Installation Prerequisites

Owned by Enterprise IT
Last updated: Apr 23, 2024 by Shilpa K (Deactivated)Version comment
8 min read

Prerequisites

Last Update Date: July 15, 2022

Published Date: Feb 22, 2022

This document needs to be used along with the SummitAI Installation Guide. The SummitAI IT Management Suite can be installed in both environments, On-Premise and On Cloud. The following sections describe the hardware and software requirements of SummitAI Management Suite. 

Minimum Hardware Requirements

  • Intel Xeon Quad-Core processor or equivalent
  • 8 GB of RAM
  • 250 GB Hard Disk (Minimum 100 GB)

Minimum Software Requirements 

  • Windows 2012 R2 onwards only
  • IIS 7.0 or above (Web Server)
  • Dot Net Framework version 4.6.2 and above
  • NET State Service start type with Automatic
  • Desktop Experience plugin (to generate Graphical reports for Push Report)

Mandatory Upgrades for SummitAI v5.6 or later Versions

To upgrade the SummitAI application to v5.6 or later version, upgrade all the SummitAI Data Collector and SummitAI Proxy Servers to v5.6 or later. Additionally, update the Agents as per the following details:

Agent

Required Version

Setup Size

Post Installation

Remarks

SAM Agent

v2.0.3.16

~8 MB

~20 - 25 MB

.NET Dependency

AVM Agent

v3.2.0.1

~6 MB

~13 - 15 MB

.NET Dependency (Framework version 4.6.2 and above)

SSI Agent

v3.0.1.17

~17 MB

~25 - 30 MB

-

MAC Agent

v2.1

~3 MB

~8 MB

-

Linux Agent

v1.3

~5 MB

~11 MB

-

The following AVM Agents will support the Symphony SummitAI Application v5.6 onwards:

AVM Agent Versions

TLS Version

Remarks

AVM Agent v3.2.0.0


.NET Dependency (Framework version 3.5 or 4.0 and above)

AVM Agent v3.2.0.1


.NET Dependency (Framework version 3.5 or 4.0 and above)

AVM Agent v3.3.0.0 

TLS 1.0,1.1

.NET Dependency (Framework version 4.5 and above)

AVM Agent v3.3.0.1

TLS 1.0,1.1,1.2

.NET Dependency (Framework version 4.5 and above)

AVM Agent v4.0.0.3

TLS 1.0,1.1,1.2

.NET Dependency (Framework version 4.5 and above)

Ensure that all the SummitAI Mobile applications are updated to the latest versions.

Proxy Server / Data Collector / Mobile Web Service 

Minimum Hardware Requirements

  • Intel Xeon Quad-Core processor or equivalent
  • 8 GB of RAM
  • 250 GB Hard Disk (Minimum 100 GB)

Minimum Software Requirements

  • Windows 2012 R2
  • IIS 7.0 or above (Web Server)
  • Dot Net Framework 4.6.2 and above
  • NET State Service start type with Automatic

Database Server Software Requirements

Minimum Software Requirements

  • Windows 2012 R2 only
  • Microsoft SQL Server 2012
  • Additionally the following SQL Server editions are supported
    • SQL Server 2014 Standard/Enterprise
    • SQL Server 2016 Standard/Enterprise
    • SQL Server 2019 on Windows 2019

In order to Support Summit Application with SQL Server 2019 Database, the Customer Environment must be upgraded to SQL Server 2019 with latest CU-1. For example, if latest is CU10 then the recommended upgrade must be CU9 which is 10-1.

 The above mentioned minimum hardware and software requirements are for indicative purposes only. The application experience may not be the best on this minimum configuration. The performance and experience of the application depend on various factors including the customer environment. Please contact Symphony SummitAI Sales or Support Team to understand the implementation and deployment services provided to assess your specific needs.

Additional Configuration

Push Report E-Mail ID Configuration at the Database Level

The following data values should be changed for these fields: FromName and FromEmailID. They should be modified as per the SMTP configuration.

Select * from summit_ appconfigsettings

Push Notifications for SummitAI Web Application

The following are the prerequisites for using push notifications for SummitAI Web Application:

  1. Ensure that the key for "FusionChartPath" is available in ServerMonitor.exe config file. For example:

     <add key="FusionChartPath" value="Iinstallation path\Jobfiles\bin\fusionchar\" />
  2. Install/uninstall the Flash Player to execute the "FusionChartsImageSaver.dll" as follows:
    1. For the 32-bit server environment perform the following steps:
      1. To uninstall the flash, download and run the flash player uninstaller (32-bit) from the Adobe site.
      2. Open Internet Explorer, download and install the Flash Player (32-bit) from the Adobe site.
    2. For the 64-bit server environment perform the following steps:
      1. Download and install 64 Bit Flash Player from the Adobe site.

