Self-Hosted-GYTPOL 2.0 installation and configuration guide

OVAs Provided by the GYTPOL Team

You will receive the following 2 OVA files from the GYTPOL team to set up your environment:

PostgreSQL (Database) Server OVA:
- This virtual appliance contains the pre-configured PostgreSQL database server required for storing and managing GYTPOL data.
GYTPOL Services (Application) Server OVA:
- This virtual appliance contains the core GYTPOL services and application required to manage and monitor your environment.

Ensure both OVA files are available before beginning the installation process.

Import and Configure the GYTPOL PostgreSQL OVA

Open the VMware Console:
- Launch the VMware vSphere Client or VMware Workstation, depending on your environment.
Import the GYTPOL PostgreSQL OVA:
- Select File > Deploy OVF Template option.
- Browse to the location of the gytpol-postgres.ova file.
- Follow the on-screen instructions to complete the import process.
Post-Import Configuration:
- Once the import is complete, locate the newly created VM in your VMware environment.
- Edit the VM settings to ensure it meets the required specifications -
  please refer to System Requirements for Self-Hosted GYTPOL 2.0 guide.

Steps to Access and Initialize PostgreSQL in the VM

Open the Console of the PostgreSQL VM:
- Use VMware to access the console of the VM where PostgreSQL is installed.
Log in to the VM:
- Enter the following credentials to log in:
  - Username: ubuntu
  - Password: m-33W8]aiUh
Initialize PostgreSQL:
- Once logged in, execute the following command to initialize PostgreSQL: sudo gyt postgres-init
Verify the Initialization:
- Check the output to ensure PostgreSQL has been successfully initialized.

Configure the Network for PostgreSQL VM

Follow Network Configuration Prompts:
- When prompted during the setup process, configure the network settings for the VM.
- You will be asked to choose between static and DHCP IP address allocation.
Recommendation: Use a Static IP:
- We recommend selecting ‘static’ to manually configure the IP address for better reliability and control.
- Enter the following details:
  - IP Address: Your desired static IP
  - Subnet Mask: As per your network configuration (e.g., 255.255.255.0)
  - Gateway: Your network gateway address
  - DNS Servers: Your preferred DNS servers
Alternative: Use DHCP with Reservation:
- If you prefer to use DHCP, ensure a reservation is set in your DHCP server for the VM’s MAC address.
- This ensures the VM consistently receives the same IP address.
Verify the Network Configuration:
- Once the setup is complete, test the network connectivity:
  - Ping the configured IP from another device on the network to confirm accessibility.
  - If static, ensure the settings align with your network’s configuration to avoid IP conflicts.

Password Configuration During Setup

As part of the setup process, you will be prompted to configure two important passwords. Follow these steps carefully:

Wait for Password Prompts:
- During the initialization process, the setup will ask you to provide passwords for critical components.
Passwords to Set:
- PostgreSQL Master Password:
  - This password secures the PostgreSQL database and will be required for administrative tasks.
  - Choose a strong and secure password. Record it safely for future reference.
- Keycloak User Password:
  - This password is for managing the Keycloak user database.
  - Again, choose a secure password and store it in a secure location.
Input the Passwords When Prompted:
- When the setup script prompts you, type in the passwords carefully and confirm them when asked.
Verify the Passwords:
- Ensure you see a confirmation message or successful setup output for each password entry.

Recommendations:

Use a password manager to securely generate and store these credentials.
Avoid reusing passwords from other systems for added security.

Do not forget these passwords. They will be required later in the installation process and for future management tasks.

Import and Configure the GYTPOL Services OVA

Open the VMware Console:
- Launch the VMware vSphere Client or VMware Workstation, depending on your environment.
Import the GYTPOL Services OVA:
- Select File > Deploy OVF Template option.
- Browse to the location of the gytpol-services.ova file.
- Follow the on-screen instructions to complete the import process.
Post-Import Configuration:
- Once the import is complete, locate the newly created VM in your VMware environment.
- Edit the VM settings to ensure it meets the required specifications:
- After the VM is imported, make the following changes:
  - Add a 50 GB Hard Disk:
    - Go to Edit Settings for the VM.
    - Add a new hard disk with a size of 50 GB.
  - Set Memory:
    - Allocate 12 GB of RAM.
  - Set CPUs:
    - Assign 6 CPUs to the VM.
Power On the VM:
- Start the VM from the VMware console.
Verify DNS Record:
- Ensure the DNS record for the GYTPOL server is resolvable:
  - Use a command like nslookup <server-name> or ping <server-name> from another machine to confirm.

