Installation

This page has been moved to Zendesk. Please, refer to this link for the latest version.

Using the Dockerized versions of IriusRisk is the simplest way to get started and to stay updated with the software when using the OnPrem version.

Overview

IriusRisk consists of three major components:

  1. A reverse proxy to terminate SSL connections and implement HTTP header security
  2. A Servlet 3.0 compliant Java application server to host the .war
  3. An SQL Database

To facilitate easy deployment for the OnPrem version, the reverse proxy and the application server can optionally be provided through Docker images and downloaded from our private Dockerhub repository.  However, even if Docker is used for these two components we recommend using an external SQL database instead of a Dockerized DB instance.

Hardware Requirements

Single Server

All three components: reverse proxy, application server and database can be deployed on the same server.  The following hardware is recommended for such a deployment:

  • Quad core Intel Xeon at least 3.0Ghz
  • 16Gb RAM
  • 8 GB of disk space for the Application server
  • 230GB SSD available for the database's data volume


Database size

Regarding the size needed for the volume holding the database, a single Product in IriusRisk could consume between 50Mb to 100Mb. Although this depends on several factors like, if an Issue Tracker is integrated, if Automated Testing tools are integrated, how many artifacts (such as documents and diagrams) are attached to the product, the number of reports created for the product, etc.

High Availability Configuration

The web application is stateful, and either requires a load balancer with sticky sessions enabled, or a clustered Tomcat instance.  We recommend the former due to ease of management and the ability to scale horizontally simply.  The database can also be deployed in a high availability configuration, as described for Postgres here.

The HA configuration would be:

  1. Load balancer or reverse proxy with sticky session enabled.
  2. Multiple Tomcat instances, either using our docker images or native Tomcat instances
  3. Databases in HA configuration as per the DB vendor guidelines

The hardware requirements are:

Application Servers
  • Quad core Intel Xeon at least 2.0Ghz
  • 8 GB RAM
Database Servers
  • Quad core Intel Xeon at least 2.0Ghz
  • 8GB RAM
  • 230GB SSD available for the database's data volume

Supported Installation Options

The following installation options are available.  Options a) and b) are strongly encouraged since they provided the simplest route to install and stay up to date with IriusRisk.

    a) Nginx in Docker →  Tomcat 8 in Docker → Database (please note that for this option the Nginx and Tomcat docker images must be deployed on the same host).

    b) External reverse proxy → Tomcat 8 in Docker →  Database

    c) External reverse proxy → Native Tomcat 8 →  Database

Common to all the options is an external database, Postgres 9.4 or newer or Microsoft SQL Server are supported.

PostgreSQL

   1. Install the database server and ensure that it is accessible over the network from the application server.

      This requires editing the postgres.conf file.  Find the line with the listen_address directive and add the database hosts IP address: 

             listen_addresses = 'localhost, DB_HOSTS_IP_ADDRESS'   

      To enable password based authentication, edit the hba.conf file and add the line:

      host all      all  172.17.0.0/24    md5   

       Substituting "172.17.0.0/24" with the network address where the Tomcat server will reside.  If you plan to use the Tomcat in Docker option, then "172.17.0.0/24" is correct as is, since that's the address of the docker containers.

   2. Create a database user with createdb privileges using the following PSQL command: 

      create user iriusprod with createdb unencrypted password 'alongandcomplexpassword2523';   

   3. Create a database and assign it to this user with the following PSQL command:

      create database iriusprod with owner = iriusprod;  

   4. Ensure that the database service is started automatically when the server starts

Microsoft SQL Server

  1. Create a database user
  2. Create a database and assign permission to the newly created user

Option a) Nginx in Docker →  Tomcat 8 in Docker → External Database

For the Docker deployments, please provide us with your username on dockerhub so that we can grant it access to the repository.

  1. Install docker engine and the docker-compose utility

  2. Download these two files:  docker-compose.yml and Dockerfile.nginx-prod 

  3. Create a directory on the server and make sure the two files from step 2 together with the TLS certificate and private key for the domain

$ ls -1 
cert.pem
docker-compose.yml
Dockerfile.nginx-prod
key.pem

The files for the TLS certificate must be named cert.pem and key.pem and must have the certificate and the key in PEM format. cert.pem must contain the certificate with the chain and key.pem should contain the private key. If you are evaluating iriusrisk on localhost and a self signed certificate is enough for you, you can use these (WARNING DO NOT USE THIS ON PRODUCTION): cert.pem and key.pem

  5. Edit the docker-compose.yml file and configure the following variables on the environment sections of Nginx and Tomcat to suit your needs:


nginx:
#[...]
environment: 
    - NG_SERVER_NAME=localhost #Change localhost to the URL for IriusRisk
tomcat8:
  # [...]
  environment:
    #Change the three parameters DB_* with the correct information for the database
    - IRIUS_DB_URL=jdbc\:postgresql\://DB_POSTGRES_SERVER_IP\:5432/iriusprod?user\=DB_USER&password\=DB_PASSWORD
    - IRIUS_EDITION=irius
    - IRIUS_EXT_URL=http\://localhost #Change localhost to the URL for IriusRisk
    - grails_env=container

The DB_POSTGRES_SERVER_IP should be the actual IP address of the host with the database installed (as set in the postgres.conf file). Even if the database is installed on the same host as the docker containers, this needs to be a real IP of the DB and not 'localhost'.