The following conditions should be considered for Push Notifications:

  • The Push Notifications work only with HTTPS having DNS Entry. However, it does not work with hosted server IP address.
  • To get the notifications in the browser, internet connection is required.
  • Push Notifications do not work in browser private window.
  • “Secure Origins” must have any of the following patterns:
    1. (https, *, *)
    2. (*, localhost, *)

Localhost (*, localhost, *) is only applicable to use Push Notifications functionality locally in the server.

Browser Compatibility

  • Microsoft Edge version 40.15063.674.0 or above.

    Microsoft IE versions 7, 8, 9 and 11 are End-of-Life (EOL) and are no longer supported from 31st March, 2021. For more information, see Microsoft IE 11 EOL Notification.

  • Mozilla Firefox version 30 or above.

    While uploading the license information for SummitAI application using Mozilla Firefox version 42.0, an error message, “Incorrect License File!”, is displayed. This is a known issue reported by SummitAI QA team. This issue is fixed in the later versions of the Mozilla Firefox browser.

  • Chrome version 30 or above
  • Safari version 5.1.7

When viewing the Application, it is best to view at 1366 x 768 screen resolution.

Network Prerequisites

SummitAI Web Server

Application

Default Port

Web Server Port

443 (Configurable during installation)

SSL Certificate

e trusted by the user browsers.

SSL Certificate signed by a valid certificate authority (CA). Example: Digicert, GeoTrust, Comodo, GoDaddy, etc. 

Note

Self-signed or Internal certificates may not be recommended if the deployment is going to be externally published as it will not be trusted by the user's browsers. Comodo, GoDaddy

Mail Server Ports Help Desk: POP/SMTP/SMTPS Monitoring: SMTP

110//25/465 25

SNMP

161, 162

SSH/Telnet

22/23

WMI – DCOM & RPC (If monitoring has to be done using WMI)

135, 445, 5000, 5001 & 5002 (Changing Dynamic WMI ports to a limited port involve registry changes in target endpoints)

Applications

Application-specific ports if applications are to be monitored.

MSSQL Database Server Port

1433 (Standard Port)

DNS/LDAP (In Domain controllers, to enable AD-SSO, ADIMPORT)

53/445 /389

Mail Server Port: SMTP (Cloud Instance)

SNMP Port No. 25 is blocked for cloud instances. User can use any custom port. However, it is recommended to use custom Port No. 587.

SummitAI Proxy Server

Application

Default Port

Web Server Port

443 (Configurable during installation).

By default, it is recommended to use port 443 with appropriate internal SSL certificate provisioned by customer. (Port 80 is not recommended).

To determine the port, see Port Selection - SummitAI Proxy and SummitAI Agent.

SNMP

161, 162

SSH/Telnet

22/23

WMI – DCOM & RPC (If monitoring has to be done using WMI)

135, 445, 5000, 5001 & 5002 (Changing Dynamic WMI ports to a limited port involve registry changes in target endpoints)

Applications

Application-specific ports if applications are to be monitored.

Mail Server Port: SMTP (on Premise)

25

SummitAI Data Collector / Mobile Web Service Server

Application

Default Port

Web Server Port

443 (Configurable during installation)

SSL Certificate

SSL Certificate signed by a valid certificate authority (CA). Example: Digicert, GeoTrust, Comodo, GoDaddy, etc. 

Note

Self-signed or Internal certificates may not be recommended if the deployment is going to be externally published as it will not be trusted by the user's browsers.

MSSQL Database Server Port to DB Server

1433 (Standard Port)

Ports to be opened in Firewall 

For SummitAI Web Server - SummitAI Proxy Server Communication (Registration and Replication):

SummitAI Role

Ports

Direction

SummitAI Web Server 

443 (Default)

Inbound and Outbound

SummitAI Proxy to SummitAI Web Server 

443 (Default)

To determine the port, see Port Selection - SummitAI Proxy and SummitAI Agent.

Inbound and Outbound

SummitAI Mobile Web Services Server443 (Default)Inbound and Outbound

SummitAI Data Collector / Mobile Web Service Server to SummitAI DB

1433 (Standard Port) or any custom port

Inbound

SummitAI Agent

80 or 443 (Configurable during installation)

To determine the port, see Port Selection - SummitAI Proxy and SummitAI Agent.

Inbound and Outbound

Advanced Remote Desktop Features (Paid Version)

Webserver Listen: 8040

Relay Listen: 8041

Inbound and Outbound

Basic Remote Desktop (OOB Available)

7900 (Default)

Inbound and Outbound

The ports mentioned above are the default ports. However, they are subject to change automatically based on the port availability. Please contact us, if you face any problem. The mode of communication between the SummitAI Web Server and SummitAI Proxy is, by default, HTTP and can be modified to HTTPS.

