QRadar can be installed on a variety of hypervisors for virtual machine deployments. The officially supported ones, and the supported versions, are listed in "Creating your virtual machine". This document represents only the specific versions that are QA tested with each QRadar release and may not convey the full range of compatibility. This often raises questions and confusion about what will or will not work for virtual QRadar deployments. This is an attempt to add more context to the official docs.
First, a quick review of "appliance" versus "software" installation. QRadar ships as an ISO image that contains both OS and the software. For an "appliance" install the ISO is booted directly and both RHEL and QRadar installed, mostly automatically with predetermined options. In a "software" install RHEL is installed first using Red Hat media and then a setup script is run from the QRadar ISO to add the software. This second install method is provided for cases where the QRadar automated install may not support all "hardware" or storage options.
As the documentation indicates, for any hypervisor other than VMware ESXi, you must do a "software" installation. However, this does not necessarily mean that an "appliance" install will not work, simply that it is not officially supported or QA tested. It does mean that if there are issues with the install, you may not be able to get help from IBM support. In fact, an "appliance" install will work very well on KVM virtual machines - I do it all the time - but this is a choice between convenience and being able to get support.
The other information in this document that causes a lot of concern is the limited range of versions for each hypervisor. Again, this is because the document only reflects what is officially tested and not necessarily what is technically compatible.
- VMware ESXi - the document lists hardware version 19 but earlier versions will also work. Hardware version 21, however, is known to not work with QRadar.
- KVM on CentOS or RHEL - the version listed is 1.5.3 but that is ancient, much too old to be used today. In fact all current versions of QEM/KVM will work (up to 9.2.x) on a variety of host operating systems.
- Nutanix AHV - any current version should work
- Hyper V - the document references Windows 2016 which is EoL and cannot be used in most enterprises. Windows 2022 is also known to work and there are no known issues with newer versions of Hyper V
So, in short, the range of hypervisors and versions that will technically work for a QRadar virtual deployment is larger and more useful than the official documentation suggests. While you may find yourself installing on a platform that isn't listed or officially supported, there's a good chance that installation will "just work" and you will not need to seek support for it, especially when using the "software" installation method.
A couple of honorable mentions: Proxmox with KVM works like a charm. VirtualBox will also work but since it is not even mentioned in the documentation, getting support will not be possible at all.
Please comment on this post with any hypervisor and OS combinations that you have gotten to work with QRadar to help others.