RSA EnVision 3.5.x Configuration Guide 50 Series

RSA enVision 3.5.
x
Configuration Guide
50 Series
Revision 1
Copyright 1996 - 2007 RSA Security Inc.

enVision, Enterprise Dashboard, and Internet Protocol Database (IPDB) are trademarks of RSA Security Inc.
LogSmart is a registered trademark of RSA Security Inc.
All other trademarks, service marks, registered trademarks, registered service marks mentioned in this
document are the property of their respective owners.
Information in this document is subject to change without notice. The software described in this document is
furnished under a license agreement or nondisclosure agreement. No part of this publication may be reproduced,
stored in a retrieval system, or transmitted in any form or any means electronic or mechanical, including
photocopying and recording for any purpose other than the purchasers personal use without the written
permission of RSA Security Inc.
RSA Security Inc.
200 Lowder Brook Drive, Suite 2000
Westwood, MA 02090
U.S.A.
781.375.9000
End-User License Agreement

4.
Upgrades. If the Software is an upgrade of a RSA or

Network Intelligence branded product, you may use that
upgraded product only in accordance with this EULA.
5.
Title and Copyright. Except for the rights expressly granted

herein, all right, title and interest in and to the Software and
Documentation shall remain solely with RSA. For purposes of
Section 117 of the Copyright Act of 1976, as amended, and for
all other purposes, RSA shall be considered the owner of the
Software and Documentation and any copies thereof, and of
all copyright, trade secret, patent, trademark and other
intellectual property rights therein. Certain of the Software
products provided hereunder may be owned by one or more
third parties and licensed to RSA (Embedded Software). You
and we intend and agree that Software products provided
hereunder and owned by any third parties are being
sublicensed to you and that such third parties retain
ownership of and title to such products.
6.
You may receive the Software in more than one medium.

Regardless of the type or size of the media you receive, you
may use only that one medium that is appropriate for the
single computer indicated on the order documentation. You
may not use or install the other medium on another computer.
You may not loan, rent, lease, or otherwise transfer the other
medium to another user.
b) Standby: (i) Standby systems are licensed for use as coldstandby deployments only, except as specifically provided in
this sub-paragraph; (ii) In the event the production system
that the Standby system has been purchased with is
unavailable due to failure or maintenance, the Standby system
may be used in a production environment. In no event may
redundant system pairs operate concurrently beyond the use
required due to failure or maintenance. Use of the Standby
system in a production environment shall be subject to the
license restrictions of the production environment it is
replacing.
7.
U.S. Government Restricted Rights. The Software and

Documentation are provided with restricted rights. Use,
duplication, or disclosure by the Government is subject to
restriction as set forth in subparagraph (c)(1)(ii) of the Rights
in Technical Data and Computer Software clause at DFARS
252.227-7013 or subparagraphs (c)(1) and (2) of the
Commercial Computer Software Restricted Rights at 48 CFR
52.227-19, as applicable. Manufacturer is RSA Security, Inc.,
as successor-in-interest by operation of law to Network
Intelligence Corporation, 200 Lowder Brook Dr., Suite 2000,
Westwood, MA 02090.
Other rights and limitations.

You may not Reverse
engineer, decompile, disassemble or otherwise attempt to
derive the source code of the Software. You may not modify,
copy (except as authorized herein), translate or create
derivative works of the Software, or alter, remove or obscure
any copyright, trademark or other proprietary notice or
disclaimer, or any export restriction or similar notice,
contained on the Software or Documentation. You shall
reproduce all such notices on any copy of the Software or
Documentation made in accordance with this EULA. The
Software is licensed as a single product. Its component parts
may not be separated for use on more than one computer.
You shall notify us promptly in writing of any unauthorized
distribution, possession, alteration, transfer, reproduction or
other unauthorized use of the Software or Documentation, or
any improper or wrongful use of our trademarks or trade
names, of which you become aware.
8.
Governing Law and Jurisdiction. This EULA shall be

construed, and the relations of the parties shall be
determined, in accordance with the laws of the
Commonwealth of Massachusetts in the United States, as such
laws apply to contracts between residents of Massachusetts.
Neither the United Nations Treaty for International Sale of
Goods nor the Uniform Computer Information Transactions Act
(UCITA) shall govern this Agreement. If any or all portions
of the Software were acquired outside of the United States,
local laws may apply.
9.
a) Limited Software Warranty. RSA warrants that the

Software, as delivered, will conform in all material respects to
the user documentation for a period of ninety (90) days from
the date of shipment (the Warranty Period).
This End-User License Agreement ("EULA") is entered into between

RSA Security Inc. (RSA, we, "our" or us) and the Customer
(Customer, "you" or your) identified on an accepted sales or
purchase order (Order Agreement) for use of the software listed on
the same and all associated media (collectively, the Software) and
all related printed materials and "online" or electronic documentation
(collectively, the Documentation). You agree to be bound by the
terms of this EULA.
1.
Grant of License. The Software is licensed, not sold, and

the license granted herein is non-exclusive and nontransferable. You may use the purchased quantity of Software
on the single computer that it is purchased with, and you may
make one (1) copy of the Software and Documentation solely
for backup or archival purposes. Additional Software products
available from RSA may have additional provisions pursuant to
the relevant order documentation. You may not rent, lease,
sublicense, assign or otherwise transfer either the Software or
Documentation.
You also may not publicly publish any
performance test results regarding use of the Software.
The following license provisions shall apply for use of the
Software identified in a purchase as Test and/or Standby;
a) Test:
Test systems are licensed for non-production
environments only.
2.
3.
Term and Termination. Unless earlier terminated in

accordance with the provisions set forth herein, the term of
this EULA shall be perpetual. Without prejudice to any other
rights, we may terminate this EULA if you fail to comply with
any of the terms or conditions hereof. Upon termination, you
shall cease using the Software and destroy all copies of the
Software and Documentation in your possession.
b) Hardware Warranty. For hardware products purchased

after January 1, 2007, RSA warrants that the Hardware will be
free from Material Defects in materials and manufacturing
workmanship for a period of ninety (90) days from the date of
shipment (Hardware Warranty Period). RSAs obligations
with respect to the hardware warranty under this section are
subject to the limitations set forth in Section 10 (b) below.
10.
Remedies. a) Software. RSAs sole responsibility under the

limited warranty will be to use reasonable efforts to correct
material reproducible errors in the Software that are reported
to RSA within the Warranty Period or, if any material

