Introduction
This manual covers the installation and requirements for Mavis, along with an installation guide. Please ensure to carefully read the introductory guide in this manual before starting the installation:
B. Introduction to HA Architecture
C. Installation Architecture Options
D. After Installation, Log Into the Mavis Platform
About Mavis
Mavis is a next-generation hybrid cloud IT operation compliance audit tool that integrates compliance audits, privileged access management (PAM), and hybrid cloud/on-premises environment functions into one platform. Customers can quickly deploy and activate a centralized control toolkit, leveraging built-in zero-trust enterprise security controls, and comprehensive operation logs/recording features, based on user permissions.
Getting Started
A. System Requirements
Before installing the Mavis software, ensure that there is sufficient available storage. We recommend considering additional components, resources, and future expansion needs that may arise during the installation process, to prevent unexpected issues caused by insufficient disk space.
The minimum system requirements for installing the Mavis server are as follows. If the server does not meet these requirements, Mavis cannot be installed. If you are unsure whether the server meets these requirements, run the Mavis installation script to perform a compatibility check.
B. Introduction to HA Architecture
Before installing Mavis, you need to decide whether to choose a standalone architecture or a High Availability (HA) architecture. Here’s a brief explanation of these two options:
-
Standalone Architecture: Suitable for smaller deployments where all Mavis functions run on a single server. The advantages of this setup are its simplicity in installation and management, making it ideal for environments with limited resources or lower requirements. However, standalone architecture has lower fault tolerance; if the server fails, all services will be interrupted.
-
High Availability (HA) Architecture: Designed to ensure that the system remains operational even in the event of a single point of failure. This architecture typically includes multiple servers, using load balancing and redundancy to ensure high availability and reliability. HA architecture is suitable for businesses with high continuity demands, effectively reducing downtime. These servers work together, sharing the load and backing up one another, ensuring that even if one server encounters an issue, the system continues to provide services.
Key features of the HA architecture include:
- Load Balancing: Multiple servers share the workload, enhancing system performance and stability.
- Failover: If one server fails, other servers automatically take over its workload, ensuring uninterrupted service.
- Redundant Backup: Data and applications are backed up across multiple servers, preventing data loss and service disruption.
Choosing an HA architecture significantly improves system reliability and availability, making it ideal for businesses requiring 24/7 operations and business continuity.
C. Installation Architecture Options
When deciding on the installation architecture, consider your business needs, budget, and IT resources. If your business requires high reliability and minimal downtime, we recommend choosing the HA architecture. If your needs are lower and resources are limited, the standalone architecture is a cost-effective choice.
Once the preparations are complete, follow the detailed installation steps in the manual to install Mavis. If you have any questions, please contact our technical support team.
-------------------------------------------------------------------------------------
Standalone Architecture
一、System Requirements
1. System Requirements
Operating System |
Mavis currently supports installation on the following operating systems. Please refer to: https://mavis.pentium.network/hc/en-us/articles/22951360081556-Mavis-Installation-Preparation-Guide |
CPU | 4 Core or above |
Memory | 16 GB or above |
Disk | 40 GB or above |
2. Software Requirements
System Management | SystemD |
3. Account Requirements
root Privileges | The account needs sudo permissions. |
4. Security Requirements
SSL Certificate | Required |
5. Security Settings
To ensure server security, we strongly recommend setting up the following firewall rules:
Inbound Rules Allow Ports.
Source | Destination | Port | Rule | Description |
0.0.0.0/0 | Mavis Server | 443 | Allow | Port for HTTPS connection. (If you don’t set up SSL, an insecure certificate issue will occur.) |
0.0.0.0/0 | Mavis Server | 7993 | Allow | PostgreSQL connection port. (For PostgreSQL Proxy connection, we recommend allowing only trusted IPs.) |
Outbound Rules
Source | Destination | Port | Rule | Description |
Mavis Server | 0.0.0.0/0 (Internet) | ALL | Allow | Allows Mavis to access the internet and download necessary components for installation. |
二、Standalone Architecture Installation
1. Before Installation
nsure that you have a valid certificate file prepared for installation, and verify that DNS services have configured a domain name associated with the server’s IP address.
If the target server does not have an SSL certificate, some features will be unavailable. (Ensure that the SSL certificate includes an intermediate certificate to ensure proper operation.)
- Step 1: Upload the SSL certificate files (including the certificate itself and CA bundle, also known as the intermediate certificate, usually in .crt and .key format).
- Step 2: Rename the .crt and .key files to tls.crt and tls.key.
mv <your_certificate_name>.cer tls.crt mv <your_key_name>.key tls.key |
Example for tls.crt: Includes the certificate itself + CA bundle (also known as the intermediate certificate).
2. Installing Mavis Standalone Architecture
Step 1: Download the script and install Mavis
(replace "your_fqdn_name" with your actual domain name).
curl -sSL https://releases.pentium.network/mavis/1.16.3/install.sh | MAVIS_URL="your_fqdn_name" bash |
Step 2: Confirm that your FQDN name is correct. After confirmation, enter 'y' to continue the installation.
Step 3: Wait for the automated installation to complete.
Step 4: Once the installation is complete, the connection URL and default login account/password will be displayed.
