- Matilda Discover Installation Pre-Requisites
- Matilda SME Discover Access Requirements
- Matilda Discover Architecture
- Matilda Server Requirements (Per Data Center) – 1000 Nodes
- Matilda software installation pre-requisites on the Matilda Server
- Generate SSL certificates
- The Minimum Accounts and Permissions for the successful Discovery of Compute Devices
- Minimum Ports to be opened on the Target Assets for successful Discovery
- Discovery IP Request Template Link
- Application Template Link
- Pre-requisites on Linux/UNIX Target Servers (To be discovered)
- Pre-requisites on Windows Target Servers (To be discovered)
- Pre-requisites for Oracle DB's (To be discovered)
- Pre-requisites for SQL DB's (To be discovered)
- Pre-requisites for MySQL DB's (To be discovered)
- Pre-requisites for MongoDB's (To be discovered)
- RACI Matrix
- Matilda Discover Installation Steps
- Support
Matilda Discover Installation Pre-Requisites #
Matilda SME Discover Access Requirements #
- Matilda SME should have VPN access to connect client network.
- Matilda SME should be able to connect to Matilda instance using SSH clients like putty.
Matilda Discover Architecture #
The Matilda Discovery Architecture Diagram describes the components of the product, and highlights the database (The Discover Analysis DB) in which the data about your applications and their supporting software and hardware is stored, for subsequent use by Matilda Migrate which automates the migration of the discovered applications to the clouds of your choice..
Matilda Server Requirements (Per Data Center) – 1000 Nodes #
VM Requirements #
Compute Requirements #
- vCPU – 12
- Memory – 24 GB
- Number of instances – 1
File System Requirements #
- Root (/) – 40 GB
- Var(/var) – 90 GB
- Matilda Tool(/data) – 350 GB
Supported Operating Systems for the Matilda Server #
- CentOS 7.8 or 7.9
- Ubuntu 18.04 or 20.04
Ports to be Open on the Matilda Server #
- Ports for Inbound traffic: 22, 32000 & 31111
- Ports for Outbound traffic: 22, 5985/5986, 445, 1433, 1521, 3306, 27017 or Custom DB ports
Matilda SME Access on the Matilda Server #
- User account with root permissions should be created on the server.
- Enable switching to root context with no password authentication on Matilda Server
If the Matilda Server is Accessed Through a Bastion or Citrix Server #
- If accessing “Bastion Server” or “Citrix” to connect Matilda Server, the following software’s and ports are required:
- Putty- Version 0.74
- Google Chrome – Version 87.0
- Microsoft Office Excel
- Access to Matilda server from Bastion
If the Matilda Server is running behind a proxy server to connect to the Internet. #
- http_proxy=http://SERVER:PORT/
- http_proxy=http://USERNAME:PASSWORD@SERVER:PORT/ (if using password)
- https_proxy=http://SERVER:PORT/
- https_proxy=http://USERNAME:PASSWORD@SERVER:PORT/ (if using password)
Provide Access to the Matilda Repository URLs below: #
If you are unable to download the docker images, please use the below policies in your S3 bucket:
- arn:aws:s3:::docker-images-prod
- arn:aws:s3:::docker-images-prod/*
Matilda software installation pre-requisites on the Matilda Server #
Package List: #
- git
- openssl
- curl
- wget
Generate SSL certificates #
CA Certificate: #
- Follow internal process to procure CA certs and copy key and cert files to Matilda Server(/var/tmp/tls.key and /var/tmp/tls.crt)
Self-Signed Certificates: #
- Pick the path where the generated cert needs to be saved.
- Below command is given considering there is a path /var/tmp
- RUN the below command from any location as root user.
openssl req -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out /var/tmp/tls.crt -keyout /var/tmp/tls.key -subj “/C=US/ST=TX/L=Dallas/O=Discovery/OU=Migration/CN=matilda_ip_address or dns_name”
The Minimum Accounts and Permissions for the successful Discovery of Compute Devices #
Service or application account | Account type (Local, AD, Database) |
Interactive? (Yes or No) |
Platform | Privileges required | Purpose and services/components (See the column description) |
Matilda_SVC | Local/AD | NO | Windows | Local Admin Role on Windows, WINRM Service Enabled and running. | To discover the assets, and utilizations and Dependencies. |
Matilda_SVC | Local/AD | NO | NON-Windows | SSH Access to the instances
Read access on all Non-Root Folders and Files Service Account Login Shell should be “BASH” Password less SUDO Access is required for Commands provided here Comment “Defaults requiretty” in “\etc\sudoers” file |
To discover the assets, and utilizations and Dependencies. |
Matilda_DB_SVC | Database | NO | ORACLE | DB Account for Databases with Select_Catalog_Role. | To discover the ORACLE Databases |
Matilda_DB_SVC | Database | NO | MSSQL | DB Account with view Server state Permissions and Select Access on system tables.
