2.1. Installing the Base OS

In this chapter we will walk you through our ISO Installer. The ISO Installer is a Debian 12 (64 bits) based installer which will guide you through the installation of the base OS.

2.1.1. Overview of the Components

There are three components which are needed for the Broker Network:

  • Lobby - New ASGARD Agents will get a certificate for a secure communication from the Lobby. An administrator can accept the agents or configure the auto-accept option. Certificates for agents can also be revoked here.

  • Gatekeeper - The Gatekeeper is used to communicate directly between all the components. Certificates and Revoke Lists get picked up from the Lobby and are being pushed to all Brokers.

  • Broker - Your Broker(s) are the component which your ASGARD Agents communicate with. Once an ASGARD Agent received a valid certificate from the Lobby, communication is possible. You can have multiple Brokers configured.

The Broker Network

In this guide, we will assume a scenario with only one Broker, one Lobby and one Gatekeeper. If you wish to install multiple smaller sized Brokers, you can do so.

2.1.2. Create a new ESX VM and mount the ISO

Note

This step has to be done three times, we need one dedicated server for each component. Please see Hardware Requirements for the hardware requirements.

Create a new VM with your virtualization software. In this case, we will use VMWare ESX managed through a VMWare VCenter.

The new VM must be configured with a Linux base system and Debian GNU/Linux 10 (64 bits) as target version. It is recommended to upload the ASGARD ISO to an accessible data store and mount the same to your newly created VM.

New Virtual Machine - ESX
New Virtual Machine - ESX
New Virtual Machine - ESX
New Virtual Machine - ESX

Please make sure to select a suitable v-switch or physical interface that reflects the IP address scheme you are planning to use for the new ASGARD.

2.1.4. Network Configuration

Configure the network
Configure the network
Configure the network
Configure the network

Warning

ASGARD needs to be able to resolve internal and external IP addresses.

Configure the network
Configure the network

Warning

Important: Make sure that the combination of hostname and domain creates an FQDN that can be resolved from the endpoints on which you intend to install the ASGARD agents. If you've configured a FQDN (hostname + domain) that cannot be resolved on the clients, no agent will be able to find and reconnect to the ASGARD server.

Configure the network

2.1.5. Choosing a Password

Set up users and passwords

Choosing a password for the nextron user

2.1.6. Partitioning of the Hard Disk

Partition disks

Finally, write your configuration to the disk by selecting "Yes" and clicking "Continue".

Partition disks

If you are using a proxy to access the internet, enter the proxy details in the next step. Please note, Internet connectivity is required for the next step.

2.1.7. Proxy Configuration

Finish the installation

The base installation is now complete. In the next step we will install the Broker Network Components. For this step Internet connectivity is required.

Use SSH to connect to the appliance using the user nextron and the password you specified during the installation. If SSH is not available, you can perform the next steps via the Console of your Virtualization Host, though SSH has more possibilities.

2.1.8. Changing the IP-Address (optional)

You components IP Addresses can be changed in /etc/network/interfaces. The IP is configured with the address variable.

nextron@asgard:~$ sudo vi /etc/network/interfaces
auto ens32
iface ens32 inet static
address 192.0.2.7
netmask 255.255.255.0
gateway 192.0.2.254

Note

There might be a case where the name of the network interface (in this example: ens32) is different. To verify this you can run ip a and see the name of the network interface.

The new IP can be applied with the command sudo systemctl restart networking.

Make sure to update the A-Records in your local DNS Server to reflect the IP changes.

2.1.9. Verifying DNS Settings

To verify if your components are using the correct DNS Server, you can inspect the file /etc/resolv.conf:

nextron@asgard-ac:~$ cat /etc/resolv.conf
search example.org
nameserver 172.16.200.2

If you see errors in this configuration, you can change it with the following command:

nextron@asgard-ac:~$ sudoedit /etc/resolv.conf