Skybox Security Skybox 5500 User manual
Quick Start Guide
Skybox 5500 Appliance
Revision: 11
© Copyright 2002-2013 Skybox®Security, Inc. All rights reserved.
This documentation contains proprietary information belonging to Skybox Security and is provided
under a license agreement containing restrictions on use and disclosure. It is also protected by
international copyright law.
Due to continued product development, the information contained in this document may change
without notice. The information and intellectual property contained herein are confidential and remain
the exclusive intellectual property of Skybox Security. If you find any problems in the documentation,
please report them to us in writing. Skybox Security does not warrant that this document is error-free.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form
or by any means – electronic, mechanical, photocopying, recording, or otherwise – without the prior
written permission of Skybox Security.
Skybox®, Skybox View®, Skybox®Security, Skybox Firewall Assurance, Skybox Network Assurance,
Skybox Risk Control, Skybox Threat Manager, Skybox Change Manager, Skybox
5000/5000W/5500/6000 Appliance, are trademarks and registered trademarks of Skybox Security, Inc.
Check Point™, SiteManager-1™, FireWall-1®, Provider-1™, SmartDashboard™, VPN-1®, and
OPSEC™ are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its
affiliates.
All other trademark and registered trademark products mentioned in this document are the property of
their respective owners.
Skybox Security, Inc.
Telephone (in the U.S.): 866-6-SKYBOX (866-675-9269)
Telephone (outside the U.S.): 1-408-441-8060
Fax: 1-408-441-8068
Website: http://www.skyboxsecurity.com
E-mail: support@skyboxsecurity.com
Skybox 5500 Appliance version 3
Overview .............................................................................................................................................5
Basic architecture..................................................................................................................................5
Related documentation..........................................................................................................................5
Skybox 5500 specifications................................................................................................................6
What’s in the box..................................................................................................................................6
Physical specifications..........................................................................................................................6
Environmental specifications................................................................................................................7
MTBF estimates for Skybox 5500 Appliance.......................................................................................8
Front panel ............................................................................................................................................8
Back panel connectors.........................................................................................................................10
Port mapping................................................................................................................................10
Setting up Skybox 5500....................................................................................................................11
Installation...........................................................................................................................................11
Starting Skybox 5500...................................................................................................................11
System configuration ..........................................................................................................................11
Configuring connection................................................................................................................11
Setting up Skybox 5500 for configuration...................................................................................12
First-time configuration parameters.............................................................................................13
What’s next .........................................................................................................................................13
Configuration and management options........................................................................................14
Installing the Skybox View Manager.............................................................................................16
Manager system requirements.............................................................................................................16
Installing the Manager.........................................................................................................................16
Upgrading the Manager.......................................................................................................................17
Upgrading the Web Administration...............................................................................................18
Rolling back changes to the Web Administration...............................................................................18
Restore...............................................................................................................................................19
Installing additional software packages.........................................................................................20
Troubleshooting ...............................................................................................................................21
Regulatory and safety information.................................................................................................22
Product regulatory compliance............................................................................................................22
Safety compliance........................................................................................................................22
Contents
Skybox 5500 Appliance Quick Start Guide
Skybox 5500 Appliance version 4
EMC compliance – Class A compliance......................................................................................22
Environmental requirements........................................................................................................23
Product regulatory compliance markings............................................................................................23
Electromagnetic compatibility notices for the server board................................................................26
Index ...............................................................................................................................................29
Skybox 5500 Appliance 5
Chapter 1
The Skybox 5500™ Appliance is a hardware solution that allows you to deploy Skybox View easily,
without the burden of maintaining your own server.
Skybox View®is an Automated Risk and Compliance Management (ARCM) platform that helps
enterprise IT departments to discover and resolve potential security and compliance risks before they
impact your organization.
Skybox View is a multi-tier platform. Skybox 5500 runs the Server and users run Managers (clients)
that connect to the Server over the network. Skybox 5500 also runs an additional Skybox View
component, the Collector, which connects to data sources and imports the data to the Server.
The Skybox View Server and Collector are preinstalled on Skybox 5500 and run automatically at
startup.
