Skip to main content

Initial preparation

This document is used to prepare a DOMOS/Qiata installation. If you would like to perform the installation yourself, we recommend the Quickstart Guide, which contains detailed information and procedures for installing DOMOS/Qiata. All data which are not marked as optional are required for the basic configuration.

DOMOS VM installation​

The installation can be done on KVM, VMWare or HyperV. Console access is sometimes required during the subsequent configuration.

danger

Please note that the Secure-Boot function must be disabled for the virtual machine.

Hard disk​

  • Size min. 10 GB
  • Connection with VirtIO or VirtIO SCSI

RAM​

  • Size min. 1 GB
  • Balloon possible

CPU​

  • minimum 1 Core

Network​

  • at least 1 interface
  • Connection with VirtIO-Net
  • Fixed MAC address

DOMOS configuration​

If the system is to be accessible from the Internet, access to port 22 (SSH) and 10000 (WebUI) should be filtered from the Internet. For the system update, the DOMOS system itself must be able to perform name resolution and have access to port 443 (HTTPS) (port 10000 is also possible) to external hosts (currently www.secudos.de and domosrepo.secudos.de). The access can be done via a proxy.

Software installed on DOMOS may have additional requirements.

For the proper functioning of DOMOS and the installed applications, external security devices (e.g. WAF, firewall systems, etc.) may have to be set.

  • IP address with netmask
  • Default gateway
  • Hostname (if possible resolvable via DNS)
  • at least 1 accessible name server

Timeservice (NTP) [OPTIONAL] ​

  • Address of timeserver

User​

  • New passwords for system users
  • Deposit of public keys for SSH access
  • New password for WebUI

Backup/Restore [OPTIONAL] ​

  • Accessible target (SMB, NFS, FTP)
  • Access data

E-Mail dispatch [OPTIONAL] ​

  • SMTP relay (IP or hostname)
  • E-mail account credentials
  • Sender name and e-mail
  • List of recipient addresses

WebUI [OPTIONAL] ​

  • Own SSL certificate
  • CA certificate for client certificates

DOMOS license​

  • License
  • Configuration of a proxy [OPTIONAL]
  • IP address and port
  • User name and password
  • System update

Network addresses/ports​

DOMOS/Qiata Updates​

Port 443

  • domosrepo.secudos.de [DOMOS5 only]
  • domosrepo2.secudos.de [DOMOS5 only]
  • domosrepo3.secudos.de [DOMOS6 only]

Ports: 443, 10000

License verification​

ls3.secudos.de [DOMOS6 only]

Port 443

ClamAV Updates (Patterns)​

  • db.de.clamav.net
  • db.local.clamav.net
  • database.clamav.net
  • current.cvd.clamav.net

Ports 53/tcp

Configuration data​

The following configuration data must be available for a successful DOMOS configuration. If the installation is accompanied by SECUDOS, please fill in the following sections with the required data and submit it securely to SECUDOS before the installation starts. These data are mandatory to start an installation.

If the installation is performed by you or a partner, you will also need this data. So a documentation of the values is recommended.

  • Hostname
  • IP address
  • Netmask
  • Default-Gateway
  • Nameserver

Qiata configuration​

  • Fixed IP address or FQDN, resolution via DNS must be given
  • Port 443 must be externally accessible
  • If available: SSL certificate
  • Access data to the mail server or for an SMTP relay (this user needs authorization to relay via the mail server)
  • Bind DN / Base DN incl. password if an LDAP server exists and is to be integrated

Configuration data​

The following configuration data must be available for a successful Qiata configuration. If the installation is accompanied by SECUDOS, please fill in the following sections with the required data and submit it securely to SECUDOS before the installation starts. These data are mandatory to start an installation.

If the installation is performed by you or a partner, you will also need this data. So a documentation of the values is recommended.

  • FQDN
  • Mail-Server
  • Bind DN
  • Base DN