An DPOD External Self-service Console (“DPOD External Self-Service”) is an instance of DPOD All-In-One appliance that is deployed externally to a network, provides users with a Console UI only, and does not store any data of its own. In lieu of storing data, this instance communicates with an internal DPOD Console (“DPOD Internal Console”).
A typical use for an DPOD External Self-Service is to proxy the DPOD Console UI to a less secured network (e.g. a DMZ) without placing DPOD's internal Data Base in that area.
Security note: In the current version of DPOD External Self-Service, the connection to the internal data base is not protected using authentication mechanism. Consider this when planning your deployment and use additional security measures to protect network access to the internal data base.
Installation Preparation
Gather & Prepare Network
- Ensure you have an IP for the DPOD external Self-service console (including DNS, Default GW, subnet mask and other network configuration).
- Ensure you have an NTP server available and obtain the NTP server IP address.
- Ensure the ports detailed below are opened during or after install
From | To | Ports (Defaults) | Protocol | Usage |
---|---|---|---|---|
FROM DPOD External Self-Service | NTP Server | 123 | NTP | Sync time between DPOD instances |
FROM DPOD External Self-Service | Organizational mail server | 25 | SMTP | Send reports by email |
NTP Server | DPOD External Self-Service | 123 | NTP | Sync time |
FROM Users IPs | DPOD External Self-Service | 80 ,443 | HTTP/s | Work with DPOD Service Center Console |
FROM Admins IPs | DPOD External Self-Service | 22 | TCP | SSH |
FROM DPOD External Self-Service | DPOD Internal Console | 9302 | TCP | Connection to elastic Search Node |
Hardware Requirements
Resource | Requirements |
---|---|
Storage |
|
Memory | Minimum of 32GB reserved |
CPU | Minimum 4 cores (2 virtual sockets, with 2 virtual cores each, reserved) |
Network |
|
Hypervisor | VMWare ESX 5.x |
DPOD External Self-Service Post Installation Tasks
- Disable all DPOD services except Derby, UI and Reports
Edit (with vi) /etc/sysconfig/MonTier and find the line starting with
SERVICES_FIRST_GROUP="MonTier-Derby MonTier-es-raw-trans-Node-1"
and remove all components except for MonTier-Derby:
SERVICES_FIRST_GROUP="MonTier-Derby"
Comment out the following lines:
SERVICES_SECOND_GROUP="MonTier-es-raw-trans-Node ..." SERVICES_THIRD_GROUP="MonTier-HK-ESRetention" ... SERVICES_FORTH_GROUP="MonTier-AggAgent- ..." SERVICES_FIFTH_GROUP="MonTier-BalancerAgent ..." SERVICES_SIXTH_GROUP="MonTier-WsmAgent-1 ..."
Change
SERVICES_SEVENTH_GROUP="MonTier-UI MonTier-Reports MonTier-HK-WsmKeepalive MonTier-HK-SyslogKeepalive"
to remove all components except MonTier-UI and MonTier-Reports
SERVICES_SEVENTH_GROUP="MonTier-UI MonTier-Reports"
Change DPOD's Elastic Search alias entry in /etc/hosts to direct to the internal console:
vi /etc/hosts
Change the line that directs montier-es and montier-es-http to point to the internal Console IP Address (1.1.1.1 in the example below)
1.1.1.1 montier-es 1.1.1.1 montier-es-http
Start configuration database service
start_services.sh -o derby ij
Update the SystemParameter SQL table:
UPDATE SystemParameter SET value='false' WHERE name='agents.management.enabled';
Update the SystemParameter SQL table:
UPDATE SystemParameter SET value='false' WHERE name = 'system.internal_self_service.is_internal';
- If you wish to let the external self service users access the DevOps Services Portal, change the following system parameters in the external self service console (you can do that from Manage → Customize → System Parameters after the web console starts):
a. Internal Self Service Address - enter the address of the internal self service portal
b. Internal Self Service User Name - the DPOD user name that will be used to access the internal portal - it is recommended to create a new user for this purpose
c. Internal Self Service Webserver Port - (defaults to 443) the webserver port for the internal self service portal - change this value only if advised.
DPOD Internal Console Post Installation Tasks
Connect to the DPOD Internal Console server and alter the configuration to let it accept communication from the DPODExternal Self-Service console.
Change DPOD ElasticSearch alias entry in /etc/hosts to bind to external IP address
vi /etc/hosts
and change the line
127.0.0.1 montier-es
to DPOD's internal console IP address (e.g. 1.1.1.1)
1.1.1.1 montier-es 1.1.1.1 montier-es-http
Ensure all components are up and running
app_status.sh #Output Example: MonTier-AppAdmin (pid 17836) is running... MonTier-Derby (pid 17940) is running... MonTier-es-raw-trans-Node-1 (pid 18125) is running... MonTier-es-raw-trans-Node-2 (pid 21122) is running... MonTier-es-raw-trans-Node-3 (pid 21103) is running... MonTier-es-raw-trans-Node-4 (pid 21120) is running... MonTier-SyslogAgent-1 (pid 27350) is running... MonTier-SyslogAgent-2 (pid 27286) is running... MonTier-SyslogAgent-3 (pid 27177) is running... MonTier-SyslogAgent-4 (pid 27075) is running... MonTier-WsmAgent-1 (pid 27002) is running... MonTier-WsmAgent-2 (pid 26921) is running... MonTier-WsmAgent-3 (pid 26881) is running... MonTier-WsmAgent-4 (pid 26773) is running... MonTier-HK-ESRetention (pid 24012) is running... MonTier-HK-WdpDeviceResources (pid 27590) is running... MonTier-HK-WdpServiceResources (pid 27447) is running... MonTier-HK-SyslogKeepalive (pid 1976) is running... MonTier-HK-WsmKeepalive (pid 1932) is running... MonTier-UI (pid 1635) is running... MonTier-Reports (pid 1830) is running... MonTier-AgentNode (pid 1736) is running...