QRadar in AWS Marketplace
Great news for QRadar admins. From the 1st of February, QRadar is available in the AWS Marketplace. Amazon Web Services (AWS) is one of the oldest and the most popular services, where you can deploy own Virtual Appliance.
Deploying Appliance from the official image provided by IBM of QRadar Amazon Machine Images (AMI) available on the AWS Marketplace dramatically reduce the time necessary for the installation process. The image is based on BYOL (Bring Your Own Licence) model, so it means that you need to have in hand licence purchased from IBM Sales before deploying Virtual Server.
The price seen above is just the cost of virtual server charged by Amazon for an m4.4xlarge server. After deploying this component (link to Console AMI) you can start using QRadar as All-in-One or add another appliance (link to Managed Host AMI) as Managed Host to build distributed deployment.
Available appliances QRadar in AWS
These two available AMIs allow QRadar customers to deploy the following instances in AWS:
- QRadar Console
- All in One Console
- Console with Managed Host in a distributed deployment
- QRadar Managed Host
- Event Collector
- Event Processor
- Flow Collector
- Flow Processor
- Event/Flow Processor
- Data Node
To begin with AMI on AWS and depends on appliance type chosen, you need to pick from AWS at least the following sizes of EC2 servers. Please note, that these are just suggested values and not tested by me:
Appliance | Memory | CPU | EC2 Type |
1299 | 6GB | 4 | r4.xlarge |
1400 | 48GB | 16 | m5.4xlarge |
1599 | 16GB | 16 | c4.4xlarge |
1699 | 48GB | 24 | c4.8xlarge |
1699 | 48GB | 40 | m4.10xlarge |
1699 | 48GB | 56 | c5.18xlarge |
1799 | 48GB | 24 | c4.8xlarge |
1799 | 48GB | 48 | m5.12xlarge |
1799 | 48GB | 56 | c5.18xlarge |
3199 | 48GB | 24 | c4.8xlarge |
3199 | 128GB | 48 | m5.12xlarge |
3199 | 128GB | 56 | c5.18xlarge |
8099 | 48GB | 16 | m5.4xlarge |
QRM | 48GB | 8 | r4.2xlarge |
QVM-P | 32GB | 4 | r5.xlarge |
QVM-S | 16GB | 4 | m4.xlarge |
Deploying QRadar instances in AWS, extending QRadar’s security analytics and monitoring capabilities to the cloud and reduces costs of data transfer.
Unfortunately at the moment for QRadar on Cloud Customers (QRoC), Data Gateway appliances (7000) are not supported yet with this version of the Managed Host AMI. We have been assured that future releases will support Data Gateway appliances.
Following the link, you can find QRadar Installation Instructions in the AWS Marketplace.