SDP install
You can install the Controller and Gateway using the deb package provided on the product download site.
**Controller can only be installed in an external internet environment because it requires downloading docker images (cassandra, keycloak) during the installation process.
All TCP communication between Controller - Gateway - Client is done with mTLS. Therefore, SSL certificates signed by the policy server through the certificate service are required for all components to operate SDP.
In environments that can communicate with the policy server, if you set the policy server IP and administrator API KEY after setting up the workflow, the SSL certificate is automatically issued from the policy server during the SDP package installation process.
In environments where communication with the policy server is not possible, you need to create a CSR manually and download and install the required server/client certificate on your device through System>Certificate Service.
Controller install
Download the SDP controller package and upload it to your device
SDP-CONTROLLER-C-133621-6.0.34.0325.deb
Installing packages using the apt command
$sudo apt install ./SDP-CONTROLLER-C-133621-6.0.34.0325.debThe setup items are described below.
Setting name |
Description |
|---|---|
PrimaryIP |
IP of device |
CommunicationPort |
Ports for mTLS communication |
SpaPort |
Port for receiving SPA packets |
PolicyServerIP |
IP of policy server |
PolicyServerAPIKey |
Admin API key (required to issue SSL certificates using WorkFlow) |
CaServerAPIUrl |
The URL used to issue the certificate defined in the WorkFlow |
SshAllowedIP |
IP to allow SSH access |
SpaGlobalSecret |
The shared secret key used for the Controller<>Client, Controller<>Gateway SPA |
DeviceUuid |
Device's UUID (unique value to identify the device) |
PortTimeout |
After SPA authentication, how long to allow mTLS communication |
HostName |
The domain name of the device (enter IP if not present) |
GatewayUuidList |
List of gateway UUIDs (only allow gateways registered in this setting to be used) |
ControllerList |
List of IPs when using controller HA |
ControllerProxySpaPort |
SPA ports to use when using controller HA |
ControllerProxyCommunicationPort |
mTLS ports to use when using controller HA |
ControllerProxyHealthCheckIntv |
Health check interval to use when using controller HA |
VrrpInterface |
Interface name to be used for VRRP when using controller HA |
VrrpRouterId |
Group ID to be used for VRRP when using controller HA(set to the same value between redundant devices) |
VrrpPriority |
VRRP priority to use when using controller HA |
VrrpInterval |
VRRP check interval to use when using controller HA |
VrrpVirtualIP |
Virtual IP to use when using controller HA |
KeycloakAdminId |
keycloak admin ID |
KeycloakAdminPassword |
keycloak admin password |
KeycloakHostName |
Domain name or IP used to connect to keycloak |
KeycloakHostPort |
Ports accessible from outside keycloak (externally exposed ports) |
KeycloakHttpsPort |
Ports to be used by keycloak docker (internally exposed ports) |
KeycloakRealm |
keycloak realm name |
KeycloakClientName |
keycloak client name |
CassandraSeeds |
Enter the IP of the first installed controller as the value for the database cluster |
CassandraAdmin |
Database admin ID |
CassandraAdminPassword |
Database admin pasword |
Gateway install
Download the SDP gateway package and upload it to your device
SDP-GATEWAY-C-133621-6.0.34.0325.deb
Installing packages using the apt command
$sudo apt install ./SDP-GATEWAY-C-133621-6.0.34.0325.debThe setup items are described below.
Setting name |
Description |
|---|---|
PrimaryIP |
IP of device |
CommunicationPort |
Ports for mTLS communication |
SpaPort |
Port for receiving SPA packets |
PolicyServerIP |
IP of policy server |
PolicyServerAPIKey |
Admin API key (required to issue SSL certificates using WorkFlow) |
CaServerAPIUrl |
The URL used to issue the certificate defined in the WorkFlow |
SshAllowedIP |
IP to allow SSH access |
SpaGlobalSecret |
The shared secret key used for the Controller<>Client, Controller<>Gateway SPA |
DeviceUuid |
Device's UUID (unique value to identify the device) |
PortTimeout |
After SPA authentication, how long to allow mTLS communication |
HostName |
The domain name of the device (enter IP if not present) |
VpnPort |
VPN service port |
ControllerIP |
IP of controller |
ControllerDomain |
domain of controller |
ControllerUUID |
UUID of controller |
ControllerSPAPort |
SPA port of controller |
ControllerCommPort |
The controller's communication port for mTLS communication with the controller. |
VpnPortTimeout |
Time to allow VPN access after SPA authentication |
PublicIP |
Set if the IP used internally is different from the IP to be accessed externally (if this value is set, the controller will pass it as the value when sending gateway IP information to clients) |