Matilda DB discovery prerequisites – Matilda Discovery – Confluence (atlassian.net) |
To discover the MSSQL Databases. |
Matilda_DB_SVC | Database | No | MariaDB/MySQL | DB Account with view Server state Permissions and Select Access on system tables.
Matilda DB discovery prerequisites – Matilda Discovery – Confluence (atlassian.net) |
To discover the MariaDB/MySQL Databases. |
Matilda_DB_SVC | Database | No | MongoDB | DB Account with view Server state Permissions and Select Access on system tables.
Matilda DB discovery prerequisites – Matilda Discovery – Confluence (atlassian.net) |
To discover the MongoDB Databases. |
* All the Accounts including DB Accounts (Oracle and MSSQL) should be created ahead and uploaded to Matilda Platform.
* All the Accounts uploaded to Matilda Platform are securely stored in HashiCorp Vault
* Matilda Provides plugins to integrate with CyberArk and Centrify.
* All Services can be uploaded to Matilda using the web interface.
Minimum Ports to be opened on the Target Assets for successful Discovery #
Port | Platform | Source | Target | Interaction | Purpose and services/components (See the column description) |
ICMP | ALL | Matilda VM | ALL | System to System | Matilda can detect the device only if ICMP is enabled on device. |
22 | LINUX/UNIX | Matilda VM on Customer Network | LINUX/UNIX Machine on Customer Network | System to System | Matilda probe logins to the Linux Asset and completes the discovery using SSH connection. |
161/162 | ALL | Matilda VM | ALL | System to System | Matilda can identify the type of Device only if SNMP is enabled on the Device and 161/162 port is enabled. This Port is Optional. |
5985 | WINDOWS | Matilda VM on Customer Network | Windows Machines on Customer Network | System to System | Matilda probe logins to the Windows Asset and completes the discovery using WINRM Connection. |
445 | WINDOWS | Matilda VM on Customer Network | Windows Machines on Customer Network | System to System | To let Service Account login to the Windows Asset and read the configuration files |
1433* | MSSQL | Matilda VM on Customer Network | SQL Servers on Customer Network | System to System | To let Service Account login to the MSSQL Server using SQL Server port. If Customer has configured Custom Port for SQL Server, respective port should be enabled. |
1521* | ORACLE | Matilda VM on Customer Network | ORACLE Servers on Customer Network | System to System | To let Service Account login to the ORACLE Server using Oracle Server port. If Customer has configured Custom Port for Oracle Server, respective port should be enabled. |
3306 | MariaDB/MySQL | Matilda VM on Customer Network | MySQL/MariaDB Servers on Customer Network | System to System | To let Service Account login to the MariaDB/MySQL Server using MariaDB/MySQL Server port. If Customer has configured Custom Port for Oracle Server, respective port should be enabled. |
27017 | MongoDB | Matilda VM on Customer Network | MongoDB Servers on Customer Network | System to System | To let Service Account login to the MongoDB Server using MongoDB Server port. If Customer has configured Custom Port for Oracle Server, respective port should be enabled. |
*All the Ports including DB Ports should be enabled on the Target DB Servers.
If DB server was configured with any custom DB port, use custom DB port communication from Matilda Discovery instance to DB instances.
Discovery IP Request Template Link #
Use this template to fill in the details for Assets that need to be discovered. The template uses the following mandatory entries:
- IP Address (Single IP Address, Range of IP Address or CIDR)
- Account Name (For Login)
- Application Name
- Environment
- Data Center
- Region
- Line of Business
Refer to the Discovery Request Template at the URL below:
Application Template Link #
Matilda allows the user to add the business applications and application host mapping through the Matilda website. Use this template if you would like to upload Applications into Matilda Discover and manage application groups and dependencies.
