<< PREVIOUS      NEXT >>

 

LFR AND CMS INSTALLATION

 

Install VSP CMS using the below process:

 

CMS INSTALLATION

 

NOTE:

Ensure that the CMS VM is in sync with the NTP server

 

  1. Execute the below steps to add the required environmental variables

    1. sudo bash

       

    2. vi /etc/environment

       

    3. Add the below variables 

      COMPOSE_HTTP_TIMEOUT=400

      DOCKER_CLIENT_TIMEOUT=400

       

    4. service docker restart

       

  2. Download the tar file vsp-cms-lfr.tar.gz from the Artifactory directory: vsp > releases > public > <Release_Number> > tar_package > cms_lfr

  3. Alternatively, use the wget command as described below:

    1. Log in to the Artifactory and navigate to the directory: vsp > releases > public > <Release_Number> > tar_package > cms_lfr. Click on the tar file and click URL to File

    2. Execute the below command to download the tar file

      1. mkdir /var/cms

         

      2. cd /var/cms

         

      3. wget <Copied_URL> --user=<Artifactory Username> --ask-password

         

       

      NOTE:

      Since the tar file size is ~27GB, it takes a minimum of 45 minutes to download. The time may vary based on the internet bandwidth

       

  4. Extract the downloaded tar file using the below command. This command may take approximately 10 minutes

    1. tar -xvzf vsp-cms-lfr.tar.gz

       

       

  5. The below files are extracted

    image98

  6. Execute the below commands to install and configure CMS. This command may take approximately 20 minutes

    1. ./vsp_cms_installer.sh

       

       

      image109

    2. Execute the below command to view the help menu:

      ./setup.sh -h

       

       

      image110

    3. ./setup.sh [Optional Arguments] <IP_ADDRESS> <SSL_VERIFY>

       

      1. IP_ADDRESS – IP Address of the VM where CMS package is installed

      2. (Optional) SSL_VERIFY – Provide 0 to disable SSL hostname verification between CMS and Probe. This is useful when a customized domain name is desired for CMS (Default Domain Name: int.cms.virsec.com). Ensure that the option is disabled for ECS Fargate. Provide 1 to enable SSL hostname verification. The option is enabled by default

      3. (Optional) -f : Defines the CMS Deployment type. Allowed Values:

        small: Only the core CMS services are installed. Recommended for POVs only.

         

        NOTE:  

        • jreports-service – Reports are scheduled and generated in this service

        • licenseserver – This service is the on-prem license server

        • organization-service – Provides communication with the VSP MSSP instance

        • report-service – Provides CMS Reporting functionality

        • ticket-zendesk-service – Provides the ability to configure the ticketing service Zendesk

        • virsec-api-snap-service – Provides the capability to access CMS information through SNAP API

        • vsp-log-manager-service – Responsible for the logging functionality

         

        large: The Core and optional CMS services are installed. If not specified, the default option is large

      4. (Optional) -x :  Custom advertised listener for Kafka

      5. (Optional) -k : Ensure that CMS is not running during usage. Allowed Kafka options:

        0: For Unsecure Kafka connection. By default, the value is set to 0 if not specified

        1: For One-way SSL where the Client verifies the server

        2: For Two-way SSL where both the Client and Server verify each other

         

        NOTE:  

        If there is a Custom DNS for Kafka listener, then use the options 0 or 1 for Kafka. Do not use the option 2

        Restart the probe after CMS and/or probe upgrade or when the Kafka mode is modified

         

      6. (Optional) -P : Provide this parameter to select the optional services that need to be started in case of CMS Deployment Type - large. If this option is not provided, all the optional services are started by default. A snippet of the log with the option -P is provided below. When prompted, provide y/n for optional services [Ticketing Service (Zendesk), Centralized Logging System, MSSP, VSP APIs, Reporting Feature, On-premise License Server]

        image111

         

        NOTE:

        If a proxy server is configured for internet access, ensure that the root certificate information is added to the property file, as described in the Deploy Custom SSL Certificates topic of the Maintenance Section

         

  7. In cases where RAM settings for small and large CMS deployment types need modifications, follow the steps before CMS deployment: 

     

    NOTE:

    The file contains VSP-recommended RAM values for the available CMS deployment types. Any change in these values may affect CMS functioning

     

    1. sudo bash

       

    2. cd /var/cms/form-factors

       

    3. vi ff-ram-size.csv

       

    4. Modify the values as required. The specified value is in GBs. Save the file

      image113

 

VERIFICATION

  1. LFR:

    1. To verify whether LFR is up and running, execute the below command:

      docker ps | grep lfr

       

      image100

       

    2. After a couple of minutes, access the URL: http://<VM_IP_Address> to view the refreshed LFR

      image101

  2. CMS: Execute the below commands to check the status of the cms-client service

    1. cd docker-compose-files

       

    2. watch ./status.sh

       

    3. Once the status of the cms-client service moves to healthy, CMS UI can be accessed

      image108

 

<< PREVIOUS      NEXT >>