CMS Installation on VM
  • 03 Oct 2023
  • 4 Minutes to read
  • Dark
    Light
  • PDF

CMS Installation on VM

  • Dark
    Light
  • PDF

Article Summary

About this Article
This article provides the installation, verification and onboarding steps for CMS deployment on VM.


Installation

To install CMS on VM, follow the below steps:

  1. Execute the below commands to modify the environment variables:
    sudo bash
    vi /etc/environment
  2. Add the below environment variables:
    COMPOSE_HTTP_TIMEOUT=400DOCKER_CLIENT_TIMEOUT=400
  3. Create a new directory to copy the installable
    mkdir /var/cms
    cd /var/cms
  4. Download the tar file vsp-cms-lfr.tar.gz from the Artifactory directory: 
    1. Version 2.8 and Above: vsp > releases > public <Major_Release> > <Minor_Release> > <Patch_Version> > tar_package > cms_lfr  
      Example: vsp > releases > public > 2 > 2.8 > 2.8.0 > tar_package > cms_lfr  
    2. Version 2.7: vsp > releases > public > <Release_Number> > tar_package > cms_lfr 
      Example: vsp > releases > public > 2.7.0 > tar_package > cms_lfr  
  5. Execute the below commands to complete the installation:
    tar -xvzf vsp-cms-lfr.tar.gz
    ./vsp_cms_installer.sh
    ./setup.sh -h     #To view more information about the script usage
    ./setup.sh <CMS_HOST_IP_Adress>
  6. The required parameter for the script is:
    ParameterDescription
    HOST_IPIP Address of the VM where CMS package is installed
  7. The Optional Parameters are provided below:
    ParameterDescription
    SSL_VERIFYProvide 0 to disable SSL hostname verification between CMS and Probe. This is useful when a customized domain name is desired for CMS (Default Domain Name: int.cms.virsec.com). Ensure that the option is disabled for ECS Fargate.
    Provide 1 to enable SSL hostname verification. The option is enabled by default
    -f

    Defines the CMS Deployment type. Allowed Values:
    small: Only the core CMS services are installed. Recommended for POVs only
    large: The core and optional CMS services are installed. If not specified, the default option is large

    In the configuration small, the below optional services are not installed:

    1. jreports-service – Reports are scheduled and generated in this service
    2. licenseserver – This service is the on-prem license server
    3. organization-service – Provides communication with the VSP MSSP instance
    4. report-service - Provides CMS Reporting functionality
    5. ticket-zendesk-service - Provides the ability to configure the ticketing service Zendesk
    6. virsec-api-snap-service – Provides the capability to access CMS information through SNAP API
    7. vsp-log-manager-service – Responsible for the logging functionality
    -k

    Ensure that CMS is not running during usage. Allowed Kafka options:

    0: For Unsecure Kafka connection. The option is available only for Version 2.7. By default, the value is set to 0 if not specified
    1: For One-way SSL where the Client verifies the Server
    2: For Two-way SSL where both the Client and Server verify each other.
    Version 2.8 and Above: By default, the value is set to 2 if not specified

    NOTE:
    If there is a Custom DNS for Kafka listener, then use the option 1 for Kafka. Do not use the option 2
    Restart the probe after CMS and/or probe upgrade or when the Kafka mode is modified
    -PProvide this parameter to select the optional services that need to be started in case of CMS Deployment Type - large. If this option is not provided, all the optional services are started by default. When prompted, provide y/n for optional services [Ticketing Service (Zendesk), Centralized Logging System, MSSP, VSP APIs, Reporting Feature, On-premise License Server]
    -xCustom advertised listener for Kafka


    NOTE
    If a proxy server with SSL (for internet access) OR LDAP server with SSL (for user management) is configured, ensure that the root certificate information is added to the property file, as described in the Deploy Custom SSL Certificate section of the Maintenance article
  8. In cases where RAM settings for small and large CMS deployment types need modifications, execute the below command before CMS deployment and modify the value as required:
    NOTE
    The file ff-ram-size.csv contains VSP-recommended RAM values for the available CMS deployment types. Any change in these values may affect CMS functioning
    sudo bash
    cd /var/cms/form-factors
    vi ff-ram-size.csv

Verification

  1. Execute the below command to verify whether the LFR is up and running
    docker ps | grep lfr
    After a couple of minutes, access the URL: to view the refreshed LFR 
    1. Version 2.8 and Above: https://<VM_IP_Address>:8443
    2. Version 2.7: http://<VM_IP_Address>  
  2. Execute the below commands to validate CMS installation
    cd docker-compose-files
    watch ./status.sh
  3. Once the status of the cms-client service moves to healthy, CMS UI can be accessed using the URL: https://<CMS_IP_Address>


CMS Onboarding

Once VSP CMS is installed, the onboarding process must be completed. It is a 5-step process to create a Super Admin user and complete the basic configuration. This article provides information about each step in the onboarding process.

Access the CMS using the URL: https://<CMS_IP_Address>

STEP 1: Register Organization - Provide information related to your organization

STEP 2: Register Super Admin - Provide information about the new user to be created with Super Admin privileges.
Versions 2.8 and Above: Ensure that the password meets the below criteria

  1. Length – 15 characters
  2. Must contain a minimum of one uppercase letter, one lowercase letter, one digit and a special character
  3. Allowed special characters are: ! ” # $ & ‘ ( ) * , - . / : ; < = > ? @ [ ] ^ _ ` { | } ~

STEP 3: Configure License Server - This step may be skipped at this stage and configuration can be completed at any time through the CMS. Two types of license servers can be configured:

  1. On-Prem - When the license server is installed on the premises
  2. Cloud - Uses the cloud license server URL

STEP 4: Configure Email Server - This step may be skipped at this stage and configuration can be completed at any time through the CMS. External or Internal Email Server can be configured. Ensure that for an AWS environment, only the External Email Server is configured

STEP 5: EULA Agreement - Review and accept the End User License Agreement

Once all the five steps are completed, the configuration summary is displayed. The login page is displayed. Log in to the CMS using the configured Super Admin credentials

Login screen




Was this article helpful?