Setup Versio.io Managed
For all customers who want to run Versio.io in their own environment, Versio.io Managed is available.
Installation & startup package
Please carry out the installation by following the steps below:
- Verify server prerequisites
- Installation
- Recommended activities after installation
- Customize configuration
- Startup Versio.io Managed
Usefull activities to operate Versio.io Managed: 1. Shutdown Versio.io Managed 1. Backup & restore Versio.io Managed data
Prerequisites
Supported operating systems and sizing
The following operating systems are supported:
- Ubuntu
- Red Hat
- Fedora
- Debian
- AlmaLinux
The following sizing depending on the usage is recommended: setup-system-requirements
Software components
The installer assumes that the following software components are already installed on the host:
- tar & gzip
- curl & wget
- openssl (not necessary if own SSL certificates are available)
- docker (>= version 24.0.0)
- pv
- grep
- ss
- which
- systemctl
- jq
Check system requirements
Before starting any installation, please run our system requirement check script to ensure that all requirements are met!
# Download from GitHub
wget https://raw.githubusercontent.com/versio-io/check-versio.io-system-requirements/main/check-versio.io-system-requirements.sh
# Execute script
bash check-versio.io-system-requirements.sh
Command line: Download and execute the system requirements check before Versio.io Managed installation
Installation
Your Versio.io contact will provide you with a link to download the Versio.io Managed core installer. The installer can be downloaded and executed with the following commands. After the installation you will find the Versio.io application files in /opt/versio.io and the Versio.io data files in /home/versio.io.
wget -nv -N --no-check-certificate https://<my-link>/install-versio.io-managed.sh // your get authentification from Versio.io contact
bash install-versio.io-managed.sh
Command: Download and install Versio.io managed core
Before starting or updating the Versio.io Managed instance for the first time, you must log in to the Versio.io Docker image registry once.
docker login registry.versio.io // your get authentification from Versio.io contact
Command: Download Versio.io docker images
Initialize database, startup Versio.io Managed plattform and import Versio.io artificial intelligence content repository:
# Update the Versio.io Managed instance
bash update.sh
Command: Download Versio.io docker images
After successful installation and startup, we recommend that you perform the following activities as soon as possible:
- Login with the default user and password
- Configure SMTP server for e-mail notification (necessary for initial password set/reset!)
- Create new admin user (see
Environment settings - User & rights) - Deactivate default admin user
- Change default password
- Remove from default environment (see
Environment settings - User & rights)
- Create a new environment (see
Server settings - Environment settings) - Invite new user to the new environment (see
Environment settings - User & rights) - Install an OneImporter (see
Environment settings - OneImporter - Install) - Configure OneImporter configuration (see
Environment settings - OneImporter - Configurations)
Customizing
Environment variable
The following environment variables can be set to accommodate customer specific wishes, when starting Versio.io:
| Environment variable | Purpose of use | Description | Default value |
|---|---|---|---|
| VERSIO_DOMAIN | Web server config | Define the URL domain address under which the Versio.io browser user interface can be accessed on the network. The domain address must match the domain specified in the SSL certificate, otherwise the browser will display an error message. All deep links sent from the Versio.io platform use the domain address! |
Host name |
| VERSIO_ADDITIONAL_DOMAINS | Web server config | Optionally define the additional comma-separated URL domain addresses under which the Versio.io browser user interface can also be accessed in the network. It is important for the identity and access management. For example, for internal access via the IP. Please note that the SSL certificate must support the specified domains accordingly. | |
| VERSIO_PORT_HTTPS | Web server config | Define the port on which Versio.io can be accessed via HTTPS. | 443 |
| VERSIO_PORT_HTTP | Web server config | Define the port on which Versio.io should be accessible via HTTP. Please note that the HTTP has to be enabled in 'docker-compose.yml'. | 80 |
| VERSIO_VALIDITY_CERTIFICATE | Self generated SSL certificates | Validity of self-generated SSL certificates in days. | 365 |
| VERSIO_DATA | Versio.io server and backup.sh |
Define the folder to store all Versio.io logging and database data. | /home/versio.io |
| VERSIO_LOGGING_FOLDER | Versio.io server | Define the folder to store Versio.io logging data. | /home/versio.io/log |
| VERSIO_BACKUP_FOLDER | backup.sh |
Define the folder to store Versio.io backup data. | /home/versio.io/backup |
| VERSIO_STAGE | Versio.io server | Define the stage and logging behavior of the Versio.io instance. If the value is not equal to production or loadtest, the amount of logged information is increased. |
|
| VERSIO_DEPLOYMENT_PROFILE | Versio.io server | Define the profile to deploy Versio.io as a standalone or a distributed system (separated application and database stack) on different servers. Use application to deploy the application stack and database to deploy the database. |
standalone |
| VERSIO_DB_IP | Versio.io server | If the database is operated on a separate host, then define the IP of the database host in the environment variable. This is usually used in conjunction with the environment variable VERSIO_DEPLOYMENT_PROFILE. |
Internal IP address |
| VERSIO_GRC_REPLICAS | GRC microservice | Define the number of replicas for the GRC microservice (governance risk compliance). A higher number of replicas can parallelize the processing of GRC verifications and thus achieve higher processing performance. A value >= 1 should always be defined. | 2 |
| VERSIO_TOPOLOGY_REPLICAS | Topology microservice | Define the number of replicas for the topology microservice. A higher number of replicas can parallelize the processing of changes and thus achieve higher processing performance. A value >= 1 should always be defined. | 2 |
| VERSIO_EVENT_PROCESSING_REPLICAS | Event processing microservice | Define the number of replicas for the Event processing microservice. A higher number of replicas can parallelize the processing of changes and thus achieve higher processing performance. A value >= 1 should always be defined. | 2 |
| VERSIO_GATEWAY_REPLICAS | Gateway microservice | Define the number of replicas for the gateway microservice. A higher number of replicas can parallelize the processing of changes and thus achieve higher processing performance. A value >= 1 should always be defined. | 2 |
Configuration: Environment variables with default values
SSL certificate
The Versio.io startup script automatically generates an SSL certificate for HTTPS support if no certificate authority is available in the ./ssl folder (ca-root.pem and ca-private-key.pem).
