...
Warning |
---|
This feature is deprecated and you should avoid using it. |
A DPOD External Self-service Console (“DPOD External Self-Service”) Service Console is an instance of DPOD All-In-One appliance installation that is deployed externally to a network, provides users with a Console UI only, and does not store any transactional data of its own. In lieu of storing data, this instance communicates with an internal a DPOD Internal Console (“DPOD Internal Console”).
A typical use for an the DPOD External Self-Service Console is to proxy the DPOD Console UI to a less secured network (e.g. a DMZ) without placing DPOD's internal Data Base data in that area.
Security note: In the current version of DPOD External Self-Service, the connection to the internal data base is not protected using authentication mechanism. Consider this when planning your deployment and use additional security measures to protect network access to the internal data base.
Installation Preparation
...
Network Requirements
- Ensure you have an IP for the DPOD external External Self-service console Service Console (including DNS, Default default GW, subnet mask and other network configuration).
- Ensure you have an NTP server available and obtain the NTP server IP address.
- Ensure the ports detailed below are opened during or after install:
From | To | Ports (Defaults) | Protocol | Usage |
---|
DPOD External Self- |
Service Console | NTP Server | 123 | NTP | Sync time between DPOD instances |
DPOD External Self- |
Service Console | Organizational mail server | 25 | SMTP | Send reports by email |
NTP Server | DPOD External Self- |
Service Console | 123 | NTP | Sync time |
Users IPs | DPOD External Self- |
Service Console | 80, 443 | HTTP/s | Work with DPOD Service Center Console |
Admins IPs | DPOD External Self- |
Service Console | 22 | TCP | SSH |
DPOD External Self- |
Service Console | DPOD Internal Console | 9200, 9302 | TCP | Connection to |
DPOD Internal Console Store |
Hardware Requirements
...
- Disk 1 (for OS): 40GB
- Disk 2 (for product installation): 40GB
- Disk 3 (Date): minimum 5GB
...
DPOD External Self-Service Console should have a Low load configuration architecture as detailed in Hardware and Software Requirements with the following exceptions:
- The Data disk can be as small as 5 GB (instead of 100 GB)
- (Optional) You may add a second network interface to separate DPOD's External Self Service Console access
...
- to the DPOD Internal Console from the UI interface.
...
...
DPOD External Self-Service Console Post Installation Tasks
After installing DPOD on the External Self-Service Console machine, follow the steps below:
- Disable all some DPOD services except Derby, UI and Reports:
Edit (with using
vi
) the file/etc/sysconfig/MonTier
and find ,change the following line starting with:Code Block SERVICES_FIRST_GROUP="MonTier-AppAdmin MonTier-Derby MonTier-es-raw-trans-Node-1"
and remove all components except for
MonTier-Derby
:Code Block SERVICES_FIRST_GROUP="MonTier-AppAdmin MonTier-Derby"
Comment out the following lines:
Code Block SERVICES_SECOND_GROUP="MonTier-es-raw-trans-Node ..." SERVICES_THIRD_GROUP="MonTier-HK-ESRetention" ... SERVICES_FORTH_GROUP="MonTier-AggAgent- ..." SERVICES_FIFTH_GROUP="MonTier-BalancerAgent ..." SERVICES_SIXTH_GROUP="MonTier-WsmAgent-1 ..."
Change
Code Block SERVICES_SEVENTH_GROUP="MonTier-UI MonTier-Reports MonTier-HK-WsmKeepalive MonTier-HK-SyslogKeepalive"
to remove all components except MonTier-UI and MonTier-Reports
Code Block SERVICES_SEVENTH_GROUP="MonTier-UI MonTier-Reports"
Change DPOD's Elastic Search alias entry Store entries in
/etc/hosts
to direct to the internal console:Code Block vi /etc/hosts
Change the line that directs montier-es to point to the internal Console IP Address to direct to DPOD Internal Console IP address (1.1.1.1 in the example below):
Code Block 1.1.1.1 montier-es
Edit DPOD UI configuration file:
Code Block vi /app/ui/MonTier-UI/conf/MonTierUI.conf
and change the port on the following line
Code Block elasticsearch.discovery.zen.ping.unicast.hosts=montier-es:9300
to the new port
Code Block elasticsearch.discovery.zen.ping.unicast.hosts=montier-es:9302
Comment out the following lines:
Code Block elasticsearch.node.name=MonTier-UI elasticsearch.network.host=montier-es-http elasticsearch.transport.tcp.port=9320 elasticsearch.http_node.host= 1.1.1.1 montier-es-http elasticsearch.http_node.port=9200
Start configuration database service
Code Block start_services.sh -o derby
Enter ij to issue SQL commands
Code Block ij
Update the SystemParameter SQL table:
Code Block UPDATE SystemParameter SET value='false' WHERE name='agents.management.enabled';
Update the SystemParameter SQL table:
Code Block UPDATE SystemParameter SET value='false' WHERE name = 'system.internal_self_service.is_internal'; UPDATE SystemParameter SET value='false' WHERE name = 'system.should_run_retention_on_startup'; update HATSRECURRINGTASK set isEnabled='false' where taskType not in ('DATABASE_CLEANUP', 'FILE_CLEANUP', 'INTERNAL_ALERTS_CHECK_DERBY', 'INTERNAL_ALERTS_CHECK_FS_FREESPACE');
- If you wish to let the external self service users access the DevOps Services Portal, change the following system parameters in the external self service console:
a. Internal
(you can do that from Manage → Customize → System Parameters after the web console starts):- Internal Self Service Address
- : Enter the address of the internal self service portal
b- .