In this chapter
Basic architecture......................................................................................................5
Related documentation..............................................................................................5
Basic architecture
The Skybox 5500 platform consists of a three-tiered architecture with a centralized server (Skybox
View Server), data collectors (Skybox View Collectors), and a user interface (Skybox View Manager).
Skybox 5500 can be scaled easily to suit the complexity and size of any infrastructure.
For additional information, see Skybox View architecture, in the Skybox View Installation and
Administration Guide.
Related documentation
Related documentation includes:
•Skybox 5500 Quick Start Guide
•Skybox View online help
•Skybox View documentation, available in the following locations:
On the installation DVD, in the Docs folder
On each Manager machine, in the <Skybox_View_Home>/docs folder
Overview
Skybox 5500 Appliance 6
Chapter 2
This chapter contains product specifications and packaging information.
In this chapter
What’s in the box.......................................................................................................6
Physical specifications ..............................................................................................6
Environmental specifications....................................................................................7
MTBF estimates for Skybox 5500 Appliance...........................................................8
Front panel.................................................................................................................8
Back panel connectors.............................................................................................10
What’s in the box
The following items are included in the shipping carton:
•Skybox 5500 Appliance
•Rack mount kit
•Front bezel
•AC power cord
•RJ45 to DB9 serial console cable
•Skybox 5500 Quick Start Guide
•2 DVDs
Skybox View: Used to install Skybox View on the Skybox 5500 Appliance; it contains the
Skybox View software and additional documentation
Restore Appliance: Used to restore the Skybox 5500 Appliance to factory settings
Physical specifications
The physical features of Skybox 5500 are listed in the following table.
Feature Description
Form factor 1U rack
Rack dimensions
(H x W x D) 1.70" x 17.24" x 27.93" (43.2mm x 438 mm x 709.37 mm)
Weight •System weight: 35.8 lb (16.24 kg)
•
Packaged weight: 42.4 lb (19.23 kg)
Power supply 450W 1+1 redundant AC +12V DC and +5V standby
Data storage RAID 1
Skybox 5500 specifications
Chapter 2 Skybox 5500 specifications
Skybox 5500 Appliance 7
Feature Description
System cooling •Two dual rotor managed 40mm x 56mm system fans
•One 40mm x 40mm system fan
•
Two power supply fans
Front panel features
•1 power button with integrated LED
•1 system ID button with integrated LED
•1 system status LED
•4 NIC LEDs
•1 HDD activity LED
•1 system cold reset button
•2 USB 2.0 connectors
•
Bezel with lock support
External I/O
connectors
(back panel)
•DB-15 video connector
•DB-9 serial port A connector
•2 USB 2.0 Ports
•2 USB 3.0 Ports
•Six RJ-45 network interface (LAN) connectors supporting
10/100/1000 Mb
Compliant standards Ctick, NRTL, CE, FCC, EMC, BSMI, KC, and more
Note: For detailed information, see Regulatory and safety
information (on page 22).
Environmental specifications
Environmental specifications for Skybox 5500 are listed in the following table.
Parameter Limits
Operating
temperature +10° C to +35° C with the maximum rate of change not to exceed
10° C per hour
Non-operating
temperature -40° C to +70° C
Non-operating
humidity 50% to 90%, non-condensing with a maximum wet bulb of 28° C
Acoustic noise Sound pressure: 55 dBA (rack mount) in an idle state at typical
office ambient temperature. (23 C +/- 2 C)
Sound power: 7.0 dBA in an idle state at typical office ambient
temperature. (23 +/- 2 degrees C)
Shock, operating Half sine, 2 g peak, 11 msec
Shock, unpackaged Trapezoidal, 25 g, velocity change is based on packaged weight
Shock, packaged Non-palletized free fall height 18 inches (
≧
40 lbs to > 80 lbs)
Vibration Unpackaged: 5 Hz to 500 Hz, 2.20 g RMS random
Packaged: 5 Hz to 500 Hz, 1.09 g RMS random
ESD Air discharge: 12.0 kV
Skybox 5500 Appliance Quick Start Guide
Skybox 5500 Appliance 8
Parameter Limits
Contact discharge: 8.0 kV
System cooling
requirement in
BTU/Hr
849.3 BTU/hour
EMI operating EMI testing of this product is conducted at an open field site
according to the current BKM methodology. Conducted and
radiated emissions shall comply with FCC and CISPR 22 limits for
Class A products. Test reports are made available through EPG
Product Regulations
MTBF estimates for Skybox 5500 Appliance
The estimated mean time between failures (MTBF) and Failure in Time (FIT) rates for Skybox 5500
Appliance are listed in the following table.