reproducible error in the Software cannot be corrected using
commercially reasonable efforts, to refund the license fee paid
by you to us. RSA does not warrant that the Software will be
free of errors, or that all program errors will be corrected.
The foregoing states our entire liability to you, and your
exclusive remedy for, a breach of the limited warranty. If we
determine that any reported problem with the Software for
which you request warranty services is not covered by the
warranty hereunder, you shall pay or reimburse us for all costs
of investigating and responding to such request at our then
prevailing time and materials rates. In no event shall we have
any obligation to make repairs or replacements required, in
whole or in part, as the result of: (i) normal wear and tear; (ii)
accident, disaster, or event of force majeure; (iii) misuse,
fault, or negligence of or by you; (iv) use of the Software in a
manner for which it was not designed; (v) causes external to
the Software; or, (vi) use of the Software in combination with
equipment or software not supplied by RSA, including but not
limited to any operating system software. Any replacement
Software will be warranted for the remainder of the original
warranty period or thirty (30) days from the date of delivery,
whichever is longer. Outside the United States, neither these
remedies nor any support services offered by RSA are
available without proof of purchase from an authorized
reseller.
b) Hardware. A Material Defect is any reported malfunction,
error or other defect in the hardware reported during the
Hardware Warranty Period that can be reproduced by us and
constitutes a material substantial nonconformity from the
Software documentation. We shall have no obligation to
correct a Material Defect or provide other support services if
the Material Defect in the hardware is caused by a malfunction
of hardware or software not supplied by us, modification of
the hardware not made by or authorized by us, operator error,
use of the hardware in a manner not in accordance with the
hardware documentation, or use of the hardware does not
include all updates available from RSA. Notwithstanding
anything to the contrary contained herein, we do not in any
event warrant or represent that all Material Defects in the
hardware, can or will be corrected. If a material defect is
identified in the hardware during the maintenance period
covering the hardware, we shall use commercially reasonable
efforts to provide one of the following at our sole discretion:
(1) an electronic remedy; (2) spare part replacement; or, (3)
Advance Replacement of Hardware as defined in the Software
and Hardware Maintenance Agreement.
11. No Other
PERMITTED
Warranties. TO THE MAXIMUM EXTENT

BY
APPLICABLE
LAW,
THE
EXPRESS
WARRANTIES SET FORTH HEREIN ARE THE ONLY

WARRANTIES GIVEN BY RSA WITH RESPECT TO THE
SOFTWARE FURNISHED HEREUNDER.
RSA MAKES NO
OTHER WARRANTIES, EXPRESS, IMPLIED OR ARISING BY
CUSTOM OR TRADE USAGE, AND SPECIFICALLY MAKES NO
WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY
PARTICULAR PURPOSE. SAID EXPRESS WARRANTIES SHALL
NOT BE ENLARGED OR OTHERWISE AFFECTED BY RSAS
RENDERING OF TECHNICAL OR OTHER ADVICE OR SERVICE
IN CONNECTION WITH THE PRODUCTS.
12. Limitation of Liability. RSAS LIABILITY IN CONTRACT,
TORT, OR OTHERWISE ARISING OUT OF OR IN CONNECTION
WITH ANY PRODUCTS, OR ANY OUTPUT OF ANY PRODUCTS
OR ANY SALES OR LICENSE AGREEMENT WITH YOU SHALL
NOT EXCEED THE AMOUNT PAID BY YOU TO RSA FOR
PRODUCTS. IN NO EVENT SHALL RSA BE LIABLE FOR ANY
SPECIAL, INCIDENTAL, TORT, OR CONSEQUENTIAL
DAMAGES (INCLUDING ANY DAMAGES RESULTING FROM
LOSS OF USE, LOSS OF DATA, LOSS OF PROFITS OR LOSS OF
BUSINESS) ARISING OUT OF OR IN CONNECTION WITH THE
PERFORMANCE OF THE PRODUCTS OR RSAS PERFORMANCE
OF SERVICES, EVEN IF RSA HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
13. Confidentiality.
You agree to hold the Software and
Documentation in strict confidence and not to disclose or
make available the same in any form to any third party unless
required by law.
14. Entire Agreement.
This EULA constitutes the entire
agreement between the parties regarding the subject hereof
and supersedes all prior or contemporaneous agreements,
understandings, and communications, whether written or
oral. This EULA may only be amended by you with a written
document signed by both parties. The terms on any Order
Agreement or similar document will have no effect.
15. Miscellaneous. You may not delegate any duties nor assign
any rights hereunder without our prior written consent and
any such attempted delegation or assignment shall be deemed
void absent our consent. In the event that any provision
contained herein shall be held by a court of competent
jurisdiction to be invalid, illegal, or unenforceable in any
respect, the validity, legality, and enforceability of the
remaining provisions contained herein shall not in any way be
affected or impaired thereby. The failure by either party to
enforce, or the waiver by either party of a breach of any
provision contained herein shall not constitute a waiver of any
other breach or of such provision.
Software and Hardware Maintenance Agreement

This Software and Hardware Maintenance Agreement (SHMA) is
entered into between RSA Security Inc. (RSA, we, "our" or us)
and the Customer (Customer, "you" or your) identified on an
accepted sales or purchase order (Order Agreement) for
maintenance. Subject to the terms and conditions of this SHMA and
payment of the appropriate fees, we agree to provide certain
technical support services (Support Services) to you.
This
Agreement provides maintenance and support on both the Software
and hardware products.
1.
following at our sole discretion: (1) an existing or new

correction; and, (2) a viable work around or plan for
correction of the Material Defect.
e)
2.
Support Services.
a) Support Access. Qualified personnel will: (1) Aid in the
diagnosis of, and correct, Material Defects in the Software
and hardware (as defined below); and, (2) Provide advice
through selected examples on how to use the Software
and hardware by way of phone, e-mail, and web-based
technical assistance.
We will provide such reasonable
support for unaltered versions of the Products. The
number for telephone support is (781) 375-9000, or such
other number or numbers as we shall advise you of from
time to time. All support hours are U.S. Eastern Time and
shall be determined by your purchased Coverage level.
Standard and Extended Coverage hours shall be subject to
change by RSA upon written notice and exclude holidays
that RSA is not open for business. Partial coverage of a
Customers Software and/or hardware is not permitted.
i)
ii)
b)
c)
d)
Standard Coverage: Monday through Friday, 8:30

a.m. 5:30 p.m., local customer time.
Premium Coverage: Twenty-four (24) hours a day,
seven (7) days a week.
Software Updates. We shall make available all bug fixes,

updates, and enhancements to the Software that we in
our sole discretion: (1) deem to be logical improvements
to the Software; (2) make generally available to licensees
of the Software; and, (3) do not separately price or
market.
RSA shall also provide all core appliance
operating system upgrades provided that the Customer
has a current support agreement. This does not include
additional software or operating system variants that are
required for optional capabilities. The application of a new
operating system may require that Customer reimages the
hardware appliance so that the updates apply properly.
Application of any operating system other than that
provided by RSA shall void Customers appliance warranty.
Material Defect.
A Material Defect is any reported
malfunction, error or other defect in the Software that can
be reproduced by us and constitutes a material substantial
nonconformity from the Software documentation. We
shall have no obligation to correct a Material Defect or
provide other support services if the Material Defect in the
Software is caused by a malfunction of hardware or
software not supplied by us, modification of the Software
not made by or authorized by us, operator error, use of
the Software in a manner not in accordance with the
Software documentation, or use of the Software does not
include all updates available from RSA or a Material Defect
is due to the installation of third-party software not
provided by or approved by RSA.
Notwithstanding
anything to the contrary contained herein, we do not in
any event warrant or represent that all Material Defects,
whether in Software or hardware, can or will be corrected.
Response Process for Material Defects. If a Material
Defect is identified in the Software, we shall use
commercially reasonable efforts to provide one of the
Knowledge Base. You shall have access to the RSA on-line

help Customer Care knowledge base.
Hardware Support Services.

