Sicura Enterprise Edition
  1. Introduction
  2. Server Installation
  3. Client Installation
  4. Configuring SIMP Compliance Engine
  5. Configuring SCAP Dashboard

The installation of SIMP Enterprise Edition will be familiar to existing SIMP users. The following is information for some of the new features and options, including licensing requirements, installation methods, and other special features.

Licensing

A license key is required to complete all SIMP Enterprise installations, major updates, as well as upgrades from the Community Edition. This key will also be used for verification in future versions. Your account executive should have emailed you a copy of your license key when your account was created. If you need a replacement license key, please email sales@onyxpoint.com.

In order to install SIMP Enterprise Edition from the Yum Repository you will need to make sure that your SIMP Enterprise license key is downloaded onto the SIMP server and saved to /etc/simp/license.key.

Server Installation

Server Installation from CD

To download the SIMP EE ISO image, you can use either our downloader or curl. Both methods require a valid, non-expired SIMP Enterprise license key to authenticate against the download servers.

Getting the ISO using a Downloader

We’ve added a special helper script here that will automatically download the latest SIMP ISO for Enterprise to your local machine.

curl https://download.simp-project.com/simp/assets/simp-downloader/simp-downloader | bash -s --

You can add command line flags after the double dash, for example to change the version to 6.2.0-0:

curl https://download.simp-project.com/simp/assets/simp-downloader/simp-downloader | bash -s -- -v 6.2.0-0

Getting the ISO using curl

If you don’t want to use the convenience script, you can download the ISO using curl and passing /etc/simp/license.key as the cacert, cert, and key:

curl -f -o SIMP-Enterprise-6.2.0-0.el7-CentOS-7.0-x86_64.iso --cacert /etc/simp/license.key --cert /etc/simp/license.key --key /etc/simp/license.key https://enterprise-download.simp-project.com/products/simp-enterprise/simp-enterprise/SIMP-Enterprise-6.2.0-0.el7-CentOS-7.0-x86_64.iso

This command will also be returned to you if you specify the -n ‘dry-run’ flag to simp-downloader, particularly if you want to run the script on a different machine then the one performing the download.

ISO Installation Process

To install a new SIMP Enterprise Server via ISO, follow these instructions until you reach the steps (https://simp.readthedocs.io/en/6.2.0-0/user_guide/Initial_Server_Configuration.html?highlight=bootstrap) where you run simp config and simp bootstrap.

After the simp config and simp bootstrap commands have been executed, the enterprise modules and files will be available to all nodes.

Server Installation From a YUM Repository

To install your server from the SIMP Enterprise YUM repository, we’ve provided a pre-configured RPM package. Installing the package will install the GPG key and configure the repository correctly. Don’t forget, the SIMP Enterprise YUM repositories require a valid SIMP EE License key file to be installed at /etc/simp/license.key.

For Red Hat or CentOS execute:

yum install https://download.simp-project.com/simp/yum/simp-6-platform.rpm

Once the repository is installed, there is a package for each version of SIMP EE. To install the latest 6.x version of SIMP EE:

yum install simp-enterprise

To install a specific version of SIMP EE, such as 6.2.0-0:

yum install simp-enterprise-6.2.0-0

Server Installation using a tar Archive

To download just an installation tar file containing just the modules and assets, you can use our downloader or curl. Both methods require a valid, non-expired SIMP Enterprise license key to authenticate against the download servers.

Getting the tar Archive using a Downloader

We’ve added a special helper script here that will automatically download the latest SIMP Installation tar file for Enterprise to your local machine.

curl https://download.simp-project.com/simp/assets/simp-downloader/simp-downloader | bash -s -- -t install-tarball

You can add command line flags after the double dash, for example to change the version to 6.2.0-0:

curl https://download.simp-project.com/simp/assets/simp-downloader/simp-downloader | bash -s -- -t install-tarball -v 6.2.0-0

Getting the tar Archive using curl

If you don’t want to use the convenience script, you can download the tar file using curl and passing /etc/simp/license.key as the cacert, cert, and key:

curl -f -o simp-enterprise-6.2.0-0.tgz --cacert /etc/simp/license.key --cert /etc/simp/license.key --key /etc/simp/license.key https://enterprise-download.simp-project.com/products/simp-enterprise/simp-enterprise/simp-enterprise-6.2.0-0.tgz

This command will also be returned to you if you specify the -n ‘dry-run’ flag to simp-downloader, particularly if you want to run the script on a different machine than the one performing the download.

Tar Archive Installation Process

The tar file contains a copy of all SIMP Puppet modules and binary assets in SIMP Enterprise found under the SIMP/modules and SIMP/assets directories, respectively. It is recommended that these assets be placed in /usr/share/simp/assets/ so that the Puppet module will install them correctly.

Post Installation

You will need to edit the Puppet servers’s Hiera configuration and add simp_windows::download_server to classes by editing /etc/puppetlabs/code/environments/production/data/hosts/<servername>.yaml .

---
classes:
  - simp_windows::download_server

This will configure an Apache site on https://<servername>/assets/ that contains the Logstash plugins, Grafana plugins, and Windows MSI installers.

We recommend disabling FIPS mode and simp-config driven YUM repositories on all Windows servers by editing /etc/puppetlabs/code/environments/production/data/windows.yaml.

---
simp_options::fips: false
class_exclusions:
  - simp::yum::repo::local_os_updates
  - simp::yum::repo::local_simp