Prerequisites

securiCAD Enterprise is a web-based platform that can be deployed on most modern servers, workstations or laptops. The requirements below outline the specifications needed for on-premise or cloud installations. securiCAD Enterprise as a managed service requires only a modern browser.

Requirements

Hardware Requirements

Minimum: 8 GB RAM, Dual Core CPU, 20 GB HDD
Recommended: 16 GB RAM, Quad Core CPU, 50 GB HDD

📘

Workload details

The simulation process is memory intensive and dependens on model and sample size. The maximum amount of memory used by the Worker node can be changed in the -Xmx parameter of the system configuration file for the Worker process /etc/systemd/system/foreseeti-worker.service

Software Requirements

Supported Operating Systems:

• Ubuntu Server 18.04 LTS, 20.04 LTS
• RHEL/CentOS 7 and 8
• Amazon Linux 2

The installation will also require a dedicated account with sudo privileges.

Network Requirements

The default installation will connect to the Internet the download the latest packages needed. If required, foreseeti can provide installations with all packages included where Internet access is not available or wanted.

Browsers

securiCAD Enterprise works with recent versions of Google Chrome, Mozilla Firefox, Edge and Safari. Microsoft Internet Explorer is not supported.

Installation instructions

1. Make sure the prerequisites are met:

• Access to a machine with a supported OS
• User account named es with full sudo privileges
• SSH access for the es account
• Internet connectivity (Optional)

2. Log in as the es user

3. Copy the distribution package (e.g., enterprise_suite_ep_1.10.2.zip) to /home/es
(OFFLINE) If you install without internet connectivity, make sure that you have a tarball with the required packages on the machine, e.g. es-repo-rhel-7.tar.gz or es-repo-ubuntu-18.04.tar.gz. See Installation without internet access below for more details.

4. Extract the distribution package to /home/es.
This will unpack into three files: esInstall.bash, es.tar.gz and README.txt

5. Run the installation script /bin/bash esInstall.bash

6. Follow the instructions in the interactive installer. This will require some user input:

• Whether a local or remote database should be used. Choose Local (RECOMMENDED)
  • If local database is selected, an sqlite3 database on the same machine will be used. (RECOMMENDED)
  • If remote database is selected, you will need to enter connection details to your remote database during installation.
• Offline/Online mode. Choose Online (RECOMMENDED)
• Path to branding package. Hit Enter for default (RECOMMENDED)
• Language selection:
  • Choose 1) securiLang for on-premise
  • Choose 2) MAL, for AWS and Azure (RECOMMENDED) and give the path to your language .jar
• Whether securiCAD Enterprise should listen on http or https. Hit Enter for default (RECOMMENDED)
• Hostname to be used in the system generated host certificate
• Whether or not a local Worker node should be installed
  • If local Worker node is selected, the installation is automatic (RECOMMENDED)
  • If remote Worker node is selected, see Selecting remote worker below.

7. Save the default admin account credentials
When the installation process has finished a message is shown containing both URL on where to access the UI as well as an auto-generated initial admin account is provided. Be sure to keep this message as the account is the only way to login until additional accounts are created.

8. Apply licenses

• Enterprise license: On first login you will be redirected to the license upload page, there you can upload your securiCAD Enterprise license file.
• Worker license: Worker nodes need a license file at /home/es/securicad.license on the system which the worker(s) are running. The license file will be automatically picked up by the worker process and requires no further action.

9. Done!
Go to Setup and Configuration to setup your fresh securiCAD Enterprise installation.

Domain specific installation

If you are installing securiCAD Enterprise for AWS, Azure or Core you need to add a language package to your server. The language package is a tar.gz file for example aws-parser-1.0.0.tar.gz which you obtain from foreseeti. To install the package, follow steps below:

1. Create a directory for the package in the es folder: mkdir /home/es/custom_parsers
2. Copy the package to the folder: /home/es/custom_parsers/aws-parser-1.0.0.tar.gz
3. Restart the backend: sudo systemctl restart foreseeti-backend

(Optional) The default folder can be changed by editing the parameter parsers/custom_parsers_path in /home/ssm-user/bin/enterprise_suite/backend/apps/es/configs/config.json.

