Prerequisites

Last Update Date: July 15, 2022

Published Date: Feb 22, 2022

This document needs to be used along with the SummitAI Installation Guide. The SummitAI IT Management Suite can be installed in both environments, On-Premise and On Cloud. The following sections describe the hardware and software requirements of SummitAI Management Suite.

Minimum Hardware Requirements

Intel Xeon Quad-Core processor or equivalent
8 GB of RAM
250 GB Hard Disk (Minimum 100 GB)

Minimum Software Requirements

Windows 2012 R2 onwards only
IIS 7.0 or above (Web Server)
Dot Net Framework version 4.6.2 and above
NET State Service start type with Automatic
Desktop Experience plugin (to generate Graphical reports for Push Report)

Mandatory Upgrades for SummitAI v5.6 or later Versions

To upgrade the SummitAI application to v5.6 or later version, upgrade all the SummitAI Data Collector and SummitAI Proxy Servers to v5.6 or later. Additionally, update the Agents as per the following details:

Agent	Required Version	Setup Size	Post Installation	Remarks
SAM Agent	v2.0.3.16	~8 MB	~20 - 25 MB	.NET Dependency
AVM Agent	v3.2.0.1	~6 MB	~13 - 15 MB	.NET Dependency (Framework version 4.6.2 and above)
SSI Agent	v3.0.1.17	~17 MB	~25 - 30 MB	-
MAC Agent	v2.1	~3 MB	~8 MB	-
Linux Agent	v1.3	~5 MB	~11 MB	-

The following AVM Agents will support the Symphony SummitAI Application v5.6 onwards:

AVM Agent Versions	TLS Version	Remarks
AVM Agent v3.2.0.0		.NET Dependency (Framework version 3.5 or 4.0 and above)
AVM Agent v3.2.0.1		.NET Dependency (Framework version 3.5 or 4.0 and above)
AVM Agent v3.3.0.0	TLS 1.0,1.1	.NET Dependency (Framework version 4.5 and above)
AVM Agent v3.3.0.1	TLS 1.0,1.1,1.2	.NET Dependency (Framework version 4.5 and above)
AVM Agent v4.0.0.3	TLS 1.0,1.1,1.2	.NET Dependency (Framework version 4.5 and above)

Ensure that all the SummitAI Mobile applications are updated to the latest versions.

Proxy Server / Data Collector / Mobile Web Service

Minimum Hardware Requirements

Intel Xeon Quad-Core processor or equivalent
8 GB of RAM
250 GB Hard Disk (Minimum 100 GB)

Minimum Software Requirements

Windows 2012 R2
IIS 7.0 or above (Web Server)
Dot Net Framework 4.6.2 and above
NET State Service start type with Automatic

Database Server Software Requirements

Minimum Software Requirements

Windows 2012 R2 only
Microsoft SQL Server 2012
Additionally the following SQL Server editions are supported
- SQL Server 2014 Standard/Enterprise
- SQL Server 2016 Standard/Enterprise
- SQL Server 2019 on Windows 2019

In order to Support Summit Application with SQL Server 2019 Database, the Customer Environment must be upgraded to SQL Server 2019 with latest CU-1. For example, if latest is CU10 then the recommended upgrade must be CU9 which is 10-1.

The above mentioned minimum hardware and software requirements are for indicative purposes only. The application experience may not be the best on this minimum configuration. The performance and experience of the application depend on various factors including the customer environment. Please contact Symphony SummitAI Sales or Support Team to understand the implementation and deployment services provided to assess your specific needs.

Additional Configuration

Push Report E-Mail ID Configuration at the Database Level

The following data values should be changed for these fields: FromName and FromEmailID. They should be modified as per the SMTP configuration.

Select * from summit_ appconfigsettings

Push Notifications for SummitAI Web Application

The following are the prerequisites for using push notifications for SummitAI Web Application:

Ensure that the key for "FusionChartPath" is available in ServerMonitor.exe config file. For example:
```
 <add key="FusionChartPath" value="Iinstallation path\Jobfiles\bin\fusionchar\" /> 
```
Install/uninstall the Flash Player to execute the "FusionChartsImageSaver.dll" as follows:
1. For the 32-bit server environment perform the following steps:
  1. To uninstall the flash, download and run the flash player uninstaller (32-bit) from the Adobe site.
  2. Open Internet Explorer, download and install the Flash Player (32-bit) from the Adobe site.
2. For the 64-bit server environment perform the following steps:
  1. Download and install 64 Bit Flash Player from the Adobe site.

The following conditions should be considered for Push Notifications:

The Push Notifications work only with HTTPS having DNS Entry. However, it does not work with hosted server IP address.
To get the notifications in the browser, internet connection is required.
Push Notifications do not work in browser private window.