c. Internal Self Service Password - the password for the user that will be used to access the internal portal
d. Internal Self Service Webserver Port -- Internal Self Service Webserver Port: (defaults to 443)
- The webserver port for the internal self service portal - change this value only if advised.
- Update external server's encryption key:
Copy the encryption key from internal server to the external server's temp folder - do not override servers encryption file:
Code Block scp root@<internal server ip>:/app/keys/encryption.key /tmp/encryption.key
Deploy the key using utility:
Code Block /app/scripts/replace_encryption_key.sh --deploy /tmp/encryption.key
DPOD Internal Console Post Installation Tasks
Connect to the DPOD Internal Console server and alter the configuration to let it accept communication from the DPODExternal DPOD External Self-Service consoleConsole.
Ensure all Ensure all components are down :
Change DPOD ElasticSearch alias entry Store entries in
/etc/hosts
to bind to external IP addressCode Block vi /etc/hosts
and change the line
Code Block to bind to DPOD Internal Console IP address instead of 127.0.0.
1 montier-esto DPOD's internal console IP address (e.g. 1 (1.1.1.1 in the example below):
Code Block 1.1.1.1 montier-es 1.1.1.1 montier-es-http
Ensure all components are up and running
Code Block app_status.sh #Output Example: MonTier-AppAdmin (pid 17836) is running... MonTier-Derby (pid 17940) is running... MonTier-es-raw-trans-Node-1 (pid 18125) is running... MonTier-es-raw-trans-Node-2 (pid 21122) is running... MonTier-es-raw-trans-Node-3 (pid 21103) is running... MonTier-es-raw-trans-Node-4 (pid 21120) is running... MonTier-SyslogAgent-1 (pid 27350) is running... MonTier-SyslogAgent-2 (pid 27286) is running... MonTier-SyslogAgent-3 (pid 27177) is running... MonTier-SyslogAgent-4 (pid 27075) is running... MonTier-WsmAgent-1 (pid 27002) is running... MonTier-WsmAgent-2 (pid 26921) is running... MonTier-WsmAgent-3 (pid 26881) is running... MonTier-WsmAgent-4 (pid 26773) is running... MonTier-HK-ESRetention (pid 24012) is running... MonTier-HK-WdpDeviceResources (pid 27590) is running... MonTier-HK-WdpServiceResources (pid 27447) is running... MonTier-HK-SyslogKeepalive (pid 1976) is running... MonTier-HK-WsmKeepalive (pid 1932) is running... MonTier-UI (pid 1635) is running... MonTier-Reports (pid 1830) is running... MonTier-AgentNode (pid 1736) is running...
DPOD External Self-Service post installation checks
To verify the DPOD External Self-Service installation, start the External console and ensure all is working as expected.
Ensure all required components are up:
The following components must be running:
- MonTier-Derby
- MonTier-UI MonTier-Reports
- Start DPOD's console and sign in: http://<DPOD Server>/
- Ensure the System Overview dashboard contains data Ensure the Investigate screen contains data
Enure the UI components is up using ElasticSearch Client mode connection.
Inside the UI log file at /logs/ui/ MonTier-UI.log locate the following line:
Code Block |
---|
04/04/2016 06:55:53,941- DEBUG o.m.c.u.e.ElasticSearchClient [montier-ui-server-startStop-1] Connecting to ElasticSearch as transport client |
. |