Overview
VoltMX Foundry has multiple components, such as Identity, Integration, and Engagement Services. These features can be accessed through a common, centralized VoltMX Foundry Console. This document helps you install and configure VoltMX Foundry (Console, Identity Services, Integration Services, and Engagement Services) on Azure Cloud. For more information about VoltMX Foundry, refer to VoltMX Foundry User Guide.
VoltMX Foundry Containers on Azure Solution is designed to facilitate VoltMX Foundry on Azure for Trial and Enterprise needs. This setup occurs with minimal manual intervention and leverages the following technologies:
- Docker - To package different components as portable container images (with all the required binaries and libs)
- Kubernetes - To orchestrate and maintain all these running containers. It will also have features like auto-scaling, secrets, deployment upgrades and rollbacks.
- Azure - For provisioning of the underlying infrastructure.
Note:
- From Fabric V9 SP1 onwards, the installation involves a separate dedicated cluster for Integration, which will be referred to as the INT cluster. Whereas, the rest of the Fabric components will be present in a single cluster which will be referred to as the SHARED cluster.
- For versions V9 ServicePack 5 or later, containers for the Fabric components run on the Red Hat Universal Base Image (UBI).
- For versions V9 ServicePack 4 or earlier, containers for the Fabric components run on a Debian image.
There are two installation modes, Production and Non-Production. The Production mode is equipped to handle Production level traffic and Non-Production mode is for testing purposes.
During the installation you would be prompted to choose between the installation of a Production instance or a Non-Production instance. In general, for a given Azure subscription an organization installs one Production instance and multiple Non-Production instances (for example, dev, qa, uat, etc.).
- When you select a Non-Production instance, every time you run it to setup another environment such as qa, uat, etc., only the Integration (INT) cluster gets created again, while the rest of the Fabric components are shared for all the Non-Production instances within the subscription.
- When you select a Production instance, each installation is treated as a fresh installation where both the Shared cluster and the Integration cluster will be created again.
Note: In case of a Non-Production setup the information about the shared resources which are required for installing the new environments is stored as installation metadata in Azure Cosmos DB and Azure Key Vault.
Salient Features
The VoltMX Foundry Containers on Azure Solution has the following features:
- Creates a multi-layer architecture along with the Application Gateway in a Virtual Network making it secure.
- Supports options to configure a custom DNS name, SSL cert support for secure communication, and includes Jumpbox for DevOps activities.
Overview for the Production and Non-Production Installations
Non-Production Mode
In a given Azure subscription, when you try to install a Non-Production instance, a complete Quantum Fabric is created with both the clusters (Shared and Integration) for the first Non-Production installation. Subsequently, every time you run it to setup another non-production instance such as dev, qa, uat, etc., only the Integration (INT) cluster gets created again, while the rest of the Fabric components are shared for all the Non-Production instances within the same subscription. This integration instance is registered with the existing Fabric console created as part of the first installation.
Production Mode
When you setup an Production account each installation is treated as a fresh installation where both the Shared cluster and the Integration cluster will be created for every install.
Prerequisites
-
Azure Account - The setup script creates all the resources in this account. In your Azure subscription, your account should have the following permissions.
Azure Subscription Permissions
- Your account must have the role of an Owner.
- If your account has the role of a Contributor, you do not have adequate permissions. Contact your Azure Account Administrator for getting the required permissions.
Steps to check the permissions of your Azure subscription:
- In the Azure Portal, select your account from the upper right corner, and select My permissions.
- From the drop-down list, select Subscription. Select Click here to view complete access details for this subscription.
- View the roles assigned to you. In the following image, the user has the role of the Owner, which means that the user has adequate permissions.
Azure Active Directory Permissions
To check your Azure AD permissions:
- Select Azure Active Directory.
- In Azure Active Directory, select Overview and look at your user information. You should have the role of a Global Administrator to proceed further. If you do not have this role, contact your administrator to assign this role to you.
-
Prerequisite packages - The VoltMX Foundry Containers on Azure Solution does not need any additional software to be pre-installed, as the prerequisite packages are downloaded as a part of the setup scripts.
The packages that are installed as part of the install scripts are: azure-cli, kubectl, jq, and sponge.
To make sure that the script is able to download all the necessary software, you might need to open outbound connections to the respective sites. For more information, refer to the Appendices section of this document.
7. Generate an SSH Public Key – Using the SSH protocol, you can connect and authenticate to remote servers and services. VoltMX Foundry setup expects an SSH key pair for authentication. The SSH public key is used for creating the Azure Virtual Machine, and for installing the VoltMX Foundry Setup. You need to specify the SSH Public Key in the properties file.
On Ubuntu terminal, use the
ssh-keygencommand to generate SSH public and private key files that are created by default in the~/.sshdirectory. This command can be executed from your local (Ubuntu) machine:ssh-keygen -t rsa -b 2048- This command is used to generate the SSH key pair using RSA encryption and a bit length of 2048. Name this key to be generated as id_rsa.You must create and configure a key pair as you need to provide them in the Configuration settings.
The SSH key needs to be placed in sshkeys folder.
You must leave the passphrase empty while generating the SSH key. VM logins are protected by other features such as the Google Authenticator.