“Secure Origins” must have any of the following patterns:
1. (https, *, *)
2. (*, localhost, *)

Localhost (*, localhost, *) is only applicable to use Push Notifications functionality locally in the server.

Browser Compatibility

Microsoft Edge version 40.15063.674.0 or above.

Microsoft IE versions 7, 8, 9 and 11 are End-of-Life (EOL) and are no longer supported from 31st March, 2021. For more information, see Microsoft IE 11 EOL Notification.
Mozilla Firefox version 30 or above.

While uploading the license information for SummitAI application using Mozilla Firefox version 42.0, an error message, “Incorrect License File!”, is displayed. This is a known issue reported by SummitAI QA team. This issue is fixed in the later versions of the Mozilla Firefox browser.
Chrome version 30 or above
Safari version 5.1.7

When viewing the Application, it is best to view at 1366 x 768 screen resolution.

Network Prerequisites

SummitAI Web Server

Application	Default Port
Web Server Port	443 (Configurable during installation)
SSL Certificate e trusted by the user browsers.	SSL Certificate signed by a valid certificate authority (CA). Example: Digicert, GeoTrust, Comodo, GoDaddy, etc. Note Self-signed or Internal certificates may not be recommended if the deployment is going to be externally published as it will not be trusted by the user's browsers. Comodo, GoDaddy
Mail Server Ports Help Desk: POP/SMTP/SMTPS Monitoring: SMTP	110//25/465 25
SNMP	161, 162
SSH/Telnet	22/23
WMI – DCOM & RPC (If monitoring has to be done using WMI)	135, 445, 5000, 5001 & 5002 (Changing Dynamic WMI ports to a limited port involve registry changes in target endpoints)
Applications	Application-specific ports if applications are to be monitored.
MSSQL Database Server Port	1433 (Standard Port)
DNS/LDAP (In Domain controllers, to enable AD-SSO, ADIMPORT)	53/445 /389
Mail Server Port: SMTP (Cloud Instance)	SNMP Port No. 25 is blocked for cloud instances. User can use any custom port. However, it is recommended to use custom Port No. 587.

SummitAI Proxy Server

Application	Default Port
Web Server Port	443 (Configurable during installation). By default, it is recommended to use port 443 with appropriate internal SSL certificate provisioned by customer. (Port 80 is not recommended). To determine the port, see Port Selection - SummitAI Proxy and SummitAI Agent.
SNMP	161, 162
SSH/Telnet	22/23
WMI – DCOM & RPC (If monitoring has to be done using WMI)	135, 445, 5000, 5001 & 5002 (Changing Dynamic WMI ports to a limited port involve registry changes in target endpoints)
Applications	Application-specific ports if applications are to be monitored.
Mail Server Port: SMTP (on Premise)	25

SummitAI Data Collector / Mobile Web Service Server

Application

Default Port

Web Server Port

443 (Configurable during installation)

SSL Certificate

SSL Certificate signed by a valid certificate authority (CA). Example: Digicert, GeoTrust, Comodo, GoDaddy, etc.

Note

Self-signed or Internal certificates may not be recommended if the deployment is going to be externally published as it will not be trusted by the user's browsers.

MSSQL Database Server Port to DB Server

1433 (Standard Port)

Ports to be opened in Firewall

For SummitAI Web Server - SummitAI Proxy Server Communication (Registration and Replication):

SummitAI Role	Ports	Direction
SummitAI Web Server	443 (Default)	Inbound and Outbound
SummitAI Proxy to SummitAI Web Server	443 (Default) To determine the port, see Port Selection - SummitAI Proxy and SummitAI Agent.	Inbound and Outbound
SummitAI Mobile Web Services Server	443 (Default)	Inbound and Outbound
SummitAI Data Collector / Mobile Web Service Server to SummitAI DB	1433 (Standard Port) or any custom port	Inbound
SummitAI Agent	80 or 443 (Configurable during installation) To determine the port, see Port Selection - SummitAI Proxy and SummitAI Agent.	Inbound and Outbound
Advanced Remote Desktop Features (Paid Version)	Webserver Listen: 8040 Relay Listen: 8041	Inbound and Outbound
Basic Remote Desktop (OOB Available)	7900 (Default)	Inbound and Outbound

The ports mentioned above are the default ports. However, they are subject to change automatically based on the port availability. Please contact us, if you face any problem. The mode of communication between the SummitAI Web Server and SummitAI Proxy is, by default, HTTP and can be modified to HTTPS.