Subassembly MTBF (hours) FIT (failures/10^9 hours)
Intel® Server Board S1200V3RPM 371,523 2,692
Backplane board 935,180 1,069
Power supply 450W MiniERPS 967,300 1,034
Cooling fan (1-fixed fans) 490,000 2,041
Cooling fans (2-fixed fans) 77,680 12,873
Front Panel board 8,272,282 121
Total without motherboard 58,300 17,138
Total with motherboard 50,400 19,830
Note: The estimates listed here are for Skybox 5500 Appliance in 40oC ambient air.
Front panel
Skybox 5500’s front panel includes a power switch, a USB connector, and several LEDs.
Figure 1: Front Panel 5500 Appliance
Front panel features
Letter Feature
A System ID button with integrated LED
Chapter 2 Skybox 5500 specifications
Skybox 5500 Appliance 9
Letter Feature
B NMI button (recessed; tool required for use)
C NIC-1 activity LED
D NIC-3 activity LED
E System cold reset button
F System status LED
G Power button with integrated LED
H Hard drive activity LED
I NIC-4 activity LED
J NIC-2 activity LED
Front panel LED functions
LED Color/state Description
Power/Sleep
Green/on Power on
Green/blinking Sleep
Off Power off
NIC LEDs
Green/on Network link but no network activity
Green/blinking Network activity
Off No link
System Status
Green/on System ready/no alarm
Green/blinking System ready, but degraded: redundancy
lost such as a power supply or fan failure;
non-critical temp/voltage threshold; battery
failure; or predictive power supply failure.
Amber/on Critical Alarm: Critical power modules
failure, critical fans failure, voltage (power
supply), critical temperature and voltage
Amber/blinking Non-Critical Alarm: Redundant fan failure,
redundant power module failure, non-critical
temperature and voltage
Off Power off: System unplugged
Power on: System powered off and in
standby, no prior
degraded\non-critical\critical state
Skybox 5500 Appliance Quick Start Guide
Skybox 5500 Appliance 10
Back panel connectors
Skybox 5500’s back panel includes the following connectors:
Figure 2: Back panel connectors 5500
Port mapping
The mapping between physical ports on the back panel of Skybox 5500 Appliance and logical ports
are listed in the following table.
Back panel connector Logical port to which it is mapped
NIC1 eth4
NIC2 eth5
NIC3 eth0
NIC4 eth1
NIC5 eth2
NIC6 eth3
Skybox 5500 Appliance 11
Chapter 3
This chapter explains how to set up Skybox 5500.
In this chapter
Installation...............................................................................................................11
System configuration...............................................................................................11
What’s next..............................................................................................................13
Installation
This section explains how to install the Skybox 5500 Appliance.
Starting Skybox 5500
To start Skybox 5500
1Connect the AC power cords to the AC connectors on Skybox 5500’s back panel and connect the
other ends to a power supply.
Note: Skybox 5500 can be used with either 110 or 220 volt power.
2On Skybox 5500’s front panel, press the power button.
3Lock the front bezel in place using the key provided.
System configuration
Before running the Skybox View Server, configure the Skybox 5500 Appliance to be part of your
network and perform some initial system configuration.
Configuring connection
Before using the Skybox 5500 Web Administration, you must configure connection of Skybox 5500 to
your network. This configuration is done locally, using either:
•Mouse, keyboard and screen
•Serial port connection
Note: For a diagram of the connectors used in the following procedures, see Back panel connectors
(on page 10).