-
Domain Name- You can have a Domain Name for the solution, which you can purchase from any third-party organizations, such as GoDaddy, and a proper DNS which you need to map to the public DNS of the Application Gateway. Refer to the Appendices section, for more details.
- SSL certs- To secure the communication, acquire the SSL certs (Azure Application Gateway requires certificates in .pfx format) and provide them during the Installation process. These SSL certs must be associated with the Domain Name that the user has procured. Refer to the Appendices section on SSL cert pfx format conversion.
- Place the SSL certificate (in a .pfx file format) in the ssl-cert folder, and then provide the Server Domain Name and AppGateway SSL Cert Password.
- For enabling HTTPS on the back-end of appgateway, perform the following steps:
- The SSL certificates with the cert data and key data should be in separate files (both in a .pem file format).
- Save the Cert file as
ingress.pem. - Save the Key file as
ingress_key.pem. - Place both ingress.pem and ingress_key.pem files in the certs folder of the installation directory.
It is recommended to use CA signed SSL cert to avoid any errors.
To execute the installation scripts, you must use Bash version 4 or later.
VM Setup
You need an Azure Virtual Machine to download the artifacts, and execute the setup scripts from the VM to install VoltMX Foundry on Azure.
Follow these steps to create a VM through Azure Portal:
- Login to the Azure Portal with the same account you configured for the role of the Global Administrator. Navigate to the Virtual Machines Tab.
Click on+Addbutton and select the Ubuntu Server image.
- Select Ubuntu Server 16.04 LTS image and click on Create.
- Proceed with the remaining steps in the wizard and provide the SSH Public Key where needed.
Pre-Installation Tasks
Steps to Install VoltMX Foundry on MS Azure:
- Fetch the Public IP of the Virtual Machine from Azure Portal.
Login to the VM by executing the following command in the Terminal:
$ ssh azureuser@<public-ip> -i ~/.ssh/id_rsa -
Switch to the root user, install the unzip package for extracting contents, and download the
voltmx-foundry-containers-azure.zipfile:
$ sudo -s
$ apt-get install unzip
$ curl -o voltmx-foundry-containers-azure.zip -L voltmx-foundry-containers-azure_9.0.0.1_GA.zip -
Unzip the downloaded artifacts:
$ unzip voltmx-foundry-containers-azure.zip -d
Configuration
Edit the input parameters in the following files based on the type of solution you want to create.
- <Installation Directory>/conf/enterprise.properties for Enterprise solution.
For more information, refer to the sample.properties (zip) file.
There are two types of input properties:
<ul>
<li><b>User Defined Parameters</b>: These are the mandatory inputs for which you must specify values.</li>
<li><b>Advanced Properties</b>: These are either populated by default or populated by the script during installation. Therefore, these generally do not need to be updated by you. These are available in the<a href="sample.zip"> sample.properties (zip)</a> file.</li>
</ul>
<h3>List of properties under the User Defined Section</h3>
<p style="font-weight: bold;">You need to provide the following parameters during Installation:</p>
<p class="Note" MadCap:autonum="<b><i><span style="color: #0a9c4a;" class="mcFormatColor">Note: </span></i></b>">None of the values for parameters in the properties file should contain quotes.</p>
<table class="TableStyle-Basic" style="max-width: 70%;mc-table-style: url('Resources/TableStyles/Basic.css');border-top-left-radius: 0px;border-top-right-radius: 0px;border-bottom-right-radius: 0px;border-bottom-left-radius: 0px;border-left-style: solid;border-left-width: 2px;border-left-color: #a9a9a9;border-right-style: solid;border-right-width: 2px;border-right-color: #a9a9a9;border-top-style: solid;border-top-width: 2px;border-top-color: #a9a9a9;border-bottom-style: solid;border-bottom-width: 2px;border-bottom-color: #a9a9a9;margin-left: 0;margin-right: auto;width: 50%;" cellspacing="0">
<col class="TableStyle-Basic-Column-Column1" style="max-width: 30%;width: 15%;" />
<col class="TableStyle-Basic-Column-Column1" style="max-width: 30%;width: 20%;" />
<col class="TableStyle-Basic-Column-Column1" style="max-width: 30%;width: 15%;" />
<thead>
<tr class="TableStyle-Basic-Head-Header1">
<td style="text-align: center;" class="TableStyle-Basic-HeadE-Column1-Header1">PARAMETER</td>
<td style="text-align: center;" class="TableStyle-Basic-HeadE-Column1-Header1">DESCRIPTION</td>
<td style="text-align: center;" class="TableStyle-Basic-HeadD-Column1-Header1">EXAMPLE</td>
</tr>
</thead>
<tbody>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p><b MadCap:conditions="Default.NotToPublish" style="font-weight: normal;">SHARED_SERVER_DOMAIN_NAME</b>SERVER_DOMAIN_NAME</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>This is the domain name property for Fabric Console component. This is not required if shared cluster is already created in previous installations.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>kfazure-console.konylabs.net</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1" MadCap:conditions="Default.NotToPublish">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>INTEGRATION_SERVER_DOMAIN_NAME</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>This is the domain name property for Fabric Integration component.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>kfazure-integration.konylabs.net</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1" MadCap:conditions="Default.NotToPublish">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>KMS_DOMAIN_NAME</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p> This is the domain name property for Fabric Engagement Service Component. This is not required in case of Production because Engagement will also use SHARED_SERVER_DOMAIN_NAME incase of production.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>kfazure-engagement.konylabs.net</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>AZURE_SUBSCRIPTION_ID</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>This is the Azure subscription ID. Steps to know this are in the <a href="#subId">next section</a>.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>da28307f-55ae-42de-995a-fcc6608d1bd4</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>AZURE_LOCATION</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>The region in which the AKS cluster should be created. For more details refer to, <a href="Appendices.htm#Features">Features and Supported Regions</a>.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>eastus</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>SERVICE_PRINCIPAL_CLIENT_ID</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Application ID of the service principal created for the Azure installation. </p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>716f6434-1315-4acb-3184-d9a23efa3613</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>SERVICE_PRINCIPAL_CLIENT_SECRET</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Password of the Service Principal.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>34a10627-308d-4697-9ea2-e379f8e33bb0</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>SERVICE_PRINCIPAL_OBJECT_ID</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Service principal object ID. Steps to know this are in the <a href="#servicePObj">next section</a>.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>c3afcb93-46ed-21c4-98e0-7bb639297f21</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>TENANT_ID</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1" style="font-weight: normal;">
