Orchestrator Installation Guide - Containerized Deployment - 7.9.2

The following article contains a summary of the NetWitness® Orchestrator 7.9 Installation Guide for Containerized Deployment. To see the full guide, go to Attachments on this article and download the associated PDF.

Summary of NetWitness™ Orchestrator 7.9 Installation Guide for Containerized Deployment.

The document is an installation guide for deploying NetWitness® Orchestrator version 7.9.2 using containerized solutions like Docker® or Podman on AlmaLinux OS™.

NetWitness® Orchestrator Installation Overview

This guide provides detailed instructions for installing NetWitness® Orchestrator using a containerized deployment method.

• The installation is applicable for NetWitness® Orchestrator version 7.5 and above.
• Java®, Python®, OpenSearch®, and Redis® are included in the containerized solution.
• The standard deployment method is tested on AlmaLinux OS™.

System Requirements for Deployment

This section outlines the hardware and software requirements necessary for a successful NetWitness® Orchestrator installation.

• Minimum memory required for the NetWitness® Orchestrator Application is 64 GB, with 16 CPU cores.
• Containerized Redis requires 8 GB memory and 2 CPU cores.
• OpenSearch needs 32 GB memory and 12 CPU cores, while the database requires 64 GB memory and 16 CPU cores.
• High IOPS SSDs are preferred for storage, and NetWitness® Orchestrator must be installed on ext4 or XFS partitions.

Installation Steps for NetWitness® Orchestrator

This section details the sequential steps required to install NetWitness® Orchestrator

• Step 1: Download the NetWitness® Orchestrator Docker ZIP file.
• Step 2: Update environment variables in the .env file.
• Step 3: Install the NetWitness® Orchestrator license XML file.
• Step 4: Add required certificates to the certs folder.
• Steps 5-6: Install Docker and Docker Compose for Docker deployments; skip to Step 7 for Podman.
• Steps 7-8: Install Podman and Podman Compose for Podman deployments.

Configuring System for NetWitness® Orchestrator

This section describes the necessary configurations and adjustments needed for optimal NetWitness® Orchestrator performance.

• Increase vm.max_map_count to 262144 for OpenSearch.
• Fix shell script permissions and formats.
• Create user accounts for threatconnect and tc-job.
• Install random-number generation tools for enhanced security.

Starting NetWitness® Orchestrator Services

This section explains how to start the various NetWitness® Orchestrator services in the correct order.

• Start OpenSearch, set the admin password, then start Postgres and load the database schema.
• Start the messaging server (tc-mon), application server (tc-app), and Playbooks server (tc-job).
• Verify each service starts successfully before proceeding to the next.

Monitoring and Managing NetWitness® Orchestrator

This section provides guidance on monitoring and managing the NetWitness® Orchestrator containers.

• Use docker ps to check the status of containers.
• Restart containers individually and monitor logs for tc-mon, tc-app, and tc-job.
• Logs can be found in Docker or Podman storage locations.

Document Storage Configuration for Multi-Server

This section outlines the setup for a network shared folder for document storage in a multi-server configuration.

• Set up NFS for shared document storage across multiple hosts.
• Ensure UID=1000 exists on all hosts for user consistency.
• Verify NFS setup and mount the shared storage on application and Playbooks hosts.

Troubleshooting Common Installation Issues

This section addresses common issues that may arise during installation and their solutions.

• If environment variables are incorrect, remove containers and restart the installation process.
• For Docker IP address pool issues, modify /etc/docker/daemon.json to add more IP address space.
• Use curl to test OpenSearch connectivity and reset passwords if access is unauthorized.

Enabling SAML Configuration in NetWitness® Orchestrator

This section describes the steps to enable SAML configuration for NetWitness® Orchestrator.

• Update SAML settings in the .env file with appropriate values.
• Add required .pem files for SAML to the certs folder, including the Identity Provider certificate.

For More Information:
For Release Notes and Documentation on NetWitness® Orchestrator 7.9, please visit our NetWitness® Orchestrator page on the NetWitness® Community.
For data sheets and other similar content, visit the Security Automation and Orchestration page on NetWitness.com.