ConnectSecure V4 On-Premise Setup
ConnectSecure's on-Premise VM setup is appealing for many businesses with specific data security, privacy, and compliance needs and priorities. |
For Successful Replication - Bidirectional communication on port 443 & 4222 needs to be enabled for both V3 On premise and V4 On Premise servers. |
For on-premise servers, it is the responsibility of the partners to perform regular backups. Since the servers are managed locally rather than being hosted in the cloud, partners need to ensure that consistent and reliable backups are taken to safeguard data and prevent potential loss. |
Thick Provisioning should be used for storage space; otherwise, you may need to manually expand disk space/storage. For help on expanding the disk space, please see the section below: https://cybercns.atlassian.net/wiki/spaces/CVB/pages/edit-v2/2232844301#How-to-grow-disk-size |
Please take your On Premise VM backup on regular basis as ConnectSecure will not responsible for any data loss. |
Asset Count | RAM (GB) | CPU | Disk (GB) |
|---|---|---|---|
1-2500 | 16 | 4 | 100 |
2501-5000 | 32 | 8 | 200 |
5001-7500 | 48 | 12 | 300 |
Destination | Ports | Communication | Description |
*ubuntu.com *.launchpad.net | 80,443 | Bidirectional | Ubuntu Security Patches |
80,443 | Bidirectional | Python packages installation | |
signup.myconnectsecure.com (216.128.147.176 144.202.61.59 144.202.54.5 45.64.78.197) | 443 | Bidirectional | Central Server |
swmanager.myconnectsecure.com (35.172.127.134, 52.22.184.112) softwarerepo (144.202.22.162) | 443, 4222 | Bidirectional | Vulnerability Database |
443, 4222 | Bidirectional | For Agent Download | |
ConnectSecure installation domain. Eg. <tenantname>.myconnectsecure.com | 443, 4222 | Bidirectional | For Agent Download |
configuration.myconnectsecure.com api.myconnectsecure.com | 443, 4222 | Bidirectional | For Agent Download |
OR *.myconnectsecure.com | 443 | Bidirectional | For Agent Download |
ConnectSecure Central server (45.32.217.250) | 5 ,22, 4505, 4506, 443 | Bidirectional | For Patching and updates to be pushed from central server |
5,22 | bidirectional | For ConnectSecure Updates and troubleshooting purposes. |
|
Server OS used is Ubuntu 22.04 - No need to download the server OS separately.
Server OS used is Ubuntu 22.04 - No need to download the server OS separately.
Download the OVA file using following command: (Please use terminal)
>> wget https://pui.myconnectsecure.com/ova/consecure-V4-onprem.ova
Create a Virtual Machine with the configuration provided under Prerequisites.
Sample VM created screenshot as follows:
Select the VM created, right click and select Export OVF Template.
Uncheck the highlighted check box “Include image files attached to floppy and CD/DVD devices in the OVF package”
Select the source file as consecure-V4-onprem.ova (downloaded earlier).
Verify the OVF template details for selected OVA.
Provide a name to the OVF template
Select the storage to deploy the OVF template. Please ensure the selected storage has a free disk size of 100 GB or more.
Select “Thin Provision” and click on NEXT.
Complete the deployment by clicking on FINISH.
VM will be ready as show in the following screenshot.
Download the OVA file using following command: (Please use terminal to download)
>> wget https://pui.myconnectsecure.com/ova/consecure-V4-onprem.ova
Navigate to Virtual Machine option and select to Create a new virtual machine under VMWare ESXi 7.0.
Under Select creation type, choose Deploy a virtual machine from an OVF or OVA file.
Select the downloaded OVA file location to attach the OVA.
Select standard required storage as per prerequisites.
Navigate to Deployment options and select appropriate Network mappings, Disk Provisioning as Thin and select a checkbox for Power on automatically.
Click on Finish as VM is ready.
Once the VM is ready, it will power up automatically.
This is a 32GB image and needs to be uploaded to your Microsoft Azure Storage Account. |
Download the Azure VHD from here.
Login to your https://portal.azure.com/
Browse for All Services and select “Storage Accounts” from the details.
Select to create a storage account as follows.
Select Storage Account details as follows and use Review+create to create it.
Subscription: As required (same has to be used while creating other components)
Resource Group: As required (same has to be used while creating other components)
Storage Account Name: As required (same has to be used while creating other components)
Region: As required (same has to be used while creating other components)
Performance: Standard is suitable for most scenarios.
From Advanced Settings, enable the following Security Settings.
Allow enabling anonymous access on individual containers
Default to Microsoft Entra authorization in the Azure portal
Select the created storage account from the list to create a container under it.
Select Containers as shown and click on +Container to create a new container for the storage account.
Select the Created Container and select to upload the downloaded Azure VHD using the browse for files option and upload it successfully.
Next, Create an Image with following details and use Review+create to create it.
Subscription: As required
Resource Group: As required (Use the same resource group as used for Storage Account)
Name: As required (same has to be used while creating other related components)
Region: As required (Use the same resource group as used for Storage Account)
OS type: Linux
VM Generation: Gen 2
Storage Blob: Select the created Storage Account.
Next, Select to create a Virtual Machine with following details and use Review+create to create it.
Subscription: As required
Resource Group: As required (Use the same resource group as used for Storage Account)
Virtual Machine Name: As required
Image: Select All Images and select the image created earlier.
VM Architecture: x64
Size: Auto selected with be standard
Authentication Type: SSH public key
SSH public key source: Generate new key pair
SSH Key Type: RSA SSH Format
Key pair name: As required
Select inbound ports: SSH (22)
Licensing: As required
Select the created Virtual Machine and verify the Public IP and Internal Static IP assigned to it.
