Initial preparation
This document is used to prepare a DOMOS/Qiata installation. If you would like to perform the installation yourself, we recommend the Quickstart Guide, which contains detailed information and procedures for installing DOMOS/Qiata. All data which are not marked as optional are required for the basic configuration.
DOMOS VM installationβ
The installation can be done on KVM, VMWare or HyperV. Console access is sometimes required during the subsequent configuration.
Please note that the Secure-Boot function must be disabled for the virtual machine.
Hard diskβ
- Size min. 10 GB
- Connection with VirtIO or VirtIO SCSI
RAMβ
- Size min. 1 GB
- Balloon possible
CPUβ
- minimum 1 Core
Networkβ
- at least 1 interface
- Connection with VirtIO-Net
- Fixed MAC address
DOMOS configurationβ
If the system is to be accessible from the Internet, access to port 22 (SSH) and 10000 (WebUI) should be filtered from the Internet. For the system update, the DOMOS system itself must be able to perform name resolution and have access to port 443 (HTTPS) (port 10000 is also possible) to external hosts (currently www.secudos.de and domosrepo.secudos.de). The access can be done via a proxy.
Software installed on DOMOS may have additional requirements.
For the proper functioning of DOMOS and the installed applications, external security devices (e.g. WAF, firewall systems, etc.) may have to be set.
- IP address with netmask
- Default gateway
- Hostname (if possible resolvable via DNS)
- at least 1 accessible name server
Timeservice (NTP) [OPTIONAL] β
- Address of timeserver
Userβ
- New passwords for system users
- Deposit of public keys for SSH access
- New password for WebUI
Backup/Restore [OPTIONAL] β
- Accessible target (SMB, NFS, FTP)
- Access data
E-Mail dispatch [OPTIONAL] β
- SMTP relay (IP or hostname)
- E-mail account credentials
- Sender name and e-mail
- List of recipient addresses
WebUI [OPTIONAL] β
- Own SSL certificate
- CA certificate for client certificates
DOMOS licenseβ
- License
- Configuration of a proxy [OPTIONAL]
- IP address and port
- User name and password
- System update
Network addresses/portsβ
DOMOS/Qiata Updatesβ
Port 443
- domosrepo.secudos.de [DOMOS5 only]
- domosrepo2.secudos.de [DOMOS5 only]
- domosrepo3.secudos.de [DOMOS6 only]
Ports: 443, 10000
License verificationβ
ls3.secudos.de [DOMOS6 only]
Port 443
ClamAV Updates (Patterns)β
- db.de.clamav.net
- db.local.clamav.net
- database.clamav.net
- current.cvd.clamav.net
Ports 53/tcp
Configuration dataβ
The following configuration data must be available for a successful DOMOS configuration. If the installation is accompanied by SECUDOS, please fill in the following sections with the required data and submit it securely to SECUDOS before the installation starts. These data are mandatory to start an installation.
If the installation is performed by you or a partner, you will also need this data. So a documentation of the values is recommended.
- Hostname
- IP address
- Netmask
- Default-Gateway
- Nameserver
Qiata configurationβ
- Fixed IP address or FQDN, resolution via DNS must be given
- Port 443 must be externally accessible
- If available: SSL certificate
- Access data to the mail server or for an SMTP relay (this user needs authorization to relay via the mail server)
- Bind DN / Base DN incl. password if an LDAP server exists and is to be integrated
Configuration dataβ
The following configuration data must be available for a successful Qiata configuration. If the installation is accompanied by SECUDOS, please fill in the following sections with the required data and submit it securely to SECUDOS before the installation starts. These data are mandatory to start an installation.
If the installation is performed by you or a partner, you will also need this data. So a documentation of the values is recommended.
- FQDN
- Mail-Server
- Bind DN
- Base DN