Port Selection - SummitAI Proxy and SummitAI Agent

Port	Protocol	Service/ Process	Direction	Description	Encryption	Component
443	TCP	IIS	Inbound	To receive incoming Traffic from Proxy	TLS 1.1, TLS 1.2 ²	Data Collector
			Outbound	To send data from Proxy to Data Collector	TLS 1.1, TLS 1.2 ²	Proxy
			Inbound	To receive incoming Traffic from Asset Agent (for Windows and MAC) and Server Agent	TLS 1.1, TLS 1.2 ²	Proxy
			Outbound	To send traffic from Asset Agents to Proxy.	TLS 1.1, TLS 1.2 ²	· Windows: Asset SSI and Asset SAM Agents · Non-window: Linux Agent
			Outbound	To send traffic from Asset Agents to Proxy.	TLS 1.1, TLS 1.2 ²	Asset MAC and Server Agents
80	TCP	IIS	Inbound	To receive incoming Traffic from Server Agent	-	Proxy ¹
80	TCP	IIS	Outbound	To send traffic from Server Agent to Proxy	-	Server Agent
1. This Agent is designed to operate in the same LAN topology where SummitAI Proxy server is located. The data is pushed to SummitAI Proxy server, Proxy server encrypts the entire data frame with AES 256, and then transfers to Data collector on SSL channel, chronologically. 2 We recommend using TLS1.2/TLS 1.1 as the encryption protocol, as these are more secured compared to SSL / TLS1.0.

Security Best Practices for SummitAI Application Deployment

Changes on SummitAI Components

Vulnerability Type	SummitAI Web Application	SummitAI Data Collector / Mobile Web Services Server	SummitAI Proxy
Clickjacking Attack	X	X	X
Poodle vulnerability	X	X	X
SSL Ciphers multiple vulnerabilities	X	X	X
Directory Browsing	X	X	X
Disable HTTP Options, Trace, Head, Copy and Unlock methods in IIS	X	X	X
Disabling TLS 1.0	X	X	X

Restart the server, after the changes are done.

Clickjacking Attack

An attacker can use this technique to trick a user to perform certain actions on an application by hiding clickable elements inside an Invisible Iframe.

Web.Config Change(s)

<httpProtocol>
	<customHeaders>
		<add name="X-Frame-Options" value="SAMEORIGIN" />
	</customHeaders>
</httpProtocol>

Directory Browsing

An attacker can anonymously access information related to the remote server like help files and documentation, which could be further helpful in planning the malicious activities.

How to fix?

Go to IIS.
Select the Website.
Under IIS, select Directory Browsing.
Click on Disable under Actions.

Disable HTTP Options, Trace, Head, Copy and Unlock Methods in IIS

Add the following tags in web.config to disable HTTP options, Trace, Head, Copy and Unlock methods in IIS.

<security>
   <requestFiltering>
    <verbs allowUnlisted="true">
     <add verb="OPTIONS" allowed="false" />
    </verbs>
   </requestFiltering>
  </security>

Nmap Installation

The Network Map Discovery (Nmap Discovery) is a feature (BETA version), which identifies and traverses the list of Servers, Networks, Printers, and Laptop devices in the organization. Based on the discovered devices, CI’s are auto populated in CMDB with Parent and Child relationships.

Note: The data retrieved from Nmap discovery is only based on the assumptions; the most accurate data is displayed.

By default, Nmap Discovery is not enabled. The Discovery configuration continues to function as it is when Nmap is not enabled.

Installation of Nmap

Open https://nmap.org/download.html.
Download the latest .exe file from the Microsoft Windows binaries section.
Run the setup nmap‐setup.exe.
Specify the path where you want to install the setup file. The default destination path is C:\Program Files (x86)\Nmap.

Enabling Nmap in SummitAI application

Add the tag <add key=ʺNMAPʺ value=ʺTrueʺ/> for Nmap.
If the Nmap is installed in a path other than C:\Program Files (x86)\Nmap, then add the tag <add key =ʺNmapExePathʺ value=ʺʺ/> in the Proxy configuration file.

For example: If the installation path is D:\Tools\Nmap, then Nmap path should be configured as <add key =ʺNmapExePathʺ value=ʺD:\Tools\ʺ/>.

Business Rule Functionality

The following are the Prerequisites of Business Rule Functionality:

Download Erlang version 23.0 for the respective operating system and install.
Download and install Rabbit MQ server 3.8.13
Clustering Rabbit MQ
Summit.BusinessRule.EventListenerService service installation
Add Config keys in the web. config and app. config file

Refer to the https://eitdocs.atlassian.net/wiki/display/PD/Other+Documents documentation link to view and download the Erlang and Rabbit MQ Installation Guide.