Download the VHDX using following: (Please use terminal to download)
>>wget https://pui.myconnectsecure.com/ova/consecure_v4.vhdx
Login to your Hyper-V Manager.
Start with New Virtual Machine creation wizard.
Specify Name for the VM.
Specify Generation as Generation 2.
Configure networking by selecting the connection.
Connect Virtual Hard Disk - Please “Use an existing virtual hard disk” option and select the downloaded VDHX.
Once the VM is ready, start the VM.
Select the created Virtual Machine and verify the Internal Static IP assigned to it which has to be mapped to a Public IP.
Download the VHDX using following: (Please use terminal to download)
>>wget https://pui.myconnectsecure.com/ova/consecure_v4.vhdx
Login to your AWS account.
Please upload VHDX to S3 bucket.( Copy bucket name, token key and security key to be used later)
Follow below steps to create AMI using VHDX file.
Open the terminal
Configure AWS using CLI
aws configureAWS Access Key ID [None]: Use your accesskeyAWS Secret Access Key [None]: Use your secretkeyDefault region name [None]: us-west-2 (Any region of your choice)Default output format [None]:blank
Run below command on the terminal window:
|
>>aws ec2 import-image --description "onPremCS" --disk-container "Format=VMDK,UserBucket={S3Bucket=onprem-v4,S3Key=Onprem VHDX.vhdx}"
If this import is not working follow the below steps as there might be an issue with the policy
Create a file named trust-policy.json with the following content:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals":{
"sts:Externalid": "vmimport"
}
}
}
]
}
Use AWS CLI to create the role using below command:
>> aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json
Create a file named role-policy.json with the following content (replace your-bucket-name with your actual S3 bucket name):
{
"Version":"2012-10-17",
"Statement":[
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::your-bucket-name",
"arn:aws:s3:::your-bucket-name/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource": "*"
}
]
}
Attach the policy to the role used.
>> aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json
After the steps are done rerun the first command in the point no. 5. The status can be checked using
>>aws ec2 describe-import-image-tasks
Few pointers:
Allow SSH, https and https for the security group attached.
AMI will be created successfully.
Launch the AMI using EC2 instance under the tier of your requirement.
10. Once this is ready, please let the support team know to proceed further.
Get the OVA template
Please download the VHD file from the link provided below. https://onprem-v4.s3.amazonaws.com/Azure+VHD
Convert the virtual disk for OpenStack
Install the qemu-img software on a Windows machine.
Once installed, navigate to C:\Program Files\qemu\.
Execute the following command to convert the OpenStack image and then proceed to spin up the V4 instance:
.\qemu-img.exe convert -f vhd -O qcow2 C:\onprem\onprem.vhd C:\onprem\onprem.qcow2
Import the qcow2 image to OpenStack
With the qcow2 image imported to OpenStack, you can launch an instance in OpenStack. Just select Compute and then select Launch Instance.
On Premise Setup continues with Sign Up Process. |
Browse the Public IP/External IP assigned to the VM, to start with the ConnectSecure signup process.
Signup details to be added by the partner.
Make sure to add a Tenant Name for your organisation does NOT include any special characters.
Once the signup is processed, the setting up of Software and Services start and take around 7 minutes to complete.
Setup Completion confirmation is shown once the configuration is completed.
As a part of configuration, 2 emails are sent to the user to verify email and a Welcome To ConnectSecure V4 email.
Please follow Verify Email to complete User Verification Process.
Setup the password for the user.
Setup 2 Factor Authentication for the user and you are ready to login to your ConnectSecure Portal.
Welcome Email has details of Portal URL, Tenant Name & User Name.
Once the User Verification and User Setup is completed, it will redirect to ConnectSecure Portal Onboarding process.
For Onboarding (One time setup), Select PSA or Non-PSA for Creating a New Company.
Create a New Company with the details as requested.
Get ready to drop an agent in the Created Company network.
Installed agents will report under Agents section..
Further Agent installation could be managed at Company level>Overview>Agents
Login URL: Portal.myconnectsecure.com
Tenant name: “mytestdomain” ( Please use your configured tenant name here)
Follow our V4 Documentation here:https://cybercns.atlassian.net/wiki/x/3ABueg
For VM with VMWare
Edit VM
Click HDD and select the size in GB to increase to.
Click Thick Provision and Finish.
Using SSH
Login to VM
lsblk (to list the disk details)
sudo growpart /dev/sda 1 (Grow disk size for sda 1)
reboot (reboot the VM)
df -h (Verify the disk size)
To increase specific partition
lsblk (to list the disk details)
resize2fs /dev/sda2 (resize for sda2)
growpart /dev/sda 2 (Grow disk size for sda 2)
reboot (reboot the VM)
df -h (Verify the disk size)
Log in to the vCenter Server from the vSphere Client.
Select the host in the inventory.
On the Configure tab, expand Networking.
Select VMkernel adapters.
Select vmk0 Management Network and click the edit icon.
Select IPv4 settings.
Select Use static IPv4 settings.
Enter or change the static IPv4 address settings.
(Optional) Set static IPv6 addresses.
Select IPv6 settings.
Select Static IPv6 addresses.
Click the add icon.
Type the IPv6 address and click OK.
Click OK
Tap to view the Getting Started info; see the link below for additional information.
Contact our support team by sending an email to support@connectsecure.com or by visiting our Partner Portal, where you can create, view, and manage your tickets.
https://cybercns.freshdesk.com/en/support/login