a)
Material Defect. If a material defect is identified in the

hardware during the maintenance period covering the
Hardware, we shall use commercially reasonable efforts to
provide one of the following at our sole discretion: (1) an
electronic remedy; (2) spare part replacement; or, (3)
Advance Replacement of Hardware.
b)
Advance Replacement. Solely on the approval of a RSA

customer care representative and subject to the RSA
Return Material Authorization (RMA) procedures, we
shall use commercially reasonable efforts to Advance
Replace a defective hardware component.
Advance
Replacement shall mean to ship a replacement hardware
component to you prior to the defective hardware
component being returned to us for repair. Any hardware
shipped under the RMA provisions shall have the same
licensed capacity as the original Products but may be an
upgraded model of the hardware.
3.
Obligations of Customer.
a)
Cooperation. During the term of this SHMA, you agree to:

Notify us immediately upon discovery of any Material
Defect in the Product; Properly back-up the Product;
Maintain an electronic mail link-up with us via the
Internet; Provide access (electronic or physical) to your
system containing the Product at no cost if such is
required to provide the Support Services, including but not
limited to, the necessary computer time and related
support services required by us; and, Provide any other
reasonable supporting data and assistance to aid in the
identification and correction of Material Defects.
b)
Designated Contact. You shall designate a contact person

from your organization (which may be changed by notice
to us, the "Designated Contact") to be the sole contact
between you and us for the coordination and receipt of
the Support Services. The Designated Contact shall be
knowledgeable of the operation of your system containing
the Product and your use of the Product. The Designated
Contact shall be trained on the proper use of the Product.
c)
End-User License Agreement. During the term of this

SHMA, you will maintain in effect the End-User License
Agreement for each Software Product you have
purchased.
If the End-User License Agreement is
terminated for any reason, this SHMA will terminate
concurrently therewith.
d)
Intellectual Property Rights. We and you agree that

ownership and use of any and all Software Products and
any related confidential information, documentation or
other materials provided hereunder, including without
limitation any and all updates and upgrades to Software
Products subsequently provided to you, shall be governed
by the End-User License Agreement.
4.
WARRANTIES SHALL NOT BE ENLARGED OR

OTHERWISE AFFECTED BY RSAS RENDERING OF
TECHNICAL OR OTHER ADVICE OR SERVICE IN
CONNECTION WITH THE PRODUCT.
Fees, Term and Termination for Software and Hardware

Maintenance.
a) Initial Term. The Initial Term of this Agreement,
covering
the combined Software and hardware
maintenance and support, is twelve (12) months (or such
longer period if indicated and purchased via an Order
Agreement) and shall commence on the first day the
Product is registered with RSA, or thirty (30) days from the
date of purchase, whichever occurs first.
b) Renewal Term. Your current Maintenance Support shall
automatically renew in annual terms (Renewal Terms).
The fee for the Renewal Term shall be provided to you
with no less than thirty (30) days notice prior to the
commencement of the new term. You may discontinue
Support Services in Renewal Terms by providing written
notice terminating this SHMA prior to the effective date of
the Renewal Term. Hardware warranty expiration dates,
for hardware purchased prior to January 1, 2007, shall be
the later of the date originally granted by the initial
hardware purchase from RSA (or Network Intelligence) or
the termination date of the then current year of Software
maintenance under this Agreement.
c) Reinstatement Fees for Lapsed Maintenance Support.
If you choose to allow this SHMA to lapse, you may at a
later time elect to reinstate this SHMA and receive the
Support Services in exchange for the applicable fees.
Reinstatement shall become effective upon payment of
the following: (i) the then current annual Maintenance
Support Fee for the Renewal Term, and (iii) the prorated
SHMA Fee allocable to the lapsed period from the
effective date of termination to the effective date of
reinstatement of this SHMA.
d) Termination. In addition to any termination pursuant
to the provisions of clause (b) above, this SHMA may
further be terminated: by either party in the event the
other party materially breaches a provision of this SHMA
and the breaching party fails to cure such breach within
thirty (30) days after notice of such breach from the nonbreaching party; provided, however, that this SHMA may
not be terminated if such breach cannot be cured within
such thirty (30)-day period and the breaching party takes
steps within such thirty (30) day period to cure the
breach and thereafter cures such breach as soon as
practicable.
5.
c)
Limitation of Liability.
RSAS LIABILITY IN
CONTRACT, TORT, OR OTHERWISE ARISING OUT
OF OR IN CONNECTION WITH ANY SERVICES,
PRODUCTS, OR ANY OUTPUT OF ANY PRODUCTS
OR ANY SALES OR LICENSE AGREEMENT WITH
YOU SHALL NOT EXCEED THE AMOUNT PAID BY
YOU TO RSA IN MAINTENANCE SUPPORT FEES FOR
THE PRIOR TWELVE (12) MONTH PERIOD. IN NO
EVENT SHALL RSA BE LIABLE FOR ANY SPECIAL,
INCIDENTAL,
TORT,
OR
CONSEQUENTIAL
DAMAGES (INCLUDING ANY DAMAGES RESULTING
FROM LOSS OF USE, LOSS OF DATA, LOSS OF
PROFITS OR LOSS OF BUSINESS) ARISING OUT OF
OR IN CONNECTION WITH THE PERFORMANCE OF
THE PRODUCTS OR RSAS PERFORMANCE OF
SERVICES, EVEN IF RSA HAS BEEN ADVISED OF
THE POSSIBILITY OF SUCH DAMAGES.
6.
Force Majeure. In the event that either party is prevented

from performing any of its non-monetary obligations under
this SHMA due to any cause beyond its reasonable control, the
affected party's performance shall be excused and the time for
performance shall be extended for the period of delay due to
such occurrence.
7.
Governing Law and Jurisdiction. This SHMA shall be

construed, and the relations of the parties shall be
determined, in accordance with the laws of the
Commonwealth of Massachusetts in the United States, as such
laws apply to contracts between residents of Massachusetts.
Neither the United Nations Treaty for International Sale of
Goods nor the Uniform Computer Information Transactions Act
(UCITA) shall govern this Agreement. All disputes arising
under this Agreement shall be brought in the District Court of
the Commonwealth of Massachusetts in Middlesex County or
the Federal District Court of Eastern Massachusetts as
permitted by law.
8.
Entire Agreement.
This SHMA constitutes the entire
agreement between the parties regarding the subject hereof
and supersedes all prior or contemporaneous agreements,
understandings, and communications, whether written or
oral. This SHMA may only be amended by you with a written
document signed by both parties. The terms on any Order
Agreement or similar document will have no effect.
9.
Miscellaneous. You may not delegate any duties nor assign

any rights hereunder without our prior written consent and
any such attempted delegation or assignment shall be deemed
void absent consent from us. In the event that any provision
contained herein shall be held by a court of competent
jurisdiction to be invalid, illegal, or unenforceable in any
respect, the validity, legality, and enforceability of the
remaining provisions contained herein shall not in any way be
affected or impaired thereby. The failure by either party to
enforce, or the waiver by either party of a breach of any
provision contained herein shall not constitute a waiver of any
other breach or of such provision.
Limited Warranty and Limitation of Liability.

a)
b)
Standard of Care. We warrant that the Support

Services will be provided in a professional manner.
No Other Warranties. TO THE MAXIMUM EXTENT
PERMITTED BY APPLICABLE LAW, THE EXPRESS
WARRANTIES SET FORTH HEREIN ARE THE ONLY
WARRANTIES GIVEN BY RSA WITH RESPECT TO
THE SERVICES FURNISHED HEREUNDER.
RSA
MAKES NO OTHER WARRANTIES, EXPRESS,
IMPLIED OR ARISING BY CUSTOM OR TRADE
USAGE, AND SPECIFICALLY MAKES NO WARRANTY
OF MERCHANTABILITY OR FITNESS FOR ANY
PARTICULAR
PURPOSE.
SAID
EXPRESS
Table of Contents
Table Of Contents
Chapter 1. Introduction
Site Deployment....................................................................................................... 1-2
Chapter 2. Single Appliance Site

