skybox 6000 Quick start guide

Brand
skybox
Model
6000
Category
Networking
Type
Quick start guide
Skybox Appliance 6000
Quick Start Guide
9.0.400
Revision: 11
Proprietary and Confidential to Skybox Security. © 2018 Skybox Security,
Inc. All rights reserved.
Due to continued product development, the information contained in this
document may change without notice. The information and intellectual property
contained herein are confidential and remain the exclusive intellectual property of
Skybox Security. If you find any problems in the documentation, please report
them to us in writing. Skybox Security does not warrant that this document is
error-free.
No part of this publication may be reproduced, stored in a retrieval system, or
transmitted in any form or by any meanselectronic, mechanical, photocopying,
recording, or otherwisewithout the prior written permission of Skybox Security.
Skybox®, Skybox® Security, Skybox Firewall Assurance, Skybox Network
Assurance, Skybox Vulnerability Control, Skybox Threat Manager, Skybox
Change Manager, Skybox Appliance 5500/6000/7000/8000/8050, and the
Skybox Security logo are either registered trademarks or trademarks of Skybox
Security, Inc., in the United States and/or other countries. All other trademarks
are the property of their respective owners.
Contact information
Contact Skybox using the form on our website or by emailing
info@skyboxsecurity.com
Customers and partners can contact Skybox technical support via the Skybox
Support portal
Skybox version 9.0.400 3
Overview ............................................................................................... 5
Basic architecture ..................................................................................... 5
Related documentation .............................................................................. 5
Skybox Appliance specifications ................................................................ 6
Before you open the box ........................................................................... 6
What’s in the box ..................................................................................... 6
Physical specifications ............................................................................... 7
Environmental specifications ...................................................................... 7
MTBF estimates for Skybox Appliance ......................................................... 9
Front panel .............................................................................................. 9
Back panel connectors ............................................................................. 11
Port mapping .................................................................................... 11
File system partitions .............................................................................. 11
Setting up Skybox Appliance ................................................................... 12
Installation ............................................................................................ 12
Starting Skybox Appliance .................................................................. 12
System configuration .............................................................................. 13
Configuring connection ....................................................................... 13
Setting up the Appliance for configuration ............................................ 18
First-time configuration ...................................................................... 18
What’s next ........................................................................................... 18
Configuring the Appliance ....................................................................... 20
Configuration and management options ..................................................... 20
Setting up network interface bonding ........................................................ 22
Supported bond modes ...................................................................... 22
Setting up SNMP configuration ................................................................. 24
RADIUS authentication ............................................................................ 24
LDAP authentication ................................................................................ 25
Changing the TLS version ........................................................................ 27
Customizing the syslog server ................................................................. 29
TCP and UDP listeners ............................................................................. 29
How to work with syslog files ................................................................... 29
Skybox Manager Installation .................................................................... 31
Manager system requirements ................................................................. 31
Contents
Skybox Appliance 6000 Quick Start Guide
Skybox version 9.0.400 4
Installing Skybox Manager ....................................................................... 32
Upgrading the Manager ........................................................................... 32
Updating the operating system on Skybox Appliance .................................. 33
Adding a customer certificate .................................................................. 35
Restoring the Appliance to factory defaults ................................................ 36
Monitoring SNMP .................................................................................... 37
Troubleshooting ..................................................................................... 39
Wiping the hard disk drive ....................................................................... 40
Regulatory and safety information ............................................................ 41
Product regulatory compliance ................................................................. 41
Safety compliance ............................................................................. 41
EMC compliance Class A compliance .................................................. 42
Environmental requirements ............................................................... 42
Product regulatory compliance markings .................................................... 42
Electromagnetic compatibility notices for the server board ........................... 45
Skybox version 9.0.400 5
Chapter 1
Skybox® Appliance is a hardware solution that enables you to deploy Skybox
easily, without the burden of maintaining your own server.
Skybox® is an Automated Risk and Compliance Management (ARCM) platform
that helps enterprise IT departments to discover and resolve potential security
and compliance risks before they impact your organization.
Skybox is a multi-tier platform. Skybox Appliance runs the Server and users run
Managers (clients) that connect to the Server over the network. Skybox also
runs an additional Skybox component, the Collector, which connects to data
sources and imports the data to the Server.
The Skybox Server and Collector are preinstalled on Skybox Appliance and run at
startup.
