Manual Installation

Check system requirements for application server, database server, and software components.
Get approved to receive Enginsight and request Docker credentials. Email hello@enginsight.com.
Database server
1. Install MongoDB.
2. Configure the database (especially set up replica set).
Application server
1. Install Docker.
2. Install Docker Compose.
3. Install Enginsight.
Set up the DNS name for app and sensors.
Install the license file.
Take care of securing via SSL/TLS certificate.
Configure your On-Premises instance.
Roll out the software components as sensors.

Make sure that the latest version of Docker Compose is always installed. In addition, do not install Docker via Snap or when installing the operating system, but only install Docker from the package sources in the official instructions.

Database Server: Config MongoDB

1.Make sure that you have root privileges. If this is not the case, log in as superuser.

su - root

2. Start MongoDB if it does not start automatically.

systemctl enable mongod && systemctl start mongod

3. Open the file /etc/mongod.conf in an editor of your choice, for example nano.

nano /etc/mongod.conf

4. Change the net section as follows so that MongoDB is accessible from outside.

net:
  port: 27017
  bindIp: 0.0.0.0

5. Set up the replica set as follows to allow the database to push information to the API.

replication:
   replSetName: "rs0"

Save the configuration file (Ctrl+o) and confirm the saving process. Close nano (Ctrl+x).

If the database is not running in replica mode, many Enginsight functions will not work correctly.

6. Restart MongoDB.

systemctl restart mongod

7. Open the MongoDB CLI.

mongo

8. Activate the replica set. For <public DB IP>, enter the IP of the database server that can be reached from the application server.

rs.initiate( {
   _id : "rs0",
   members: [
      { _id: 0, host: "<public DB IP>:27017" }
   ]
})

9. Check if the replica sets are active.

rs.status()

If the configuration is correct, you will see the prompt after executing the command:

rs0:PRIMARY>

10. Close the Mongo interface.

quit()

11. Secure the database with iptables.

This step is important to ensure the security of the Enginsight software. It results in only the application being able to access MongoDB. Unauthorized access is prevented.

Replace <APP IP> with the application server IP reachable from the database. Replace <DB IP> with the IP of the database server reachable from the application.

sudo iptables -A INPUT -p tcp -m tcp --dport 27017 -s 127.0.0.1 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 27017 -s <APP IP> -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 27017 -s <DB IP> -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 27017 -j DROP

12. Save the rules and make sure they are loaded at every restart.

apt-get install -y iptables-persistent

Application Server: Install Enginsight

Make sure that you have root privileges. If this is not the case, log in as superuser.
```
su - root
```
Make sure that you have the latest version of Docker and Docker Compose installed.
The current version numbers can be found here: Docker Engine, Docker Compose.
```
docker version
```
```
docker-compose -v
```

Do not install Docker via Snap or when installing the operating system. Only install Docker from the package sources in the official guide.

You receive the credentials from us.

If problems occur during authentication, check whether a current gpg2 key is available and generate it automatically if necessary:

apt install gnupg2 gpg2 --gen-key

Create a directory and clone Enginsight.

mkdir -p /opt/enginsight && cd /opt/enginsight

git clone https://github.com/enginsight/enterprise.git

Execute the setup.
```
cd enterprise && ./setup.sh
```
The installation may take a few moments. In the browser, open the application.
Once the installation is complete, you can log in using the temporary login credentials. You can obtain them as follows:
```
docker ps
```
Copy the ID of the server-m2 module.
```
docker logs <insert ID>
```
The credentials for the initial login will now be issued to you. Please save the initial login data.

Change the initial login data immediately after you have logged in for the first time.

To do this, go to Settings → User account. Adjust your e-mail address in the personal details and assign a new password under Password.

ATTENTION! Without a changed and saved password or saved intial password you will lose access to the Enginsight platform. Use a password manager!

Regulate the memory requirements of the Docker logs by limiting them to 100 Mb as follows:

nano /etc/docker/daemon.json

Insert the following:

{  
  "log-driver": "json-file",  
  "log-opts": {
    "max-size": "50m",
    "max-file": "30"  
  }
}

Restart Docker service:

systemctl restart docker

Set up DNS name for app and sensors

If you adjust a configuration file on the application server, setup.sh must always be executed afterwards. Only then the settings will take effect.

Open the configuration file in an editor of your choice, for example nano.

nano /opt/enginsight/enterprise/conf/services/config.json

In the app section, replace the IP address of the application server with its DNS name.

"app": {
    "host": "<DNS Name>"
  }

Save the new configuration file (Ctrl+o) and confirm the saving process. Close nano (Ctrl+x).

2. Navigate to /opt/enginsight/enterprise.

cd /opt/enginsight/enterprise

3. Restart the application.

./setup.sh

Certificate

For a proper operation of the Enginsight application, the access via HTTPS is mandatory.

Install and configure nginx to set up an encrypted connection and enable HTTPS. You can get instructions here.

Buy and import license file

To use Enginsight OnPremises, you need a license file. Contact us to purchase a license package: hello@enginsight.com

You can import the license file under Settings → License.

Do you want to manage multiple organisations with Enginsight and use the multitenancy? Here you can find out, what you have to consider regarding the license.

Configure On-Premises instance

Configure your Enginsight on-premises installation.

Set up your mail server, to be able to send emails.
Enable 2-factor authentication, to secure login.
Adjust storage times, to keep data longer in the database.
Do white labeling, to customize the installation to your corporate identity.

Software Components

In addition to the Enginsight application, you can install other software components to take advantage of the full range of Enginsight features.

Pulsar Agent

Install Pulsar Agent on all servers and clients you want to monitor with Enginsight. Start with the servers on which you have installed Enginsight.

To learn how to install a Pulsar agent, click here.

Observer

The Observer is responsible for monitoring your endpoints from the outside. You can place multiple Observers at different points of the network (e.g. in different network segments) and Internet (e.g. different countries and continents).

You can learn how to add an Observer here.

Watchdog

A watchdog installed in a network segment can perform asset discovery. It is also responsible for agentless monitoring (ping and port monitoring, SNMP).

To learn how to add a watchdog, click here.

Hacktor

The Hacktor is a software component that can be installed on a specific network segment to perform penetration tests on reachable assets.

To learn how to add a Hacktor, click here.

PreviousAutomatic Installation NextLoad Balancing

Last updated 1 day ago

Was this helpful?