Preparing for the App Visibility server installation
As a system administrator, you must prepare the environment before you install the App Visibility server components:
Preinstallation tasks for the App Visibility server components
Ensure that your computer or computers meet the system requirements and sizing considerations.
Ensure that you have the following privileges to perform the installation:
- (Windows) You are a user who belongs to the Administrator group.
- (Linux)
- You are logged on as a
root
user. - New file umask is set to 022.
To confirm or change umask settings, refer to the operating system documentation.
- You are logged on as a
Download the installation files for App Visibility.
Note: BMC Software recommends that you install the products or components from a local copy of the installation image and not from a network drive. Installing from a network drive can cause delays in completing the installation.
Complete or review the planning worksheets and the installation worksheets for App Visibility components.
Review known and corrected issues.
- Plan and prepare private certificates for App Visibility components. For details, see Applying private certificates to App Visibility components.
To prepare for the App Visibility proxy component
To enable the App Visibility proxies to collect data from end users, and the clustered and embedded storage engines to communicate and operate at optimal efficiency, ensure that your system conforms to the following requirements.
Client certificate for the App Visibility proxy
As the system administrator, configure your network to ensure that the App Visibility proxy can collect end-user browser data, and pass it on to the App Visibility collector and portal.
Before you install the App Visibility proxy, configure the following items:
- Define a host name that resolves to the App Visibility proxy’s IP address, or to a Virtual IP on a load balancing server.
- Create a certificate in which the Common Name matches the defined host name.
- Configure the load balancing server to do the following actions:
- Negotiate HTTPS using the certificate created in Step 2.
- Redirect end-user HTTP/HTTPS requests from this host name to the host:port of the App Visibility proxy.
Storage Transport certificate
Storage Transport certificate ensures a secure connection is established between the storage nodes. You can install App Visibility Proxy with the custom certificate files. However, the files must be compatible with Searchguard plugin for Elasticsearch.
Ensure that you have verified the required Search Guard security files (node-keystore, admin-keystore, truststore) and their passwords are available with you before you proceed to replace the App Visibility Proxy storage transport certificate.
For more information, see https://docs.search-guard.com/latest/.
To replace App Visibility Proxy Storage Transport certificate
- Stop the App Visibility Proxy services and storage engine in all nodes. For details, see Starting and stopping the App Visibility server services.
- Log on to the target host computer where the App Visibility proxy is to be installed.
- Copy the node-keystore, admin-keystore, truststore files to a temporary directory on the target host.
Edit the adop-installer.properties file under Disk1 and specify the following:
Notes
- Use forward slash in file paths for both Linux and Windows.
- Ensure that the following configuration files on Linux are accessible to only users with the root account privileges.
searchguard_ssl_transport_keystore_filepath= <full path of transport node-keystore
file>
Example:c:/tmp/CN=apm.bmc.com-keystore.jks>
searchguard_ssl_transport_keystore_password= <node-keystore password>
searchguard_ssl_transport_truststore_filepath= <full path of transport truststore file>
Example:c:/tmp/truststore.jks>
searchguard_ssl_transport_truststore_password= <truststore password>
searchguard_ssl_transport_sgadmin_filepath= <full path of transport truststore file>
Example:c:/tmp/CN=sgadmin-keystore.jks>
searchguard_ssl_transport_sgadmin_password= <Admin-keystore password>
Warning
The adop-installer.properties file is used only for installation and contains passwords in plain text. Ensure that you secure this file. You can delete the file after installation.
- Stop the App Visibility Proxy services and storage engine in all nodes.
Private Certificate for the App Visibility Components
If you are adding a new proxy to an existing App visibility setup that uses private certificate (not the OOTB certificate), you must configure the custom truststore and keystore files used by the existing App Visibility Manager components, along with their password and alias names.
- Log in to the target host computer where you want to install the App Visibility proxy.
- Copy the <myTruststoreFileName>.jks and <myKeystoreFileName>.jks files to a temporary directory on the target host.
- Edit the adop-installer.properties file under Disk1, and specify the following:
Note
Use forward slash in file paths for both Linux and Windows.
keystore_type= <keystore type: JKS (default) or PKCS12>
keystore_filepath= <Full path of the keystore file>
keystore_password= <keystore password in plain text>
keystore_alias= <alias (default = selfsigned)>
truststore_type=< truststore type: JKS (default) or PKCS12>
truststore_filepath= <Full path of the truststore fie>
Warning
The adop-installer.properties file is used only for installation and contains passwords in plain text. Ensure that you secure this file. You can delete the file after installation.
App Visibility proxy prerequisites for Linux and Unix systems
Before you install the App Visibility proxy, ensure that your Linux or Unix system is prepared.
Element | Description |
---|---|
Swapping settings | On Linux systems, BMC recommends setting the sysctl value vm.swappiness to 0 (preferred) or 1. The setting disables or minimizes RAM swapping on the computer and enables the storage engine to run more efficiently. |
System V (SysV) operating systems | For SysV init processes, ensure the following settings before you begin the installation process:
|
seccomp installation | Ensure that seccomp, a system call filter, is installed on your system. This defense mechanism is a requirement for the storage engine. Seccomp is not supported in Linux kernel version 3.5 and earlier, therefore you cannot install the App Visibility proxy on such systems. |
Troubleshooting the App Visibility deployment
For information and possible solutions to issues that you might encounter during the TrueSight App Visibility Manager, see Troubleshooting an App Visibility Manager deployment.
Where to go from here
If you are installing the product, perform the other preinstallation tasks listed in the Preparing to install the TrueSight Operations Management solution page.
Comments
Log in or register to comment.