Worker node installation

Worker nodes can be added to an already installed host by following the steps below:

1. Make sure the prerequisites are met on the intended worker host:
   • A fresh installation of supported operating system
   • An account es with group es exist and has full sudo permissions
   • The es user must have a writable home directory /home/es
   • ssh access for the es user
2. Login as the es user on the host and make sure that the current working directory is /home/es
3. Run the installation command: /bin/bash bin/enterprise_suite/installer/esWorkerInstall.bash
4. Follow the instructions by the interactive installer. This will require some user input:
   • The hostname of the worker host
   • IP address of the worker host - the installer script will use ssh to connect to this address
   • Account and group name for the account under which the worker is installed on the worker host. Choose "es"/"es" when prompted.
   • After providing the necessary information, the installer will connect using ssh to the worker host to perform the installation.
   • Verify that a new worker node is available in the EP administrative GUI after a successful installation.
   • Worker license: Worker nodes need a license file at /home/es/securicad.license on the system which the worker(s) are running. The license file will be automatically picked up by the worker process and requires no further action.

Selecting remote worker

Make sure that the intended Worker host meets the prerequisites. The installation will prompt for some information:

• Hostname of the Worker host
• IP address of the Worker host - the installer script will use ssh to connect to this address
• Account and group name for the account under which the worker is installed on the worker host. Choose es/es when prompted.
• After providing the necessary information, the installer will connect using ssh to the worker host to perform the installation

Installation without internet access

To install securiCAD Enterprise without network access, you need to have a local repository with the required software packages pre-fetched.

Using a local repository during installation

If you have received a local repository from foreseeti or created your own with the instructions below you need to run the installation script with the following options:
1. Make sure that you have a tarball with the required packages on the machine, e.g. es-repo-rhel-7.tar.gz or es-repo-ubuntu-18.04.tar.gz
2. At the start of the installation choose “offline” as installation mode and select the path to the tar ball
3. Follow the rest of the installation process normally

Creating a local repository

If the Enterprise server system does not have internet access you need to create a local repository on a machine with network access and copy that local repository to the machine without network access.

The machine with network access needs to run the same operating system and version as the machine without network access. The archive es.tar.gz contains a script called create_local_repo.sh that creates a tarball that contains all the packages that are needed for installing securiCAD Enterprise without network access.

1. Extract the script with the following command:

tar -xvf es.tar.gz bin/enterprise_suite/installer/create_local_repo.sh --strip-components=3

2. Then execute the script on the machine with network access:
This will create the tar ball with the name es-repo-[OS]-[VERSION].tar.gz, e.g. es-repo-rhel-7.tar.gz or es-repo-ubuntu-18.04.tar.gz.

./create_local_repo.sh

3. Copy the tar ball file to the machine without network access. The default location for the tar ball is /home/es/es-repo-[OS]-[VERSION].tar.gz, but any location will work. When you run the installer and choose offline mode, you will be asked to provide the path for the tar ball.

Upgrading to the latest version

New versions of securiCAD Enterprise and underlying domain packages are updated continuously and upgrades for both are typically applied by following the installation instructions with the new packages.

Upgrading securiCAD Enterprise

Upgrades are applied by running the latest installation package in an existing machine.

1. Backup your database and configuration data by following the backup instructions
2. Follow step 1-5 in the Installation instructions above
3. When prompted in step 6, select to keep all data
4. Finish the rest of the steps and restart the machine

Upgrading the domain specific installation

Follow the steps described in Domain specific installation above.

Installation impact on the OS

The Enterprise server installation will make the following changes on the operating system:

• nginx is installed and enabled as a service, listening to port 443
• RabbitMQ is installed and enabled as a service
• Four EP-core services are registered:
  • foreseeti-backend
  • foreseeti-modelmerger
  • foreseeti-modelbuilder
  • foreseeti-worker (only if local Worker node is enabled)
• Python 3, pip, and a set of Python modules are installed

A worker node will make the following changes on the operating system:

• A GPU driver and OpenCL stack is installed
• A single service called foreseeti-worker is registered

File structure

When installed, the Enterprise server will have the following file structure in the es user home directory: