Installation Guide

McAfee Data Exchange Layer 4.0.0

Installing Data Exchange Layer

System requirementsMake sure that your system environment meets these requirements and that you have administrator rights.

Component Products Version

VMware vSphere ESXi 5.1 or later

McAfee ePO 5.1.1 or later

McAfee ePO product extensions and packages (checked in) McAfee® Agent 5.0.0 or later

McAfee Agent extension 5.0.0 or later

Products installed on each of your managed systems McAfee Agent 5.0.0 or later

Operating system

You can install the Data Exchange Layer client on the following operating systems.

Microsoft Windows Windows 7 (32-bit and 64-bit), Windows Embedded 7

Windows 8.0 (32-bit and 64-bit), Windows Embedded 8

Windows 8.1 (32-bit and 64-bit)

Windows 8.1U1/U2 (32-bit and 64-bit)

Windows 10 Version 1507 (32-bit and 64-bit)

Windows 10 Version 1511 (November Update) (32-bit and 64-bit)

Windows 10 Version 1607 (Anniversary Update) (32-bit and 64-bit)

Windows 10 Version 1703 (Creators Update) (32-bit and 64-bit)

Windows 10 Version 1709 (Fall Creators Update) (32-bit and 64-bit)

1

Windows Server 2008

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2

Linux operating systems 32/64-bit Red Hat 6.x or later

32/64-bit CentOS 6.x or later

32/64-bit Debian 7.x or later

32/64-bit Ubuntu 12.x or later

Macintosh operating systems OS X

Standalone DXL broker

System requirements for a standalone DXL broker installation are:

Recommended

• 4 cores

• 8 GB RAM

• 20 GB Hard Disk

Minimum

• 2 cores

• 4 GB RAM

• 20 GB Hard Disk

Data Exchange Layer protocols and portsThe Data Exchange Layer framework uses these network protocols and ports.

Make sure these ports are open and available for use with DXL.

2

Install DXL 4.0.0Follow these tasks if you are installing the DXL client and brokers for the first time on a system.

1 Install the extensions 4 Deploy the DXL client

2 Check in the DXL packages 5 Verify the installation

3 Download the DXL broker software

Tasks

• Install the extensions on page 4Install the Data Exchange Layer extensions in the McAfee ePO server.

• Check in the DXL packages on page 4Check in the Data Exchange Layer packages to the Master Repository on the McAfee ePO server.

• Download the DXL broker software on page 4Download the DXL software manually from the McAfee product download website, or use theMcAfee ePO Software Manager.

• Deploy the DXL client on page 7Deploy the DXL client to each of your managed systems. Do not deploy DXL clients on a brokersystem.

• Verify the installation on page 7After you complete the DXL broker appliance pages in VMware, verify that the installation wassuccessful.

3

Install the extensionsInstall the Data Exchange Layer extensions in the McAfee ePO server.

Task

1 Select Menu | Software | Extensions.

2 Click Install Extension and install the extensions in the following order.

a DXL Broker Management

b DXL Client

c DXL Client Management

Check in the DXL packagesCheck in the Data Exchange Layer packages to the Master Repository on the McAfee ePO server.

Task

1 Select Menu | Master Repository, then click Check In Package.

2 Check in these DXL packages:

• DXL Client

• DXL Broker

• DXL Platform

Download the DXL broker softwareDownload the DXL software manually from the McAfee product download website, or use the McAfee ePOSoftware Manager.

The broker appliance is installed using VMware vSphere (.ova file) or by running the DXL broker file (.iso file).Download one of the broker appliance files and save it locally before continuing.

After downloading the DXL software, install the brokers. You can install them on a VMware system, or using aLinux image.

Tasks• Install DXL brokers using VMware on page 5

The DXL appliance is available on the Software Manager and the McAfee download site. There aretwo options, an OVA and an ISO. Both are packaged as a .zip file and must be extracted beforeinstalling.

• Install DXL brokers on a Linux system on page 5The Linux system must be managed by McAfee ePO and include McAfee Agent version 5.0.4 orlater. Ensure that all needed communication ports are open through the local firewall.

4

Install DXL brokers using VMwareThe DXL appliance is available on the Software Manager and the McAfee download site. There are two options,an OVA and an ISO. Both are packaged as a .zip file and must be extracted before installing.

