Skip to content
  • There are no suggestions because the search field is empty.

Orchestrator Installation Guide - Containerized Deployment - 7.10.x

This article contains a summary of the NetWitness® Orchestrator 7.10.x Installation Guide for Containerized Deployment. To see the full guide, go to Attachments on this article and download the associated PDF.

Summary of NetWitness® Orchestrator 7.10.x Installation Guide for Containerized Deployment

The document is an installation guide for deploying NetWitness® Orchestrator version 7.10.1 using containerized solutions like Docker® or Podman® on AlmaLinx OS.

NetWitness® Orchestrator Installation Overview

This guide provides detailed instructions for installing NetWitness® Orchestrator using a containerized deployment method.

  • As of version 7.5, Java, Python, OpenSearch, and Redis are bundled as part of the container, simplifying deployment.
  • Tested on AlmaLinux OS 9, RHEL8, and RHEL9 and the standard deployment for all environments.
  • The .env file contains all passwords and configurations for deployment. Once the container is running the .env file should be purged.

System Requirements for Deployment

This section outlines the hardware and software requirements necessary for a successful NetWitness® Orchestrator installation.

  • Minimum memory required for the NetWitness® Orchestrator Application is 64 GB, with 16 CPU cores.
  • Containerized Redis requires 8 GB memory and 2 CPU cores.
  • OpenSearch needs 32 GB memory and 12 CPU cores, while the database requires 64 GB memory and 16 CPU cores.
  • High IOPS SSDs are preferred for storage, and NetWitness® Orchestrator must be installed on ext4 or XFS partitions.

Installation Steps for NetWitness® Orchestrator

This section provide all the steps necessary to setup the NetWitness® Orchestrator software.

  • Step 1 & 2: Install Docker and Docker Compose on all hosts for Docker deployments.
  • Step 3 & 4: Install Podman and Podman Compose for Podman deployments.
  • Step 5: Install AWS CLI to download container images from ThreatConnect’s Elastic Container Registry (ECR).
  • Step 6: Increase vm.max_map_count for the host that will run OpenSearch.
  • Step 7: Confirm all appropriate network ports are open for communications.
  • Step 8: Create local user accounts for messaging, applications, and playbooks.
  • Step 9: Configure Rootless Podman, if Podman is being used in the installation.
  • Step 10: Download the NetWitness® Orchestrator Docker ZIP from MyNetWitness.
  • Step 11: Fix shell scripts by making appropriate permission adjustments.
  • Step 12: Update environment variables.
  • Step 13: Install the NetWitness® Orchestrator license xml.
  • Step 14: Add any certificates (CA, server certificates, private keys, etc.).
  • Step 15: Configure Podman Home Container, if applicable.
  • Step 16: Log into the Elastic Container Registry via AWS CLI.
  • Step 17: Configure OpenSearch Data folder.
  • Step 18: Configure the Log Folders.
  • Step 19: Configure the Storage Data.
  • Step 20: Configure the Exchange Data.
  • Step 21: Start Orchestrator.
  • Step 22: Log into Orchestrator and confirm all services are running.
  • Step 23: Monitor the new Orchestrator environment.
  • Step 24: Create a Search Index.

Document Storage Configuration for Multi-Server

This section outlines the setup for a network shared folder for document storage in a multi-server configuration.

  • Set up NFS for shared document storage across multiple hosts.
  • Ensure UID=1000 exists on all hosts for user consistency.
  • Verify NFS setup and mount the shared storage on application and Playbooks hosts.

Troubleshooting Common Installation Issues

This section addresses common issues that may arise during installation and their solutions.

  • If environment variables are incorrect, remove containers and restart the installation process.
  • For Docker IP address pool issues, modify /etc/docker/daemon.json to add more IP address space.
  • Use curl to test OpenSearch connectivity and reset passwords if access is unauthorized.

Enabling SAML Configuration in NetWitness® Orchestrator

This section describes the steps to enable SAML configuration for NetWitness® Orchestrator.

  • Update SAML settings in the .env file with appropriate values.
  • Add required .pem files for SAML to the certs folder, including the Identity Provider certificate.

Certificate Authority Signed Certificate

This section describes the steps needed to generate a server or certificate authority (CA) certificate.

Self-Signed Certificate

This section describes how to setup a self-signed certificate if your organization does not have server or certificate authority certificates.

For More Information:
For Release Notes and Documentation on NetWitness® Orchestrator 7.10.x, please visit our NetWitness® Orchestrator page on the NetWitness® Community.
For data sheets and other similar content, visit the Security Automation and Orchestration page on NetWitness.com.

This article contains a summary of the NetWitness® Orchestrator 710.x Installation Guide for Containerized Deployment. To see the full guide, go to Attachments on this article and download the associated PDF.



Attachments:
Orchestrator Installation Guide_Containerized Deployment_Software Version 7.10.pdf