Setting up Skybox 5500
Skybox 5500 Appliance Quick Start Guide
Skybox 5500 Appliance 12
To configure connection using a mouse, keyboard, and screen
1Connect one end of a standard network cable to the NIC 3 port on the Appliance’s back panel;
connect the other end of the cable to a network socket.
2Connect a mouse, keyboard, and screen to the appropriate connectors on the Appliance’s back
panel.
3Log in to the Appliance using the default login (root) and the default password (skyboxview).
4Run the command nw_config (used to configure NICs and DNS).
5Configure the IP address of Skybox 5500 either manually or via DHCP.
Note: The default setting of eth0 is DHCP; the default setting of eth1 is 192.168.1.1
6If you are using DHCP, run ifconfig and write down the IP address assigned to the Appliance.
To configure connection using a serial port connection
1Connect one end of the serial cable to a serial port (such as COM1) on the management computer;
connect the other end to the serial port on the back panel of the Appliance.
2On the management computer, start a terminal emulation program (such as PuTTY), select the
COM port, and configure the following port settings:
Bits per second: 9600
Data bits: 8
Parity: none
Stop bits: 1
Flow control: none
(When using PuTTY as your terminal emulator) Character set translation on received data:
UTF-8
3Press the Power button on the Appliance’s front panel and verify that the Power LED turns green.
4Log in to the Appliance using the default login (root) and the default password (skyboxview).
5Run the command nw_config (used to configure NICs and DNS).
6Configure the IP address of Skybox 5500 either manually or via DHCP.
Note: The default setting of eth0 is DHCP; the default setting of eth1 is 192.168.1.1
7If you are using DHCP, run ifconfig and write down the IP address assigned to the Appliance.
Setting up Skybox 5500 for configuration
To prepare for configuring the system remotely
1Connect one end of a standard network cable to the NIC 3 port on the Appliance’s back panel;
connect the other end of the cable to a network socket.
2From a different machine on the network, open a Web browser to connect to the Skybox 5500
Web Administration using the following URL, where <appliance_IP> is the IP address of Skybox
5500 that you configured in Configuring connection (on page 11):
https://<appliance_IP>:444
3The default login is skyboxview; the default password is skyboxview.
The main page of the Skybox 5500 Web Administration appears.
Chapter 3 Setting up Skybox 5500
Skybox 5500 Appliance 13
First-time configuration parameters
It is recommended that you configure the date and time and change the passwords before using the
Server. All other parameters are optional and can be configured later.
To configure the date and time of Skybox 5500
1From the System tab, select Date and Time Configuration.
2For manual date and time configuration, do the following:
a) Select Manual Dateand Time Configuration.
b) Click Change Date and Time; set the date and time for Skybox 5500’s time zone.
c) Click Change Time Zone; set the time zone for the location where Skybox 5500 is installed, so
that reports and other data are timestamped accurately.
3For automatic configuration, do the following:
a) Select Automatic Date and Time Configuration Using NTP Server.
b) Click Change NTP Server; add the IP address or DNS of the time server to use, such as
0.asia.pool.ntp.org.
c) Click Change Time Zone; set the time zone for the location where Skybox 5500 is installed, so
that reports and other data are timestamped accurately.
To change the passwords
1From the Security tab, select Appliance Passwords.
2To change the root password of the machine, click Change Root Password.
3To change the password of the Web Administration, click Change SkyboxView Password.
What’s next
The Skybox View Manager is the client application that is used to communicate with the Server. After
installation and configuration of Skybox 5500, you must install the Manager on at least one remote
machine. For additional information, see Installing the Skybox View Manager (on page 16).
Skybox 5500 Appliance 14
Chapter 4
Skybox 5500’s configuration options are described in the following tables.
About tab
Pane Description
System Information Provides information about Skybox 5500 configuration.
Network tab
Note that changes to the configuration information made in this tab are only saved after you click Save
Network Configuration.
Pane Description
Network
Configuration
Summary
Displays a summary of the Skybox 5500 configuration
information.
Click Export Network Information to File to save this information to
an HTML file.
Note: If the Web Administration is running on Windows Internet
Explorer, you might experience problems when trying to export
network information to file. In this case, it is recommended that
you open the Web Administration in a different browser.