Task1 Depending on which appliance option you downloaded, do one of the following:

• If you downloaded the DXL broker ISO component, use the .iso file to install the appliance on asupported platform.

• If you downloaded the DXL broker OVA component, open the VMware vSphere client, then click File |Deploy OVF Template. Browse to and select the DXL .ova file on your computer. Click Next and complete thesteps in the wizard, then turn on the virtual machine and open a Console window.

2 Install and configure the DXL broker appliance.

a Read and accept the license agreement. You can press Enter to view each page, or skip to the last page.

b Create a root password for the appliance. The password must be at least nine characters.

c Enter the operational account name, real name, and password, using the Tab key to move to the nextfield. When finished, press Y to continue.

The account name is typically something like jsmith and is used to log on to and administer theappliance. The real name is your full name, for example, John Smith.

d On the Network Selection page, enter N to continue.

e Select a configuration type, then enter Y to continue.

• DHCP — Enter D.

• Manual IP address — Enter M, then enter the remaining information.

f Enter the host name and domain name of the computer where you are installing the appliance. Enter Yto continue.

g Enter up to three Network Time Protocol servers to synchronize the time of the appliance. Use thedefault server listed, or enter the address for up to three servers. Enter Y to continue.

h Enter the IP address or fully qualified domain name, port, and account information for your McAfee ePOserver. The user account must have administrator rights. Enter Y to continue.

i Open a web browser and navigate to McAfee ePO and verify that the McAfee ePO server certificate'sCommon Name (CN) and fingerprint matches the information shown. How to verify certificates dependson your browser. For most browsers, clicking the Lock icon in the address bar allows you to viewcertificate details.

j Specify the port that DXL uses. Use the default port, or enter a port number within the range shown,then enter Y to continue.

k When the logon screen appears, close it.

3 Log on to McAfee ePO as an administrator and verify that there is a DXL broker listed in the System Tree.

See Verify the installation for additional information about making sure that the DXL broker installedsuccessfully.

Install DXL brokers on a Linux systemThe Linux system must be managed by McAfee ePO and include McAfee Agent version 5.0.4 or later. Ensurethat all needed communication ports are open through the local firewall.You can install and deploy a broker on systems running these Linux versions:

5

• 64-bit Red Hat Enterprise Linux 6.x

• 64-bit Red Hat Enterprise Linux 7.x

• 64-bit CentOS 6.x

• 64-bit CentOS 7.x

Task

1 In McAfee ePO, select Menu | Software | Product Deployment, then click New Deployment.

2 Complete the new deployment information, then start the deployment.

3 After the deployment task completes, configure the broker.

a To use a communication port other than the default 8883, update the DXL broker configuration file /opt/McAfee/dxlbroker/conf/dxlbroker.conf. Change the listenPort setting.

# The broker listen portlistenPort=8883

b Update the firewall to allow communication on the broker port with the following commands, replacing<listenPort> with the correct port.

iptables (Red Hat Enterprise Linux 6.x / CentOS 6.x):

iptables -N DXLBROKER iptables -I INPUT -j DXLBROKER iptables -A DXLBROKER -p tcp -m tcp --dport <listenPort> -j ACCEPT service iptables save ip6tables -N DXLBROKER ip6tables -I INPUT -j DXLBROKER ip6tables -A DXLBROKER -p tcp -m tcp --dport <listenPort> -j ACCEPTservice ip6tables save

firewalld (Red Hat Enterprise Linux 7.x / CentOS 7.x):

firewall-cmd --zone=public --permanent --add-port=<listenPort>/tcp firewall-cmd --reload

c Create a broker-specific sysctl.conf file to increase the maximum number of tracked connections.This is the number of connections the operating system can handle.

$> mkdir -p /etc/sysctl.d$> cat > /etc/sysctl.d/dxlbroker-sysctl.conf <<EOF# DXL Broker sysctl settings#

net.ipv4.netfilter.ip_conntrack_max = 196608net.netfilter.nf_conntrack_max = 196608net.nf_conntrack_max = 196608

# End of fileEOF$> sysctl -e -p /etc/sysctl.d/dxlbroker-sysctl.conf

6

d Create a broker-specific limits.conf file to increase the maximum number of File Descriptors. This isthe number of sockets the operating system can handle.

$> mkdir -p /etc/security/limits.d$> cat > /etc/security/limits.d/dxlbroker-limits.conf <<EOF# DXL Broker limitsmfedxl soft nofile 262144mfedxl hard nofile 262144

# End of fileEOF

e Restart the DXL Broker service.

