Prerequisites and Environment Check
Overview
Before you download and run the IDAC installation:
- Confirm all prerequisites.
- Make sure you have the necessary Cyolo license.
- Review sizing considerations.
- Check and configure firewall settings.
- Create a DNS entry (TBD).
- Run a script to check for access to network resources .
1. Prerequisites
Make sure that you have all of the following:
- IDAC License - a JWT file from Cyolo.
- Use a clean, dedicated Linux server for the Cyolo IDAC installation and ensure that you have root permissions for the machine.
- A good internet connection.
- The hardware and software (operating systems) specifications, as detailed in the table below.
| Guideline | Comments | |
|---|---|---|
| Operating System | Ubuntu Server: 22.04 Focal 24.04 Jammu RHEL 8/9 | |
| CPU Cores | Minimum = 4 Recommended = 6 | If you need to scale, it is best with an IDAC, rather than additional CPU cores. |
| RAM | 8 GB | |
| Disk | 150 GB (minimum) | Disk space varies with the type of applications you use, and recording and retention settings. A general guideline is approximately 1 GB per day of logs, 1 GB per hour of recorded web RDP/SSH sessions, plus a 10% buffer. Maximum usage is approximately 1 GB per user per day of retention. |
2. License and Certificates
- Cyolo provides the license based on the customer’s requirements and details (e.g., Tenant URL, Company name, etc.).
- Customers may either use Cyolo’s certificates, or their own. We recommend using your own certificate for more flexibility and control of your environment.
- The certificate and key, if provided by the customer, should be available at the time of deployment.
3. Notes on Sizing
-
We recommend one IDAC per 1000 concurrent users. For example, if a site publishes applications that are relevant to 3,000 users, it is recommended that the site have three IDACs.
-
There should be at least two IDACs per site for high availability and business continuity.
-
Busy sites should have more IDACs to support more traffic. The addition of CPU and RAM will not alleviate bottlenecks. However, additional IDACs will support higher throughput because of the availability of more TCP connections.
4. Firewall Settings
The table below specify which URLs/ports to allow for each type of IDAC installation.
A full list of IPs is also available here.
The list is updated once an hour.
| URL | Ports | Installation | Installation via proxy | Upgrade | Operation |
|---|---|---|---|---|---|
| get.cyolo.io | 443 | REQUIRED | |||
| tcp.cyolo.io (included in all) | 443 | REQUIRED | REQUIRED | ||
| all.cyolo.io | 443 | REQUIRED | |||
| ssh.cyolo.io | 443 | REQUIRED | REQUIRED | ||
| services.cyolo.io | 443 | REQUIRED | REQUIRED | REQUIRED | |
| s3-eu-west-1.amazonaws.com | 443 | REQUIRED | REQUIRED | ||
| registry.cyolo.io (included in all) | 443 | REQUIRED | REQUIRED | ||
| index.docker.io | 80 | REQUIRED | |||
| download.docker.com | 443 | REQUIRED | |||
| github.com | 80 | REQUIRED | |||
| registry.hub.docker.com | 80 | REQUIRED | |||
| get.docker.com | 443 | REQUIRED | |||
| objects.githubusercontent.com | 443 | REQUIRED | |||
| dseasb33srnrn.cloudfront.net | 443 | REQUIRED | |||
| production.cloudflare.docker.com | 443 | REQUIRED | |||
| registry-1.docker.io | 443 | REQUIRED | |||
| auth.docker.io | 443 | REQUIRED | |||
| metrics.services.cyolo.io | 443 | REQUIRED | REQUIRED | ||
| deploy.cyolo.io | 443 | REQUIRED | REQUIRED | ||
| security.ubuntu.com | 80 | REQUIRED | |||
| motd.ubuntu.com | 80 | REQUIRED | |||
| esm.ubuntu.com | 80 | REQUIRED | |||
| ec2.archive.ubuntu.com | 80 | REQUIRED |
5. Create a DNS Entry (TBD)
6. Check for Access to Network Resources
Run the bash script provided below to check for required access to network resources.
Correct any issues before you run the IDAC installation wizard.
[root@vbox cyolo]# ./cyolo_check.sh
Cyolo services
Checking the tcp.cyolo.io DNS Resolving
76.223.40.26
13.248.169.106
Validating connection to tcp.cyolo.io:443 - timeout is set for 10 seconds
testing 76.223.40.26 on port 443 - success
testing 13.248.169.106 on port 443 - success
Checking the ssh.cyolo.io DNS Resolving
51.17.160.41
51.17.123.2
51.17.116.207
Validating connection to ssh.cyolo.io:443 - timeout is set for 10 seconds
testing 51.17.160.41 on port 443 - success
testing 51.17.123.2 on port 443 - success
testing 51.17.116.207 on port 443 - success
Affinity tcp.cyolo.io results:
il-central-1-i-00fcfd54dc71d9bf3.cyolo.io 443
Validating connection to the Affinity - timeout is set for 10 seconds
accessing il-central-1-i-00fcfd54dc71d9bf3.cyolo.io 443 - success
Latency check for Affinity
HTTP Status Code: 200
DNS Resolving: 0.067886s
Total Time: 0.106518s
Accessing services.cyolo.io results - success
Accessing metrics.services.cyolo.io:443/health results - success
Accessing registry.cyolo.io/v2/cyolosec/idac/tags/list results - success
Docker & docker-compose
Get Docker Version
Docker version 27.3.1, build ce12230
Get Docker Compose Version
Error> getting docker-compose version failed
Seee all green - all success; else install what is missing
Updated 3 days ago