Fortress Machine-Kylin Fortress machine installation process

1.1 System Installation

1. Installation conditions, the system must have at least two network cards, the system hardware:Intel 4G CPU, memory (virtual machine and physical machine can be)

2. Insert the optical drive to boot,

To the start-up interface directly at the install BLJ press ENTER that can be installed the system will automatically complete the installation.

If you are using a notebook for virtual machine installation, select Install first P CVM, the way to use 500M swap, the default installation method uses 32G swap, These are mainly the installation method swap depending on the size, if you install a bastion machine using a virtual machine, it may appear SWAP not enough to use. .  

3. After installation, the system default IP is :

Eth0 192.168.1.100/24

Log in as https://192.168.100 foreground password is admin/12345678

After login to the other licenses items in the menu click Generate, will generate a string to the manufacturer generated licenses.

4. After receiving the approval from the manufacturer, Click Upload in the other -licenses menu and upload the licenses.key (Note that the file name cannot be modified, otherwise it cannot be imported).

1.2 Directory creation:

Fortress Machine directory tree, can be understood as a device group or user group, Kylin Fortress Machine is the standard LDAP structure, so any one node of the directory tree, that can be placed users, can also place the device, if the user wants devices and users to put in different groups, You can create two different directory nodes for management.

The directory tree of the fortress machine is an LDAP structure that can be placed on any node, both devices and users.

Note : creating a directory tree is typically created by a part of the company's organizational structure

Click Asset Management in the navigation tree in resource management, select the Directory Management tab, click Add New node, select the owning directory and properties according to the type of group you want to create, and under which node the owning directory is the new node.

Figure 1

1.3 Bastion Machine user Import and User Configuration

Fortress machine Account If you have fewer accounts, you can create them directly on the interface, and if you have more than 10 accounts, you can use the Excel import feature for bulk import.

The account export template can be logged in to the Fortress machine in the resource management-Asset Management-user-managed export export, after export, by the top row to add.

Import the form to fill in, will annex I. Operator import form fill in the following requirements

Password: password for OPS to login to Fort (required)

Real name: The real name of the OPS person (required)

E-mail: operator's e-mail address (select Fill in)

User rights: Unified configuration for ordinary users (must fill in)

Group name: The name of the resource group in the directory structure, if a resource group with the same name appears, the import requires a group name (ID), such as the first group with duplicate names, if you want to join this group in the interface, the group name is first (221)

Mobile number: operator's mobile phone number (choose to fill in)

Work unit: operation and maintenance personnel's work unit (choose to fill in)

Work Department: operation and maintenance personnel's work department (select fill in)

Usbkey: Token ID for dynamic password, if the user needs a dynamic token, select an unused dynamic token in the dynamic token list file to the user

Other options in the following: generally do not need to fill in, all users by the template copy can

After the user import table is confirmed, use the Admin user to log in to the foreground, in the resource management-Asset Management-User Management menu, click on the bottom right of the import button

In the import interface, the encrypted tick, click the Browse button, choose to find the user table to import, click the Submit button, you can import all the users into the fortress machine

When you click OK, the user is prompted, which users in the table have no reason to successfully import and not succeed

After the user imports, if there is another user need to modify or add, you can do in the User Management menu

Click Asset Management in the navigation tree in resource management, select the User Management tab, click Add User, fill in the user's basic information, permission information and other information;

Figure 3

Figure 4

1.4 Device Account import

Host device Account import premise and Fortress machine account import premise consistent, you must first do a good directory tree.

If you have more than 5 device accounts, it is recommended that you import them in Excel import, and templates can be exported in the resource management-asset management-Device management export menu.

Create all imported device accounts by the first line in the template, and automatically create the host when the device account is imported

Host Name: Name of the host

IP Address of IP host

Server group: The ID number of the group that the server belongs to, because a group with the same name is allowed in the directory, so the server group is replaced with the ID number, which can be viewed in the asset management-resource Management-catalog node, such as:

System type: The operating system type of the host, which must be added in the first chapter or selected in the system's own

System User: System user name, if you do not want to host, this item is not filled

Current Password: The system plays the password, if you do not want to host, then this can not be filled

Login protocol: Currently supports TELNET/SSH1/SSH/FTP/RDP/VNC/X11, you can select the appropriate in these login methods

Port: Destination port of the login protocol connection

Expiration time: The expiration time of this system account, if the expiration time is exceeded, the login is not allowed

Automatic password change: whether the account is automatically changed password (default is NO)

Master account: Automatically change password only use one account login to modify all the user password on the host, if it is the main account, then fill in, the main account is generally root permissions or can be sudo root

Auto Login: Default fill is

Fortress Machine Users: People's livelihood projects are filled in no

SFTP User: If it is an SSH service, set whether this SSH user can use the SFTP service, is allowed, no is not allowed

Public Private key User: If it is SSH service, set this SSH user authentication is not using public private key mode, yes or no

In resource management-asset management-Device management, click the Import button

Click on the Submit button, and after you click the Browse button to find the table of the host device list, you will import all the device accounts

Adding and modifying a single device can be done in the Device Management menu

Click Asset Management in the navigation tree in resource management, select the Device Management tab, click Add, and fill in the basic information;

Figure 5

Click Asset Management in Resource management in the navigation tree, select the Device Management tab, click Users in the action bar of the specified device,

Figure 6

Click "Add New User";

Figure 7

Fill in the information according to actual situation;

1.5 System Account Assignment rights

Fortress machine account (master account), the host system account (from the account) after the import, it is necessary to empower the operation, empowering after the Fortress machine account (master account) login to the fortress machine to jump to the appropriate device.

The preliminary Device Authorization Relationship survey table contains all the permission relationships, which are set by table.

Empowering actions if a bastion account (master account) has a large number of permissions from the account, then the empowerment is done in the System User group menu, if the Fortress machine account (master account) temporarily add a power from the account, it can also be done in the host Device account menu.

The right to assign the operation is best by the user group to assign, will be the same user rights of the same group, and then create a system user group for the user group, these users have permissions to add the host device account number to this group, and then bind this system user group to this user group, if each user's permissions are not the same , you can also authorize individual users by dividing the system user group.

Click Grant permissions in Resource management in the navigation tree, select the System Users Group tab, click Add New Group, fill in the System user group name, select the system user added to selected devices in unselected devices, and then click Save when you have selected all system accounts for the bastion user group you want to empower.

Click Authorization Permissions in Resource management in the navigation tree, select the System User Groups tab, click Authorize in the Action Bar, tick "authorization Group" or "authorized user", and click "Save Changes" to complete the configuration.

After authorization, the user in the group or the authorized user has access to all the host system accounts in the System user group.

Fortress Machine-Kylin Fortress machine installation process