In this chapter
Basic architecture ................................................................. 5
Related documentation .......................................................... 5
Basic architecture
The Skybox platform consists of a 3-tiered architecture with a centralized server
(Skybox Server), data collectors (Skybox Collectors), and a user interface
(Skybox Manager). Skybox can be scaled easily to suit the complexity and size of
any infrastructure.
For additional information, see the Skybox architecture topic in the Skybox
Installation and Administration Guide.
Related documentation
Related documentation includes:
Skybox online help
Skybox documentation
Overview
Skybox version 9.0.400 6
Chapter 2
This chapter contains product specifications and packaging information for
Skybox Appliance 6000.
In this chapter
Before you open the box ........................................................ 6
What’s in the box .................................................................. 6
Physical specifications ........................................................... 7
Environmental specifications .................................................. 7
MTBF estimates for Skybox Appliance ...................................... 9
Front panel .......................................................................... 9
Back panel connectors ......................................................... 11
File system partitions .......................................................... 11
Before you open the box
Inspect the shipping carton to ensure that the packaging has not been damaged
and verify that all tamper evident seals are intact. Verify that the Appliance serial
number, purchase order number, and FedEx tracking number match the
information provided by Skybox Customer Support.
What’s in the box
The following items are included in the shipping carton:
Skybox Appliance
Rack mount kit
Front bezel
2 AC power cords
RJ45 to DB9 serial console cable
Skybox Quick Start Guide
2 DVDs
Skybox: Installs Skybox on the Skybox Appliance; it contains the Skybox
software and additional Appliance documentation
Restore Appliance: Restores the Skybox Appliance to factory settings
Skybox Appliance specifications
Chapter 2 Skybox Appliance specifications
Skybox version 9.0.400 7
Physical specifications
The physical features of Skybox are listed in the following table.
Feature Description
Form factor 1U rack
Rack dimensions
(H x W x D) 1.70” x 17.24” x 27.93” (43.2mm x 438 mm x 709.37
mm)
Weight
System weight: 31.8 lb (14.42 kg)
Packaged weight: 42.4 lb (19.23 kg)
Power supply 750 W redundant AC
Data storage RAID 5
System cooling
6 dual rotor managed system fans
2 power supply fans
Front panel
features
1 power button with integrated LED
1 system ID button with integrated LED
1 system status LED
4 NIC LEDs
1 HDD activity LED
1 system cold reset button
2 USB 2.0 connectors
1 video connector
Bezel with lock support
External I/O
connectors
(back panel)
DB-15 video connectors
RJ45 serial port A connector
3 USB 2.0 Ports
4 RJ-4
5 network interface (LAN) connectors supporting
10/100/1000 Mb
Note: Ports I/O and RMM4 are not supported.
Compliant
standards Ctick, NRTL, CE, FCC, EMC, BSMI, KC, and more
For detailed information, see Regulatory and safety
information (on page 41).
Environmental specifications
Environmental specifications for Skybox are listed in the following table.
Property Limits
Operating
temperature +10°C to +35°C with the maximum rate of change not to
exceed 10°C per hour
Non-operating
temperature -40°C to +70°C
Non-operating
humidity 90%, non-condensing at 35°C
Acoustic noise Sound pressure: 55 dBA (rack mount) in an idle state at
typical office ambient temperature. (23 +/- 2 degrees C)
Sound power: 7.0 dBA in operating conditions at typical
office ambient temperature. (23 +/- 2 degrees C)
Skybox Appliance 6000 Quick Start Guide
Skybox version 9.0.400 8
Property Limits
Shock, operating Half sine, 2 g peak, 11 msec
Shock,
unpackaged Trapezoidal, 25 g, velocity change 136 inches/second
(
40 lbs to <80 lbs)
Shock, packaged Non-palletized free fall height: 24 inches (
40 lbs to <80
lbs)
Vibration,
unpackaged 5 Hz to 500 Hz, 2.20 g RMS random
ESD +/-12 KV except I/O port +/- 8 KV per Intel®
Environmental test specification
System cooling
requirement 2027.7 BTU/hour
EMI operating Required to meet EMI emission requirements, tested as
part of system
Chapter 2 Skybox Appliance specifications
Skybox version 9.0.400 9
MTBF estimates for Skybox Appliance
The estimated mean time between failures (MTBF) and Failures in Time (FIT) for
Skybox Appliance 6000 are listed in the following table.