Configuration Tasks ................................................................................................. 2-2
Planning Worksheet ................................................................................................. 2-3
Name the Site.................................................................................................... 2-3
IP Address......................................................................................................... 2-4
DNS Servers...................................................................................................... 2-5
Time .................................................................................................................. 2-6
External IP Address .......................................................................................... 2-7
Chapter 3. Multiple Appliance Site

Appliance Types....................................................................................................... 3-2
Appliance Types in a NIC Domain ................................................................... 3-3
Site Access in the NIC Domain ........................................................................ 3-4
Configuration Tasks ................................................................................................. 3-5
Planning Worksheet ................................................................................................. 3-7
NIC Domain...................................................................................................... 3-7
Site .................................................................................................................... 3-8
Time ................................................................................................................ 3-11
Site to Site Connection........................................................................................... 3-12
Data Server (D-SRV) External IP Address ............................................................ 3-12
RSA enVision Configuration Guide - 50 Series
vii
Chapter 4. Remote Collector Site

Configuration Tasks .................................................................................................4-2
Configure the FTP Server on the D-SRV
(Only for v3.3.6 Forwarding to a v3.5.0 D-SRV) ............................................4-4
Verify the RC Configuration ............................................................................4-5
Configure the Data Forwarding Task ...............................................................4-6
Test the Configuration......................................................................................4-7
Planning Worksheet .................................................................................................4-8
Name the Site ....................................................................................................4-8
Identify Appliances In the Site..........................................................................4-9
DNS Servers....................................................................................................4-10
Time ................................................................................................................4-11
Site to Site Connection....................................................................................4-12
Data Server (D-SRV) External IP Address .....................................................4-12
Chapter 5. Next Steps

Set Up enVision .......................................................................................................5-1
Log In to enVision....................................................................................................5-3
Minimum Local Access Requirements.....................................................................5-4
Log Out ....................................................................................................................5-5
viii
Preface
Preface
This guide contains information on configuring your RSA enVision site and setting up the enVision
processing options.
Audience
The Configuration Guide is for new users who need to configure an enVision site.
Documentation Set
The enVision documentation set consists of the following:
Documentation
Description
Hardware Guide
Instructions on setting up your RSA enVision appliances. Intended

audience is the system administrator.
Configuration Guide
Instructions on configuring your RSA enVision site. Intended

audience is the system administrator.
Migration Guide
Instructions on migrating your data from a previous version of

RSA enVision to the current version.
Online Help
Comprehensive guide to planning, setting up and using RSA

enVision.
ix
Preface
Conventions
This guide uses the following conventions:
Item
Formatting
Literal values (values that the user

must type)
Bold font.
Fields, buttons, menu items, and so

forth
Bold font. (Note: Screen names are not bold.)
Keys (on the keyboard)
Example: Type New Report.
Example: Type New Report in the Description field on the Report

Setup window.
Bold font.
Example: Press Enter.
Preface
Contact RSA
Contact RSA at:
200 Lowder Brook Drive
Suite 2000
Westwood, MA 02090
U.S.A.
Telephone: 781.375.9000
Fax: 781.375.9100
World Wide Web: http://www.rsa.com/node.aspx?id=3170
Sales
You can purchase enVision directly from our dedicated team of sales professionals or through our
North American and international resellers. Call us at 781.375.9000 or send us an email at
sales@network-intelligence.com.
Technical Support
Technical support is available during business hours via telephone at 800.995.5095 (Option #4 from
the menu).
You can also send email to the support team at support@network-intelligence.com.
Go to http://www.rsa.com/node.aspx?id=3170 and log into Customer Care to:
review the Support Knowledge Base for troubleshooting, tips, FAQs, and so forth.
download all product documentation.
Revision Tracker
Revision
Number
Date
Revision
3/17/08
Added step telling VAM users to download latest Content Update after
completing installation for both Single and Multiple Appliance Sites.
xi
Preface
xii
1. Introduction
1. Introduction
RSA enVision is a feature-rich compliance and security application. It allows you to automatically
capture and analyze log information from your network, security, application, operating and storage
environments. RSA Security Inc.'s LogSmart Internet Protocol Database (IPDB) provides the only
architecture proven to automatically collect and protect all the data, from any network device, without
filtering or agents. It gives you a true picture of how your network is being used, and by whom. It
independently monitors your network to verify security policies, to generate alerts for possible
compliance breaches, and to analyze and report on network performance.
enVision is tightly coupled with the underlying appliance operating system and hardware, and together
they comprise a highly scalable platform that provides guaranteed levels of performance, plus the
ability to grow over time.
enVision is made up of three components:
Application - supports interactive users and runs the suite of analysis tools.
Collector - captures incoming events.
Database - manages access and retrieval of captured events.
1-1
1. Introduction
Site Deployment
enVision is deployed on a site basis. The enVision components are deployed based on the type of site
you have. There are two types of sites:
Single Appliance Site

The EX and HA series appliances are designed to operate in a stand-alone, non-distributed
mode. They have all three enVision components - Application, Collector, and Database installed on one appliance. The single appliance is a site.
See Chapter 2, Single Appliance Site, for information on a single appliance site.
Multiple Appliance Site

The LS series appliances are designed to operate in a distributed installation. Each enVision
component - Application, Collector, and Database - is on its own appliance. The appliances
together form a site. Distributed multiple appliance sites allow multiple installations of any of
the three appliance types to be deployed to manage the variety of network infrastructures
found in production environments.
See Chapter 3, Multiple Appliance Site, for information on a multiple appliance site.
Multiple appliance sites can host a Remote Collector site. See Chapter 4, Remote Collector
Site, for information on associating a Remote Collector site with a multiple appliance site.
Please do not make any updates to your Microsoft Windows environment (e.g., change the
name of LAN interface, add IP addresses) prior to installing enVision.
1-2
2. Single Appliance Site

The EX and HA series appliances are designed to operate in a stand-alone, non-distributed mode. They
have all three enVision components - Application, Collector, and Database - installed on one
appliance. The single appliance is a site.
After the hardware is set up, you must configure the enVision site. See the Hardware Guide for
complete instructions on setting up the hardware.
2-1
Configuration Tasks
Here are the configuration tasks for a single appliance site:
Task
Activity
Complete the enVision Configuration Wizard Planning Worksheet - Single Appliance Site in this
chapter.
Connect the power cords to the appliance and plug them in. The appliance is now on.
Note: There are two power cords for each appliance. Attach the cords to separate power sources, to
ensure a consistent power supply.
Connect to the appliance using a KVM switch.

The Configuration Wizard starts automatically.
Complete the enVision Configuration Wizard as follows:

a.
Complete each window in the wizard.