$> service dxlbroker restart

Log files for installing and deploying brokers on a Linux system are available to help with troubleshooting:

/var/log/dxlbroker <version_number> <build_number>.log

/var/log/dxlbroker‑uninstall.log

Deploy the DXL clientDeploy the DXL client to each of your managed systems. Do not deploy DXL clients on a broker system.

Before you beginIf deploying the DXL client on a supported Linux 64-bit system, perform these steps on the systembefore deploying:

• On CentOS and Red Hat systems, enter sudo yum install glibc.i686 libstdc++.i686

• On Debian and Ubuntu systems, enter sudo apt-get install lib32stdc++6

Task

1 In McAfee ePO, select Menu | Software | Product Deployment, then click New Deployment.

2 Complete the new deployment information, then start the deployment.

Verify the installationAfter you complete the DXL broker appliance pages in VMware, verify that the installation was successful.

Task

1 On the System Tree main page, verify that the broker is listed and tagged as DXLBROKER.

If the broker is not tagged as DXLBROKER, run the Manage DXL Brokers server task.

2 In the System Tree, select the DXL broker name, then click the Products tab. Verify that the DXL broker andversion are listed.

a If the DXL broker and version are not listed, click Wake Up Agents.

b On the Wake Up McAfee Agent page, select Force complete policy and task update, then click OK.

It might take a few minutes for the broker properties to be sent to the appliance.

7

When the installation is successful, the installed brokers are tagged as DXLBROKER and the correct DXL versionis displayed in the Products tab. You can also click the McAfee shield icon in the Windows taskbar and look forthe McAfee Data Exchange Layer heading. You can see the broker connection status, and the broker name, address,and port number that the DXL client is connected to.

Troubleshooting the installationMcAfee provides log files and scripts that can help you resolve common issues that might occur duringinstallation.

Accessing log files

To troubleshoot installation problems, view the log files. Have these files available if you contact technicalsupport.

/var/log/dxlbroker‑<version_number>‑<build_number>.log

/var/log/DXLPlatform‑<version_number>‑<build_number>.log

Reconfiguring the installation using scripts

You can use scripts to reconfigure the DXL brokers and the McAfee Agent. The scripts are located in the /home/<username> directory. They must be executed with sudo permissions, for example, sudo /home/myname/reconfig‑dxl.

Script name Description Reboot?

change-hostname Changes the host name of the current DXL broker appliance. It restartsthe McAfee Agent and the broker.

Recommended

change-services Enables or disables the DXL broker.

If the broker was initially disabled during first boot, the script promptsfor broker configuration information.

No

reconfig-dxl Reconfigures the DXL port. No

reconfig-ma Reconfigures the McAfee Agent.

The agent and DXL broker services are restarted. New keystores aregenerated when the service starts.

Before using this script, read this KnowledgeBase article for importantinformation: KB85043

Recommended

reconfig-network Reconfigures the current network interface (from DHCP to manual, orfrom manual to DHCP).

Required

reconfig-ntp Reconfigures the Network Time Protocol servers. No

Upgrade to DXL 4.0.0Upgrade from a previous version of Data Exchange Layer.

Before upgrading to Data Exchange Layer 4.0.0, create a snapshot of your virtual machine in the VMware vSphereclient. For instructions, see the VMware vSphere documentation.

8

Download the DXL software manually from the McAfee product download website, or use the McAfee ePOSoftware Manager. Check in the packages to the Master Repository, and the extensions using the Extensions page.

Complete the tasks in the order shown in the Contents tab under the Upgrade to DXL 4.0.0 heading to ensure asuccessful upgrade.

Tasks• Upgrade the extensions on page 9

Install the Data Exchange Layer extensions to the McAfee ePO server.

• Check in the DXL packages on page 4Check in the Data Exchange Layer packages to the Master Repository on the McAfee ePO server.

• Upgrade the DXL broker on page 10To upgrade the DXL brokers on the appliance, create a client task that includes a productdeployment task in McAfee ePO.

• Verify the DXL broker upgrade on page 10After you complete the DXL upgrade, verify that the upgrade was successful.

• Upgrade the DXL client on page 11Upgrade the DXL client on each of your managed systems.

• Verify the DXL client upgrade on page 11After you complete the DXL client upgrade, verify that the upgrade was successful.

