Core Node and Central Core Node Configuration
  • 5 Minutes To Read
  • Print
  • Share
  • Dark
    Light

Core Node and Central Core Node Configuration

  • Print
  • Share
  • Dark
    Light

As part of the central core architecture, the following configuration must be set on each core node and on the central core node. For more details, see central core architecture.

Core Node Configuration (for Upload)

NOTE

The exact settings, including the passphrase, must be configured on all core nodes and on the central core node.

For each core node, open the Global Settings tab under the System Settings, and go to the Data Synchronization Settings section. Select the Enable data synchronization (central core architecture) checkbox and select the desired storage location option, and specify the required credentials. Those credentials will be used to upload an assets file of all its devices and users.

Axonius supports three options for the storage of the asset data from each Axonius core node, each requires a different open port:

Central Core Node Configuration (for Download)

NOTE

Contact your Axonius account representative to configure the desired Axonius instance as the central core node.

Configure the same storage location credentials and the same passphrase as supplied in all the core nodes, as the central core node downloads and loads all the data from a single storage location.

Amazon S3 Settings

  1. Data encryption passphrase (min. 16 characters) (required, default: empty) - Specify a passphrase for the created file. The passphrase must consist of at least 16 characters.
  2. AWS Access Key ID and the AWS Secret Access Key (optional, default: empty) - Specify the AWS Access Key ID and the AWS Secret Access Key to access the Amazon S3 bucket.
    • If supplied, Axonius uses the account user credentials to send the asset file to the Amazon S3 bucket.
    • If not supplied, Axonius will use the EC2 instance (Axonius installed on) attached IAM role / instance profile to send the asset file to the Amazon S3 bucket.
  3. Enable backup to Amazon S3 (required, default: False) - On each core node, this checkbox must be enabled.
  4. Proxy (optional, default: empty) - HTTP/HTTPS proxy to use when connecting to the AWS APIs.
    • If supplied, Axonius will utilize the proxy when connecting to the AWS APIs.
    • If not supplied, Axonius will connect directly to the AWS APIs.
  5. Filename format (optional, default: empty) - Specify a fixed file name, format or use the default file format.
    • If supplied, the asset file name and its format will be as specified.
      • The following parameters are supported: year, month, day, hour, minute, second
      • For example: core_1_{year}{month}{day}_{hour}:{minute}:{second}.extension
      • The supplied value can contain slashes "/" to specific a folder to place the data in.
    • If not supplied, the asset file format will be as follows:
      • axonius_backup_<core_instance_name><core_instance_hostname><core_instance_ips>_<date_today>.tar.gz.gpg
      • For example:
        axonius_backup_Master_axonius_10.0.2.3_2020-10-04_03:54:11.718614.tar.gz.gpg

image.png

Required Ports

  • Port TCP 443

Required Permissions

The values supplied in AWS Access Key ID and AWS Access Key Secret or the EC2 instance (Axonius installed on) attached IAM role account must have the following permissions:

  • s3:PutObject
  • s3:GetObject
  • s3:ListAllMyBuckets
  • s3:ListBucket
  • s3:PutObjectTagging
  • s3:DeleteObject
  • s3:HeadBucket

Those permissions must be added to a policy attached to relevant IAM user account.
For details on creating an IAM user and attaching policies, see Connecting the Amazon Web Services (AWS) Adapter.

Azure Blob Storage Settings

  1. Data encryption passphrase (min. 16 characters) (required, default: empty) - Specify a passphrase for the created file. The passphrase must consist of at least 16 characters.
  2. Storage container name (required, default: empty) - The Azure Storage container name.
  3. Connection string (required, default: empty) - The connection string that includes the authorization information required to access data in the Azure Storage account.

image.png

Required Ports

  • Port TCP 443

Required Permissions

The values supplied in Storage container name and Connection string must have read (for the central core node) / write (for the core node) privileges in the folder that contains the assets file.

To configure the Storage container name and Connection string:

  1. Login to your Azure account.
  2. From the Home blade, search for and open Storage Accounts.
  3. If you have a storage account already created, you can use that. Alternately, you can choose to create a new storage account.
    1. Click the + Add button to add a new Storage Account.
    2. On the Create storage account blade, choose the appropriate Subscription and Resource group. Specify a name for the storage account, and a preferred location. If you have security or other requirements to further define the account, set those as appropriate.
    3. Click Review and Create.
  4. Back in the Storage accounts blade, click on the Storage account that you would like to use.
  5. In the menu on the left, choose Access keys.
  6. Copy the connection string for either key1 or key2.
    NOTE

    Please note that when you rotate your storage account keys, you will need to update the Connection string in Axonius.

SMB Share Settings

  1. Data encryption passphrase (min. 16 characters) (required, default: empty) - Specify a passphrase for the created file. The passphrase must consist of at least 16 characters.
  2. SMB host IP (required, default: empty) - The SMB IP address.
    NOTE

    DNS resolver must be configured on each core node and on the central core node.

  3. SMB port (optional, default: empty) - The SMB port.
    • If supplied, the specified port will be used.
    • If not supplied, If Use 'NetBIOS over TCP' (NBT) is enabled, port TCP 139 will be used. Otherwise, port TCP 445 will be used.
  4. SMB share path (required) - Specify the SMB share path, without the SMB IP address. For example, if the FULL URI is smb://10.0.10.11\share\axonius\sync, this field value should be \share\axonius\sync.
  5. User name and Password (optional, default: empty) - Specify the SMB share user name and password, if required.
  6. Use 'NetBIOS over TCP' (NBT) (required, default: False) - Specify whether to verify the server's name via NetBios for this connection.
    • If enabled, Axonius will verify the server's name via NetBios for this connection.
    • If disabled, Axonius will not verify the server's name via NetBios for this connection.

image.png

Required Ports

  • If Use 'NetBIOS over TCP' (NBT) is enabled - port TCP 139
  • If Use 'NetBIOS over TCP' (NBT) is disabled - port TCP 445

Required Permissions

SMB requires read (for the central core node) / write (for the core node) privileges in the folder that contains the assets file.

Was This Article Helpful?