Skip to content

Setup Versio.io Managed

Introduction

For all customers who want to run Versio.io in their own environment, Versio.io Managed is available. Please carry out the installation by following the steps below:

  1. Verify server requirements, hardware sizing and prerequisites
  2. Install Versio.io Managed platform
  3. Recommended activities after installation
  4. Customize configuration
  5. Learn how you can operate it

System requirement

The details to system requirements and hardware sizing you found here: setup-system-requirements

Tip

Before starting any installation, please run our system requirement check script to ensure that all requirements are met!

``` wget https://raw.githubusercontent.com/versio-io/check-versio.io-system-requirements/main/check-versio.io-system-requirements.sh

sudo ./check-versio.io-system-requirements.sh ```

Command line: Download and execute the system requirements check before Versio.io Managed installation

Installation

Your Versio.io contact will provide you with a link to download the Versio.io Managed core installer. The installer can be downloaded and executed with the following commands. After the installation you will find the Versio.io application files in /opt/versio.io and the Versio.io data files in /home/versio.io.

# Download the Versio.io Managed installer
wget -nv -N --no-check-certificate https://<my-link>/install-versio.io-managed.sh // your get authentification from Versio.io contact

# Execute the installation as 'root' user
sudo ./install-versio.io-managed.sh

Command: Download and install Versio.io managed core

Attention

When the Versio.io platform is installed, a user and a group named versio are created. All further operational activities must be executed with the user versio.

su versio

Command: Switch to the Versio.io platform user

Before starting or updating the Versio.io Managed instance for the first time, you must log in to the Versio.io Docker image registry once.

# Register to Versio.io container image reporistory
# The needed authentification you get from your Versio.io contact
docker login registry.versio.io 

Command: Login to the Versio.io docker registry

With the update.sh script you can initialize the database, download Versio.io platform iamges, startup Versio.io Managed platform and import Versio.io artificial intelligence content repository:

# Update the container images and initialize the database schema
bash update.sh

Command: Initialize and update the Versio.io platform

After successful installation and startup, we recommend that you perform the following activities as soon as possible:

  1. Login with the default user and password in the ✪ Platform administration environment (your get authentification from your Versio.io contact)
  2. Configure SMTP server for e-mail notification. It is necessary for initial password set/reset!
  3. Create new admin user and assign it to the user group Server administrators. (see Access management - Users)
  4. Deactivate default admin user
    1. Change default password
    2. Remove from user group Server administrators
  5. New environment
    1. Create a new environment (see Server settings - Environments)
    2. Switch to the new environment (see user context menu top right).
    3. Invite new user to the new environment (see Environment settings - Access Management - Users)
  6. First OneImporter or OneGate
    1. Install an OneImporter/OnGate (see Environment settings - OneImporter - Install)
    2. Configure OneImporter/OnGate configuration (see Environment settings - OneImporter - Configurations)

Operation

Startup

If the installation is finished, the Docker images are available and your customizing is ready, the Versio.io instance can be started:

# Startup the Versio.io platform
bash startup.sh

Command: Start Versio.io instance

Enclosed is a sample output for starting a Versio.io instance:

Versio.io Managed Installer

Image: Versio.io Managed installer

Attention

After successful installation and first startup, we recommend that you perform the following activities as soon as possible:

  1. Login with the default user and password
  2. Configure SMTP server for e-mail notification (necessary for initial password set/reset!)
  3. Create new admin user (see Environment settings - User & rights)
  4. Deactivate default admin user
    • Change default password
    • Remove from default environment (see Environment settings - User & rights)
  5. Create a new environment (see Server settings - Environment settings)
  6. Invite new user to the new environment (see Environment settings - User & rights)
  7. Install an OneImporter (see Environment settings - OneImporter - Install)
  8. Configure OneImporter configuration (see Environment settings - OneImporter - Configurations)

Status

Get a detailed status of the operational environment and execution status of the Versio.io platform:

# Check operation state of the Versio.io platform
bash status.sh

Command: Status of the Versio.io platform

Then, for example, updates of Versio.io Docker images or other maintenance work can take place before Versio.io is started again.

Shutdown

To shut down a Versio.io instance the corresponding command must be executed:

# Shutdown the Versio.io platform
bash shutdown.sh

Command: Stop Versio.io instance

Then, for example, updates of Versio.io Docker images or other maintenance work can take place before Versio.io is started again.

Update

It is recommended to make a backup before each update!

To update a Versio.io Managd instance the corresponding commands should be executed in /opt/versio.io/install folder as versio user:

# Update the container images and the database schema
bash update.sh

Command: Update Versio.io Managed instance

If the application stack and the database of the Versio.io platform are operated on separate server instances, the update should be carried out as follows:

# LOGIN APP STACK HOST!

# Shutdown app stack
bash shutdown.sh

# SWITCH TO DATABSE HOST!

# Update database stack
bash update.sh

# SWITCH TO APP STACK HOST!

# Update app stack
bash update.sh

Command: Update Versio.io Managed instance with seperated app and database stack

Update AI content

Versio.io provides Artifical Intelligance (AI) content for the assessment of product lifecycle and vulnerabilities. These change daily and should therefore be updated daily. We recommend running the update as a cron job.

# Update the artificial intelligence content repositories (product, lifecycle, vulnerability etc.)
bash /opt/versio.io/install/utils/update-ai-rep.sh

Command: Update AI content on command line

# Cron job to update each day the artificial intelligence content repositories. Please configure it for user 'versio'!
0 6 * * * /bin/bash /opt/versio.io/install/utils/update-ai-rep.sh > /opt/versio.io/install/utils/update-ai-rep.log 2>&1

Command: Update AI content as cron job

Backup & restore