<p>Tenant ID of the Azure account. Steps to know this are in the <a href="#tenantID">next section</a>.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>a5a1f617-3b00-1e81-8190-c4a5136ba396</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>SSH_PUBLIC_KEY</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>This is required for creation of the AKS. Steps to create SSH key is provided in the <a href="#Generate">pre-requisites section</a>.</p>
<p class="Note" MadCap:autonum="<b><i><span style="color: #0a9c4a;" class="mcFormatColor">Note: </span></i></b>"> You cannot use the same SSH key for all the Non-Production installations within a subscription.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>ssh-rsa SAAWB3NzaC1yc2...</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p><b MadCap:conditions="Default.NotToPublish" style="font-weight: normal;">SHARED_AZURE_RESOURCE_GROUP</b>AZURE_RESOURCE_GROUP</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify the name of the resource group that must be created for the cluster. Enter a name that does not conflict with any of the existing resource groups. This is not required for Non-Production if the shared cluster is already installed for the same subscription.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>FabricXYZ</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1" MadCap:conditions="Default.NotToPublish">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>INTEGRATION_AZURE_RESOURCE_GROUP</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify name of resource group to be created for the Integration (INT) cluster. This will be the resource group where AKS cluster for Fabric Integration is created. Enter a name which does not conflict with any existing resource group. This is mandatory for all installations.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>FabricIntXYZ</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>DATABASE_TYPE</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify the database type you want to use for hosting Quantum Fabric on Azure.</p>
<p>The Quantum Fabric Containers on Azure Solution supports the MS SQL and MySQL Server Databases.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>mysql</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p><b MadCap:conditions="Default.NotToPublish" style="font-weight: normal;">SHARED_DATABASE_USER_NAME</b>DATABASE_USER_NAME</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify a username for the database that is used by the Fabric components. This is not required in Non-Production installation if a shared cluster is already created in the previous installation.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>dbclient</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p><b MadCap:conditions="Default.NotToPublish" style="font-weight: normal;">SHARED_DATABASE_PASSWORD</b>DATABASE_PASSWORD</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify a password for the database that is used by the Fabric components.</p>
<p class="Note" MadCap:autonum="<b><i><span style="color: #0a9c4a;" class="mcFormatColor">Note: </span></i></b>">The following special character $, *, &, !, (, ), \ are not supported in DB password.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>Test#/123</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1" MadCap:conditions="Default.NotToPublish">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>DATABASE_PASSWORD_SECRET_KEY</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify the decryption key for the database password. This parameter is required only if you are using an encrypted password.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>12345</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>INTEGRATION_DATABASE_USER_NAME</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify a username for your INT database. This is required only if the selected database is of the type <b>sqlserver</b>. This is not required in Non-Production installation if a shared cluster is already created in the previous installation.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>dbclient</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>INTEGRATION_DATABASE_PASSWORD</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify a database password for your integration database. This is required only if the selected database is of the type <b>sqlserver</b>. This is not required in Non-Production installation if a shared cluster is already created in the previous installation.</p>
<p class="Note" MadCap:autonum="<b><i><span style="color: #0a9c4a;" class="mcFormatColor">Note: </span></i></b>">If you are using Quantum Fabric 9.0.0.1 GA docker images, you must specify the same value for SHARED_DATABASE_PASSWORD and INTEGRATION_DATABASE_PASSWORD. Integration docker image does not support multiple passwords.<br />You can use different passwords for your databases from Quantum Fabric V9.0.1.0 GA onwards.<br />The following special character $, *, &, !, (, ), \ are not supported in DB password.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>FabR^c123</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>ENVIRONMENT_DB_USER</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify a username for your environment database. This is required only if the selected database is of the type <b>mysql</b> and the installation type is Non-Production.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>dbclient</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>ENVIRONMENT_DB_PASSWORD</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify a password for your environment database. This is required only if the selected database is of the type <b>mysql</b> and the installation type is Non-Production.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>FabR^c123</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>ENABLE_REDIS_SSL</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specifies whether an SSL connection must be enabled between the Authentication Service and REDIS.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>true</p>
