3. Setup Guide

3.1. Overview of the Components

There are three components which are needed for the Broker Network:

  • Lobby - New ASGARD Agents will get a certificate for a secure communication from the Lobby. An administrator can accept the agents or configure the auto-accept option. Certificates for agents can also be revoked here.

  • Gatekeeper - The Gatekeeper is used to communicate directly between all the components. Certificates and Revoke Lists get picked up from the Lobby and are being pushed to all Brokers.

  • Broker - Your Broker is the components which your ASGARD Agents directly communicate with. Once an ASGARD Agent received a valid certificate from the Lobby, communication is possible. You can have multiple Broker configured

The Broker Network

In this guide, we will assume a scenario with only one Broker, one Lobby and one Gatekeeper. If you wish to install multiple smaller sized Brokers, you can do so.

3.2. Create a new ESX VM and mount the ISO

Note

This step has to be done three times, we need one dedicated server for each component. Please see Hardware Requirements for the hardware requirements.

Create a new VM with your virtualization software. In this case, we will use VMWare ESX managed through a VMWare VCenter.

The new VM must be configured with a Linux base system and Debian GNU/Linux 10 (64 bits) as target version. It is recommended to upload the ASGARD ISO to an accessible data store and mount the same to your newly created VM.

New Virtual Machine - ESX
New Virtual Machine - ESX
New Virtual Machine - ESX
New Virtual Machine - ESX

Please make sure to select a suitable v-switch or physical interface that reflects the IP address scheme you are planning to use for the new ASGARD.

3.4. Network Configuration

Configure the network
Configure the network
Configure the network
Configure the network

Warning

ASGARD needs to be able to resolve internal and external IP addresses.

Configure the network
Configure the network

Warning

Important: Make sure that the combination of hostname and domain creates an FQDN that can be resolved from the endpoints on which you intend to install the ASGARD agents. If you've configured a FQDN (hostname + domain) that cannot be resolved on the clients, no agent will be able to find and reconnect to the ASGARD server.

Configure the network

3.5. Choosing a Password

Set up users and passwords

Choosing a password for the nextron user

3.6. Partitioning of the Hard Disk

Partition disks

Finally, write your configuration to the disk by selecting "Yes" and clicking "Continue".

Partition disks

If you are using a proxy to access the internet, enter the proxy details in the next step. Please note, Internet connectivity is required for the next step.

3.7. Proxy Configuration

Finish the installation

The base installation is now complete. In the next step we will install the Broker Network Components. For this step Internet connectivity is required.

Use SSH to connect to the appliance using the user nextron and the password you specified during the installation. If SSH is not available, you can perform the next steps via the Console of your Virtualization Host, though SSH has more possibilities.

3.8. Installing the Broker Network Components

After the base installation of your servers is completed, we can install the specific software for the components.

You can now choose the role you want to install (Broker, Gatekeeper or Lobby):

the nextronInstaller

You can install the three 1 servers in any order, as we will configure them once they are all up and running.

Warning

The Broker Network needs a minimum version of 2.14.0 of the ASGARD Management Center. Please make sure you installed your Broker Network license in your ASGARD Management Center. If you still can't see the Broker Network tab in your Asset Management, restart the asgard2 service in Settings > System > Services.

1

This number may vary. In this example we went with the minimum of one Broker, one Lobby and one Gatekeeper.

3.8.1. Gatekeeper Installation

To install the Gatekeeper, run the following command on your newly installed system:

nextron@gatekeeper:~$ sudo nextronInstaller -gatekeeper
Installing the Gatekeeper

After the installation is done, you will see the following message:

Installing the Gatekeeper

You can now check if the service was installed successfully.

nextron@gatekeeper:~$ systemctl status asgard2-gatekeeper.service

You will see that the service is in a "failed/exited" state. This will change once we configured our ASGARD with the Gatekeeper.

To configure your Gatekeeper in the ASGARD Management Center, we will continue later in the chapter Gatekeeper Configuration.

3.8.2. Lobby Installation

To install the Lobby, run the following command on your newly installed system:

nextron@lobby:~$ sudo nextronInstaller -lobby
Installing the Lobby

After a short while you will be prompted to enter a password for the admin user. This is the user for the web interface of the Lobby.

Note

The password has to be:

  • A minimum of 12 characters long

  • Contain at least one upper- and lowercase letter, one digit and one special character

Installing the Lobby

After the installation is finished, you will see the following message:

Installing the Lobby

You can check the service to see if everything is up and running.

nextron@lobby:~$ systemctl status asgard-lobby.service
Installing the Lobby

You can now navigate to the web interface of the lobby https://<FQDN>:9443. Please log into the Lobby with the user admin and the password you chose during the installation:

Using the Lobby

To configure your Lobby in the ASGARD Management Center, we will continue later in the chapter Lobby Configuration.

3.8.3. Broker Installation

To install a Broker, run the following command on your newly installed system

nextron@broker:~$ sudo nextronInstaller -broker
Installing a Broker

After the installation is finished, you will see the following message:

Installing a Broker

You can now check if the service was installed successfully.

nextron@broker:~$ systemctl status asgard-broker.service

You will see that the service is in a "failed/exited" state. This will change once we configured our ASGARD with the Broker.

To configure your Broker in the ASGARD Management Center, we will continue later in the chapter Broker Configuration.

3.9. Changing the IP-Address

You components IP Addresses can be changed in /etc/network/interfaces. The IP is configured with the address variable.

nextron@asgard:~$ sudo vi /etc/network/interfaces

auto ens32
iface ens32 inet static
address 192.0.2.7
netmask 255.255.255.0
gateway 192.0.2.254

Note

There might be a case where the name of the network interface (in this example: ens32) is different. To verify this you can run ip a and see the name of the network interface.

The new IP can be applied with the command sudo systemctl restart networking.

Make sure to update the A-Records in your local DNS Server to reflect the IP changes.

3.9.1. Verifying DNS Settings

To verify if your components are using the correct DNS Server, you can inspect the file /etc/resolv.conf:

nextron@asgard-ac:~$ cat /etc/resolv.conf
search example.org
nameserver 172.16.200.2

If you see errors in this configuration, you can change it with the following command:

nextron@asgard-ac:~$ sudoedit /etc/resolv.conf