USM Appliance Deployments

Applies to Product: USM Appliance™ AlienVault OSSIM®

USM Appliance is designed to provide an easy-to-deploy and easy-to-operate security management solution. It is particularly well suited for small-to-medium sized businesses who, similar to larger enterprises, need to ensure the security of their network environment, but may not have as large a support staff to set up and manage more complex security management systems.

In addition to being easier to set up and operate than most alternative systems, USM Appliance also has a modular architecture that provides flexibility in configuring both performance and capacity. The USM Appliance All-in-One combines all components of the USM Appliance solution in a single virtual or hardware machine. In addition, based on the present or future needs of your specific environment, you can also scale individual components in the USM Appliance architecture to run on dedicated machines, add sensors to collect logs from more devices and networks, and implement other features such as high availability, monitoring of devices on remote networks, and remote management of USM Appliance.

Note: For more information and a summary of deployment and configuration options, refer to USM Appliance Deployment Types. This section also provides examples of different size and scale deployment configurations of USM Appliance.

Deployment Sizing and Scaling

There are numerous factors that can influence your USM Appliance configuration and the specific USM Appliance architecture you choose to deploy. The principal factor is the number of events per second that the devices in your environment might be expected to produce. In estimating the total volume of events, you need to include all devices in your environment that you want to monitor and manage with USM Appliance (including firewalls, routers, and host servers, as well as installed applications) and estimate the aggregate activity on these devices.

In addition, you may need to consider other aspects of the specific security management use cases you plan to address with your USM Appliance deployment, which may include but is not limited to

  • Specific regulatory compliance requirements you may have
  • Number and different types of devices you want to monitor
  • Number of users of your systems
  • Specific requirements for event correlation, data storage, and archiving you may have

Your AlienVault technical representative can help you analyze your environment to determine system requirements and can provide you with a questionnaire that lists different factors affecting system sizing and scaling, which can help you choose the right system configuration.

Note: The AlienVault USM Appliance data sheet describes typical event handling performance and capacity benchmarks for a number of different USM Appliance system configurations and options.

Installation, Setup, and Configuration

USM Appliance is relatively simple to install and configure. To enable fast deployment in your specific environment, the USM Appliance All-in-One includes a Getting Started Wizard to guide you through some of the initial set-up tasks. In virtual environments, USM Appliance is packaged as a virtual machine that can be easily installed and configured using virtual resources, such as those managed by VMware ESX or Hyper-V. See Minimum Virtual Machine Requirements for more details.

Some of the high level steps in performing USM Appliance configuration include

  • Install USM Appliance in network topology (DHCP or manual selection of IP addresses of USM Appliance components)
  • Open firewall ports for USM Appliance components, if required. See Firewall Permissions for details.
  • Set up local or remote (IPMI or HPE iLO) USM Appliance management
  • Change the root password,
  • Register USM Appliance
  • Synchronize time zone and NTP server
  • Configure USM Appliance Sensor, if using
  • Configure USM Appliance Logger, if using
  • Connect to corporate mail server for email notifications
  • Set up additional configuration options, such as high availability, VPN, and plug-in installation and customization

You can use the AlienVault Setup menu to perform most of these tasks. Information on performing these tasks is provided in the USM Appliance Initial Setup section.