<p>Supported values are <b>true</b> and <b>false</b>.</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>APPGATEWAY_SSL_CERT_PASSWORD</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Password of the SSL PFX certificate.This is the Password is used for getting the <b>pfx</b> key for the SSL offloading.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>Test@1234</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Automatic Registration Details:</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Auto registration inputs are not required to be provided for Non-Production if the Shared cluster is already created in a previous installation.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p> </p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>AUTO_REGISTRATION_USER_ID</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>The email ID used for Quantum Fabric Registration. After the installation is complete, you can add more users from the Fabric console.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>micheal.doe@xyz.com</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>AUTO_REGISTRATION_PASSWORD</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>The password used for Quantum Fabric Registration.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>Test@5264!</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>AUTO_REGISTRATION_FIRST_NAME</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>The first name used for Quantum Fabric Registration.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>Micheal</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>AUTO_REGISTRATION_LAST_NAME</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>The last name used for Quantum Fabric Registration.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>Doe</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>AZURE_CDN_ENABLED</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify whether to install CDN for the apps component or not. If you have chosen a region where CDN Profile is not supported, CDN will not be configured. For more details refer to, <a href="Appendices.htm#Features">Features and Supported Regions</a>.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>true</p>
<p>Supported values include: true or false.</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>ALERT_NOTIFICATION_ENABLED</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify whether to enable notification for Alerts. For example sending an alert when the CPU Usage crosses 90% on integration pod, etc.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>true</p>
<p>Supported values include: true or false.</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>AZURE_ACTION_GROUP_NAME</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify name of the action group.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>admin</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>USER_EMAIL_ID</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify the default email ID to which alert notification should be sent.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>micheal.doe@xyz.com</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>ARRAY_TO_WHITELIST_IPS_TO_ACCESS_FILE_SHARE</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify the public Fabric IP of the machine where the installation script would be running. To specify multiple IPs use space separated values like ("w1.x1.y1.z1" "w2.x2.y2.z2" "w3.x3.y3.z3").</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>("103.140.124.130")</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>COMMON_RESOURCE_GROUP</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify the name of the resource group where few subscription level shared resources would be created. This needs to be a separate value for Production and for Non-Production. This is the resource group under which PCI related function app gets created.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>KonyInfra</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p><a name="Marketing"></a>MARKETING_CATALOG_MS</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify whether to enable Marketing Catalog Microservice or not.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>false</p>
<p>Supported values include: true or false.</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>MARKETING_CATALOG_RESOURCE_GROUP</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify the name of the resource group where the marketing catalog microservice resources would be created.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>marketingcatalog-ms</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>MONGO_PATH</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Enter the path where Mongo Shell is installed.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>/opt/mongodb-linux-x86_64-ubuntu1804-4.2.10/bin</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>MONGO_CONNECTION</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Enter the connection string for Mongo Shell from Altas.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>mongodb+srv://mongo-cluster-1.jonig.mongodb.net</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>MONGO_USER_NAME</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Enter the Mongo Database user name which has been created earlier by you.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>mongodbuser</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>MONGO_PASSWORD</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Enter the Mongo Database password which has been given by you while creating the mongodb user.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>Root@123</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>MONGODB_DBNAME</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Enter the preferred Database name.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>marketingcatalogdb</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>MONGODB_CONNECTIONSTR</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Provide mongo DB connection string. </p>
<p class="Note" MadCap:autonum="<b><i><span style="color: #0a9c4a;" class="mcFormatColor">Note: </span></i></b>">Ensure that you are providing URL encoded mongodb username and password values if they contain special characters like *,@,:,?,. etc.</p>
<p>It can be formed by using the following string:</p>
<p class="code">mongodb://<MONGO_USER_NAME>:<MONGO_PASSWORD>@<cluster-shard-0>:<port-number>,<br /><cluster-shard-1>:<port-number>,<br /><cluster-shard-2>:<port-number>/<br /><MONGODB_DBNAME>?ssl=true&replicaSet=<value><br />&authSource=admin<br />&retryWrites=true<br />&w=majority</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p class="code">mongodb://mongodbuser:Root%40123@<br />mongo-cluster-1-shard-00-01.jonig.mongodb.net:27017,<br />mongo-cluster-1-shard-00-02.jonig.mongodb.net:27017,<br />mongo-cluster-1-shard-00-00.jonig.mongodb.net:27017/<br />marketingcatalogdb?ssl=true&amp;<br />replicaSet=atlas-qxcm8s-shard-0&amp;<br />authSource=admin&amp;<br />retryWrites=true&amp;<br />w=majority</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>EVENT_HUB_NAME_SPACE</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Enter the preferred Event hub namespace.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>marketingcatalogkafkaapp</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p><a name="CampaignMS"></a>CAMPAIGN_MS</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify whether to enable Campaign Microservice or not.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>false</p>