To enable AD/LDAP authentication in the Tomcat instance you should include this configuration in the docker compose file:
tomcat8:
	# [...]
	environment:
	# [...]
		- LDAP_CONFIG_PATH=/etc/irius/LDAP-config.groovy
	# [...]
    volumes:
        - "/etc/irius:/etc/irius"

And ensure that the host has the LDAP-config.groovy file located in the /etc/irius directory.

  6. Launch the instances using the command: 

deploymachine$ docker-compose up -d 

Nginx will listen on ports 80 and 443, all requests to port 80 will be redirected to 443. It will terminate the TLS connection and also inject several HTTP security headers, for more info please see the Nginx config file within the container: 

$ docker exec CONTAINER_ID cat /etc/nginx/conf.d/irius.conf 
#You can get the container ID by executing $ docker ps

Option b) External reverse proxy →  Tomcat 8 in Docker → External Database

  1. Install docker engine

  2. Configure the reverse proxy to forward requests to the Tomcat server using the following rules:

Request to serverRedirect to Tomcat
//
/VAADIN/VAADIN
/api

/api

/help/help


  4. Launch the Tomcat instance using the command below and modifying the parameters:

  • Adjust the port that Tomcat should listen on with the -p parameter
  • Set the DB connection string with the IP address, database username and password
  • Set the external URL to IriusRisk (it's set as localhost in the example below)
  • Use -e LDAP_CONFIG_PATH=/etc/irius/LDAP-config.groovy and -v "/etc/irius:/etc/irius  if you want to enable AD/LDAP authentication
$ docker run -d -p8080:8080 -e "IRIUS_DB_URL=jdbc\:postgresql\://DB_POSTGRES_SERVER_IP\:5432/iriusprod?\
user\=DB_USER&password\=DB_PASSWORD" -e "IRIUS_EDITION=saas" -e "IRIUS_EXT_URL=http\://localhost"\
-e "grails_env=container" [-e "LDAP_CONFIG_PATH=/etc/irius/LDAP-config.groovy" -v "/etc/irius:/etc/irius"] continuumsecurity/iriusrisk-prod:tomcat8-prod

Option c) Reverse proxy →  Tomcat 8 → Database

  1. Configure the reverse proxy to forward requests to the Tomcat server using the rules described in Option b.2.

  2. Add the following lines to the bottom of the catalina.properties file:

IRIUS_DB_URL=jdbc\:postgresql\://localhost\:5432/iriusprod?user\=iriusprod&password\=thepasswordusedforthedbuser
IRIUS_EDITION=saas
IRIUS_EXT_URL=https\://[URL OF THE SERVICE]
grails.env=container

To use a Microsoft SQL database:

  1. Comment out or remove the line in catalina.properties that starts with: IRIUS_DB_URL

  2. Find the line in catalina.properties that starts with: "common.loader=" and add the following to the end of the string:


,"${catalina.home}/lib/*.properties"


The line should now read:


common.loader="${catalina.base}/lib","${catalina.base}/lib/*.jar","${catalina.home}/lib","${catalina.home}/lib/*.jar","${catalina.home}/lib/*.properties"

3.Create a file called app-config.properties in the Tomcat lib folder with the following contents:


dataSource.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver
dataSource.dialect=org.hibernate.dialect.SQLServerDialect
dataSource.url=jdbc:sqlserver://[IP ADDRESS OF DB]:1433;DatabaseName=[YOUR_DB_NAME]
dataSource.username=[YOUR_DB_USERNAME]
dataSource.password=[YOUR_DB_PASSWORD]

  

  3. Edit the tomcat8.conf file and add the following line to the bottom:

JAVA_OPTS="-Xms2800m -Xmx3024m -XX:MaxPermSize=512m -XX:+UseConcMarkSweepGC"

  3. Start the database and then Tomcat

On this page:


Updating to the latest release

Warning!

Backup your existing database before performing a release update!!

From the directory where the docker-compose.yml file is, execute:

docker-compose stop && docker-compose pull && docker-compose up

Adding Custom Logos

IriusRisk displays a large logo on the main login form and a smaller logo once logged into the system.  Both of these logos can be customised to point to logos of your own choosing.

The recommended size for the logos are:

  • Large logo on login page -> 440px x 265px
  • Small logo -> 140px x 25px

See: Customizing your own logo on IriusRisk for details on how to do this.