You can click Back to scroll back through the windows in the wizard to review or change
information.
You can click Cancel to cancel the configuration process. If you click Cancel at any time
while using the wizard, you must restart the wizard to configure your site. To restart the
wizard, double-click the lsconfiguration.exe file in the enVision\bin directory.
Prior to completing the configuration process, the wizard displays the Review Page
window.
b.
Make sure that everything is correct on the Review Page. If the review page is:
Correct, click Finish.
Not correct, click Cancel and check your hardware setup.
As the part of the configuration process, the wizard displays the enVision Configuration Wizard Log
window. The log shows the steps the system is performing to configure the site. The system restarts
several times while completing the setup.
The setup process takes approximately 30 minutes to complete.
The appliance restarts automatically when the site configuration process is complete.
c.
If users use the VAM (Vulnerabilities Asset Management) feature, download the most
recent Content Update (https://knowledge.rsasecurity.com/tDownloadstAll
DownloadstRSA enVisiontContent Updates) and install it immediately.
After the site configuration is complete, you must set up the processing options in enVision. See
Chapter 5, Next Steps, for more information.
You cannot change any of the site configuration options after the wizard is finished.
Complete the enVision Configuration Wizard Planning Worksheet - Single Appliance
Site in this chapter prior to starting the wizard.
2-2
enVision Configuration Wizard Planning Worksheet

Single Appliance Site
Name the Site
Site Name
A valid site name is a unique 2 to 11 alphanumeric character string. The site name must not be the
same as:
any other enVision site name.
any existing Windows domain name.
the NetBIOS name for a Windows domain. (The NetBIOS name for a Windows domain is the
name preceding the dot). For example if your Windows domain name is
MyDomainName.com, then the NetBIOS name for this Windows domain would be
MyDomainName; it would then be wrong to install an enVision site with the name
MyDomainName.
Selecting the site name is extremely important. Once you name the site you cannot change the name.
The site name is used in the following names:
Node name for the appliance. For example, for an HA series appliance site, if your site name
is Seattle, the HA appliance node name is Seattle-HA.
NIC Windows domain name created for your site. The site name also becomes the name of
the Windows domain created for your site, sitename.nic. For example, if your site name is
Seattle, the Windows domain for the site is Seattle.nic.
2-3
IP Address
There are default addresses for the appliance:
LAN IP address - used to access the appliance on the LAN.
Subnet mask used to determine to which subnet an IP address belongs.
Gateway address identifies the computer that routes the traffic to the outside network.
You can override the default values during configuration. If you choose to override the default values,
write the new values in the table.
Default
2-4
LAN IP Address
192.168.1.155
Subnet Mask
255.255.255.0
Gateway Address
192.168.1.1
Override Value
DNS Servers
Identify the primary and secondary DNS servers on your network and options for the servers. enVision
uses the DNS servers to resolve IP addresses found in events for reporting and alerting.
DNS Server
IP Address
Primary
Secondary
Identify processing options for the DNS Servers.

Field
Description
Option
Do Not Use Recursion
Select this check box to indicate that the

DNS server uses forwarders exclusively
to resolve queries on behalf of its DNS
clients. If the process using forwarders for
resolution fails to resolve a query, the
system returns a failure message.
Do not Use Recursion
Forwarding Timeout
Type the number of seconds that the DNS

server continues to attempt to contact and
use a listed forwarder. When the timeout
expires, DNS moves to the next forwarder
on the list and repeats the process. The
default value is 5.
_____ seconds
2-5
Time
Network Time Protocol (NTP)
Identify a server to which enVision will synchronize its time.
Known NTP time servers, such as atomic clocks, are outside your network and may be a
security issue. RSA Security Inc. assumes no risk to your network if you choose to use a
known NTP server.
Note: The enVision Configuration Wizard allows you to use the Windows Date and Time Properties
window to update your date and time directly from the wizard.
Select
NTP Servers
tock.usno.navy.mil
ntp2.usno.navy.mil
tock.usno.navy.mil
tick.usno.navy.mil
navobs1.oar.net
ntp0.mcs.anl.gov
navobs1.wustl.edu
tick.usnogps.navy.mil
tock.usnogps.navy.mil
tick.ucla.edu
bigben.cac.washington.edu
ntp.alaska.edu
tick.mhpcc.hpc.mil
Custom:
Local Site Time

Identify the time zone in which your site is located.
Time Zone
(While running the configuration wizard, you must confirm the current date and time in your selected
time zone.)
2-6
External IP Address
Indicate whether this site uses an external address.
This site uses an external IP address and port number.
Data Server LAN IP Address

(internal IP address)
Data Server LAN Port Number
(internal port number)
Data Server External IP Address
Data Server External Port Number
2-7
3. Multiple Appliance Site

The LS series appliances are designed to operate in a distributed installation. Each enVision
component - Application, Collector, and Database - is on its own appliance. The appliances together
form a site. Distributed multiple appliance sites allow multiple installations of any of the three
appliance types to be deployed to manage the variety of network infrastructures found in production
environments.
3-1
Appliance Types
Here are the appliance types used in a multiple appliance site:
Component
Appliance
Type
Description
Each site has...
Database server
D-SRV
Manages access and retrieval

of captured events.
Application server
A-SRV1
Supports interactive users.
Up to 3
A-SRV2
Runs the suite of analysis

tools.
You may want multiple A-SRVs

so that you can separate the
alerting processes from the
reporting processes.
A-SRV3
Note: If you have 3

A-SRVs, you can only have up to
2 LCs.
Collector (Local
Collector)
LC1
LC2
LC3
Captures incoming events

locally.
Up to 3
(Minimally each site has 1 LC.)
Note: If you have 3 LCs, you can
only have up to 2 A-SRVs.
Each site can optionally host up to 16 Remote Collector (RC) server appliances; each RC is
considered a site. RCs capture incoming events remotely. Remote collectors have store-and-forward
technology that allows user-selectable critical events to be processed in real-time, while non-critical
events are compressed, encrypted, and locally cached until they can be forwarded to the master
enVision site (by the NIC Forwarder Service) for historical analysis as available WAN bandwidth
allows. (The Administrator sets up the remote collector's Forwarder parameters on the Modify
Collector Service window in enVision.) See Chapter 5, Remote Collector Site, for information on
configuring RCs.
Note: The total events per second (EPS) for all Collectors per site (per D-SRV) cannot exceed 30,000
EPS.
Here is an example of a multiple appliance site with one D-SRV, one A-SRV and three LCs.
3-2
Appliance Types in a NIC Domain

A group of multiple appliance sites is referred to as a NIC Domain.
You can deploy up to ten D-SRVs in a NIC domain.
The NIC domain is set up in a specific topology with one site acting as the master site. Data flow and
configuration information are based on your NIC domain topology.
You set up the NIC domain during installation, using the enVision Configuration Wizard.
In the following example, the NIC domain consists of six sites:
Site 1 acts as the master site.
Sites 3 and 4 are remote sites associated with Site 2.
Site 6 is a remote site associated with Site 5.
3-3
Site Access in the NIC Domain

You can access and maintain data globally across all sites in the NIC Domain.
The exceptions are these site-specific items that only have meaning to the site where they were
configured:
3-4
Directories.
Module/tool settings that you set for:
System Performance tool - display options.
Query tool - process options and storage directory for saved queries.
Reports module - storage directory and format for saved report results.
Executive Dashboard - item settings. (Note: Permissions for the items are set
globally.)
Custom reports that you added.
Scheduled reports (can only be scheduled to run on the site where they were configured).
Custom queries that you added.
Configuration Tasks
See the Hardware Guide for information on the appliances. After the hardware is set up, you must
configure the enVision site. Here are the configuration tasks for a multiple appliance site:
Task
Activity
Complete the enVision Configuration Wizard Planning Worksheet - Multiple Appliance Site in
this chapter.
Connect the power cords to the appliances and plug them in.
The appliances are now on.
Connect to the D-SRV appliance using a KVM switch.