<p>Supported values include: true or false.</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>CAMPAIGN_RESOURCE_GROUP</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify the name of the resource group where campaign microservice resources would be created.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>nas-ssl-campaign</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>CAMPAIGN_DB_SERVER_NAME</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify the server name for your MySQL Database.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>sqlcampaigndb</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>CAMPAIGN_DB_USER_NAME</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Enter the preferred Database username.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>campaign</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1" MadCap:conditions="Default.NotToPublish">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>CAMPAIGN_DB_NAME</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Enter the preferred Database name.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>campaigndb</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>CAMPAIGN_DB_PASSWORD</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Enter the preferred Database password.</p>
<p>It should be a String containing a minimum of 8 characters and combination of alpha-numeric and non-alpha-numeric characters.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>root@123</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>ARRAY_TO_WHITELIST_IPS_TO_ACCESS_CAMPAIGN_DB</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify the outbound public IP of the machine where the installation script would be running. To specify multiple IPs you can use space separated values like ("w1.x1.y1.z1" "w2.x2.y2.z2" "w3.x3.y3.z3").</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>("103.140.124.130")</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1" MadCap:conditions="Default.NotToPublish">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>ADMIN_USER_NAME</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Enter the preferred Admin Username for MySQL database.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>campaign</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>New Relic Monitoring details:</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>New Relic Monitoring for AKS Cluster. Enable New Relic monitoring for Infrastructure monitoring. Make sure a proper new relic subscription is available before enabling this feature.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p> </p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>NEW_RELIC_INFRA_MONITORING_ENABLED</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Set to true if you have a new relic license key and if new relic infra monitoring needs to be enabled.</p>
<p>This would monitor the node level performance metrics such as CPU, memory, etc.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>true</p>
<p>Supported values include: true or false.</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>NEW_RELIC_APP_PERF_MONITORING_ENABLED</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Set to true if you have a new relic license and if pod level monitoring needs to be enabled. </p>
<p>This would monitor the pod level metrics.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>true</p>
<p>Supported values include: true or false.</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>NEW_RELIC_LICENSE_KEY</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify the new relic license key.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>9e3f3112fb39c130a75c407ab0b4ba153f30NRAL</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>AKS_NODE_COUNT</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify the number of worker nodes in the cluster.</p>
<p>This is the minimum number of nodes to be created in the Shared AKS agent pool.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>2</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>AKS_MAX_NODE_COUNT</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>Specify the maximum number of worker nodes that can be provisioned by Autoscaling.</p>
<p>The max number of nodes for the Shared AKS to create in case load increases.</p>
</td>
<td class="TableStyle-Basic-BodyD-Column1-Body1">
<p>6</p>
</td>
</tr>
<tr class="TableStyle-Basic-Body-Body1">
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p><b MadCap:conditions="Default.NotToPublish" style="font-weight: normal;">SHARED_AKS_NODE_SIZE_NON_PROD</b>AKS_NODE_SIZE_NON_PROD</p>
</td>
<td class="TableStyle-Basic-BodyE-Column1-Body1">
<p>This is for a Non Production instance. Type of the Azure instance created for Shared cluster in which Fabric components console, identity, engagement pods will be created.
Refer to the Azure documentation for instance sizes and codes.
Standard_D4_v3
SHARED_AKS_NODE_SIZE_PRODAKS_NODE_SIZE_PROD
This is for a Production instance. Type of the Azure instance created for Shared cluster in which Fabric components console, identity, engagement pods will be created. Refer to the Azure documentation for instance sizes and codes.
Standard_D4_v3
INTEGRATION_AKS_NODE_SIZEINTEGRATION_NODE_SIZE
Type of the Azure instance to be created for the Integration Components.
Standard_B2MS
AKS_MASTER_NODE_COUNT
This is the AKS Master Node Count. Specify the number of Master nodes to create.
1
INTEGRATION_AKS_NODE_COUNT
The minimum number of nodes to be created in the Integration AKS agent/node pool.
2
INTEGRATION_AKS_MAX_NODE_COUNT
The maximum number of nodes to be created in the Integration AKS agent/node pool.
6
You can view details of the User Defined Properties:
-
Azure Subscription ID, Azure Service Principal ID Name, Azure Service Principal ID Secret, Service Principal Object ID, and Tenant ID - Azure Subscription ID is a GUID that uniquely identifies your subscription to use Azure services. The Application needs the Service Principal to access or configure resources through the Azure Resource Manager (ARM) in the Azure Stack.
You must have an Azure account with the permissions of a Global Administrator and the role of a User. Without these privileges, it is not possible to create the AKS clusters (or other resources).
The following section describes fetching Azure Subscription ID, generating Azure Service Principal ID Name, Azure Service Principal ID Secret, Service Principal Object ID, and Tenant ID.-
Steps to get the Subscription ID:
- Navigate to http://portal.azure.com/.
- Navigate to Browse.
- In the search box, begin to type subscription.
- Select Subscriptions from the search results.
Find the appropriate subscription to check your Azure subscription GUID.
