below.

  Guide for Replacing the Entire Chassis on an RSA NetWitness Appliance Running CentOS 7 - NetWitness Community - 677557 

The steps to swap the chassis are the same for the CentOS 7 version as CentOS 6

A Security Analytics Series 4S appliance has failed but all disk drives are fully functional and contain valid configuration information for the failed host.

This process assumes the SD Cards have been disabled in the appliance and are not in use.  

It is possible to swap appliances if the SD Cards are in use but in that case please contact Support and open a case until a KB article for that process is posted. 

Note that you may encounter exceptions to this flow and this document does not necessarily cover every set of circumstances you might encounter.  If you encounter a problem and are unsure how to proceed please contact  Support for guidance. 

Tasks

You can use these steps to complete the process of swapping the drives from an old appliance into a new appliance. 

Preparation:
  1. Start the new Core or Hybrid appliance connected to a crash cart.  It does not have to be connected to the network for this step. 
  2. Review /etc/udev/rules.d/70-persistent-net.rules and note which MAC addresses are assigned to which network interface.  This may help when modifying this file after replacing the chassis.  
  3. OPTIONAL:  Configure the iDRAC interface in the new Core or Hybrid appliance to match the iDRAC configuration in the existing appliance. When you swap the appliances you will have access to the new appliance using the same IP Address.  DO NOT implement this step if both iDRAC interfaces will be live at the same time.  

Swapping the Hardware:
  1. Label each drive denoting which bay it is installed in on the existing Core or Hybrid appliance. 
  2. Label each drive denoting which bay it is installed on the new Core or Hybrid appliance. 
  3. Remove the drives from the new Core or Hybrid and set aside. 
  4. Install the drives from the existing Core or Hybrid into the same drive bay in the new Core or Hybrid appliance. 
  5. Remove the existing appliance from the rack. 
  6. Install the new appliance in the rack. 
  7. Connect power, network, SAS and iDRAC cables. 
  8. Turn on the appliance.  
  9. If prompted for a BIOS password, use the default "rsabios" password. 
  10. During POST, if you encounter "There are offline or missing virtual drives with preserved cache" you must boot into the RAID configuration utility and clear the cached memory.  Use this link for additional information on this step.  
  11. During POST, if you encounter drives found in a "foreign" configuration, import those drives when prompted on the POST screen which may look like the following.  
 

Resolution

Verify the appliance is operational at the ssh prompt and at the Security Analytics WebUI.

Notes

Changing the /etc/udev/rules.d/70-persistent-net.rules File

Make a backup of the file before making any changes in case you need to refer to the original configuration later. Copy or rename the /etc/udev/rules.d/70-persistent-net.rules to /etc/udev/rules.d/70-persistent-net.rules.bak

Either delete the etc/udev/rules.d/70-persistent-net.rules file after you back it up, or manually edit the /etc/udev/rules.d/70-persistent-net.rules file to delete the MAC addresses left over from the old appliance.  

Once you delete old file or older lines save the file.  

Reboot the server which will rebuild the 70-persistent-net.rules file with the new MAC addresses.  

Be aware that the rebuilt file may name the interfaces as "eth0," "eth1," eth2," and "eth3" rather than "em1," "em2," em3," and "em4."  You may need to edit the file after the initial reboot, changing the NAME value to the "em1," "em2," em3," and "em4" naming convention to match what is defined in the /etc/sysconfig/network-scripts/ifcfg-em# scripts. You should run the "start_udev" command after making this change.  

The MAC addresses are highlighted in the sample file below.  

Sample File:  /etc/udev/rules.d/70-persistent-net.rules
# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.

# PCI device 0x8086:0x1528 (ixgbe) (custom name provided by external tool)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}==" ec:f4:bb:ee:af:fa", ATTR{type}=="1", KERNEL=="eth*", NAME="em4"

# PCI device 0x8086:0x1521 (igb) (custom name provided by external tool)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}==" ec:f4:bb:ee:af:fd", ATTR{type}=="1", KERNEL=="eth*", NAME="em2"

# PCI device 0x8086:0x1528 (ixgbe) (custom name provided by external tool)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}==" ec:f4:bb:ee:af:f8", ATTR{type}=="1", KERNEL=="eth*", NAME="em3"

# PCI device 0x8086:0x1521 (igb) (custom name provided by external tool)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}==" ec:f4:bb:ee:af:fc", ATTR{type}=="1", KERNEL=="eth*", NAME="em1"


Product Details

RSA Product Set: Security Analytics
RSA Product/Service Type: SA Series 4S Security Analytics Appliance
Operating System:  CentOS 6

Approval Reviewer Queue

Technical approval queue