Port Selection - SummitAI Proxy and SummitAI Agent 

Port

Protocol

Service/ Process

Direction

Description

Encryption

Component

443




TCP



IIS

Inbound

To receive incoming Traffic from Proxy

TLS 1.1, TLS 1.2 2

Data Collector 

Outbound

To send data from Proxy to Data Collector

TLS 1.1, TLS 1.2 2

Proxy

Inbound

To receive incoming Traffic from Asset Agent (for Windows and MAC) and Server Agent

TLS 1.1, TLS 1.2 2

Proxy

Outbound

To send traffic from Asset Agents to Proxy.

TLS 1.1, TLS 1.2 2

·       Windows: Asset SSI and Asset SAM Agents

·       Non-window: Linux Agent

Outbound

To send traffic from Asset Agents to Proxy.

TLS 1.1, TLS 1.2 2

Asset MAC and Server Agents

80

TCP

IIS

Inbound

To receive incoming Traffic from Server Agent

-

Proxy 1 

Outbound

To send traffic from Server Agent to Proxy

-

Server Agent

1. This Agent is designed to operate in the same LAN topology where SummitAI Proxy server is located. The data is pushed to SummitAI Proxy server, Proxy server encrypts the entire data frame with AES 256, and then transfers to Data collector on SSL channel, chronologically.

2 We recommend using TLS1.2/TLS 1.1 as the encryption protocol, as these are more secured compared to SSL / TLS1.0.

Security Best Practices for SummitAI Application Deployment

Changes on SummitAI Components

Vulnerability Type

SummitAI Web Application

SummitAI Data Collector / Mobile Web Services Server

SummitAI Proxy

SummitAI Asset Agent

SummitAI Server Agent

 

Clickjacking Attack

X

X

X



Poodle vulnerability

X

X

X



SSL Ciphers multiple vulnerabilities

X

X

X



Directory Browsing

X

X

X



Disable HTTP Options, Trace, Head, Copy and Unlock methods in IIS

X

X

X



Disabling TLS 1.0

X

X

X



Restart the server, after the changes are done. 

Clickjacking Attack

An attacker can use this technique to trick a user to perform certain actions on an application by hiding clickable elements inside an Invisible Iframe.

Web.Config Change(s)

<httpProtocol>
	<customHeaders>
		<add name="X-Frame-Options" value="SAMEORIGIN" />
	</customHeaders>
</httpProtocol>

Directory Browsing

An attacker can anonymously access information related to the remote server like help files and documentation, which could be further helpful in planning the malicious activities.

How to fix?

  1. Go to IIS.
  2. Select the Website.
  3. Under IIS, select Directory Browsing.
  4. Click on Disable under Actions.

Disable HTTP Options, Trace, Head, Copy and Unlock Methods in IIS

Add the following tags in web.config to disable HTTP options, Trace, Head, Copy and Unlock methods in IIS.

<security>
   <requestFiltering>
    <verbs allowUnlisted="true">
     <add verb="OPTIONS" allowed="false" />
    </verbs>
   </requestFiltering>
  </security>

Nmap Installation

The Network Map Discovery (Nmap Discovery) is a feature (BETA version), which identifies and traverses the list of Servers, Networks, Printers, and Laptop devices in the organization. Based on the discovered devices, CI’s are auto populated in CMDB with Parent and Child relationships.

Note: The data retrieved from Nmap discovery is only based on the assumptions; the most accurate data is displayed.

By default, Nmap Discovery is not enabled. The Discovery configuration continues to function as it is when Nmap is not enabled.

Installation of Nmap

  1. Open https://nmap.org/download.html.
  2. Download the latest .exe file from the Microsoft Windows binaries section.
  3. Run the setup nmap‐setup.exe.
  4. Specify the path where you want to install the setup file. The default destination path is C:\Program Files (x86)\Nmap.

Enabling Nmap in SummitAI application

  1. Add the tag <add key=ʺNMAPʺ value=ʺTrueʺ/> for Nmap.
  2. If the Nmap is installed in a path other than C:\Program Files (x86)\Nmap, then add the tag <add key =ʺNmapExePathʺ value=ʺʺ/> in the Proxy configuration file.

For example: If the installation path is D:\Tools\Nmap, then Nmap path should be configured as <add key =ʺNmapExePathʺ value=ʺD:\Tools\ʺ/>.

Business Rule Functionality

The following are the Prerequisites of Business Rule Functionality:

  • Download Erlang version 23.0 for the respective operating system and install.
  • Download and install Rabbit MQ server 3.8.13
  • Clustering Rabbit MQ
  • Summit.BusinessRule.EventListenerService service installation
  • Add Config keys in the web. config and app. config file

Refer to the https://eitdocs.atlassian.net/wiki/display/PD/Other+Documents documentation link to view and download the  Erlang and Rabbit MQ Installation Guide.