On-premise server deployment guide

This document describes the steps required to setup the Nanitor server on-premise.

Prerequisites

  1. A static IP address and fully qualified domain name (FQDN) which resolves in DNS. An IP address is reserved and provided to you by your Network/System Admins with FQDN and resolvable over your corporate DNS.
  2. An SMTP relay host we can relay through.
  3. An SSL certificate that all workstations and servers trust.
  4. Nanitor on-premise username and password. On-premise customers get allocated one by the Nanitor sales team.

OVA Image

Nanitor Server is distributed as an OVA image which can be downloaded here. The username and password are the on-premise credentials . Please consult your system administrator as to how to import the OVA into the hypervisor of choice. Once that is done please boot into the image.

Configuring the system and network

On the console login as user nanadmin and password m4ssFussBall-01

Update server

Edit /etc/yum.repos.d/nanitor-server-centos-stable.repo and replace user:pass with the username and password allocated by Nanitor.

Hostname

Run the following commands to set the hostname and re-seed the SSH keys. New ones will be generated on reboot:


sudo hostnamectl set-hostname nanitor

Change nanitor to a hostname that suits your organisation or to the hostname allocated by your system/network administrator.

Password

You will want to change the password for the nanadmin and the root user, please run:


passwd root
passwd nanadmin

Networking

Now set the correct static IP address. Please edit /etc/sysconfig/network-scripts/ifcfg-eth0. For example for IP address 192.168.1.90/24 with default gateway 192.168.1.254 the file would look like:


DEVICE="eth0"
BOOTPROTO="static"
ONBOOT="yes"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
NM_CONTROLLED="no"
PEERDNS="no"

GATEWAY=192.168.1.254

IPADDR0=192.168.1.90
PREFIX0="24"

Then you might want to change the DNS servers by editing /etc/resolve.conf. The image uses the Google DNS servers by default.

Then restart the networking to make sure everything is working as expected:


sudo service network restart

SSH keys

The image comes with pre-generated SSH keys. We will want to remove these and have reboot regenerate them.


rm -f /etc/ssh/*key*

Then reboot the system by running:


sudo shutdown -r now

Once the system is back up and running and should be reachable via SSH. Once logged in via SSH run the following commands to bring the operating system up to date:


sudo yum clean metadata
sudo yum -y update

If you are running on top on VMware, you should install VMware tools:


sudo yum -y install open-vm-tools
sudo systemctl enable vmtoolsd
sudo systemctl start vmtoolsd

Mail server

Edit /etc/postfix/main.cf and set the relayhost to the smart host to relay through.

SSL certificates

Nginx needs a valid SSL certificate which is trusted by all clients (Servers, Desktops etc.). Please copy them into a location nginx can read.


sudo mkdir -p /etc/ssl/local
sudo cp nanitor-server.crt nanitor-server.key /etc/ssl/local

For example purposes we use /etc/ssl/local to store the SSL certificate.

Install and configure Nanitor

First edit /etc/nanitor/nanitor_ui.ini and change the URL to something like: https://hostname.domain.com/ui_api where hostname.domain.com is the fully qualified hostname. It is very important to get this right.

Run these commands:


sudo /usr/lib/nanitor-server/bin/nanitor-server-ctl clean_oem_install
sudo rm -f /etc/nginx/conf.d/*
sudo cp -f /usr/lib/nanitor-server/share/nginx.conf /etc/nginx/conf.d/nanitor.conf

Now edit /etc/nginx/conf.d/nanitor.conf and change the path to the SSL certificates and make sure they are referencing an SSL certificate that is trusted by all devices on the network. When this is done run these commands:


sudo systemctl enable nginx.service
sudo service nginx restart

Admin password

After the installation has been run there should be a file called nanitor_oem_install.out which got created as part of the installation. This includes the username and password for the administrator user that was created as part of the installation process. Please keep this for your records.

Configuration

Now the server should be up and running at https://hostname.domain.com and the URL should be showing up as trusted in the browser. Please enter the URL and log in as the administrator. Once that is done we need to configure the server. Configuration is necessary before creating organizations. After logging in you will get asked to create an organization, please fill in the relevant fields and continue. Next you should be redirected to the organization you created. Please click the wheel icon in the top right corner to enter the admin page. Please navigate to the "System Management" section near the bottom. Please click Settings in that section and fill in Portal and API URL fields, for example:

Feel free to alter other settings, except the mail server as it needs to be localhost:25 as we use the local mail server which then relays through a smarthost. Click save when finished changing the settings.

Benchmarks

Benchmarks from Nanitor come in a .zip format and need to be imported into the system. The Benchmark page under System Administration is the place to upload benchmarks.

Products/agents

An agent needs to be distributed to devices and workstations. They can be made available by uploading them (provided by Nanitor in a bundle) on the Products page. After they have been uploaded they are available for users to download on the Downloads page under each organization administration page. Products can be downloaded from https://packages.nanitor.com/agents and then imported into the Nanitor server as explained above.

Installation complete

After the Portal URL, API URL has been set correctly, Benchmarks and Agents have been uploaded the Nanitor Server is ready for use and the User Guide applies on how to use the system.