-
Generating Azure Service Principal ID Name and Azure Service Principal ID Secret:
Login to Azure Portal and click on Cloud Shell as shown:
- Execute:
$ az group create --name "resource_group_name" --location "eastus"
-
Execute:
$ az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/<subscription_id>/resourceGroups/<resource_group_name>"
After executing the above command, a json response will be displayed on the command prompt.{ "appId": "APP_ID",
"displayName": "ServicePrincipalName",
"name": "http://ServicePrincipalName",
"password": ...,
"tenant": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
} -
In the properties file of the conf directory:
- SERVICE_PRINCIPAL_CLIENT_ID is the value of the appId.
- SERVICE_PRINCIPAL_CLIENT_SECRET is the value of the password. The values of the SERVICE_PRINCIPAL_CLIENT_ID and SERVICE_PRINCIPAL_CLIENT_SECRET should not contain any quotation marks. For example:
- SERVICE_PRINCIPAL_CLIENT_ID = a5afa829-525c-436c-ca4f-f442027cfd2e
- SERVICE_PRINCIPAL_CLIENT_SECRET = cx4q44eq-fq7a-450v-zf41-4049183d1eb8
- Execute:
-
Generating Service Principal Object ID
Login to Azure Portal and click on Power Shell.- Execute:
$(Get-AzureADServicePrincipal -Filter "AppId eq ‘<Service_principle_client_ID>’").ObjectId
- Execute:
-
Tenant ID - Following are the steps to know your Tenant ID:
- Go to Portal.azure.com > Azure Active Directory.
- In the Overview section you can find the Tenant ID.
-
Script Execution
- Switch to the directory that contains the kf_setup.sh file and execute the setup script using:
$ bash kf_setup.sh - Select the Installation mode – Trial or Enterprise.
- Login to your Azure account using the link printed on the screen, and enter the given code for the script to continue the setup process.
-
The Bash prompt prints the Public DNS of the Application Gateway while executing the script. You must map this DNS to your custom Domain Name, if SSL is to be configured. Once you confirm the mapping on the command line, the script resumes execution and completes the setup.
To execute the installation scripts, you must use Bash version 4 or later.
Upon successful completion of the setup, all the Application URLs will be printed on the screen as shown in the image.
You can start using VoltMX Foundry using the VoltMX Foundry Console URL. The credentials to login to the Console are the same as that of the Auto-registration details provided in the properties file.
Once the installation is complete, and you take a backup, you can delete the Virtual Machine created for executing the setup script. To do so, go to the Azure Portal and navigate to the Virtual Machines Tab. Select the VM and confirm its deletion.
Configuring Iris to Connect to VoltMX Foundry on Azure
For details about connecting to VoltMX Foundry Console through Iris, refer to Connecting to VoltMX Foundry.
Updating the Azure Kubernetes Service Cluster configuration
You need to have the current config files if you want to update the AKS cluster configuration. Once the installation is complete, take a backup of the unzipped directory where you installed the voltmx-foundry-containers-azure.zip to perform further updates to the AKS clusters.
If you do not have a backup of the unzipped directory, updating the AKS cluster is difficult.
Setting up Azure Content Delivery Network (CDN)
A Content Delivery Network (CDN) is a distributed network of servers that can efficiently deliver web content to users. To minimize latency, CDNs store cached content on edge servers in Point-Of-Presence (POP) locations that are close to end users.
Azure Content Delivery Network (CDN) offers a global solution for developers to rapidly deliver high-bandwidth content to users by caching the content at strategically placed physical nodes across the world.
Azure CDN SKU for AKS cluster is set to Premium Verizon, which supports configuration of cache rules for VoltMX Foundry Apps.
Enable CDN on Azure AKS cluster
Follow these steps to enable CDN in your AKS cluster .
-
Set the value of
AZURE_CDN_ENABLEDto true in the properties file (trail.properties /enterprise.properties).
-
Set the CDN Endpoint:
-
FOR SSL ENABLED CLOUD (
IS_SSL_ENABLED = true), after creating the CDN endpoint, map the CDN endpoint to a custom domain name.
-
FOR SSL DISABLED CLOUD (IS_SSL_ENABLED = false), no mapping of server domain name is required.
-
Once you create the CDN profile and endpoint, follow these steps to manually configure the CDN settings in the Azure portal:
-
Open the Azure portal (portal.azure.com) and login using your Microsoft account credentials.
-
Select Resource groups from the left navigation pane.
All existing resource groups appear.
Select the resource group in which the AKS Cluster is created.
-
If the cloud is SSL enabled, open CDN Endpoint from the list of resources in the Azure Resource Group.
-
Click Custom Domain.The Custom Domain page appears.
-
Select ON to enable HTTPS for custom domain.
Configuring Caching Rules
- Go to CDN profile from the list of resources available in the Azure Resource Group (having the created AKS cluster).
-
Click Manage from the top navigation bar.
-
Configure all the rules in the CDN Manage Console.
-
From the HTTP Large list, select
cache settings -> query string caching.
- Select no-cache as the query string caching and click Update.
- From the HTTP Large list, select Rules Engine.
- Configure all the required rules.
- Rule 1
- Rule 2
- Rule 3
- Rule 4
- Rule 5
- Rule 6
- Rule 7
- Rule 8
- Rule 9
- Rules Order
- Rule 1
Configuring Clam AntiVirus for Azure Virtual Machines
Clam AntiVirus (ClamAV) is an open-source anti-virus software toolkit. You can choose to install ClamAV on Azure Virtual Machines in the kubernetes cluster. ClamAV is designed to be an on-demand scanner, and will only run when invoked to run.
