CPM Installation
  • 11 Jul 2024
  • 4 Minutes to read
  • Dark
    Light
  • PDF

CPM Installation

  • Dark
    Light
  • PDF

Article summary

About this Article
This article provides various methods of Centralized Probe Management (CPM) installation. API is compatible with Version 2.9 and Above - CMS and Probes.
The Install Probe, Upgrade Probe, Uninstall Probe, Install Script and vsp-cli command APIs are available only for Version 2.11 and Above.


Centralized Probe Management (CPM) API aims to simplify the upgrade and troubleshooting requirements scenarios on Probes, deployed on different application platforms. Without this API, it becomes necessary to log in to the host for upgrade/ troubleshooting. It can be installed using any one of the below methods.

NOTE
Ensure that on Linux platforms (or wherever applicable), the crypto policies are set NOT to FUTURE during CPM installation. Modify the value to LEGACY and revert the change once CPM is installed.


Method 1: Script-based Installation

Install CPM using the below process:

  1. Download the below files from LFR
    1. CPM installable – vsp_install_cpm.sh (Linux) OR vsp_install_cpm.bat (Windows)
    2. Required Certificates - certificates.zip
  2. Utilize the below parameters as required:
ParameterDescription
Required Parameters
-c <CMS_IP>[On-prem instances] IP Address of CMS
-C <CMS DNS Name>[SaaS instances] Custom DNS name for CMS. Default value is int.cms.virsec.com
-T <Certificates File Path>[On-prem and SaaS instances] Location of the tar/zip file containing the client certificates. This is not required when the parameter -U is used
Optional Parameters
-B <OS_Bit>Host OS Bit. Allowed values are 32, 64
-f <0|1>To force CPM uninstall during upgrade without file backup. Allowed values are 0 (Do not force, Default value) and 1 (Force Upgrade without file backup)
-H <0|1>Entries are not added in the /etc/host file to resolve the LFR and CMS DNS names. Allowed values are 0 (Do not add), 1 (Default - add). If value "1" is used, ensure that the parameters -C and -K are provided
-i <Host_IP>IP Address of Probe (Host)
-k  <VSP_Kafka_Node_IP>IP Address of Kafka. This parameter is required if CMS IP and Kafka IP are different
-K <Kafka DNS Name>Custom DNS name for Kafka. Default value is vsp-kafka.virsec
-l <lfr_ip>IP Address of CMS
-L <LFR_Port>VSP LFR Port. Default Port is 8443. This is not applicable in case of SaaS CMS
-n <Hostname>Hostname of the Probe
-o <Host_OS>

To specify the Operating System. Allowed values are: rhel, ubuntu, debian_stretch, debian_buster, amazonlinux

This parameter must be used along with "-V"

For Oracle Linux 8, provide the value rhel for parameter “-o”

-r <0 | 1>To restart VSP CPM services after installation. Allowed values are 0 (Default - Do not start VSP services), 1 (start VSP services)
-u <0 | 1>To uninstall existing CPM services and install the latest available version. Allowed values are 0 (Default - Do not uninstall), 1 (uninstall)
-U <0 | 1>To uninstall existing CPM services. Allowed values are 0 (Default - Do not uninstall), 1 (uninstall)
-v <vsetting>To print Verbose information. Allowed values are 0 (INFO level), 1 (DEBUG level) and 2 (TRACE level)
-V <Host OS Version>

To specify the version of the Operating System. This parameter must be used along with "-o"

For Oracle Linux 8, provide the value 8 for the parameter “-V”

NOTE
Whenever these parameters are utilized, ensure that LFR IP address is provided with the -l parameter so that the latest version of the script from LFR is utilized.