Network Interfaces
Configuration Enables you to configure network parameters (connection
method, IP address, mask, and gateway) for each network
interface connection.
Note: This pane includes a link to a drawing of the back pane to
help you understand the connections.
DNS Configuration Enables you to edit the DNS configuration of Skybox 5500.
System tab
Pane Description
Date and Time
Configuration Enables you to view and change the exact date and time in
Skybox 5500’s time zone.
Notes:
•When setting this information manually, set the date and
time and then the time zone for the location where Skybox
5500 is installed, so that reports and other data are
timestamped accurately.
•Automatic configuration synchronizes Skybox 5500 with an
atomic clock. You must provide the IP address or DNS of the
NTP server to use, such as 0.asia.pool.ntp.org (click Change
NTP Server). Set the time zone after setting the NTP server.
Syslog Server Starts/stops the syslog server and opens/closes the syslog port.
Host Name Enables you to change the host name of the Appliance.
Change System
Mode Toggles between Server mode (where the Appliance functions
as both Server and Collector) and Collector mode (where the
Configuration and management options
Chapter 4 Configuration and management options
Skybox 5500 Appliance 15
Appliance functions only as a Collector).
Security tab
Pane Description
Appliance
Passwords Enables you to change the root password for the Appliance and
the password for the Web Administration.
SSH Toggles the SSH service on and off.
Control tab
Pane Description
SkyboxView
Services Toggles the Server and Collector on and off.
Note: Turning a Skybox service off stops the service and
switches it to Manual mode. Turning the service on restarts the
service and switches it back to Automatic mode.
Appliance
Operations Enables you to reboot or shut down Skybox 5500. After
shutdown, a manual reboot is required to power on the
Appliance.
Support tab
Pane Description
Logs Enables you to view Server, Collector, and other logs of Skybox
5500 .
Launch Log Analyzer: Launches the log analyzer, an advanced
tool that analyzes the logs for debugging purposes.
Get Packlogs: Runs the packlogs utility and saves the packlogs
(ZIP) file to a local directory so that you can send the file easily
to support.
Note: If the Web Administration is running on Windows Internet
Explorer, you might experience problems (due to the IE security
settings) when trying to save packlogs. In this case, it is
recommended that you open the Web Administration in a
different browser.
SkyboxView
Manager Enables you to download the Manager for installation.
Upgrade Web
Administration Enables you to upgrade the version of the Web Administration.
See Upgrading the Web Administration (on page 18).
Skybox 5500 Appliance version 16
Chapter 5
You can install the Manager from the DVD included with Skybox 5500 or you can download it from
the Skybox 5500 machine over HTTP using the machine’s IP address
(https://<ip_address>:444/manager). For additional information, see Installing the Manager
(on page 16).
The Manager runs on Windows.
In this chapter
Manager system requirements.................................................................................16
Installing the Manager.............................................................................................16
Upgrading the Manager...........................................................................................17
Manager system requirements
The Skybox View Manager is a Java client application that connects to the Skybox View Server.
If necessary, you can install multiple Managers on a single computer. This is useful when connecting
to Servers of different versions.
It is recommended that you allow communication through ports 8443 and 9443 only.
The operating systems supported for the Manager are listed in the following table.
Operating system
Windows XP Professional (SP2 or higher)
Windows Vista
Windows 7
Windows 2003 Server
Windows 2008 Server (64bit only)
The hardware requirements for the Manager are listed in the following table.
Item Minimum Recommended
CPU Pentium 4 2.0 GHz Pentium 4 2.0 GHz
RAM 512 MB 2 GB
Available disk space 512 MB 2 GB
Installing the Manager
Installing the Skybox View Manager on Windows requires administrator privileges.
Installing the Skybox View Manager
Chapter 5 Installing the Skybox View Manager
Skybox 5500 Appliance version 17
To install the Manager on Windows
1Run the installation file (SkyboxViewInstaller-<version#>-<build#>.exe).
2Follow the directions in the wizard.
The options that must be selected in specific screens are listed in the following table. In all other
places, either use the default option or make the necessary change.
