Guide to Installing IDACs and Edges

Article author
Permanently deleted user
  • Created

This article explains what you need to install the Cyolo platform, from the Cyolo prerequisites, Internet requirements, licenses, certificates, getting started, Edge installation, IDAC installation, and connecting to your Admin Console.

Prerequisites

  1. Use a clean, dedicated Linux server for the Cyolo IDAC installation and ensure that you have root permissions for the machine.

  2. We recommend 1 IDAC per 1000 concurrent users.
    If a site publishes applications that are relevant to 3,000 users, it is recommended that the site have 3 IDACs.

  3. There should be at least 2 IDACs per site for high availability and business continuity.
    Busy sites should have more IDACs to support more traffic.

  4. No prerequisites are needed for Edges.
    Please note that if you use the Cyolo cloud, no Edges are required. Cyolo’s cloud becomes your router.

The hardware and software (operating systems) specifications are in the table below:

 

Guideline

Comments

OS

Ubuntu Server:

  • 20.04 Focal
  • 22.04 Jammy

CentOS 7.3

 

CPU Cores

Minimum 4, recommended 6

If you need to scale, it is best to add an IDAC rather than adding more CPU cores.

RAM

8Gb

 

Disk

150Gb (minimum)

Disk space varies with the type of applications you use, the recordings, and the retention.
A general guideline is around 1 GB per day of logs, 1 GB per hour of recorded web RDP/SSH sessions, plus a 10% buffer.
The maximum usage is about 1G per user per day of retention.
Please consult with us if you have any questions.

Internet Requirements

Cyolo requires Internet connectivity to the following domains, and their subdomains:

  1. tcp.cyolo.io
  2. all.cyolo.io
  3. ssh.cyolo.io
  4. services.cyolo.io
  5. s3-eu-west-1.amazonaws.com
  6. registry.cyolo.io
  7. index.docker.io
  8. download.docker.com
  9. github.com
  10. registry.hub.docker.com
  11. get.docker.com
  12. objects.githubusercontent.com
  13. dseasb33srnrn.cloudfront.net
  14. production.cloudflare.docker.com
  15. registry-1.docker.io
  16. auth.docker.io
  17. metrics.cyolo.io
  18. deploy.cyolo.io

 To ensure connectivity to these domains, please:  

  1. Enable these domains on any firewall and WAF or any security service that might block domains such as https://umbrella.cisco.com/.

  2. Make sure that none of the proxies terminate the TLS connection in between the installed Cyolo server and the destination resource.

If you are unsure whether the prerequisites are met after running the script, please send the output back to us (Support@cyolo.io) so we can help you analyze whether your systems meet the requirements.

Licenses

The license for the Cyolo Edge and the IDAC is the same.
The number of seats per license relates to the number of users. Your license file is the same regardless of how many sites or IDACs you have. Should you wish to override the number of seats in a license, please contact Cyolo’s customer service (Support@Cyolo.io) to discuss the best way to manage your needs.

Certificates

Certificates are generated as part of Cyolo's installation process and are used for:

  1. The end user's connection to the Cyolo subdomain. It looks like this: <customer>.cyolo.io 

  2. Implementing mutual transport level security (TLS) between the IDACs and the Edge routers. 

We recommend that you use your own certificates for a number of reasons:  

  1. The Cyolo certificates need to be renewed every three months.

  2. There is a good chance that you already have a PKI infrastructure to manage security and encryption, along with set policies and procedures with your own PKIs you will want to use your own certificates.  

  3. If you use your own domain name/or your own Edge, you will need to create your own certificate that matches this domain name.

If you are using your own certificates: 

  1. Run the installer with -c and -k parameters.

    ./cyolo-installer –c /etc/cert.pem -k /etc/key.pem 

  2. Ensure your certificates remain valid.

Getting Started

In this section we discuss how to install Edges and IDACs. We recommend you start with Edge installation followed by the IDAC installation. Please start with these steps before moving to Edge installation:

Step 1: Copy the command noted paste it into your terminal, and press Enter:  

bash <(curl -fsSL deploy.cyolo.io/get-cyolo)

Step 2: If curl isn’t installed please install it: apt-get curl install

Step 3: Enter your Cyolo license on the screen that looks like this:

 

 

Step 4: The license is a jwt file. If you want to see the content of the license you can paste it in the following web site: https://jwt.io/

Step 5: Pick your Cyolo product installation as noted on the screen below, using the arrows to scroll to the product installation and note that the screenshot refers to the Edge as a router. This entire step might be skipped if your license includes only 1 product.

 

Step 6: As noted, we recommend that you install the Edge prior to installing the IDAC. 

Edge Installation

This section is not relevant when you are using Cyolo's cloud.
However, if you are using your own Edge, follow the steps below for interactive installation (see below for Silent Installation).

Step 1: Enter the address and port of your external Cyolo Edge, or “none” if you are using only a local installation.

