Initial Preparation
This document describes the requirements and preparation steps for a DOMOS/Qiata installation.
If you would like to perform the installation yourself, we recommend the Quickstart Guide, which contains detailed information and procedures for installing DOMOS/Qiata.
All information not marked as optional is required for the initial configuration.
DOMOS VM Installationβ
The installation can be performed on KVM, VMware, or Hyper-V.
Console access may be required during the subsequent configuration.
Please note that the Secure Boot feature must be disabled for the virtual machine.
System Requirementsβ
Diskβ
- Minimum size: 10 GB
- Use either VirtIO or VirtIO SCSI as the disk controller
Memoryβ
- Minimum:
4096 MBRAM - More memory is recommended depending on system usage
- Memory ballooning is supported
CPUβ
- Requirement: 64-bit x86 processor with support for the x86-64-v3 architecture, including the AVX2 instruction set
- Proxmox: Use
x86_64_v3if the hardware platform is sufficiently modern - Hyper-V: Current versions are compatible by default
Networkβ
- At least one network interface is required
- Use VirtIO-Net as the network adapter type
- A static MAC address is required
More resources are recommended.
DOMOS Configurationβ
If the system is accessible from the internet, access to ports 22 (SSH) and 10000 (WebUI) should be filtered from external access.
For system updates, the DOMOS system itself must be able to perform DNS resolution and access port 443 (HTTPS), alternatively port 10000, to external hosts.
Access can also be provided through a proxy server.
Software installed on DOMOS may have additional requirements.
For proper operation of DOMOS and the installed applications, external security systems (for example WAFs or firewall systems) may require additional configuration.
- IP address with netmask
- Default gateway
- Hostname (if possible, resolvable via DNS)
- At least one accessible DNS server
Time Service (NTP) [OPTIONAL]β
- Address of the time server
Userβ
- New passwords for system users
- Public keys for SSH access
- New password for the WebUI
Backup/Restore [OPTIONAL]β
- Accessible backup target (FTPS)
- Access credentials
Email Dispatch [OPTIONAL]β
- SMTP relay (IP address or hostname)
- Email account credentials
- Sender name and email address
- List of recipient addresses
WebUI [OPTIONAL]β
- Custom SSL certificate
- CA certificate for client certificates
DOMOS Licenseβ
- License
- Proxy configuration [OPTIONAL]
- IP address and port
- Username and password
- System update
Network Addresses/Portsβ
DOMOS/Qiata Updatesβ
-
www.secudos.dePort 443 -
domosrepo3.secudos.dePorts: 443, 10000
License Verificationβ
-
ls3.secudos.dePort 443
ClamAV Updates (Patterns)β
-
database.clamav.net -
current.cvd.clamav.netPort 53/tcp
Configuration Dataβ
The following configuration data must be available for a successful DOMOS configuration.
If the installation is performed together with SECUDOS, please complete the following sections with the required information and submit it securely to SECUDOS before the installation begins.
This information is required before the installation can begin.
If the installation is performed by you or a partner, this information is also required. Documenting these values is strongly recommended.
- Hostname
- IP address
- Netmask
- Default Gateway
- Nameserver
Qiata Configurationβ
- Static IP address or FQDN with valid DNS resolution
- Port
443must be externally accessible - If available: SSL certificate
- Access credentials for the mail server or SMTP relay (the account must be permitted to relay emails through the mail server)
- Bind DN / Base DN including password if an LDAP server exists and should be integrated
Configuration Dataβ
The following configuration data must be available for a successful Qiata configuration.
If the installation is performed together with SECUDOS, please complete the following sections with the required information and submit it securely to SECUDOS before the installation begins.
This information is required before the installation can begin.
If the installation is performed by you or a partner, this information is also required. Documenting these values is strongly recommended.
- FQDN
- Mail Server
- Bind DN
- Base DN