The enVision Configuration Wizard starts automatically.

a.

information.
wizard, double-click the lsconfigurationwizard.exe file in the enVision\bin directory.
window.
b.
Make sure that everything is correct on the Review Page. If the Review Page is:
Not correct, click Cancel and check your hardware setup.)
As the last part of the configuration process, the wizard displays the enVision Configuration Wizard
Log window. The log shows the steps the system is performing to configure the site. The system
restarts several times while completing the setup.
The appliances restart automatically when the site configuration process is complete.
3-5
Install and start the NIC App Server service:
a.
Make sure that you have completed the enVision 3.5.0 installation.
b.
Run the appserver_install.bat batch script in the nic\3500\servername\bin\ folder providing

the external LAN IP address of the A-SRV machine as an input parameter to the batch script.
For example:
E:\nic\3500\servername\bin\ appserver_install.bat a-srv-ip_address
This batch program installs and starts the NIC App Server windows service on your A-SRV
and adds it to the list of services in the Manage Services window in enVision.
There can be only one instance of the NIC App Server running in a given enVision domain.
Even if you have only one A-SRV, you must run the appserver_install.bat batch program to
install and start the NIC App Server service.
c.
If users use the VAM (Vulnerabilities Asset Management) feature, download the most recent
Content Update (https://knowledge.rsasecurity.com/tDownloadstAll DownloadstRSA
enVisiontContent Updates) and install it immediately.
Next Steps: If there is a Remote Collector (RC) associated with this site, go to Chapter 4, Remote
Collector Site, for information on configuring the remote site.
If you have a multiple site domain, repeat the tasks in this chapter to configure the remaining sites.
After the site configuration is complete, you must set up the processing options in enVision. See
Chapter 5, Next Steps, for more information.
You cannot change any of the site configuration options after the wizard is finished.
Complete the enVision Configuration Wizard Planning Worksheet - Multiple
Appliance Site in this chapter prior to starting the wizard.
3-6

Multiple Appliance Site
Complete this worksheet to assist in setting up and configuring your NIC Domain and sites. The
worksheet consists of two sections:
NIC Domain. Complete this section for your NIC domain.
Site. Complete this section for each site in your NIC Domain. (Make a copy of the worksheet,
so that you can complete a worksheet for each site.) If you are configuring a remote collector
for a multiple site appliance, complete the Remote Collector worksheet for each remote
collector.
NIC Domain
Draw a topology diagram of your NIC Domain. Label the Master Site of the NIC Domain. Label each
site with a site name to identify it for additional planning purposes.
3-7
Site
Complete this section of the worksheet for each site in the NIC Domain.
Name the Site

Site Name
same as:
MyDomainName.
3-8
Node name for each of the appliances in the site. For example, if your site name is Boston,
the Database server appliance node name is Boston-DS1.
Boston, the Windows domain for the site is Boston.nic.
Identify Appliances in the Site

There are default addresses for each appliance in the site:
Subnet mask - used to determine to which subnet an IP address belongs.
Gateway address - identifies the computer that routes the traffic to the outside network.
Select each appliance type in your site. If you choose to override the default values, write the new
values in the table.
Select
Appliance
Type
IP Address
Subnet Mask
Gateway Address
D-SRV
192.168.1.160
255.255.255.0
192.168.1.1
A-SRV1
192.168.1.156
255.255.255.0
192.168.1.1
A-SRV2
192.168.1.161
255.255.255.0
192.168.1.1
A-SRV3
192.168.1.162
255.255.255.0
192.168.1.1
LC1
192.168.1.157
255.255.255.0
192.168.1.1
LC2
192.168.1.158
255.255.255.0
192.168.1.1
LC3
192.168.1.159
255.255.255.0
192.168.1.1
If you have remote collectors associate with this site, complete the enVision Configuration Wizard
Planning Worksheet Remote Collector Site.
3-9
DNS Servers
DNS Server
IP Address
Primary
Secondary
3-10
Field
Description
Option

resolution fails to resolve a query, a
failure message is returned.
Forwarding Timeout

default value is 5.
_____ seconds
Time
known NTP server.
Select
NTP Servers
tock.usno.navy.mil
ntp2.usno.navy.mil
tock.usno.navy.mil
tick.usno.navy.mil
navobs1.oar.net
ntp0.mcs.anl.gov
navobs1.wustl.edu
tick.ucla.edu
ntp.alaska.edu
tick.mhpcc.hpc.mil
Custom:
Local Site Time

Time Zone
time zone.)
3-11
Site to Site Connection

If this site isnt the master site in the NIC Domain, identify the master site the site to which this site
is connected.
This site is connected to another site in the NIC Domain.
Master Site Data Server (D-SRV) IP Address

(external IP address)
Master Site Name
Data Server (D-SRV) External IP Address

Indicate whether this sites database server (D-SRV) requires an external address and port number.
This sites data server (D-SRV) uses an external IP address and port number.

3-12
4. Remote Collector Site
Chapter 4. Remote Collector Site

(Multiple Appliance Site)
Each multiple appliance site can optionally host up to 16 Remote Collector (RC) server appliances;
each RC is considered a site. RCs capture incoming events remotely. Remote collectors have storeand-forward technology that allows user-selectable critical events to be processed in real-time, while
non-critical events are compressed, encrypted, and locally cached until they can be forwarded to the
master site (by the NIC Forwarder Service) for historical analysis as available WAN bandwidth allows.
(The Administrator sets up the remote collector's Forwarder parameters on the Modify Collector
Service window in enVision.)
The RCs use the LS series appliances. See the Hardware Guide for the specifications for the LS series
appliances. See the section Appliance Types in a NIC Domain in Chapter 3, Multiple Appliance Site,
for an example of an RC associated with a site.
Note: The total events per second (EPS) for all Collectors per site (per D-SRV) cannot exceed 30,000
EPS.
The site with which the RC is associated must have been configured and must be up and
running before you configure the RC.
4-1
Configuration Tasks
After your multiple appliance site is configured, you can configure the remote sites associated with it.
See the Hardware Guide for information on setting up the hardware.
Here are the configuration tasks to configure an RC site (associated with a multiple appliance site):
Task
1
Activity
Install the Remote Collector hardware. (See the Hardware Guide for information on multiple
appliance sites, remote sites, and the hardware layout.)
a.
Install the Remote Collector in the rack.
b.
Insert the Network Connection cable into the network interface labeled LAN.
Complete the enVision Configuration Wizard Planning Worksheet Remote Collector Site in
this chapter.
Connect the power cords to the appliance and plug them in.
The appliance is now on.
Connect to the RC appliance using a KVM switch.