Step 2: Default address is:  tcp.cyolo.io:443 and directs the local Edge to connect to the Cyolo cloud. See Step 10 under IDAC installation for a list of Cyolo routers for use in zones that most suit you.

Step 3: Enter the name of your external Cyolo Edge, or “none” if you are using local installation. Default name is: tcp.cyolo.ioSee the screenshot below:

Step 4: Enter the name of the current local Edge (this will be used as the upstream address of the IDACs connecting to it). Default name is: tcp.<tenant>.cyolo.io

Step 5: Enter the port of the current local Edge. Default port is 443. 

Step 6: Wait for the installation to complete. The screen will look like this: 

IDAC Installation

Step 1: Follow the Getting Started instructions as noted above if you have not installed an Edge. 

Step 2: If asked, choose to join the cluster or exit the installer.

Step 3: The license tenant (login.tenant.domain.tld) is checked with GET request and if it returns 200 you will be asked if you want to join to cluster as noted in the screenshot below. Click enter to join or type “n” for quit the installer and start again with new license.

Step 4: Type in the site name. It will be written as an env variable to the IDAC docker-compose file. If not typed, “default” will be chosen, as noted in the screenshot below: 

Step 5: Enter a first-time Admin password. Note that the password requirements include 8 digits, with at least 1 upper case letter, at least 1 lower case letter, and at least 1 symbol.

Step 6: Enter the password a second time. Once you do, the screen will say "Admin password has been configured." 

Step 7: Your certificate will then be generated and it might take a few minutes. It will look like this:

Step 8: If you are using your own certificates, the proper certificate pair should be placed under the /etc/cyolo/certs folder. Both private and the matching public certificates should be placed. Restart the installation script again.

Step 9: When IDACs are deployed in a cloud environment, a core requirement is to ensure that there is stable and reliable outbound traffic. Accordingly, please ensure that your cloud services have sufficient outbound traffic capacity. You can read more about the outbound connections needed here. If you have any questions about installation of the IDAC in the cloud, please contact us at support@cyolo.io.

Step 10: Continue the installation process by entering the address and port of your upstream Cyolo Edge. For installations that use the Cyolo cloud, the address is tcp.cyolo.io:443. The following is a list of Cyolo routers for use in zones that most suit you: 

Asia Pacific (Singapore) ap-southeast-1-tcp.cyolo.io
Canada ca-central-1-tcp.cyolo.io
Europe eu-central-1-tcp.cyolo.io
eu-west-1-tcp.cyolo.io
Israel il-central-1.tcp.cyolo.io
Peru peru-tcp.cyolo.io
United States us-east-1-tcp.cyolo.io
us-east-2-tcp.cyolo.io
us-west-2-tcp.cyolo.io
Global

all.cyolo.io

IP Addresses by Region:

To discover the IP addresses that should be opened in your firewall to allow access to routers in the selected region, concatenate "whitelist-" to the regional URL and run the command dig whitelist-ap-southeast-1.cyolo.io, the returned list includes the IP addresses of routers and load balancers in that specific region.

 

Step 11: Enter the name of your external router Cyolo Edge. Default name is: tcp.cyolo.io

Step 12: Wait for the installation to complete. The screen will look like this - please note that the word ‘router’ is used on the screenshot and this refers to the Edge:

Onsite Installations

Add a DNS record in your domain to direct users to the edge server IP address. For example: *.cyolo.company.co -> 10.0.0.1 (Edge IP).

Silent IDAC and Edge Installation

Both IDACs and Edges can be installed silently. Silent mode can be implemented using the -q parameter. Below you will find each parameter, the silent mode default for each parameter, and the behavior if there isn’t a default for the parameter:  

Parameter

Quiet mode mandatory/default

Address

https://services.cyolo.io:443

Verbose

no

License-path

<MANDATORY>

Certificate-path

<auto generate>

Key-path

<auto generate>

Admin-password

<MANDATORY> (relevant only to IDAC)

Upstream

tcp.cyolo.io:443

Upstream-sni

tcp.cyolo.io

SNI

tcp.<tenant>

Port

443

Disable-requirements

No

Product

<MANDATORY>

Share-info

Yes

Site

default (relevant only to IDAC)

Here is an example for silent edge installation:

sudo ./cyoloinstaller -q -v -c cert.pem -k key.pem -l license.jwt --sni tcp.tenant.cyolo.io --product edge

Connecting to the Admin Console

Step 1: If you are using Cyolo's cloud, the URL will be: https://console.COMPANYNAME.cyolo.io. Your screen will look like this: 

Step 2: If you are installing your own Edge, the URL depends on the you configure in your own Edge.  

Step 3: Enter the Admin user name and password to enter the Cyolo Admin Console.  Once you have accessed the Cyolo platform, your  screen will look like the screen shot below. Please click on the Getting Started Wizard in the bottom left hand corner to start your configurations. 

 

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.