A cron job is configured to run ClamAV on Azure Virtual Machines based on the frequency specified in the properties file. ClamAV scans all the files in the virtual machine and pushes the logs (clamscan.log and freshclam.log) present in /var/log/clamav directory to the clamavlogs container in the storage account of the Azure Resource Group in which the AKS cluster is created.
Provide the following inputs in the properties file to enable ClamAV.
Install ClamAV on Azure Virtual Machine
Follow these steps to install ClamAV on your Azure Virtual Machine:
- Set the value of
INSTALL_CLAMAVtotruein the properties file (trail.properties /enterprise.properties). - Place your SSH private key and SSH public key in the
sshkeysfolder with names id_rsa and id_rsa.pub respectively. - Set the frequency of the cron job to start the ClamAV scan and push the generated logs to the storage account.
Use the following format to set the values for the frequencies of clamscan_cron_schedule and clamscanlogpush_cron_schedule in the properties file (trail.properties /enterprise.properties).
* * * * *
| | | | |
| | | | |
| | | | +---- Day of the Week (range: 1-7, 1 standing for Monday)
| | | +------ Month of the Year (range: 1-12)
| | +-------- Day of the Month (range: 1-31)
| +---------- Hour (range: 0-23)
+------------ Minute (range: 0-59)
* = any value
For example, if you configure the crontab timing as 00 16 * * *, this indicates that the crontab runs every day at 16:00:00 (UTC).
- You must maintain a minimum gap of 02:30 hrs. between the
clamscan_cron_scheduleandclamscanlogpush_cron_schedule. - All cron job timings follow UTC timezone.
Access ClamAV logfiles in the Virtual Machine
Follow these steps to access the ClamAV logs in the Virtual Machine.
- Log on to Jumpbox using the following ssh command:
ssh devops@<Jumpbox_Public_IP_Address> - Log on to the Virtual Machine from Jumpbox using the following SSH command:
ssh -i id_rsa azureuser@<Virtual_Machine_IP_Address> - Using the following command, go to
/var/log/clamavdirectory:
cd /var/log/clamav
This directory contains the clamscan.log and freshclam.log files that are generated by ClamAV after scanning the Virtual Machine.
Another cron job is configured to push the generated logs into the Azure Storage Account.
Edit the cron job
-
Use the following command to view existing cron jobs on the VM.
crontab -l
-
Use the
crontab -ecommand to open the crontab list in edit mode.
Edit the ClamAV conf file
The freshclam.conf file configures the ClamAV Database Updater.
- Go to the
etc/clamav/directory. - Open the
freshclam.conffile in any editor to make any required changes to the conf file.
Accessing Logs in the Azure Storage Account
All the logs generated by CLAMAV are pushed to the Azure Storage Account.
-
Log on to the Azure portal (
[portal.azure.com](http://portal.azure.com/)) using your Microsoft account credentials.
-
Select Resource Groups from the left navigation pane.
All existing resource groups appear.
Select the resource group in which the AKS Cluster is created.
-
Select the storage account from the list of resources available in the resource group.
-
Click Blobs to see all the containers available in the storage account.
-
Select the clamavlogs container from the list of containers available in the storage account.
This shows all the log files pushed by ClamAV from the virtual machine.
-
Click Download to view the logs in the file.
-
Unzip the downloaded .zip file and extract the content.
You can now view all the logs that are pushed by CLAMAV from virtual machine.
Configuring OSSEC Intrusion Detection
OSSEC is an open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, and can perform integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting, and active response.
OSSEC runs as a daemon process. It notifies through alert logs when intrusion attacks occur. These alert logs are pushed to the osseclogs container in the storage account in the Azure Resource Group in which AKS cluster is created.
Provide the following inputs in the properties file to enable OSSEC.
OSSEC Installation steps
-
Enable the
INSTALL_OSSECflag in the properties file (trial.properties /enterprise.properties):
-
As OSSEC is a daemon process, it continuously detects intrusion activities and stores alerts in
alerts.logfile. A cron job is configured to push the alerts from/var/ossec/logs/alerts/alerts.logto the Azure Storage Account.Configure the
cronjob osseclogpush_cron_schedulein the properties file (trail.properties /enterprise.properties) to set the frequency value of the cron job. Configure the Crontab timing in the following format:* * * * * | | | | | | | | | | | | | | +---- Day of the Week (range: 1-7, 1 standing for Monday) | | | +------ Month of the Year (range: 1-12) | | +-------- Day of the Month (range: 1-31) | +---------- Hour (range: 0-23) +------------ Minute (range: 0-59) * = any valueFor example, if you configure the crontab timing as 00 16 * * *, this indicates that the crontab runs every day at 16:00:00 (UTC).
- You can modify the default values of the cron job, if required.
- All cron job timings follow UTC timezone.
-
Place your SSH private key in the sshkeys folder with name id_rsa.
Access log files of OSSEC in Virtual Machine
Follow these steps to access OSSEC logs in the Virtual Machine.
