Configure the VM IP addresses

This section describes how to configure the Cybereason VM IP addresses for Cybereason On-Prem servers. Before you begin, review the Deployment Prerequisites and Import OVFs.

Configure manually (for POC environments)

  1. In the VMWare console, connect to each server (Detection, Registration, Configuration management, WebApp, and microservices) and configure the IP address:

    /opt/cybereason/setip/setip.py -ip [ip] -netmask [netmask] -dgw [dgw] -dns1 [dns1] -dns2 [dns2]

  2. Restart the Configuration management server.

  3. Continue to Configure Servers.

Configure with a script (for production environments)

Note

If you do not want to use the scripts used in this step, you can manually configure the IP addresses using the steps in Configure manually (for POC environments). However, you will need to manually type out the command to configure an IP address for every server in your environment.

In this stage, you run a PowerShell or Python script from the administrator’s machine that configures the VM IP addresses. These scripts support deployments that include multiple Detection servers, and allow administrators to configure all servers in a simple CSV file, reducing potential input errors.

You can use one of the following scripts to deploy the servers:

  • onprem_rollout.py: For environments using Python. This script is significantly faster than the PowerShell script and provides detailed log information.

  • onprem-rollout.ps1: For environments using PowerShell.

For details on script arguments and actions, see Deployment Scripts;

Note

Cybereason supports two types of Cybereason On-Prem installations, depending on whether the environment is air gapped and on whether you are using a Local Threat Intel server. For more information, see Communication with Threat Intel services.

Retrieve required information

This table describes how you can retrieve information required to run the onprem-rollout.ps1 script or the onprem_rollout.py script.

Information

Retrieve via onprem-rollout.ps1 script command

Retrieve via vSphere

Data center name

get-datacenter

Locate the first object under the vCenter object.

Cluster name

get-cluster

In the Hosts and Clusters view, locate the first object under the data center object.

Resource pool name

get-resourcepool

The resource pool object is typically located under the vSphere client’s Hosts and Clusters view, as the second object type, after the cluster objects.

Template location (folder)

get-template -location [datacenter ]

The folder that includes the templates is typically the first object listed under the data center object in the vSphere VMs and Templates view.

Customization template name

get-OSCustomizationSpec

Under Home > Shortcuts, in the Monitoring section, click VM Customization Specifications. The specification names are listed in the VM Customization Specifications table.

Data store name

get-datastore

In the Storage view, the datastore object is the first object under the data center object.

Host information

get-vmhost

In the Hosts and Clusters view, the host is the first object under the cluster object.

Virtual Network

get-VirtualNetwork

View all available Virtual Networks in Vcenter

For example, to retrieve the data center name using the onprem-rollout.ps1 script, type:

get-datacenter

The following output is visible:

Name
--------
OnPrem
Lab

Run the onprem_rollout.py script

Before you begin

  • Ensure that the Server_Configuration.csv file and the onprem_rollout.py script reside in the same folder.

  • Install the pyvim and pyvmomi Python packages on the administrator’s machine. You can use the pip install command to install these packages, for example:

    pip install pyvmomi==7.0.2

  • Retrieve required information, such as the data center and cluster name.

Run the script

  1. From the administrator’s machine, open a command prompt and run the script with the following command:

    python onprem_rollout.py [-h] -action ACTION -vc vcenter -user username@domain -pwd password -file filelocation -dc dcname -cluster clustername -folder foldername [-maxrunning number] [-resourcepool name] [-templatefolder templatefolder] [-logfile logfile] [-verbose] [-nopreflight] [-q] [-s]

    For a description of the script arguments, see Deployment Scripts.

  2. If you provided the -s argument in step 1, the script asks for the vCenter server user and password. Enter the credentials.

Note

Provide the -resourcepool parameter only if a resource pool exists on the cluster. If you’re unsure of whether a resource pool exists, contact your VM administrator.

The script deploys each of the servers, according to the number of servers provided in the Server_Configuration.csv file. For more details on the script parameters, see Deployment Scripts.

Run the onprem_rollout.ps1 script

Before you begin

  • Ensure that the Server_Configuration.csv file and the onprem-rollout.ps1 script reside in the same folder.

  • Retrieve required information, such as the data center and cluster name.

Run the script

  1. From the administrator’s machine, open Windows PowerShell as an administrator and run the following command to connect to the vCenter server:

    Connect-VIServer -Server <IP Address of the vCenter server>

  2. When the vCenter server starts, enter the username and password.

  3. Run the *onprem-rollout.ps1 script:

    # .\onprem-rollout.ps1 -clustername [cluster] -dcname [datacenter]  -resourcepool [resourcepool] -foldername [foldername] -filename [filename.csv] -action deploy

    Note

    Provide the -resourcepool parameter only if a resource pool exists on the cluster. If you’re unsure of whether a resource pool exists, contact your VM administrator.

  4. After the command is executed, select R to run the script once, and type Deploy as the action.

    The script deploys each of the servers, according to the number of servers provided in the Server_Configuration.csv file. For more details on the script parameters, see Deployment Scripts.

  5. Continue to configure the servers.