The enVision Configuration Wizard starts automatically.

a.

information.
wizard, double-click the lsconfigurationwizard.exe file in the enVision\bin directory.
window.
b.
Make sure that everything is correct on the Review Page. If the Review Page is:
Not correct, click Cancel and check your hardware setup.
As the last part of the configuration process, the wizard displays the enVision Configuration Wizard
Log window. The log shows the steps the system is performing to configure the site. The system
restarts several times while completing the setup.
The appliance restarts automatically when the site configuration process is complete.
4-2
Configure the FTP server on the host sites D-SRV. (See the Configure the FTP Server on the D-SRV
section later in this chapter for complete instructions.)
Verify the RC configuration on the host sites A-SRV. (See the Verify the RC Configuration section
later in this chapter for complete instructions.)
Task
Activity
Configure the data forwarding scheduled task on the host sites A-SRV. (See the Configure the Data
Forwarding Task section later in this chapter for complete instructions.)
Test the configuration. (See the Test the Configuration section later in this chapter for complete
instructions.)
4-3
(This Task Only Applies If a Remote Collector Site Is Running

v3.3.6 Forwarding to a v3.5.0 D-SRV)
Configure the FTP Server on the D-SRV
You must configure the FTP server on the host sites D-SRV.
To configure the FTP Server on the host sites D-SRV:
1.
Connect to the D-SRV of the site associated with the remote collector.
2.
Click the Windows Start menu. Select Programs>Administrative Tools>Services. The system
displays the Services dialog box.
3.
a.
Right-click on IIS Admin Service and select Properties.
b.
Change the Startup type to Automatic.
c.
Select Start, if it is not already started and click OK.
Click the Windows Start menu and select Start>Programs>Administrative Tools>Internet

Services Manager.
The system displays the Internet Information Services dialog box.
4.
a.
Double-click on the system name (for example, Foxboro-DS1).
b.
In the left menu frame, drill down until Default FTP Site is located, right-click on Default
FTP Site and from the menu, select Properties.
c.
Click Security Accounts tab and review the Anonymous Connections check boxes:
Allow Anonymous Connections can be either checked or not checked.
Allow Only Anonymous Connections must not be checked.
d.
Click Home Directory tab and make sure the Write check box is selected.
e.
Click OK.
f.
Click Apply.
g.
Click OK.
Right-click on Default FTP Site.

a.
From the menu, select Start.

For the first forward the FTP Site needs to be started manually. At the end of the forwarding
the process will Stop the FTP Service and then start it again at the beginning of each
subsequent forward.
b.
5.
4-4
Close the Internet Services Manager dialog box.
Click the Windows Start menu and select Programs>Administrative Tools>Services. The
system displays the Services dialog box.
a.
Right-click on FTP Publishing Service and select Properties.
b.
Change the Startup type to Automatic.
c.
Select Start, if it is not already started, and click OK.
Verify the RC Configuration

To verify the RC configuration on the host site's A-SRV:
1.
Log in to enVision on the application server (A-SRV) of the host site.
2.
Verify that the RC is listed as a site:

a. To access the Set Up Site Communication window, complete the following:
i.
Click Overview tab. The system displays the Overview tab.
ii. In the Overview menu, click System Configuration. The system displays
the System Configuration menu.
iii. Click Services. Click Set Up Site Communication. The system displays
the Set Up Site Communication window.
b. Verify that the RC is listed as a site, and that the information displayed is correct.
4-5
Configure the Data Forwarding Task

To schedule the data forwarding task for the RC on the host site's A-SRV:
1.
Log into enVision on the application server (A-SRV) of the host site as follows:
a. Start your web browser.
b. Type http://address:8080 in the Address field, where address is the machine
name or IP address of the A-SRV and 8080 is the port through which you access
enVision. For example, http://sunshine:8080 or http://10.10.30.140:8080.
c. Press Enter.
enVision displays the Log In window.
d. Type your password and click Log In.
2.
Access the Schedule Task window as follows:

a.
Click Overview tab.

enVision displays the Overview tab.
b.
In the Overview menu, click System Configuration.

enVision displays the System Configuration menu.
c.
Click Services, click Scheduler Service and click Schedule Task.

enVision displays the Schedule Task window.
3.
Select the remote collector from the Site/Node drop-down list.

enVision displays the NIC Forwarding data forwarding task. enVision runs the data
forwarding task every hour by default.
4.
Click Set Recurrence to tell enVision when and how often to perform the data forwarding
task.
enVision displays the Set Recurrence window.
5.
Complete the window and click Apply.

enVision displays the Schedule Task window.
6.
Click Schedule.
enVision displays the task on the Manage Scheduled Tasks window.
4-6
7.
Click Apply.
8.
If the NIC Scheduler Service is not running, start the NIC Scheduler Service.
Test the Configuration

To test the configuration:
1.
After the Data Forwarding task runs on the A-SRV, run a report (for example, Bandwidth
Usage by Address) to analyze the devices collected (the devices being collected should be
able to be analyzed through the master site).
2.
Verify that data was returned for your device(s).
4-7

Remote Collector Site
Name the Site
Site Name
same as:
MyDomainName.
4-8
Node name for the appliance. For example, if your site name is Hartford, the appliance node
name is Hartford-RC1.
Hartford, the Windows domain for the site is Hartford.nic.
Identify Appliances in the Site

There are default addresses for the site:
Subnet mask used to determine to which subnet an IP address belongs.
Gateway address identifies the computer that routes the traffic to the outside network.
Select the appliance type (RC1, RC2, etc.) for your remote collector, based on the NIC Domain
topology diagram on the enVision Configuration Wizard Planning Worksheet Multiple Appliance
Site. If you will override the default values, write the new values in the table.
Select
Appliance
Type
IP Address
Subnet Mask
Gateway Address
RC1
192.168.1.155
255.255.255.0
192.168.1.1
RC1
192.168.1.155
255.255.255.0
192.168.1.1
RC1
192.168.1.155
255.255.255.0
192.168.1.1
RC1
192.168.1.155
255.255.255.0
192.168.1.1
RC1
192.168.1.155
255.255.255.0
192.168.1.1
RC1
192.168.1.155
255.255.255.0
192.168.1.1
RC1
192.168.1.155
255.255.255.0
192.168.1.1
RC1
192.168.1.155
255.255.255.0
192.168.1.1
RC1
192.168.1.155
255.255.255.0
192.168.1.1
RC1
192.168.1.155
255.255.255.0
192.168.1.1
RC1
192.168.1.155
255.255.255.0
192.168.1.1
RC1
192.168.1.155
255.255.255.0
192.168.1.1
RC1
192.168.1.155
255.255.255.0
192.168.1.1
RC1
192.168.1.155
255.255.255.0
192.168.1.1
RC1
192.168.1.155
255.255.255.0
192.168.1.1
RC1
192.168.1.155
255.255.255.0
192.168.1.1
4-9
DNS Servers
DNS Server
IP Address
Primary
Secondary
4-10
Field
Description
Option

resolution fails to resolve a query, a
failure message is returned.
Forwarding Timeout

default value is 5.
_____ seconds
Time
known NTP server.
Select
NTP Servers
tock.usno.navy.mil
ntp2.usno.navy.mil
tock.usno.navy.mil
tick.usno.navy.mil
navobs1.oar.net
ntp0.mcs.anl.gov
navobs1.wustl.edu
tick.ucla.edu
ntp.alaska.edu
tick.mhpcc.hpc.mil
Custom:
Local Site Time

Time Zone
time zone.)
4-11
Site to Site Connection

Identify the master site the site to which this site is connected.
Master Site Data Server (D-SRV) IP Address
(external IP address)
Master Site Name
Data Server (D-SRV) External IP Address

Indicate whether this sites database server (D-SRV) requires an external address and port number.
This sites data server (D-SRV) uses an external IP address and port number.