Access the Services VM Console

Open Services VM Console:
- Switch to the console of the Services VM in VMware.
Log in to the Services VM:
- Use the following credentials to access the VM:
  - Username: ubuntu
  - Password: m-33W8]aiUh
Run the command sudo gyt install

Network Configuration for the GYTPOL Services VM

Follow the Network Configuration Prompts:
- During the initial setup of the GYTPOL Services VM, you will be prompted to configure the network settings.
Choose an IP Address Configuration:
- Recommended Option: Static IP:
  - This option provides a fixed IP address, ensuring consistent connectivity.
  - Enter the following details:
    - IP Address: The static IP address you want to assign.
    - Subnet Mask: Typically 255.255.255.0 or as per your network setup.
    - Gateway: Your network's gateway IP.
    - DNS Servers: Your preferred DNS server addresses (e.g., Google DNS: 8.8.8.8).
- Alternative Option: DHCP with Reservation:
  - If you prefer using DHCP, configure your DHCP server to assign a reserved IP to the VM's MAC address.
  - This ensures the VM always receives the same IP.
Verify the IP Address:
- After completing the network configuration, confirm the VM's connectivity:
  - Use ping <IP Address> or ping <Host Name> from another device to verify.
Document the IP Address:
- Record the assigned IP address for future use, as it will be required in subsequent steps.

Providing Required Information During Setup

When prompted during the setup process, supply the following details carefully:

GYTPOL_URL:
- Enter the DNS name of the GYTPOL server.
- Example: gytpol.yourdomain.com
DB_PASSWORD:
- Provide the password for the GYTPOL database.
- Use your own secure password.
POSTGRES_HOST:
- Enter the IP address of the PostgreSQL VM.
- Example: 192.168.1.100
MASTER_PASSWORD:
- Provide the Master Password created in Password Configuration During Setup section.
- This is the administrative password for the database.
GYTPOL_ADMIN_USER_EMAIL:
- Enter the email address for the first administrator user in the system.
- Example: admin@yourdomain.com
USER_MANAGEMENT_ADMIN_PASSWORD:
- Set a password for accessing the User Management Console.
- Choose a secure and memorable password.
USER_MANAGEMENT_DB_PASSWORD:
- Provide the password for the User Management Database.
- The password was created in Password Configuration During Setup section.

The setup will request you to create an Initial User Password for the first user account in the system:
Wait for Installation to Complete:
Send the following details to support@gytpol.com:
- Access Key ID
- Secret Access Key
- GYTPOL_URL
- GYTPOL Services Server FQDN
The GYTPOL team will respond with the sensor installation files.

Copying Sensor Installation Files to the Services OVA

To transfer sensor installation files to the services OVA, you can use a file transfer tool like WinSCP (graphical interface) or the scp command (command-line). Both options connect over port 12222.

Option 1: Using WinSCP

Launch WinSCP and configure the connection:
- Host: The IP address of the services OVA.
- Port: 12222
- Username: The VM user (e.g., ubuntu).
- Password: The corresponding password.
Transfer Files:
- Navigate to the desired location on the OVA.
- Drag and drop the files from your local machine to the target directory on the OVA

Option 2: Using `scp` Command (Terminal)

Open your terminal and use the following command:
Copy code example: scp -P 12222 -o StrictHostKeyChecking=no ~/Downloads/gytpol-client_2.4.9.18-18_amd64.deb ubuntu@10.60.0.103:/home/ubuntu

Options Explained:

-P 12222: Specifies the port 12222.
-o StrictHostKeyChecking=no: Skips the SSH host key verification for faster connections.
~/Downloads/gytpol-client_2.4.9.18-18_amd64.deb: Local path to the file.
ubuntu@10.60.0.103: Username and IP address of the services OVA.
/home/ubuntu: The destination directory on the OVA.