Method 2: MSI-based Quiet Installation (Windows)

Pre-requisites

  1. Ensure that the below packages are installed. They are included as part of the downloaded .zip file:
    1. VC_redist.x86.exe
    2. VC_redist.x64.exe (Not applicable for Windows Server 2003 32 Bit Machines)
    3. For Windows 2008, the Patch: Security Update for Microsoft Windows (KB4474419) is installed. Use the link below to install the required patch: https://www.catalog.update.microsoft.com/search.aspx?q=kb4474419  
  2. To install the VC_redist packages, using the below steps:
    1. Open Command Prompt (Run as an Administrator) and navigate to the directory with the file vsp.msi
    2. For installation of VC_redist.x64.exe, execute the below command:
      Shell
      start /wait VC_redist.x64.exe /q /norestart /l*v logs.txt
    3. For installation of VC_redist.x86.exe, execute the below command: (Not applicable for Windows Server 2003 32 Bit Machines):
      Shell
      start /wait VC_redist.x86.exe /q /norestart /l*v logs.txt


Installation

CPM installation is performed using the quiet installation method using MSI for Windows. Utilize the below parameters as required:

ParameterDescription
START_CPM_SERVICETo start/stop CPM services after Installation. Allowed Values are: 1 (Start; Default) and (Stop)
NOTE
Whenever these parameters are utilized, ensure that LFR IP address is provided with the parameter "LFR_IP" so that the latest version of the script from LFR is utilized.


Command for CPM Installation - On-Prem:

start /wait msiexec /i VSPCPM.msi /qn /norestart CMS_IP=<CMS_IP> CERTS_ZIP=<Certificate_File_Path> ACCEPTEULA=1 /l*v c:\vspcpm_installermsi.log


Command for CPM Installation - SaaS:

start /wait msiexec /i VSPCPM.msi /qn /norestart CMS_IP=<CMS_IP> CERTS_ZIP=<Certificate_File_Path> ACCEPTEULA=1 /l*v c:\vspcpm_installermsi.log


Command for CPM Uninstallation:

start /wait msiexec /x {38276D79-4FD0-40B8-A120-0C49D5591A3C} /quiet /qn /norestart /l*v c:\vspcpm_installermsi.log


Method 3: Using GPO (Windows)

Using GPO (Group Policy Object), CPM can be installed on the below Windows Operating Systems:

  1. Windows 2016
  2. Windows 2019
  3. Windows 2022


Pre-requisites:

  1. Access to the Domain machine
  2. Copy the CPM installable and certificates (certificates.zip) on a common drive


Follow the below steps for CPM installation:

  1. In the Domain machine, access the Group Policy Management Editor
  2. Create a new policy for CPM installation with the deployment method as AssignedDeploymentMethod
  3. The below parameters can be modified using OrcaCPMParameters
    ParameterDescription
    START_CPM_SERVICETo start/stop CPM services after Installation. Allowed Values are: 1 (Start; Default) and (Stop)
    CMS_IPIP Address for CMS
    CMS_DNS_NAMEDNS Name for CMS
    CERTS_ZIPComplete location of the certifications zip file (along with the file name) on the Probe machines. Example: C:\ProgramData\certificates.zip
    ACCEPTEULADefines acceptance to the license agreement. Expected value: 1
    NO_HOST_ENTRY

    Entries are not added in the file /etc/host to resolve the LFR and CMS DNS names. If this parameter is used, ensure that the parameters -C and -K are provided

     Default value is 0

     Expected values are 0 (Entries added, On-Prem) or 1 (Not added, SaaS)

  4. Select the CPM package/MSI file (copied on common drive). For MSI-based installation, ensure that the Pre-requisite steps are complete
  5. Double-click on the created policy. Navigate to the tab Deployment
    1. Enable the option Install Application at logon
    2. Select Installation user interface options as Basic
    3. Click Apply and OKDeploymentTab
  6. Navigate to Preferences > Windows Settings> Files. Select the certificates.zip file so that it is copied to the specified directory on the Probe servers during Security Policy UpdateFileSettings


Verification

Utilize the below commands to view the status of the CPM service.

  1. Linux: 
    sudo service vspcpm status
  2. Windows: 
    sc query vspcpm


Data Directories

  1. The extracted API information is stored in the mounted CPMS data directory, that can be accessed at /home/virsec/cpmdata
  2. Files are automatically purged after a configured duration. By default, this duration is 7 days

Was this article helpful?

What's Next