4-12
5. Next Steps
5. Next Steps
After the site configuration is complete, you must set up the processing options in RSA enVision. See
the online Help in enVision for information on setting up and using the enVision analysis tools.
Prior to setting up your system you should plan how the system will be set up to accomplish your
security goals, policies and requirements.
Set Up enVision
Setting up enVision involves three sets of tasks:
I. Appliance and device configuration tasks.
These are tasks that you perform outside of the enVision software.
II. Basic setup tasks.
These are tasks to set up the enVision software. This allows you to collect, report and alert on
events from supported devices.
1.
Set up event collection.
2.
Set up system access permissions.
3.
Set up views.
4.
Set up Alerts module tools.
5.
Schedule reports.
III. Optional setup tasks.

These are tasks to set up additional features or processing options.
1.
Set up data storage.
2.
Set up data processing options.
3.
Set up message handling.
4.
Set up customized reporting.
5.
Set up application display options.
5-1
5. Next Steps
Each task has a list of Required Reading topics in enVision's online Help that provide the information
you need to make setup decisions related to the task. Additional tasks may be required to perform the
specific processing that you want.
To access Help within enVision:
1.
Click Overview tab.

enVision displays the Overview tab.
2.
Click Best Practices.

enVision displays the Best Practices menu and splash screen.
3.
5-2
Select Help from the menu.
5. Next Steps
Log In to enVision
You log in to enVision via a remote system connecting to the enVision appliance [for multiple
appliance sites, connect to the A-SRV (Application Server)]. Use one of two protocols to access the
system depending on how enVision has been configured:
HTTP (Hypertext Transfer Protocol), using default port 8080.
HTTPS (Hypertext Transfer Protocol Secure), using default port 8443.
To log in to enVision:
1.
Start your web browser.
2.
Type http://address:port in the Address field, where:

address is the machine name or IP address of the machine on which the system is installed;
for multiple appliance sites, this is the A-SRV (Application Server).
port is the port through which you access enVision.
For example, http://sunshine:8080 or http://10.10.10.10:8080.
3.
Press Enter.
If you are connecting via HTTPS, your browser may display certificate validation messages
the first time you access enVision. (Depending on how server certificates have been
configured on the appliance, these messages may cite validation issues such as a host name
mismatch between the server and its certificate.)
enVision displays the Log In window.
4.
Type your password and click Log In.
5-3
5. Next Steps
Minimum Local Access Requirements

Here are the minimum hardware and software requirements for running the enVision client software:
Prior to 3.5.0 the Java Plug In install launched automatically from the product. Because of
the security constraints in the image for 3.5.0, this no longer happens and you must install
the JRE manually.
Windows
Macintosh
O/S
Microsoft Win2K, WinXP
OS X 10.4.6
Browser
Microsoft Internet Explorer v6.x
Mozilla Firefox 1.0.7*
Mozilla Firefox 1.0.7*

Java Plug-In
JRE v1.4.1
enVision also supports the Sun Java
Plug-in version 1.5.x.
J2SE version 1.5.0_06
Processor
P3:1Ghz or P4:1.8Ghz
Athlon 1800+
G5 or higher
RAM
512MB
1 GB RAM
Network
100baseTX
100baseTX
Display Resolution
1024x768 at 16 bit color
1024x768 at 16 bit color
* You can use the Mozilla Firefox 1.0.7 web browser with enVision with the exception of the
Enterprise Dashboard tool. You cannot use Firefox to view the Enterprise Dashboard tool.
Popup blockers, ad banner blockers and personal firewalls can all interfere with the proper launching
of enVision, especially at first log in. The blockers should be trained to allow enVision to operate
normally, or be disabled. Configure personal firewalls to allow connections between enVision client
and appliance.
You must enable animation for web pages in your browser. For Microsoft Internet Explorer:
5-4
1.
In the browser, click on Tools > Internet Options....
2.
On the Internet Options dialog box, click on the Advanced tab.
3.
Scroll to Multimedia and select the Play animations in web pages box.
4.
Click OK.
5.
Restart the browser.
5. Next Steps
Log Out
To log out of the user interface:
Click Log Out (bottom left-hand side of window). enVision closes all open windows. All
enVision services and processes continue to run without interruption.
5-5

RSA EnVision 3.5.x Configuration Guide 50 Series

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

RSA EnVision 3.5.x Configuration Guide 50 Series

Încărcat de

Drepturi de autor:

Formate disponibile

RSA enVision 3.5.

Copyright 1996 - 2007 RSA Security Inc.

End-User License Agreement

Upgrades. If the Software is an upgrade of a RSA or

Title and Copyright. Except for the rights expressly granted

You may receive the Software in more than one medium.

U.S. Government Restricted Rights. The Software and

Other rights and limitations.

Governing Law and Jurisdiction. This EULA shall be

a) Limited Software Warranty. RSA warrants that the

This End-User License Agreement ("EULA") is entered into between

Grant of License. The Software is licensed, not sold, and

Term and Termination. Unless earlier terminated in

b) Hardware Warranty. For hardware products purchased

Remedies. a) Software. RSAs sole responsibility under the

to RSA within the Warranty Period or, if any material

Warranties. TO THE MAXIMUM EXTENT

WARRANTIES SET FORTH HEREIN ARE THE ONLY

Software and Hardware Maintenance Agreement

following at our sole discretion: (1) an existing or new

Standard Coverage: Monday through Friday, 8:30

Software Updates. We shall make available all bug fixes,

Knowledge Base. You shall have access to the RSA on-line

Hardware Support Services.

Material Defect. If a material defect is identified in the

Advance Replacement. Solely on the approval of a RSA

Cooperation. During the term of this SHMA, you agree to:

Designated Contact. You shall designate a contact person

End-User License Agreement. During the term of this

Intellectual Property Rights. We and you agree that

WARRANTIES SHALL NOT BE ENLARGED OR

Fees, Term and Termination for Software and Hardware

Force Majeure. In the event that either party is prevented

Governing Law and Jurisdiction. This SHMA shall be

Miscellaneous. You may not delegate any duties nor assign

Limited Warranty and Limitation of Liability.

Standard of Care. We warrant that the Support

Chapter 2. Single Appliance Site

Chapter 3. Multiple Appliance Site

RSA enVision Configuration Guide - 50 Series

Chapter 4. Remote Collector Site

Chapter 5. Next Steps

RSA enVision Configuration Guide - 50 Series

Instructions on setting up your RSA enVision appliances. Intended

Instructions on configuring your RSA enVision site. Intended

Instructions on migrating your data from a previous version of

Comprehensive guide to planning, setting up and using RSA

RSA enVision Configuration Guide - 50 Series

Literal values (values that the user

Fields, buttons, menu items, and so

Bold font. (Note: Screen names are not bold.)

Keys (on the keyboard)

Example: Type New Report.

Example: Type New Report in the Description field on the Report

RSA enVision Configuration Guide - 50 Series

download all product documentation.

RSA enVision Configuration Guide - 50 Series

RSA enVision Configuration Guide - 50 Series

Collector - captures incoming events.

Database - manages access and retrieval of captured events.

RSA enVision Configuration Guide - 50 Series

Single Appliance Site

Multiple Appliance Site

RSA enVision Configuration Guide - 50 Series