Subassembly MTBF (hours) FIT (failures/10^9
hours)
Intel® Server Board S2600GZ 196253 5095
Backplane board 935189 1069
750W redundant power supplies
(1+1) 806081 1241
Cooling fans 83131 12029
PCI Riser card 7303481 137
Front panel board 8272282 121
Dedicated NIC module 2869529 348
Total FIT rate 20178
System MTBF hrs @ 40°C 49560
System MTBF hrs @ 35°C 63214
System MTBF hrs @ 25°C 82325
Note: The estimates listed here are for Appliance in 35°C ambient air with a rise
of up to 10°C at the Server Board.
Front panel
Skybox Appliance 6000’s front panel includes 2 USB connectors, plus a power
button and LEDs.
Skybox Appliance 6000 Quick Start Guide
Skybox version 9.0.400 10
Power button and LEDs
Letter Feature
A System ID button with integrated LED
B NMI button (recessed; tool required for use)
C NIC1 activity LED
D NIC3 activity LED
E System cold reset button
F System status LED
G Power button with integrated LED
H Hard drive activity LED
I NIC4 activity LED
J NIC2 activity LED
Front panel LED functions
LED Color/State Description
Power/Sleep
Green/on Power on
Green/blinking Sleep
Off Power off
NIC LEDs
Green/on Network link but no network activity
Green/blinking Network activity
Off No link
System Status
Green/on System ready/no alarm
Green/blinking System ready but degraded:
Redundancy lost (for example, a
power supply or fan failure);
non-critical temperature or voltage
threshold reached; battery failure; or
predictive power supply failure.
Amber/on Critical Alarm: Critical power modules
failure, critical fans failure, voltage
(power supply), critical temperature
and voltage
Amber/blinking Non-Critical Alarm: Redundant fan
failure, redundant power module
failure, non-critical temperature and
voltage
Off Power off: System unplugged
Power on: System powered off and in
standby, no prior
degraded/non-critical/critical state
Chapter 2 Skybox Appliance specifications
Skybox version 9.0.400 11
Back panel connectors
Skybox Appliance 6000’s back panel includes the connectors shown in the
following figure.
PORT MAPPING
The mappings between physical ports on the back panel of Skybox Appliance and
logical ports are listed in the following table.
Back panel
connector Logical port to which it is
mapped
NIC1 eno1
NIC2 eno2
NIC3 eno3
NIC4 eno4
By default:
NIC1 / eno1 is enabled and configured as DHCP
NIC2 / eno2 is enabled and configured as static with the IP address:
192.168.1.1 /24
You can change these values.
File system partitions
Skybox Appliance’s file system is partitioned as follows:
SWAP: 4 GB
/tmp: 5% of the entire space
/: 20% of the entire space
/var: 45% of the entire space
/opt: The rest of the disk
Skybox version 9.0.400 12
Chapter 3
This chapter explains how to set up Skybox Appliance.
In this chapter
Installation ........................................................................ 12
System configuration .......................................................... 13
What’s next ........................................................................ 18
Installation
Before installation
Before installing the rack mount kit, observe these safety guidelines:
1 Turn off all peripheral devices connected to Skybox Appliance.
2 Turn off Skybox Appliance by pressing the Power button on the front of the
chassis, and then unplug the AC power cords from the chassis or wall outlet.
3 Label and disconnect all peripheral cables and all telecommunications lines
connected to I/O connectors or ports on the back of the chassis.
4 Provide electrostatic discharge (ESD) protection by wearing an antistatic wrist
strap attached to a chassis groundany unpainted metal surface—when
handling components.
Required tools and supplies
Phillips (cross head) screwdriver (#1 bit and #2 bit)
(Recommended) Antistatic wrist strap and conductive foam pad
Installation
To install Skybox, refer to the installation instructions included with the rack
mount kit.
STARTING SKYBOX APPLIANCE
To start the Appliance
1 Connect the AC power cords to the AC connectors on Skybox’s back panel and
connect the other ends to a power supply.
Note: You can use Skybox with either a 110 or 220 volt power supply.
Setting up Skybox Appliance
Chapter 3 Setting up Skybox Appliance
Skybox version 9.0.400 13
2 On the Appliance’s front panel, press the Power button.
3 Lock the front bezel in place using the key provided.
System configuration
Before running the Skybox Server, configure Skybox Appliance to be part of your
network and perform initial system configuration.
