Today we'll go through ACDI installation. On this screen you may see the system requirements for ACDI.
These requirements are:
CPU - 4 Cores (8 Recommended)
RAM - 16Gb (32 Recommended)
Root access
At least 100GB of disk space
Red Hat version 8, SLES 15 or Ubuntu 22. Any other Linux may be used on demand.
Open in port 3190 to outside. It will be required to send data from a machine with IDM to a machine with ACDI.
Now let's go to the terminal, to the machine where we'll install ACDI.
We'll need root access and the zip file with ACDI. Let's unzip it to /opt.
Note! The installation will be done in a directory where the archive was unzipped to - do not use /home or other directories with limited access!
Okay, let's go inside.
Default folder for logs is “/var/log/acdi/” and for data- “var/data/acdi”. If you need to change it you can do it in ACDIinstaller/config.json
To start installation execute ./install.sh from root user.
So, we know that the hostname of our machine “linux-nzdp” is resolvable and we'll use it in the ACDI installation.
Please, use only letters, numbers and hyphens in FQDN of ACDI instance
Let's extract all components. Now the files are extracted.
As the next step, we need to choose whether we'll use an existing Linux user or create a new one.
By default, the Install script suggests that we create a user with the name acdi.
Press Enter to use the default name.
Now we need to define a resolvable FQDN for the ACDI instance.
In step #3 we'll need to define the name of a local account that will have administrative rights and access to all components.
Press Enter to use the default ACDI admin.
Now we need to set a default password for this user.
We will need this user to be able to configure a connection to ACDI in ACDI Driver in IDM.
This user will have access to the OpenSearch dashboards.
Press Enter to use the default OSD admin.
Now we need to select what LDAP connection will be used as the default connection to eDirectory or to Active Directory.
Here we'll use eDirectory.
Now we need to define a resolvable FQDN of the LDAP server.
Please don't forget to set the port.
So, this is the account which has access and can read data from the LDAP server.
Now we need to set its password.
Note: If, for some reason, the connection was broken and installation was interrupted during any of the steps, we can run ./install.sh one more time and continue from the place where the installation has been interrupted.
Great! The connection to the LDAP server has been established. The authorization is successful.
Next step will be to configure the CRON string to be able to run the Audit report service.
By default, the CRON string shows that each day at 01:05 AM, a report service takes snapshots of a directory.
Let’s press Enter to use the default settings.
So, let's install AutoStart Scripts and start ACDI components.
Services will be started one by one with checks, which can take some time.
Here we can see that the installation has finished successfully. During installation, the start script creates a self-signed certificate. We can see a notification message.
Let's use our local admin account.
The ACDI installation is completed successfully.
The next step to be able to start using ACDI is to create a license with the help of the server ID. It can be found in Administration > Audit Server. Just copy and send the server ID to SKyPRO support so that we can create a license for you.
When you have a license, copy and paste it in the appropriate field.
Click “Save”
Then please restart the core engine: Tab Core Engine > Restart.
Now let’s refresh the page. On the Home page at the bottom, you will see information about the license: the company name for which the license was issued and its validity.
This was the basic ACDI installation.
Note: later, if you need to change the certificate, you'll need to go to /opt/acdi4.0.3/certs and replace the certificate in keystore.pfx. Restart the Audit Proxy and Audit Server Services.
Should you have any questions or difficulties, please contact us at any time swsupport.skypro@skypro.ch