Copy and Install Sensor Files in the Services OVA

Copy All Sensor Installation Files:
- Use WinSCP or the scp command (as described earlier) to transfer all sensor installation files you receive to the services OVA.
Log in to the Services OVA:
- Open the VMware console or use SSH to access the services OVA.
- Use the credentials you configured during the setup.
Run the Command for Each Sensor Installation File: sudo gyt copy-client <OS> <VERSION> <FILENAME>, for example:

sudo gyt copy-client linux 2.4.9.18 gytpol-client_2.4.9.18-18_amd64.deb
sudo gyt copy-client mac 2.4.9.18 gytpol-client_2.4.9.18-18_amd64.pkg
sudo gyt copy-client windows 2.36.3.0 gytpolClient_x64.msi

Finalizing Sensor Setup

Generate Sensor Links:
- Run the following command in the services OVA to generate sensor links in the GYTPOL UI:
  sudo kubectl create job --from cj/gytpol-analyzer-periodic-client-signer-cj signer-job -n gytpol
Alternatively, Wait:
- If you do not run the command, the system will automatically generate sensor links within 30 minutes.
Access GYTPOL:
- Once the sensor links are available, you can start using GYTPOL through the configured interface.

Enabling HTTPS for GYTPOL

By default, GYTPOL will run on http if no certificate is added.

To enable HTTPS, you will need to provide SSL certificate files (.crt and .key) for the DNS domain name associated with your GYTPOL server.

Obtain Certificate Files:
- Acquire an SSL certificate (.crt file) and its corresponding private key (.key file) for your DNS domain name from a trusted Certificate Authority (CA) or generate self-signed certificates for testing.
Copy Certificate Files to the Services VM:
- Use WinSCP or the scp command to transfer the .crt and .key files to the services VM.
- Example Command: scp -P 12222 -o StrictHostKeyChecking=no /path/to/your/cert.crt /path/to/your/key.key ubuntu@<services-OVA-IP>:/home/ubuntu

Replace:
- /path/to/your/cert.crt: Path to the .crt file on your local machine.
- /path/to/your/key.key: Path to the .key file on your local machine.
- <services-OVA-IP>: The IP address of the services VM.

Adding SSL Certificate to Enable HTTPS

To enable HTTPS for GYTPOL, you can add the SSL certificate directly to the services OVA by following these steps:

Steps to Add SSL Certificate

SSH into the Services OVA:
- Use an SSH client (e.g., terminal, PuTTY) to connect to the services OVA over port 12222.
  - Example:ssh -p 12222 ubuntu@<services-OVA-IP> (replace <services-OVA-IP> with the IP address of the services OVA).
Run the Command to Add SSL Certificate:
- Once logged in, use the sudo gyt add-ssl-certificate <CRT FILENAME> <KEY FILENAME> command to apply the certificate.

Replace:
- <CRT FILENAME>: The full path or name of the .crt file you uploaded.
- <KEY FILENAME>: The full path or name of the .key file you uploaded.

Restart Services:

The command will automatically restart the necessary services to apply the certificate.

Access the GYTPOL UI:

After adding the SSL certificate, you can access the GYTPOL UI securely using HTTPS.

Installing the License for GYTPOL

Steps to Fetch the License ID:

SSH into the Services VM: ssh -p 12222 ubuntu@<services-OVA-IP>
Run the License ID Command: sudo gyt get-license-id
Send the License ID:
- Copy the displayed license ID and send it back to the GYTPOL Licensing Team at license@gytpol.com.

Installing the License:

Once you receive the license file from the GYTPOL team, upload it to the services VM using WinSCP or the scp command: sudo gyt install-license <LICENSE-FILENAME>

Replace <LICENSE-FILENAME> with the full path or name of the license file.

Getting the API Key for GYTPOL User API

To use the GYTPOL User API, you need to retrieve the API key from the services VM. Follow the steps below:

Steps to Retrieve the API Key:

SSH into the Services VM: ssh -p 12222 ubuntu@<services-OVA-IP>
Run the API Key Command: sudo gyt get-api-key

Adding Users in GYTPOL

Follow these steps to add users to the GYTPOL system:

Open a web browser and navigate to https://<gytpol-services-dns>:9093/admin
Replace <gytpol-services-dns> with the DNS name of your GYTPOL services.
Log In:
- Use the following credentials:
  - Username: admin
  - Password: The password configured as USER_MANAGEMENT_ADMIN_PASSWORD during installation.
After logging in, select Users from the left-hand navigation pane.
Click on Add User button
Select “Email Verified” and ensure that both the username and email fields are filled with valid email addresses.
After creating the user, navigate to “Role Mapping” and click on “Assign Role”.
Assign “gytpol”:
Navigate to “Credentials” and click on “Set Password”:
Enter the password and choose whether the user should be required to change it upon their first login by setting it as Temporary or not.

Resetting user password