QRadar Network Insights 1940 M7 appliance
The IBM QRadar Network Insights 1940 (MTM 4723-N4B) appliance provides detailed analysis of network flows to extend the threat detection capabilities of IBM QRadar. QRadar Network Insights 1940 is based on the Lenovo System SR650 V2 (2U).
The appliance has two Napatech 40 GbE cards. By default, the two ports on the first network capture card are configured for inbound traffic from a network tap or mirrored span. If the appliance is included in a stack, the ports are reconfigured for one inbound and one outbound.
The second Napatech card is cabled internally for load balancing and cannot not be used. The QSFP+ ports on this card are disabled. These ports do not receive data if they are connected to external traffic sources.
The management ports are associated with port items 2 and 4 in the diagram. These are used to replicate data between QRadar Network Insights and the Console. The port item 3 is reserved for the management controller remote management system.
For more information about cabling stacked appliances, see the QRadar Network Insights Installation Guide.
The following table shows the hardware information and requirements for the QRadar Network Insights 1940 appliance.
| Description | Value |
|---|---|
| CPU | 2 x Gold 6342 24 C 2.8 GHz 230 W |
| Network capture transceivers |
2 x 40 GbE SR4 QSFP+ transceivers (Finisar FTL410QD2C- IG) Use these transceivers with the network packet capture card, labeled as [5] in the appliance diagram. |
| Network management transceivers |
Lenovo Dual Rate 10G/25G SFP28 Transceiver, The transceivers have the following part numbers: AFBR-735ASMZ-LVX Use these transceivers with the management ports, labeled as [4] in the appliance diagram |
| Ports |
4-port 1 GbE TX OCP 2-port 10/25 GbE SFP28 2 x 40 GbE Network capture ports (QSFP+) 1 x 1 GbE RJ-45 Ethernet systems management IPMI (XCC) port |
| Storage |
480 GB: 2x 480 GB 2.5” SSD RAID 1 Controller: RAID 540-8i |
| Memory | 384 GB (12 x 32 GB) |
| Traffic | 40 Gbps |
| Power supply | Dual redundant 1100 W AC power supply |
| Dimensions | 28.3 inches deep x 17.5 inches wide x 3.4 inches high |
System performance of QRadar Network Insights appliances varies depending on the on Inspection settings and the type and amount of network data.
For more information, see Performance impacts in the IBM QRadar Network Insights Installation Guide.
The following image is of the QRadar Network Insights 1940 appliance.
| Label | Description |
|---|---|
| 1 | QRadar system storage |
| 2 | Management ports (1 GbE TX) |
| 3 | IPMI (XCC) port (1 GbE RJ-45) |
| 4 | Management ports (10/25 GbE SFP28) |
| 5 | 2 x 40 GbE Network capture ports (QSFP+) |
| 6 | Do not populate these ports |
For more information about battery removal, see
Removing the coin-cell battery (https://thinksystem.lenovofiles.com/help/index.jsp?topic=%2F7X05%2Fcmos_battery_replacement.html&cp=4_8_8_13&anchor=CMOS_battery_replacement).
Appliance stacking
You can stack the QRadar Network Insights 1940 (type 6600) appliances to distribute network packets across multiple Napatech cards. The following image shows how to connect the cables on up to four QRadar Network Insights 1940 appliances in a stacked configuration. On the first appliance, port 0 is used for the network tap or span port. The traffic is then mirrored to Port 1 on the same card, which sends data to port 0 of the next appliance in the stack.
For more information about appliance stacking and to learn about a breakout cable for 10 GbE links, see IBM QRadar Network Insights 1940 appliance installations.