To backup a Versio.io server instance with all environment data the corresponding command must be executed (see environment varibale VERSIO_BACKUP_FOLDER):

# Backup all Versio.io content data
bash /opt/versio.io/install/utils/backup-database-content.sh

Command: Backup Versio.io instance includes all environment data

The backup script creates a physical backup with name versio.io-backup-<date>-<time>.tar.gz. Physical backups are performed by copying the individual data files or directories (see logical versus physical backups).

To ensure data integrity, the Versio.io Server instance is stopped, the backup is performed and the Versio.io Server instance is restarted. This means that during this time the Versio.io Server is not available. The downtime depends on the data volume to be backed up and is displayed at the end of the backup execution.

It is recommended to run the backup continuously e.g. based on cron jobs:

# Crontab configuration for daily backup. Please configure it for user 'versio'!
40 0 * * * /opt/versio.io/install/utils/backup-database-content.sh

Configuration: Cronjob configuration for daily backup

To restore all Versio.io Managed data you can execute the follwoing script. Please note - All data of the current Versio.io Managed Instance will be overwritten!!!

# Restore all Versio.io content data
bash /opt/versio.io/install/utils/restore-database-content.sh <backup-date-time>

Configuration: Cronjob configuration for daily backup

Please note that a repocessing of the full-text search and topology detection reprocessing for each (!) environment must be performed when restoring backup data:

  • see Environment Settings - Full-text search - Reprocess environment
  • see Environment Settings - Topology detection - Reprocess environment

Customizing

Environment variable

The following environment variables can be set to accommodate customer specific wishes, when starting Versio.io:

Environment variable Purpose of use Description Default value
VERSIO_DOMAIN Web server config Define the URL domain address under which the Versio.io browser user interface can be accessed on the network. The domain address must match the domain specified in the SSL certificate, otherwise the browser will display an error message.
All deep links sent from the Versio.io platform use the domain address!
Host name
VERSIO_ADDITIONAL_DOMAINS Web server config Optionally define the additional comma-separated URL domain addresses under which the Versio.io browser user interface can also be accessed in the network. It is important for the identity and access management. For example, for internal access via the IP. Please note that the SSL certificate must support the specified domains accordingly.
VERSIO_PORT_HTTPS Web server config Define the port on which Versio.io can be accessed via HTTPS. 443
VERSIO_PORT_HTTP Web server config Define the port on which Versio.io should be accessible via HTTP. Please note that the HTTP has to be enabled in 'docker-compose.yml'. 80
VERSIO_VALIDITY_CERTIFICATE Self generated SSL certificates Validity of self-generated SSL certificates in days. 365
VERSIO_DATA Versio.io server and backup.sh Define the folder to store all Versio.io logging and database data. /home/versio.io
VERSIO_LOGGING_FOLDER Versio.io server Define the folder to store Versio.io logging data. /home/versio.io/log
VERSIO_BACKUP_FOLDER backup.sh Define the folder to store Versio.io backup data. /home/versio.io/backup
VERSIO_STAGE Versio.io server Define the stage and logging behavior of the Versio.io instance. If the value is not equal to production or loadtest, the amount of logged information is increased.
VERSIO_DEPLOYMENT_PROFILE Versio.io server Define the profile to deploy Versio.io as a standalone or a distributed system (separated application and database stack) on different servers. Use application to deploy the application stack and database to deploy the database. standalone
VERSIO_DB_IP Versio.io server If the database is operated on a separate host, then define the IP of the database host in the environment variable. This is usually used in conjunction with the environment variable VERSIO_DEPLOYMENT_PROFILE. Internal IP address
VERSIO_GRC_REPLICAS GRC microservice Define the number of replicas for the GRC microservice (governance risk compliance). A higher number of replicas can parallelize the processing of GRC verifications and thus achieve higher processing performance. A value >= 1 should always be defined. 2
VERSIO_TOPOLOGY_REPLICAS Topology microservice Define the number of replicas for the topology microservice. A higher number of replicas can parallelize the processing of changes and thus achieve higher processing performance. A value >= 1 should always be defined. 2
VERSIO_EVENT_PROCESSING_REPLICAS Event processing microservice Define the number of replicas for the Event processing microservice. A higher number of replicas can parallelize the processing of changes and thus achieve higher processing performance. A value >= 1 should always be defined. 2
VERSIO_GATEWAY_REPLICAS Gateway microservice Define the number of replicas for the gateway microservice. A higher number of replicas can parallelize the processing of changes and thus achieve higher processing performance. A value >= 1 should always be defined. 2

Configuration: Environment variables with default values

SSL certificate

The Versio.io startup script automatically generates an SSL certificate for HTTPS support if no certificate authority is available in the ./ssl folder (ca-root.pem and ca-private-key.pem).

For productive systems we recommend to store company specific SSL certificates in the ./ssl/versio.reverse-proxy folder of the startup script with following file names: * cert-private-key.pem for the private key * cert-public-key.pem for the public key

Please note that for self generated SSL certificates the certification authority 'ssl/ca-root.pem' should or must be made known on the client side:

  • Browser: Import of the certification authority into the certificate memory of the browser. If this is not done, you will receive a browser warning where you can again indicate that you accept the risk.
  • API usage: Announcement of the certification authority to the operating system or manual specification when starting the corresponding client application.

External identity provider

For a Versio.io Managed instance, external identity providers can be integrated in order to be able to use authentication and other security functions, such as single sign-on or two-factor authentication (2FA).

An identity provider is set up in the file /opt/versio.io/install/conf/auth.json. An example configuration with the name 'auth.example.json' is available in the same directory. After changing the auth.json file, the Versio.io Managed instance must be restarted.

On the following page you will find instructions on how to set up your Versio.io Managed instance with your identity provider.