CONFIGURING CONNECTION
Before using the Skybox Appliance Administration, you must configure
connection of Skybox to your network locally, using any of:
The RMM interface on the Appliance
A console (mouse, keyboard, and screen) connection
A serial port connection
A network connection via static NIC
Note: For a figure of the connectors used in the following procedures, see Back
panel connectors (on page 11).
Configuration via the RMM interface
You can connect to the Appliance via its RMM interface by connecting a network
cable to the RMM port.
The RMM interface is preconfigured with the DHCP server. However, you must
configure Java to work with the RMM.
Configuring Java to work with the RMM
This procedure configures Java security on your computer to recognize the RMM
of the Appliance machine. This enables you to log in to the RMM of the Appliance
machine from your computer.
Skybox Appliance 6000 Quick Start Guide
Skybox version 9.0.400 14
To configure Java security on your Windows machine to work with the
RMM
1 From the Windows Start menu, select Configure Java.
Chapter 3 Setting up Skybox Appliance
Skybox version 9.0.400 15
2 In the Java Control Panel dialog box, click the Security tab.
3 In the Exception Site List field, add the URL for the RMM of the Appliance
machine.
Note: If you do not know the URL of the RMM, you can run the following
command as root user on the Appliance machine: ipmitool lan print 1
Configuring the RMM administrator
You must change the administrator password on the RMM.
To change the RMM administrator password
1 Reboot the Appliance.
2 During the boot process, press F2 to open the BIOS setup.
3 From the menu, select Server Management.
4 Select BMC LAN configuration.
5 Select User Configuration to configure the RMM user.
On the User Configuration page:
a. Click User ID and select an unused user ID to be the RMM user.
b. Configure the user:
Skybox Appliance 6000 Quick Start Guide
Skybox version 9.0.400 16
Privilege: Select Administrator.
User Status: Select Enabled.
User Name: Type the desired name. (Note: The name of the
anonymous user cannot be changed.)
User Password: Type the desired password twice.
6 When you are finished, press F10 to save and exit the configuration.
The Appliance boots with the RMM interface configured with the user that you
provided.
Troubleshooting the RMM IP address
To change the IP address of the RMM
1 Reboot the Appliance.
2 During the boot process, press F2 to open the BIOS setup.
3 From the menu, select Server Management.
4 Select BMC LAN configuration.
When using DHCP: The system assigns the host name of the RMM and the
IP address.
Note that you can configure the host name at the bottom of the page, in
the BMC hostname field.
When using a Static address: Provide the IP address, netmask, and
gateway IP address.
5 When you are finished, press F10 to save and exit the configuration.
The Appliance boots with the RMM interface configured with the user that you
provided.
Configuration via console
To configure connection using a mouse, keyboard, and screen
1 Connect one end of a standard network cable to the NIC 1 (eno1) port on the
Appliance’s back panel; connect the other end of the cable to a network
socket.
2 Connect a mouse, keyboard, and screen to the connectors on the Appliance’s
back panel.
3 Log in to the Appliance using the default user name (root) and the default
password (skyboxview).
4 Run the command: set_appliance_network
This command configures network interfaces with an IP address, netmask,
and default gateway.
a. Select a network interface to configure.
b. Select the IP mode (static or DHCP).
When using static mode, you must provide the IP address, netmask,
and default gateway.
Chapter 3 Setting up Skybox Appliance
Skybox version 9.0.400 17
5 If you are using DHCP, run ifconfig, and write down the IP address
assigned to the Appliance. You will need it later.
Configuration via serial port
To configure connection using a serial port connection
1 Connect one end of the serial cable to a serial port on the management
computer; connect the other end to the serial port on the Appliance.
2 On the management computer start a terminal emulation program, select the
port that you connected to in the previous step, and configure the following
port settings:
Bits per second: 9600
Data bits: 8
Parity: none
Stop bits: 1
Flow control: none
(If using PuTTY as your terminal emulator) Character set translation on
received data: UTF-8
3 Press the Power button on the Appliance’s front panel and verify that the
Power LED turns green.
4 Log in to the Appliance using the default user name (root) and the default
password (skyboxview).
