IBM QRadar

Deploying IBM QRadar on OpenShift

This guide walks you through deploying the IBM QRadar virtual appliance on Red Hat OpenShift using OpenShift Virtualization.

1. Enable OpenShift Virtualization

1. Log in to the OpenShift Console.
2. From the left-side menu, expand Operators and click OperatorHub.

3. Search for Virtualization.
4. Select OpenShift Virtualization from the list.

5. Click Install, then confirm by clicking Install again on the next screen.

6. Once installed, click Create HyperConverged.

7. On the HyperConverged setup page, scroll down and leave the default values. Click Create.

8. The screen will refresh twice, and you’ll notice a new Virtualization section in the left menu.

2. Create the Virtual Machine

1. Navigate to Virtualization > VirtualMachines.
2. Click Create VirtualMachine and choose From Template.

3. On the template selection page, search for Red Hat.

4. Select Red Hat Enterprise Linux 8 from the list.

3. Configure the VM for QRadar Installation

1. On the VM configuration page, apply the following settings:
• Boot from CD → Check the box.
• CD Source → Select Upload (Upload a new file to PVC).
• Upload Data → Browse and upload the QRadar ISO file.
• Disk Size for CD-ROM → Provide an appropriate size.
• Disk Source → Leave as Blank.
• Disk Size → Allocate the required disk space for QRadar installation (refer to system requirements).
• CPU & Memory → Configure as per the QRadar Virtual Appliance System Requirements.
2. Click Customize VirtualMachine to review settings.

3. Finally, click Create VirtualMachine.

4. Start the Installation

1. Once the VM is created and its status changes to Running, the QRadar installation will begin automatically.
2. Click Open Web Console to access the installation interface.

3. Select Red Hat Enterprise Linux 8.10 from the boot menu.

This will first install the OS bundled with the ISO, followed by the QRadar application itself.

4. Accept the License Agreement by typing yes and pressing Enter.

5. Configure QRadar Installation

1. On the Appliance Installation screen:
• Select Appliance Install → Press Next.
• Use Tab to move between options, and Space to select.

2. Choose the appliance type (e.g., All-In-One Console – 3199).

3. Select Normal Setup and continue.

4. Configure:
• Time Zone
• IP Protocol (IPv4/IPv6)
• Network Interfaces
• Static IP details (including Hostname / FQDN)

For All-In-One deployments, this IP and hostname will be used to access both the QRadar Console and CLI.

5. Set:
• Admin password (for Console login)
• Root password (for CLI access)

6. Click Finish to complete the installation.
7. Once complete, you’ll see a confirmation message. Select OK.

6. Expose QRadar Outside OpenShift

1. In the OpenShift Console, go back to your VirtualMachine details.
2. Click the + (plus) icon on the top right and select Import YAML.
3. Import the YAML configuration to create a Route for external access.
4. Click Create.
   
   
   Create a Service to Expose the VM's Port

   apiVersion: v1 kind: Service metadata: name: qradar-service namespace: openshift-cnv # Must be in the same namespace as the VMI spec: ports: - name: https port: 443 # The port the Service will listen on targetPort: 443 # The port on the VMI/Pod to forward traffic to protocol: TCP selector: kubevirt.io/domain: rhel8-azure-raven-81 # This targets the VMI's Pod rhel8-black-ant-63

   
   Create a Route for External Access

   apiVersion: route.openshift.io/v1 kind: Route metadata: name: qradar-route namespace: openshift-cnv # Must be in the same namespace as the Service spec: to: kind: Service name: qradar-service # The name of the Service we created weight: 100 port: targetPort: https # Must match the 'name' of the port in the Service tls: termination: passthrough # Best for HTTPS services where the VM holds the cert

   
   
   Access Your QRadar VM Get the Route's hostname:

   
   

   oc get route -n openshift-cnv qradar-route -o jsonpath='{.spec.host}'

7. Access QRadar Console

1. From your local machine, open the QRadar Console using the route you just configured.
2. Log in with the admin credentials created earlier.
3. Accept the QRadar License Agreement.
4. The QRadar Console will now be available with a 30-day trial license.

✅ You have successfully deployed QRadar on OpenShift!

Next Steps

• Configure log sources and start monitoring.
• Review QRadar’s integration with your security stack.
• Apply permanent licenses if moving beyond trial mode.

Disclaimer

This deployment guide is provided as an innovative reference for testing and learning purposes. It does not represent an official IBM product or supported deployment model.Users are encouraged to validate configurations in a controlled environment before applying them to production systems. 

https://www.ibm.com/docs/en/qsip/7.5?topic=vai-creating 

✨ Happy Monitoring with IBM QRadar on OpenShift!