-
Use the following SSH command to log on to Jumpbox
$ ssh devops@<Jumpbox_Public_IP_Address> -
Use the following SSH command, to log on to the Virtual Machine from the Jumpbox
$ ssh -i id_rsa azureuser@IPaddress of Virtual Machine -
Execute the following command to login as a root user.
$ sudo su -
You can view the syslogs at
/var/log/syslog.$cd /var/log/$cat syslog -
Logs created by OSSEC daemons are stored in the sub directories of
/var/ossec/logs.-
You can view the OSSEC logs at
/var/ossec/logs/ossec.log$cd /var/ossec/logs/$cat ossec.log -
You can view the OSSEC alerts at
/var/ossec/logs/alerts/alerts.log.$cd /var/ossec/logs/alerts/$cat alerts.log
-
Edit cron jobs
-
To view the existing cron jobs use the following command on VM.
$ crontab -l
-
Use the
crontab -ecommand to open the crontab list in edit mode.
Accessing Logs in Azure Storage Account
All the logs generated by OSSEC are pushed to the Azure Storage Account.
-
Log on to the Azure portal (
[portal.azure.com](http://portal.azure.com/)) using your Microsoft account credentials..
-
Select Resource groups from the left navigation pane.
All existing resource groups appear.
Select the resource group in which the AKS Cluster is created.
-
Select the storage account from the list of resources available in the resource group.
-
Click Blobs to see all the containers available in the storage account.
-
Select the osseclogs container from the list of containers available in the storage account.
The page displays the log files pushed by OSSEC from Virtual Machine.
-
Click Download to view the logs file.
You can now view all the logs that are pushed by OSSEC from the virtual machine.
Follow these steps to edit the
preloaded-vars.conffile to give customized inputs (other than defaults) to install OSSEC.- Login to the specific Virtual Machine (node) using SSH keys in the terminal.
-
Go to the
/home/azureuser/ossec-hids-2.9.0/etc/directory by using following command.$ cd /home/azureuser/ossec-hids-2.9.0/etc/ -
Open the
preloaded-vars.conffile and edit as required.
Follow these steps to edit the
ossec.conf fileand change the existing configurations of OSSEC.- Login to the specific Virtual Machine (node) using SSH keys in the terminal.
-
Go to the
/var/ossec/etcdirectory using following command.$ cd /var/ossec/etc -
Open the ossec.conf file and edit as required.
Marketing Catalog Microservice
The Marketing Catalog Microservice is a comprehensive source of system-independent data of product details and marketing content crossing all the banks products, and capable of consuming products and services outside of the bank. Examples include products offered by FinTechs (such as payment devices) or real banking products that can be sold and marketed on behalf of other banks. Banks can choose to ingest the product details from the existing core or Product management system. This can be created and managed in the Marketing Catalog microservice.
Prerequisites
-
Run the installation on a fresh virtual machine.
If in case you execute the file on an existing virtual machine you must ensure the Java is not installed on it or pointing it to Java 8 is mandatory.
-
Create a cluster in your Atlas account and Allow access from anywhere in the IP access list which is present under Network Access. Then, create a database user for your cluster and connect it to your cluster. Refer to Get Started with Atlas for the exact procedure that needs to be followed to execute this step.
You must ensure allowing access from anywhere in the IP access list of the cluster. To do so you must login to your cluster and under Network Access go to IP Access List and then click on Edit and select Allow access from anywhere then save.
-
Install mongo shell of the same version as that of the cluster version. If your cluster version is 4.2.10 as shown in the following image then you must install mongo shell of version 4.2.10.
Deployment
- If you want to create the marketing catalog microservice resources along with the end to end installation of VoltMX Foundry on Azure cloud you must do the following:
- Provide the required inputs in the
conf/enterprise.propertiesfile. - Execute the
install-foundry.shfile.
- Provide the required inputs in the
- If you want to create only the marketing catalog microservice resources then do the following:
- Copy the
marketing_catalogsfolder fromVoltMXFoundryContainersAzure-_/lib/microservices/path. - Provide the required inputs in the
conf/ marketing_catalog_ms.propertiesfile. - Execute the
install_marketing_catalog_ms.shfile present under themarketing_catalogsfolder.
- Copy the
You must ensure adding your IP address to the IP access list of the Atlas cluster before deployment of Marketing catalog microservice.
Campaign Microservice
The Campaign microservice allows the branch user to create and store Campaign definition details.
Prerequisite
- Run the installation on a fresh virtual machine.
If in case you execute the file on an existing virtual machine you must ensure the Java is not installed on it or pointing it to Java 8 is mandatory.
Deployment
- If you want to create Campaign microservice resources along with the end to end installation of VoltMX Foundry on Azure cloud you must do the following:
- Provide the required inputs in the
conf/enterprise.propertiesfile. - Execute the
install-foundry.shfile.
- Provide the required inputs in the
- If you want to create only the Campaign microservice resources then do the following:
- Copy the
campaignsfolder fromVoltMXFoundryContainersAzure-_/lib/microservices/path. - Provide the required inputs in the
conf/campaign_ms.propertiesfile. - Execute the
install_campaign_ms.shfile present undercampaignsfolder.
- Copy the