-------------------------------------------------------------------------------------
HA Architecture
一、System Requirements
1. Hardware Requirements
Server | Purpose | CPU | Memory | Disk | Operating System |
Master node | Master Worker DNS A Record |
4 | 16 | 40 | Supported operating systems for Mavis installation, please refer to: https://mavis.pentium.network/hc/en-us/articles/22951360081556-Mavis-Installation-Preparation-Guide |
Second node | Master Worker |
4 | 16 | 40 | Supported operating systems for Mavis installation, please refer to: https://mavis.pentium.network/hc/en-us/articles/22951360081556-Mavis-Installation-Preparation-Guide |
Third node | Master Worker |
4 | 16 | 40 | Supported operating systems for Mavis installation, please refer to: https://mavis.pentium.network/hc/en-us/articles/22951360081556-Mavis-Installation-Preparation-Guide |
2. Software Requirements
System Management | SystemD |
3. Account Requirements
root Privileges | The account must have sudo privileges |
Login Account and Password | The login account and password for all three machines must be consistent. |
4. Security Requirements
SSL Certificates | Required |
5. Intranet Requirements
Subnet | All three machines must be under the same subnet. |
Firewall | The firewalls between the three machines should be fully open. |
6. Security Settings
To ensure server security, we strongly recommend configuring the following firewall rules:
Inbound Rules (Allowed Ports)
Source | Destination | Port | Rule | Description |
0.0.0.0/0 | Master node | 443 | Allow | Port used for HTTPS connections. (If SSL is not configured, there will be an insecure certificate issue). |
0.0.0.0/0 | Master node | 7993 | Allow | Port used for PostgreSQL connections. (For PostgreSQL proxy connections, we recommend only allowing trusted IP addresses). |
Outbound Rules
Source | Destination | Port | Rule | Description |
Master node Second node Third node |
0.0.0.0/0 (Internet) | ALL | Allow | Allows the Mavis platform to access the internet and download necessary components for installation. |
二、Mavis HA Architecture Installation
1. Before Installation
In accordance with Mavis’s security requirements, ensure you have valid certificate files ready for installation, and make sure DNS services are configured with domain names related to the IP addresses of the master node server.
If the target server does not have an SSL certificate, certain functions may not work properly. (When installing the SSL certificate, be sure to include the intermediate certificate to ensure proper operation.)
Step 1: Upload the SSL certificate files (including the certificate itself and the CA bundle, also known as the intermediate certificate, usually in .crt
and .key
file formats).
Step 2: Rename the .crt
and .key
files to tls.crt
and tls.key
, respectively.
mv <your_certificate_filename>.cer tls.crt mv <your_key_filename>.key tls.key |
Example of tls.crt
: This includes the certificate itself + CA bundle (also known as the intermediate certificate).
2. Installing Mavis HA Architecture
Step 1: Download the script and install Mavis
(Replace "your_fqdn_name"
in the URL with your actual domain name.)
curl -sSL https://releases.pentium.network/mavis/1.16.3/install.sh | MAVIS_CLUSTER=true MAVIS_URL="your_fqdn_name" bash |
Step 2: Verify that your FQDN name is correct, then enter 'y' to proceed with the installation.
Step 3: Sequentially input the internal IPs, login accounts, and passwords for the Master, Second, and Third nodes.
Step 4: After the automated installation is complete, the connection URL, along with the default login account and password, will be displayed.
-------------------------------------------------------------------------------------
D. Logging into the Mavis Platform after Installation
Step 1: Use your browser to connect to the Mavis platform URL, and log in using the default admin account and password (admin
).
Step 2: After logging in, the system will prompt you to enter the Mavis License. Please contact your designated representative to obtain the License.
Step 3: Once the License is successfully entered, you can start using the Mavis platform. For detailed instructions, please refer to the User Manual.
E. Security Settings
To ensure the security of your server, we strongly recommend configuring your firewall according to the following guidelines to restrict unnecessary external access.
Allowed Ports
Port |
Description |
22 |
Used for SSH connections. It is recommended to allow access only from trusted IP addresses. |
443 |
Used for HTTPS connections. (If SSL is not configured, there will be a security certificate issue). |
7993 |
Used for PostgreSQL connections. (This port is for PostgreSQL Proxy connections, and it is recommended to allow access only from trusted IP addresses). |
Deployment Troubleshooting
The following are specific issues you might encounter during deployment and their corresponding solutions:
Error Message |
Description |
The installer cannot proceed with the current operating system. |
The server’s operating system does not meet Mavis's requirements. For a list of supported OS, refer to: https://mavis.pentium.network/hc/en-us/articles/22951360081556-Mavis-Installation-Preparation-Guide |
Memory size error. Minimum requirement: 16 GB |
The server’s memory size does not meet Mavis's requirements. Mavis requires at least 16 GB of memory. Note: Even if the server is set to 16 GB, due to capacity variations, it may still fall short. |
Insufficient storage space. Minimum available storage: 40 GB. |
The server’s available storage does not meet Mavis's requirements. Mavis requires at least 40 GB of available storage (under the |
Unable to connect to the Internet. |
Mavis is unable to download necessary packages. Please check the network connection of the server. |
Administrator error. Supported system administrator: SystemD. |
Mavis requires SystemD as the system administrator to run its services using |
Unable to connect to the website. |
This message is only displayed when you try to connect to the URL in a browser.
Scenario 1: If the server is hosted by a cloud provider (e.g., GCP or AWS...). Scenario 2: If the server's public IP address is not static, the URL for connecting may vary.
Solution: Manually configure the connection URL to the server’s public IP address in the settings, then restart the service. |