Upgrade the extensionsInstall the Data Exchange Layer extensions to the McAfee ePO server.

Before you beginThe DXL extension version must be the same or newer than the DXL broker version. You cannotinstall an older extension version with a newer broker version.

Task

1 Select Menu | Software | Extensions.

2 Click Install Extension and install the extensions in the following order.

a DXL Broker Management

b DXL Client

c DXL Client Management

Check in the DXL packagesCheck in the Data Exchange Layer packages to the Master Repository on the McAfee ePO server.

9

Task

1 Select Menu | Master Repository, then click Check In Package.

2 Check in these DXL packages:

• DXL Client

• DXL Broker

• DXL Platform

Upgrade the DXL brokerTo upgrade the DXL brokers on the appliance, create a client task that includes a product deployment task inMcAfee ePO.

Task

1 Select Menu | Policy | Client Task Catalog.

2 Select McAfee Agent, then click New Task.

3 In the New Task window, select Product Deployment, then click OK.

4 Complete the new deployment information for the DXL broker. For the Target platforms option, make sure thatonly McAfee Linux OS is selected. Create a task for each package. Packages must be updated in this order:

If you initially installed the broker appliance using the TIE .ova file, upgrade only the broker (the platformupdates come from Threat Intelligence Exchange). If you installed the broker appliance using the DXL .ovaor .iso file, upgrade both the platform and the broker.

a DXL Platform

b DXL Broker

5 Save the task and run it against the DXL broker.

6 In the System Tree, select a DXL broker name, then click the Properties tab.

7 Click Wake Up Agents and select Force complete policy and task update. It might take a few minutes for the brokerproperties to be sent to the appliance.

Log files are located here:

/var/log/dxlbroker‑<version_number>‑<build_number>.log

/var/log/DXLPlatform‑<version_number>‑<build_number>.log

/var/McAfee/dxlbroker/logs/ipe‑start.log

/var/McAfee/dxlbroker/logs/ipe.log

Verify the DXL broker upgradeAfter you complete the DXL upgrade, verify that the upgrade was successful.

10

Task

1 In the System Tree main page, verify that the updated broker is listed and tagged as DXLBROKER. If it isn't, runthe Manage DXL Brokers server task.

2 In the System Tree, select the DXL broker name, then click the Products tab. Verify that the updated DXL brokerand version are listed.

a If the DXL broker and version are not listed, click Wake Up Agents.

b Select Force complete policy and task update, then click OK. It might take a few minutes for the brokerproperties to be sent to the appliance.

c If the DXLBROKER tag does not appear in the System Tree, run the Manage DXL Brokers server task again.

When the installation is successful, the correct DXL version is displayed in the Products tab, and the installedbrokers are tagged as DXLBROKER.

Upgrade the DXL clientUpgrade the DXL client on each of your managed systems.

Task

1 Select Menu | Policy | Client Task Catalog.

2 Select McAfee Agent, then click New Task.

3 Select Product Deployment, then click OK.

4 Complete the new deployment information: From the Products and components list, select Data Exchange LayerClient.

5 Save the task and run it on each of your managed systems. You might have to wait several minutes for thetask to complete, depending on how busy your McAfee ePO server is.

6 In the System Tree, select the DXL client system, then click the Products tab.

7 Click Wake Up Agents and select Force complete policy and task update. It might take a few minutes for the clientproperties to be sent to the McAfee ePO server.

Verify the DXL client upgradeAfter you complete the DXL client upgrade, verify that the upgrade was successful.

Task

1 In the System Tree, select a DXL client system, then click the Products tab.

2 Verify that the updated DXL client and version are listed.

3 Select a DXL client system, and from the Actions menu, select DXL | Lookup in DXL. Make sure that theconnection state is Connected.

4 You can also click the McAfee shield icon in the Windows taskbar and look for the McAfee Data Exchange Layerheading. You can see the broker connection status, and the broker name, address, and port number that theDXL client is connected to.

11

Uninstall DXLFollow these steps to uninstall DXL.

Task1 Select Menu | Software | Product Deployment | New Deployment.

2 Complete and save the new deployment information for the uninstall.

3 In the Product Deployment page, from the Action drop-down, select Uninstall. Then start the deployment touninstall DXL.

Copyright © 2017 McAfee, LLC

McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Othermarks and brands may be claimed as the property of others.

12 0-00