Screen Action
Choose Install Set Select Manager (GUI).
Choose Install
Folder Specify the installation folder.
Note: For Windows Vista and Windows 7, installation under the
<Drive>:\Program Files
folder is not supported.
Preferences In the Server Host field:
•If the Manager and Server are on the same machine or if you
do not know the Server’s IP address, do not change the
default value (localhost).
•
Otherwise, type the IP address of the Server machine.
Upgrading the Manager
In some cases, the Manager installation file on the Skybox 5500 Appliance is outdated. In this case,
you can use the new Manager installation file that you downloaded (or received from Skybox
Security’s product support team) to replace the old installation file. This way, when Skybox View
users install the Manager via the Appliance, they will be installing the latest version.
To upgrade the Manager installation file
1Copy the installation file (SkyboxViewInstaller-<version#>-<build#>.exe) to the
Skybox 5500 Appliance using PuTTY, WinSCP, or any other client program.
The file should be saved at: /opt/skyboxwebadmin/web/manager/.
2Delete any other files in this directory, including the previous installation file that was there. The
directory must contain only the new installation file.
Skybox 5500 Appliance 18
Chapter 6
You will be notified by email when Skybox Security publishes an upgrade to the Web Administration,
and the email will explain how to obtain the upgrade file. After saving the file, use the following
instructions to perform the upgrade.
To upgrade the Web Administration
1In the Support tab, click Upgrade Web Administration.
2Click Browse and navigate to the location where the update file (*.tar.gz) is stored.
3Click Upgrade.
4The update begins automatically. In the process, you are logged out of the Web Administration.
When the update is finished, you can log in again.
In this chapter
Rolling back changes to the Web Administration ...................................................18
Rolling back changes to the Web Administration
When you upgrade the Web Administration, a backup copy is saved. You can use this backup to revert
to the previous version if there are any problems with the upgrade.
This procedure should be done via SSH after logging in as the root user.
To restore the previous version of the Web Administration, run the following commands:
1service sysconf stop
2service httpd stop
3cd /opt/
4mv skyboxwebadmin skyboxwebadmin_<date> (renames the current web administration
directory)
5cp skyboxwebadmin_backup_<timestamp>/ skyboxwebadmin (copies the backup directory
to the skyboxwebadmin directory)
6service sysconf start
7service httpd start
Upgrading the Web Administration
Skybox 5500 Appliance 19
Chapter 7
The Restore Appliance DVD that comes in the Skybox 5500 package is used to restore Skybox 5500 to
factory defaults.
Warning: Restoring Skybox 5500 erases all data on the Appliance.
To restore
1Insert the DVD in the DVD-ROM drive.
2Reboot the Appliance.
3As soon as you see the Skybox Installation Menu window, press any key.
Note: If you do not press a key within several seconds, the Appliance boots from the local
drive.
4In the menu, select the second option (Skybox Appliance Installation).
Note: The restore process takes approximately 25 minutes.
5When the installation finishes, proceed from System configuration (see page 11).
Restore
Skybox 5500 Appliance 20
Chapter 8
Skybox 5500 Appliance was created to be as light and secure as possible. On occasion, it may be
necessary to install additional software packages (RPMs). These RPMs can be installed via the
Internet or using a local repository. The following instructions explain how to do this.
Some of the most common packages include:
•gcc
•diff
•dos2unix
The most frequently needed packages are combined into a package group named Basic Appliance
Development Tools.
•To list the available package groups, run the following command.
yum --disablerepo=\* --enablerepo=skyboxview-appliance grouplist
•To display details about a package group, run the following command. The package group name
must be set off by quotation marks.
yum --disablerepo=\* --enablerepo=skyboxview-appliance groupinfo <package
group name>
For example:
yum --disablerepo=\* --enablerepo=skyboxview-appliance groupinfo "Basic
Appliance Development Tools"
•To install one of the package groups, run the following command. The package group name must
be set off by quotation marks.
yum --disablerepo=\* --enablerepo=skyboxview-appliance groupinstall
<package group name>
Installing additional software packages
Table of contents