5 Run the command: set_appliance_network
This command configures network interfaces with an IP address, netmask,
and default gateway.
a. Select a network interface to configure.
b. Select the IP mode (static or DHCP).
When using static mode, you must provide the IP address, netmask,
and default gateway.
6 If you are using DHCP, run ifconfig, and write down the IP address
assigned to the Appliance. You will need it later.
Configuration via network port
You can connect to the Appliance via the preconfigured static network port
(eno2), whose IP address is 192.168.1.1 /24.
To configure connection via eno2
1 Configure the IP of the client side to a different IP address on the same
network. For example, 192.168.1.50 /24.
2 In your browser, connect via the IP address for eno2:
https://192.168.1.1:444/
Skybox Appliance 6000 Quick Start Guide
Skybox version 9.0.400 18
SETTING UP THE APPLIANCE FOR CONFIGURATION
To prepare for configuring the system remotely
1 From a different machine on the network, open a browser to connect to the
Skybox Appliance Administration using the following URL, where <appliance
IP address> is the IP address of the Appliance that you configured in
Configuring connection (on page 13):
https://<appliance IP address>:444
2 The default user name is skyboxview; the default password is skyboxview.
The Skybox Appliance Administration main page appears.
FIRST-TIME CONFIGURATION
You must change the passwords and configure the date and time before using
the Skybox Server. All other settings are optional; you can configure them later.
To change the passwords
1 On the Security tab, select Appliance Passwords.
2 To change the root password of the machine, click Change Root Password.
3 To change the Appliance Administration password, click Change Skyboxview
Password.
To configure the date and time
1 On the System tab, select Date and Time Configuration.
2 To configure date and time manually:
a. Select Manual Date and Time Configuration.
b. Click Change Date and Time; set the date and time for Skybox’s time
zone.
c. Click Change Time Zone; set the time zone for the location where the
Appliance is installed, so that reports and other data are timestamped
correctly.
3 To set date and time from a time server:
a. Select Automatic Date and Time Configuration Using NTP Server.
b. Click Change NTP Server; add the IP address or DNS of the time server
to use.
c. Click Change Time Zone; set the time zone for the location where the
Appliance is installed, so that reports and other data are timestamped
correctly.
What’s next
Skybox Manager is the client application that communicates with the Server.
After installing and configuring the Appliance, you must install the Manager on at
least 1 remote machine (see Skybox Manager Installation (on page 31)).
Chapter 3 Setting up Skybox Appliance
Skybox version 9.0.400 19
Using Skybox for change tracking
You can use Skybox to track changes on firewalls. Although much change
information can be collected directly from the firewalls, additional information
(including a timestamp and the user who made the change) is available only
from syslog change events that are sent to the syslog server in the Appliance.
You collect the change events using Change Tracking Events Syslog Import
tasks.
Syslog server
The syslog server in the Appliance is preconfigured and is enabled by default.
Updates to the configuration files of the syslog server and syslog log file rotation
are included (when necessary) as part of Skybox updates.
For information about customizing the syslog server, see Customizing the syslog
server (on page 29).
Skybox version 9.0.400 20
Chapter 4
The following sections explain how to configure the Appliance.
Configuration and management options (Appliance Administration) (on page
20)
Setting up SNMP configuration (on page 24)
RADIUS authentication (on page 24)
LDAP authentication (on page 25)
Changing the TLS version (on page 27)
In this chapter
Configuration and management options ................................. 20
Setting up network interface bonding..................................... 22
Setting up SNMP configuration .............................................. 24
RADIUS authentication ......................................................... 24
LDAP authentication ............................................................ 25
Changing the TLS version ..................................................... 27
Configuration and management options
Skybox Appliance’s configuration options are described in the following table.
Pane Description
About tab
System
Information Provides information about Skybox configuration.
Network tab
Note that changes to the configuration information made in this tab are
only saved after you click Save Network Configuration.
Network
Configuration Enables you to configure network settings (connection
method, IP address, netmask, and gateway) and
bonding for each network interface connection, and to
configure the DNS servers.
Note: For non-virtual Appliances, this pane includes a
link to a figure of the back panel to help you to
understand the connections.
Network
Configuration
Displays a summary of the Appliance configuration
Configuring the Appliance
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47

skybox 6000 Quick start guide

Brand
skybox
Model
6000
Category
Networking
Type
Quick start guide
Download PDF
report

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI

Other documents