For productive systems we recommend to store company specific SSL certificates in the ./ssl/versio.reverse-proxy folder of the startup script with following file names:
* cert-private-key.pem for the private key
* cert-public-key.pem for the public key
Please note that for self generated SSL certificates the certification authority 'ssl/ca-root.pem' should or must be made known on the client side:
- Browser: Import of the certification authority into the certificate memory of the browser. If this is not done, you will receive a browser warning where you can again indicate that you accept the risk.
- API usage: Announcement of the certification authority to the operating system or manual specification when starting the corresponding client application.
Startup
If the installation is finished, the Docker images are available and your customizing is ready, the Versio.io instance can be started:
bash startup.sh
Command: Start Versio.io instance
Enclosed is a sample output for starting a Versio.io instance:
Image: Versio.io Managed installer
After successful installation and startup, we recommend that you perform the following activities as soon as possible:
- Login with the default user and password
- Configure SMTP server for e-mail notification (necessary for initial password set/reset!)
- Create new admin user (see
Environment settings - User & rights) - Deactivate default admin user
- Change default password
- Remove from default environment (see
Environment settings - User & rights)
- Create a new environment (see
Server settings - Environment settings) - Invite new user to the new environment (see
Environment settings - User & rights) - Install an OneImporter (see
Environment settings - OneImporter - Install) - Configure OneImporter configuration (see
Environment settings - OneImporter - Configurations)
Shutdown
To shut down a Versio.io instance the corresponding command must be executed:
bash shutdown.sh
Command: Stop Versio.io instance
Then, for example, updates of Versio.io Docker images or other maintenance work can take place before Versio.io is started again.
Update
Platform
To update a Versio.io Managd instance the corresponding commands should be executed in /opt/versio.io/install folder as root user:
bash update.sh
Command: Update Versio.io Managed instance
It is recommended to make a backup before each update!
AI content
Versio.io provides Artifical Intelligance (AI) content for the assessment of product lifecycle and vulnerabilities. These change daily and should therefore be updated daily. We recommend running the update as a cron job.
bash /opt/versio.io/install/update-ai-rep.sh
Command: Update AI content on command line
0 6 * * * /bin/bash /opt/versio.io/install/update-ai-rep.sh > /opt/versio.io/install/update-ai-rep.log 2>&1
Command: Update AI content as cron job
Backup & restore
To backup a Versio.io server instance with all environment data the corresponding command must be executed (see environment varibale VERSIO_BACKUP_FOLDER):
bash /opt/versio.io/install/utils/backup-database-content.sh
Command: Backup Versio.io instance includes all environment data
The backup script creates a physical backup with name versio.io-backup-<date>-<time>.tar.gz. Physical backups are performed by copying the individual data files or directories (see logical versus physical backups).
To ensure data integrity, the Versio.io Server instance is stopped, the backup is performed and the Versio.io Server instance is restarted. This means that during this time the Versio.io Server is not available. The downtime depends on the data volume to be backed up and is displayed at the end of the backup execution.
It is recommended to run the backup continuously e.g. based on cron jobs:
40 0 * * * /opt/versio.io/install/utils/backup-database-content.sh
Configuration: Cronjob configuration for daily backup
To restore all Versio.io Managed data you can execute the follwoing script. Please note - All data of the current Versio.io Managed Instance will be overwritten!!!
bash /opt/versio.io/install/utils/restore-database-content.sh <backup-date-time>
Configuration: Cronjob configuration for daily backup
Please note that a repocessing of the full-text search and topology detection reprocessing for each (!) environment must be performed when restoring backup data:
- see
Environment Settings - Full-text search - Reprocess environment - see
Environment Settings - Topology detection - Reprocess environment
External identity provider
For a Versio.io Managed instance, external identity providers can be integrated in order to be able to use authentication and other security functions, such as single sign-on or two-factor authentication (2FA).
An identity provider is set up in the file /opt/versio.io/install/conf/auth.json. An example configuration with the name 'auth.example.json' is available in the same directory. After changing the auth.json file, the Versio.io Managed instance must be restarted.
On the following page you will find instructions on how to set up your Versio.io Managed instance with your identity provider.