Installation

Note

Please read ALL instructions before installing.

For an Ericom Shield production system, use the Shield Installation Script. This script first installs Ericom Shield on the machine from scratch. Once done, there’s a service that can be used to stop and restart the containers. In addition, Ericom Shield includes an Auto-Update feature to ensure it is always up to date with the latest release. The Auto-Update feature is disabled by default. When enabled, it checks for updates each time it is started.

When using upstream proxy, it is critical to configure the servers to work with the proxy, this needs to be done correctly and prior to installing Ericom Shield. To do so, follow these steps.

Prerequisites

Linux Ubuntu 16.04 or 18.04 Server (64-bit, not workstation) - can be downloaded here

Install SSH Server

Note

Important: Ensure that a fixed IP is assigned. Changing the machines IP address after installing Shield will require redeployment of the Shield infrastructure.

Deployment

Connect to the Linux machine using SSH. Use the machine IP address as the <ProxyHostname> (will be referred to in the upcoming steps).

Note

Commands should be run as default user. Do not use sudo su since it should NOT be run as root. Instead use the syntax sudo <command> <parameters>.

Before installing, it is recommended to run some preliminary checks. Ericom Shield includes a pre-installation script that performs these checks, to verify that the requirements are met and that the installation can be completed successfully. The script checks:

  • General platform compatibility
  • Total amount of memory
  • Check if DNS is slow or down
  • CPU performance
  • Internet connectivity and speed
  • Storage speed and free space

Note

This is the most extensive set of tests. Some of these tests are performed in the system on other occasions (Periodic and Analyzer), but in a partial manner.

To manually run this script, please run the following commands:

sudo wget https://ericom-tec.ashisuto.co.jp/pre-install-check.sh
sudo chmod +x pre-install-check.sh
sudo ./pre-install-check.sh

If the script output includes a WARNING regarding some checks - it is recommended to solve these issues before proceeding with the installation. If these warnings are ignored, it may lead to a system malfunction.

If the script output includes a FAIL regarding one of the checks - installation cannot be completed until this issue is resolved.

If the pre-installation checks are completed successfully, proceed with the installation. Run the following commands:

sudo wget https://ericom-tec.ashisuto.co.jp/shield/setup.sh
sudo chmod +x setup.sh
sudo ./setup.sh

The installation process may take several minutes to complete. The pre-installation checks are performed as part of the installation script. If these checks are completed successfully, the installation commences.

If the installation is completed successfully, this output is displayed:

Ericom Shield Version: - SHIELD_VER=(# of version) is up and running

Ericom Shield is installed in /usr/local/ericomshield.

Shield includes an auto update mechanism. It is disabled by default (to allow manual updates upon request). When enabled, Shield will always be up to date with the latest production version. To enable this mechanism once the installation is finished, run the update service once:

sudo ./update.sh sshkey

Credentials are required. This will create the SSH certificate on all the system machines. This is required for future updates. For more details regarding the auto update mechanism, go here.

Now that the installation is complete, activate the license. For more details, go here.

Backup

Shield Backup is located in /usr/local/ericomshield/backup. Save this folder to an external location for safekeeping. This can be done using rsync or any other related service.

Useful Services

Ericom Shield includes the following useful services:

Check System Status

To check the system status at any time:

sudo ./status.sh
Check Status

This service includes several options. The output of the different service options is very useful to understand if there’s a problem in the system:

  1. A general view of the system status:

    sudo ./status.sh -a

The data returned consists of two sections. Upper section includes services details and bottom section - a summary about the system status.

../../../_images/statusupper.png

Note

When there are alerts in the system, the system is marked as NOT Healty (does not mean it is not running). Information about the alerts can be found in the Admin dashboard.

  1. List the nodes in the system (single/multi), including data about each node:

    sudo ./status.sh -n

The output is a table with all the nodes in the system:

../../../_images/statusnodes.png

  1. List the services in the system:

    sudo ./status.sh -s

Prints a detailed report of the services in the system and which service runs on which node.

  1. List the errors in the system (single/multi), including data about each node:

    sudo ./status.sh -e

The output is a table specifying errors in the system (if any exist):

../../../_images/statuserrors.png

Stop Shield

To stop an active system, including all running containers:

sudo ./stop.sh

Start Shield

To start a stopped system and redeploy the containers:

sudo ./start.sh

Restart Shield

To restart a system:

sudo ./restart.sh

NetData

Ericom Shield includes an optional, real-time performance monitoring service, using Netdata. This service can be used for any management node in the system.

To enable this service, run the following commands (on the desired management node):

cd /usr/local/ericomshield
sudo ./nodes.sh -add-label <NodeName> netdata

Once enabled, this service is available on port 8383.

To check out the current system status, go to http://<NodeHostname>:8383. The data displayed includes various parameters. Below is a partial view:

Netdata