(Note: This doesn't apply to the SaaS version of Asset Center)
Picking an Appropriate Target for Hosting
Before installing the OT-BASE Asset Center, do some planning in order to pick an appropriate target. The following factors will most likely determine your decision on where to host the OT-BASE Asset Center:
- If this is a proof-of-concept, you may place the OT-BASE Asset Center inside a process network, assuming that no external access is desired.
- If you want IT users to be able to access the OT-BASE Asset Center, a good hosting candidate is a computer inside the DMZ that separates process networks from office networks.
- If you want to collect configuration data from multiple sites in a central OT-BASE Asset Center, a hosting candidate would reside in the enterprise network that can be reached by all participating sites.
Summing up, placement of the OT-BASE Asset Center is largely determined by required access paths -- both for users and for configuration data provided by OT-BASE Asset Discovery nodes. For the latter, you only need to assure that Asset Discovery nodes can uni-directionally send files to the Asset Center. Such a connection may involve multiple steps with store-and-forward functionality in between. A direct online connection between Asset Discovery engines and the OT-BASE Asset Center is not required, and the transmission of configuration files is not time critical.
It also doesn't matter if you are running OT-BASE Asset Center on bare metal or in a virtualized environment. Even a private cloud (AWS, Azure etc.) is ok.
Your server platform should have empty disk space of at least 10 GB, more if you are using the CVE and file upload features. Note that a definitive size cannot be specified because it is ultimately up to your user profile how many files users choose to upload.
OT-BASE Asset Center comes as a Docker image and therefore requires the Docker container platform. If you are not familiar with Docker yet, information on this software can be found at www.docker.com. Cloud services usually provide pre-installed Docker servers.
Install the OT-BASE Docker Container using the installation script
For easy installation of OT-BASE Asset Center on a new system, an install script named 'ot-base.install' is provided with the distribution image. This script installs and starts OT-BASE with default settings. Before executing the script, make sure that all settings are appropriate for your installation.
To execute the script, call
> $ bash ./ot-base.install
Installing the container manually
In order to manually install OT-BASE Asset Center without using the install script, proceed as follows:
> $ docker load -i ot-base.4.02.tar
Create and run a container from that image (settings shown below are from the install script):
> $ docker run -d
> --name ot-base
> --tmpfs /run:rw
> --restart always
> -e TZ=America/New_York
Here's a breakdown of the parameters used:
run -d --name ot-base
|Create the container, name it "ot-base" and immediately run the container in background.|
|Use temporary filesystem for run pids.|
|This will keep the container running even after a system reboot.|
|Map the port 80 of the host to port 80 of the container. If you don't want to use port 80 to access OT-BASE or port 80 is already used by other processes you can map another host port to port 80 of the container.|
|Set the timezone of the container to America/New York (or any other timezone).|
|Map the backup directory to a directory on the host. This directory must already exist. OT-BASE will create a full database dump every 12 hours if this mapping is set.
Not more than the three latest backups are stored in this folder. The backups are compressed and encrypted.
Map the files directory to a directory on the host. OT-BASE uses this folder to store documents and product images.
The directory must already exist.
Map the import folder. OT-BASE Asset Discovery periodically checks the content of this folder for available import files from Asset Discovery.
Usually, this host folder is shared for easy access from other stations. The directory must already exist.
The name and tag of the image to create the container. "4.02" is replaced by the version number that you are installing.
Call `$ docker images` for a list of installed images.
Modify access rights when using Security-Enhanced Linux (SELinux)
When using Security-Enhanced Linux, you must set a write permission for the directory /var/ot-base:
sudo chcon -Rt svirt_sandbox_file_t /var/ot-base