How to upgrade the SEDR 8880 on Dell R720 hardware for the Endpoint Activity Recorder

book

Article ID: 184134

calendar_today

Updated On:

Products

Advanced Threat Protection Platform

Resolution

In order for an existing ATP/SEDR 8880 appliance to use the Endpoint Data Recorder or Endpoint Activity Recorder feature in ATP 3.0 and later, additional hardware needs to be ordered and installed into the Dell R720 appliance.


Prerequisite checking

This document is for Dell PowerEdge R720 hardware. This can be confirmed on the Appliance page of the ATP Manager or All-in-One server, shown here:

This information can also be determine at the command-line interface by running 'show --info' which will provide the following information:

localhost> show --info
Model Number: R720
Service Tag: XXXXXXX
System CPUs: Intel(R) Xeon(R) CPU E5-2697 v2 @ 2.70GHz (2)
CPU Cores: 48
Total Memory: 98304 (MB)
Disk Size: 558 (GB)



In order for the ATP 8880 appliance running on R720 to support the Endpoint Data Recorder feature, you will need to purchase 4 additional 1.8 TB hard drives and 12 RDIMMs of 16Gb RAM.

Component

Dell Part Number

Quantity

1.8TB 10K RPM SAS 512e 2.5in Hot-plug Hard Drive, Cus Kit  12G

400-AJQM

4

Dell 16GB Certified Memory - 2Rx4 DDR3 RDIMM 1866MHz SV

A7187318

12

IMPORTANT: Retain your Customer Purchase Order details (number, dates, items purchased) for your component upgrade order. This information is required by Dell if the appliance requires hardware support or if there are warranty issues. Newly added Dell components are covered in the remaining support period of the appliance. Also make a note of the service tag for the appliance being updated with these newer components.

Before you start, download or otherwise procure the owner’s manual for your appliance platform: Dell R720:http://topics-cdn.dell.com/pdf/poweredge-r720_owner's%20manual_en-us.pdf


Installing the new hard drives

The Dell R720 has eight hard drive bays. The appliance ships with four 300GB, 15K, SAS hard drives configured as a RAID 5 array. This array provides approximately 550 GB of disk space. To scale the appliances for ATP 3.0, four additional hard drives are installed and configured as a second RAID 10 array. These extra hard drives are added to the four empty hard drive slots of the R720.

The new array uses four 1.8TB, 10K, SAS drives. The available space of the volume after RAID 10 configuration is approximately 3.3TB. To install the drives, follow the instructions provided in the Dell owner’s manual for the appliance.

Replacing the memory modules

IMPORTANT: You are replacing the existing memory modules, not adding to them. Be sure that you follow all module handling precautions as indicated by Dell. Mishandling memory modules can render them unusable due to static discharge or other damage incurred through improper insertion.

Upgrading the memory requires that you do the following:

  • Power down the machine and disconnect the system from the electrical outlet.
  • Let the machine cool down for 5-10 minutes (memory modules can be hot to the touch right after power-down).
  • Gain access to the top of the machine so that you can remove the top panel and cooling shroud from the interior compartment. You may need to un-rack the machine or slide it out if it’s mounted on slide rails.
  • Carefully follow the instructions provided in the owner’s manual to:
    • Gain access to the memory modules 
    • Remove the existing modules 
    • Insert the new modules
    • Verify the new modules are recognized by the operating system

The memory modules you are replacing are obvious by their physical appearance. Non-used slots are populated with blank modules that feature a plastic trim piece along the top. Leave these in place! The actual memory modules do not have the trim pieces. The memory modules you replace are indicated by the red arrows in the following image:

Warning:

Memory module orientation is reversed for some of the slots- if the module does not readily insert, reverse its orientation and try again. DO NOT FORCE THE MODULES INTO PLACE!

After you replace the memory modules, replace the cooling shroud and top panel, and plug the unit back into the electrical outlet. Follow the instructions in the manual to verify that the memory is properly recognized.


