Prerequisites
- Complete the tasks detailed at:
SkyFormation Platform Prerequisites
- Make sure you have your SkyFormation license key
NOTE: this is applicable only for release 2.4.140 or later.
Steps
Note: the command uses "screen" in order to run the script in a separate process, such that if the session disconnects it will not disrupt the script's progress. If screen in not installed on the host, it is recommended that it is installed beforehand. If it is not possible to install screen, remove the word screen from the command; keep in mind that any disruption to the session will result in corrupt installation, and a manual restoration to a working state will be required.
a. Running the installation
SSH into the SkyFormation dedicated Linux machine with a "sudo"er account
Use -v=*requested version* parameter to run the SkyFormation installation with a specific SW version
command to use if you have no proxy
curl -L https://download.skyformation.net/v2/download/installer/edge/pre-install.sh > preinstall.sh && chmod +x preinstall.sh && sudo screen ./preinstall.sh -v=*version* && rm preinstall.sh
command to use if you are running behind a proxy
curl -x https://proxyserver:8080 -L https://download.skyformation.net/v2/download/installer/edge/pre-install.sh > preinstall.sh && chmod +x preinstall.sh && sudo screen ./preinstall.sh -v=*version* && rm preinstall.sh
Note: if you have an authenticated proxy, and you have special characters in your username or password, you need to send them the curl -x parameter and the skyformation installation script in url-encoded format.
You may use the following command line on your terminal to see the encoded format of your user and password (in this example the password is ab$#^%cd, replace it with yours):
ab%24%23%5E%25cd
Optional Parameters
You can set up the integration user for skyformation open-api usage during the installation. To do so, you can use the following optional parameters:
-u=inetgration-user-name
-p=integration-user-password
-r=integration-user-role (the only valid value is "integration-admin". If you're setting a regular , non-admin integration user don't use this parameter).
Example Commands:
command to use if you have no proxy
curl -L https://download.skyformation.net/v2/download/installer/edge/pre-install.sh > preinstall.sh && chmod +x preinstall.sh && sudo ./preinstall.sh -v=*version* -u=myintegrationuser -p=myintegerationuserpassword -r=integration-admin&& rm preinstall.sh
command to use if you are running behind a proxy
curl -x https://proxyserver:8080 -L https://download.skyformation.net/v2/download/installer/edge/pre-install.sh > preinstall.sh && chmod +x preinstall.sh && sudo ./preinstall.sh -v=*version* -u=myintegrationuser -p=myintegerationuserpassword -r=integration-admin && rm preinstall.sh
url-encoded format applies here as well to the proxy user and password, in case they contain special characters.
b. Insert the following parameters when asked (highlighted in green below):
curl -L https://download.skyformation.net/v2/download/installer/edge/pre-install.sh > preinstall.sh && chmod +x preinstall.sh && sudo ./preinstall.sh -d=exabeam && rm preinstall.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1469 100 1469 0 0 3981 0 --:--:-- --:--:-- --:--:-- 3981
Proxy server (full with schema, host and port, i.e. https://myproxy.corp.com:8080 ; if the proxy requires auth also put credentials i.e. https://myuser:mypwd@myproxy.corp.com:8080) []:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 6476 100 6476 0 0 33729 0 --:--:-- --:--:-- --:--:-- 33729
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 25733 100 25733 0 0 91903 0 --:--:-- --:--:-- --:--:-- 91576
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 473 100 473 0 0 3032 0 --:--:-- --:--:-- --:--:-- 3032
License key:
Application port [8443]:
Testing license key...
License is valid
>> Proxy server [] :
Default is no proxy in use. Press enter if no proxy is in use.
If you are running behind a proxy insert the proxy DNS and port (e.g. proxyserver:8080). If the proxy requires auth also put credentials i.e. https://myuser:mypwd@myproxy.corp.com:8080)
url-encoded format applies here as well to the proxy user and password, in case they contain special characters.
>> License key:
Insert your SkyFormation app license key provided by SkyFormation
>> Application port [8443]:
Port used by the SkyFormation web app. Enter for default 8443
You should see the two lines (as in the above diagram):
>> Testing license key
>> License key is valid
Installation is completed successfully and SkyFormation app is running when you see the following output lines:
Starting the compose service...
Compose service is up
==> Done!
c. Verify that the SkyFormation web app is accessible
Open your Chrome browser and enter the SkyFormation webapp URL as followed:
https://<skyformationserver>:8443
You will see a screen asking you to approve the SkyFormation web app certificate in use
- Press on "ADVANCED" link and then in the expanded part on "Proceed to ..."
(see the screenshot above)
- Insert in the SkyFormation login screen the default user & password
(see the screenshot below)
Default User: sk4admin
Default Password: password
WARNING:
Leaving the default password is a security risk. Please change to a secure one using the link:
How to replace/rest the SkyFormation password
If you see the SkyFormation app 'License" page as seen below your SkyFormation app installation was completed successfully.
d. Activate your SkyFormation app license
- Review and accept the SkyFormation End User License Agreement (EULA) by pressing
"I Agree"
(see the screenshot below)
- Put the SkyFormation app license key provided to you at the "License Key" text box
If the license is valid you will see "OK, The license is valid" as seen below
- Press "SAVE & CONTINUE"
e. Choose SINGLE-TENANT
SkyFormation app could run in either a "single-tenant" or "Multi-tenant" mode.
SkyFormation for Exabeam should run in the "single-tenant" mode which allows integration with
one SIEM (Exabeam SIEM/aa) as the target system to get the SkyFormation events at.
Each cloud connector added will automatically be attached to the single default tenant in this
mode making sure the entire cloud connectors events will be send to Exabeam machine.
- Press "SAVE & FINISH"
e. Integrate Exabeam SIEM/AA
To do that you will need to add a SIEM in SkyFormation app and configure it to be the
Exabeam machine.
Please follow the steps described at:
Adding a SIEM to SkyFormation
Make sure you see in Exabeam the test event sent from SkyFormation.
Comments
0 comments
Please sign in to leave a comment.