Core Node and Central Core Node Configuration
  • 28 Sep 2022
  • 5 Minutes to read
  • Dark
    Light
  • PDF

Core Node and Central Core Node Configuration

  • Dark
    Light
  • PDF

As part of the central core architecture, the following configuration must be set on each core node and on the central core node. For more details, see Central Core Architecture.

Core Node Configuration (for Upload)

NOTE

The exact settings, including the passphrase, must be configured on all core nodes and on the central core node.

For each core node, open the Global Settings tab under the System Settings, and go to the Data Synchronization Settings section. Select the Enable data synchronization (central core architecture) checkbox and select the desired storage location option, and specify the required credentials. Those credentials will be used to upload an assets file of all its devices and users.

Axonius supports the following options for the storage of the asset data from each Axonius core node, each requires a different open port:

Central Core Node Configuration (for Download)

NOTE

Contact your Axonius account representative to configure the desired Axonius instance as the central core node.

Configure the same storage location credentials and the same passphrase as supplied in all the core nodes, as the central core node downloads and loads all the data from a single storage location.

Amazon S3 Settings

For information about creating, configuring, and accessing Amazon S3 buckets, see Configuring an S3 Bucket to use with Axonius.

image.png

  1. Data encryption passphrase (min. 16 characters) (required, default: empty) - Specify a passphrase for the created file. The passphrase must consist of at least 16 characters.
  2. AWS Access Key ID and the AWS Secret Access Key (optional, default: empty) - Specify the AWS Access Key ID and the AWS Secret Access Key to access the Amazon S3 bucket.
    • If supplied, Axonius uses the account user credentials to send the asset file to the Amazon S3 bucket.
    • If not supplied, Axonius will use the EC2 instance (Axonius installed on) attached IAM role / instance profile to send the asset file to the Amazon S3 bucket.
  3. Enable backup to Amazon S3 (required, default: False) - On each core node, this checkbox must be enabled.
  4. Proxy (optional, default: empty) - HTTP/HTTPS proxy to use when connecting to the AWS APIs.
    • If supplied, Axonius will utilize the proxy when connecting to the AWS APIs.
    • If not supplied, Axonius will connect directly to the AWS APIs.
  5. Filename format (optional, default: empty) - Specify a fixed file name, format or use the default file format. The file name appears as Backup Source on the Devices page.
    • If supplied, the asset file name and its format will be as specified.
      • The following parameters are supported: year, month, day, hour, minute, second
      • For example: core_1_{year}{month}{day}_{hour}:{minute}:{second}.extension
      • The supplied value can contain slashes "/" to specific a folder to place the data in.
    • If not supplied, the asset file format will be as follows:
      • axonius_backup_<core_instance_name><core_instance_hostname><core_instance_ips>_<date_today>.tar.gz.gpg
      • For example:
        axonius_backup_Master_axonius_10.0.2.3_2020-10-04_03:54:11.718614.tar.gz.gpg

Required Ports

  • Port TCP 443

Required Permissions

The values supplied in AWS Access Key ID and AWS Access Key Secret or the EC2 instance (Axonius installed on) attached IAM role account must have the following permissions:

  • s3:PutObject
  • s3:GetObject
  • s3:ListBucket
  • s3:PutObjectTagging
  • s3:DeleteObject

Those permissions must be added to a policy attached to relevant IAM user account.
For details on creating an IAM user and attaching policies, see Connecting the Amazon Web Services (AWS) Adapter.

Azure Blob Storage Settings

image.png

  1. Data encryption passphrase (min. 16 characters) (required, default: empty) - Specify a passphrase for the created file. The passphrase must consist of at least 16 characters.
  2. Storage container name (required, default: empty) - The Azure Storage container name.
  3. Connection string (required, default: empty) - The connection string that includes the authorization information required to access data in the Azure Storage account.

Required Ports

  • Port TCP 443

Required Permissions

The values supplied in Storage container name and Connection string must have read (for the central core node) / write (for the core node) privileges in the folder that contains the assets file.

To configure the Storage container name and Connection string:

  1. Login to your Azure account.
  2. From the Home blade, search for and open Storage Accounts.
  3. If you have a storage account already created, you can use that. Alternately, you can choose to create a new storage account.
    1. Click the + Add button to add a new Storage Account.
    2. On the Create storage account blade, choose the appropriate Subscription and Resource group. Specify a name for the storage account, and a preferred location. If you have security or other requirements to further define the account, set those as appropriate.
    3. Click Review and Create.
  4. Back in the Storage accounts blade, click on the Storage account that you would like to use.
  5. In the menu on the left, choose Access keys.
  6. Copy the connection string for either key1 or key2.
    NOTE

    Please note that when you rotate your storage account keys, you will need to update the Connection string in Axonius.

SMB Share Settings

SMBSettings

  1. Data encryption passphrase (min. 16 characters) (required, default: empty) - Specify a passphrase for the created file. The passphrase must consist of at least 16 characters.
  2. SMB port (optional, default: empty) - The SMB port.
    • If supplied, the specified port will be used.
    • If not supplied, If Use 'NetBIOS over TCP' (NBT) is enabled, port TCP 139 will be used. Otherwise, port TCP 445 will be used.
  3. SMB share path (required) - Specify the SMB share path, The SMB share path should be in the following format: \<hostname/ip_address><share_name>\path\to\directory​ . For example \127.0.0.1\local_share\home\elizabeth
  4. User name and Password (optional, default: empty) - Specify the SMB share user name and password, if required.
  5. Use 'NetBIOS over TCP' (NBT) (required, default: False) - Specify whether to verify the server's name via NetBios for this connection.
    • If enabled, Axonius will verify the server's name via NetBios for this connection.
    • If disabled, Axonius will not verify the server's name via NetBios for this connection.

Required Ports

  • If Use 'NetBIOS over TCP' (NBT) is enabled - port TCP 139
  • If Use 'NetBIOS over TCP' (NBT) is disabled - port TCP 445

Required Permissions

SMB requires read (for the central core node) / write (for the core node) privileges in the folder that contains the assets file.

SSH Settings

DataSyncSettingsSSH

Use this option back up and restore central core to servers that support the SSH protocol.

  1. Data encryption passphrase (min. 16 characters) (required, default: empty) - Specify a passphrase for the created file. The passphrase must consist of at least 16 characters.
  2. Host - DNS Address or IP of the machine to connect to.
  3. Port - The port to connect through. If you do not enter a port, port 22 is used by default.
  4. Username - User name to connect to the server
  5. Password - Password to connect to the server.
  6. Private Key - A private key certificate (PEM format) for the SSH user.
  7. Directory Absolute Path - The path where the files will be uploaded to / downloaded from.

Required Permissions

The user defined in the connection will need to have read and write permissions for the target directory


First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.