 

Configuring the new RAID 10 array

After installing the hard drives, you must configure them as a second RAID 10 array. You have two options to configure the array:

  • Using iDRAC
  • Using the RAID controller BIOS

The iDRAC web interface is much easier to configure, since the BIOS menu only allows use of the arrow keys for navigation. However, if your organization does not allow the use of the iDRAC interface, the BIOS menu system is your only option.

Configuring the RAID 10 array using iDRAC

After installing the new drives, perform the following steps to configure the RAID 10 drive array using iDRAC.

To configure the RAID 10 array using iDRAC

 

  1. Power-up and connect the appliance, and then access its iDRAC web interface.
  2. In the left pane, select Storage and then in the right pane on the Summary tab, verify that eight total disks exist, four in Ready state, and four in Online state.


     
  3. In the left pane, expand Storage and select Virtual Disks. In the right pane, on the menu bar, click Create.
  4. In the Settings section, enter a new name for the virtual disk, and for the Layout, choose RAID-10. Verify that Read Policy is set to Read Ahead, Write Policy is Write Back and Strip Size Element is 64KB.
  5. Leave the rest of the settings at their default values.


     
  6. Scroll down to Internal Disks, select all four available disks, and verify the value for Capacity.


     
  7. On the Apply Operation Mode drop-down menu, choose either Apply Now, Add to Pending Operations, or At Next Reboot.

    Note: The 'At Next Reboot' option requires you to reboot the appliance before the virtual disk is initialized.

  8. In the lower right corner, click Create Virtual Disk and at the prompt, click OK. Refresh the page.

    Note: If you see a message that the capacity is out of range, remove the last decimal value from Capacity and try again.

  9. In the left pane, select Storage. Verify that all eight disks are in the Ready state, and the Virtual Disks count is 2.
     

Configuring the RAID 10 array using the RAID Controller BIOS

These instructions assume you’ve already installed the new hard drives and the server is powered down.

 

 

  1. Turn on the server and press Ctrl+R during the boot sequence to enter the RAID Controller Configuration utility.


     
  2. Make sure that your hard drives are detected by the RAID Configuration Utility.


     
  3. Select the controller name, press  F2, and select Create New VD.


     
  4. In the RAID Level field, select RAID-10 and then under Physical Disks, select all the drives. Under Basic Settings, keep the default VD Size and optionally, name the VD.


     
  5. Click Advanced and on the Create Virtual Disk-Advanced panel, select Initialize and click OK.

    Note:     Verify that the Read Policy is set to Read Ahead, Write Policy is Write Back, and Strip Size is 64KB.

  6. After the initialization is complete, click OK, and then click OK again.


     

  7. Press Esc, then Ctrl+Alt+Delete to reboot into the ATP 3.0 software.


Post Install Tasks

Once you have installed the upgraded hardware and configured the new virtual disk, you will need to run the 'extend_storage' command from the command-line interface (CLI).

  1. Open a command-line interface on the upgraded ATP appliance or VM instance.
  2. Type extend_storage and press Enter. The current data store size (total and available) is displayed along with a message strongly recommending you to back up your ATP data before extending storage.
  3. At the Do you want to proceed? [Y/N]  prompt, type Y and then press Enter. The tool proceeds to convert the backup partition and check the disk(s). A message is displayed: Invalid new disks detected, and the disk(s) are listed along with information about the available space on the disk(s).
  4. You are prompted to select a new disk. Enter the appropriate number and then press Enter.
  5. The tool runs and displays status information and the available space, followed by a message that the tool has run successfully.

The following screen shot provides an example:

You can then run 'show --info' again and you will see the new hardware accounted for:

localhost> show --info
Model Number: R720
Service Tag: XXXXXXX
System CPUs: Intel(R) Xeon(R) CPU E5-2697 v2 @ 2.70GHz (2)
CPU Cores: 48
Total Memory: 193233 (MB)
Disk Size: 4645 (GB)

You can now enable the Endpoint Data Recorder option on the ATP web interface under Settings -> Global next to the SEPM Web Servers configuration.

Attachments