Versions Compared

Version Old Version 1 New Version Current
Changes made by

Ashima Agarwal

Ashima Agarwal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Prerequisites 

A VM or server with the following specifications:

  • 8 x CPU cores (x86_64 processor with speed of 2.2 GHz or more). The CPU must support the instructions SSE4.1 SSE4.2 AVX AVX2 FMA

  • 32GB RAM

  • 500GB Free SSD disk. K3s will be installed in /var/lib/rancher so space should be allocated there. We also need 10-20 GB free space at / and /var.

  • Ubuntu 20.04 LTS Server OS is recommended. RHEL 8.6, 8.7, 8.8, & 9.2, and Suse Linux 15.3 are also supported but may need extra configuration.

  • Port 443/TCP open

  • Outbound internet access to download application artefacts. 100 Mbps download speed recommended

  • Domain Name Service (DNS) with public name resolution enabled

  • Network Time Protocol (NTP)

  • Software Update Service - access to a network-based repository for software update packages.

  • Fixed private IPv4 address

  • Unique static hostname

Installation

From the command line of your chosen server, apply the following commands as root.

...

When installation is complete go to the rancher site associated with your region.

Rancher

The region and cluster name can be found in the registration email that was sent to you when you registered the deal.

...

The cluster is now set up and you can move onto user configuration.

Keycloak

Keycloak is an open-source product that allows Single Sign-On (SSO) and enables Identity and Access Management integration to allow for a quick, safe, and secure integration of authentication within modern applications.

...

Below are the steps involved in configuring Keycloak, and you may choose to skip the Optional steps based on your preferences:

Logging into Keycloak admin panel

The Keycloak admin URL will consist of the following components:

  • The domain that has been configured for your reseller to access the application (E.g. http://my-dashboard example.com or 10.10.121.127)

  • The service path (E.g. auth for Keycloak)

  • The keycloak admin path /admin/master/console

...

The domain in the example above (e.g. http://my-dashboardexample.com ) might not be applicable if a domain is not configured, in which case you would need to use the server IP address (e.g. 10.10.121.127).

Once logged into the portal, there are a few steps to complete to configure Keycloak.

Completing the Realm Configuration

In Keycloak, a Realm is a top-level authentication domain that contains an isolated authentication configuration.

...

⚠️ Do not change the content of Realm ID field, it has to be gv.

Completing the Dashboard Client Configuration

Click on the Clients menu item on the left-side menu, this should load a list of authentication clients.

...

Click the Save button at the bottom of the screen.

(Required for Synergy/Enterprise) Setting up a default Agent user

This step is important and required for the agent to work correctly. This user is only used internally by agents on endpoints to authenticate with the server. This user cannot be used to log in to the dashboard. For dashboard login, you must create your user in the gv realm.

...

Click the Create button at the bottom of the screen.

(Optional) Completing the Agent Client Configuration

Click on the Clients menu item on the left-side menu, this should load a list of authentication clients.

...

Click the Save button at the bottom of the screen.

 

Creating a user to access the Getvisibility dashboard

⚠️ By default, there are no users in the gv realm, meaning that nobody can access the dashboard to view agent activity, use analytics, run scans or create reports.

...