Application Name #
‘Application_Name’, ‘Environment’, and ‘Business_Criticality’ are mandatory fields to be filled by the user.
To upload an application into Discover use the Application Template from the URL below:
Application Host Mapping #
‘Application_Name’ and ‘IP_Address’ are mandatory fields in this template
Use the App Host Mapping template from the URL below to create your custom mappings :
Pre-requisites on Linux/UNIX Target Servers (To be discovered) #
Account Creation: #
- Create a service account with a sudo password less authentication access and read access on all the file systems and files on target assets.
- Community name for SNMP details.
- Comment line “Defaults requiretty” in “/etc/sudoers” file
- Below commands require sudo privileges https://matildacloud.atlassian.net/wiki/spaces/MM/pages/878116908/Matilda+Discovery+Commands+list
Ports and Services Access Requirements #
- ICMP Ping
- UDP 161/162 for SNMP – Optional
- 22 – SSH
- For detailed service discovery results (Apache, Nginx, Tomcat, Jboss, Kubernetes, WebLogic etc…), add matilda discovery service account to necessary Linux/UNIX system groups to read the service configuration files.
- Client to notify Matilda team whether NFS/CIFS file system, external mounts, and network mounts to be scanned
Pre-requisites on Windows Target Servers (To be discovered) #
Account Creation: #
- Create a service account with a member of the Admin Group and the Remote Management Group with read access on all the file systems and files on target assets.
- Community Name for SNMP details.
- Configure WinRM to accept remote connections from Matilda Discovery instance.
- Allow Windows servers firewall to accept WinRM connections from Matilda Discovery instance.
Ports and Services Access Requirements #
- ICMP Ping
- UDP 161/162 for SNMP – Optional
- 5985/5986 – WinRM service
- 445
- File Read access on entire file system on target assets.
- As a administrator in PowerShell enable WinRM service (winrm quickconfig).
The Client should notify the Matilda team if NFS/CIFS file system, external mounts, and network mounts need to be scanned. Client should verify if any antivirus agents are present. If they are present, add/enable an exception to allow WinRM session (wsman) to run PowerShell commands.
Pre-requisites for Oracle DB’s (To be discovered) #
- Standard 1521 Port or custom ORACLE Server port to be opened between Matilda Server and ORACLE Server.
- New oracle user need be created for oracle deep dive discovery
- Grant select_catalog_role to newly created users
- https://matildacloud.atlassian.net/wiki/spaces/MM/pages/1333592069/Matilda+DB+discovery+prerequisites
Pre-requisites for SQL DB’s (To be discovered) #
- SQL User using Windows Authentication or SQL Server Credentials
- Standard 1433 Port or custom SQL Server port to be opened between Matilda Server and SQL Server
- To perform SQL server discovery should create local SQL user with SQL authentication and grant view access to the list of tables provided below. User should have grant permissions on “View Server State”
- https://matildacloud.atlassian.net/wiki/spaces/MM/pages/1333592069/Matilda+DB+discovery+prerequisites
Pre-requisites for MySQL DB’s (To be discovered) #
- Standard 3306 port or custom MySQL port to be opened between Matilda Server and MySQL Server
- New MySQL user need be created for MySQL deep dive discovery
- Grant the view access to the list of tables provided below:
- https://matildacloud.atlassian.net/wiki/spaces/MM/pages/1333592069/Matilda+DB+discovery+prerequisites
Pre-requisites for MongoDB’s (To be discovered) #
- Standard 27017 port or custom MongoDB port to be opened between Matilda Server and MongoDB
- New MongoDB user need be created for MongoDB deep dive discovery
- Grant the view access to the list of tables provided below.
- https://matildacloud.atlassian.net/wiki/spaces/MM/pages/1333592069/Matilda+DB+discovery+prerequisites
RACI Matrix #
Description | Responsibility |
Matilda Discovery VM provisioning | Client |
Matilda SME On Boarding with required user account privileges | Client |
Service account creation/validation with required privileges for Windows & Linux as requested in the document | Client |
DB account creation with required privileges for ORACLE/MSSQL/MariaDB/MySQL/MongoDB Servers | Client |
VPN/VDI/RDP Access and Matilda SNE Access to Matilda Discovery VM | Client |
Fill Discovery Template and upload to Matilda or Share with Matilda. Business Application Name mapping with IP Address is preferred | Client |
Set up of Matilda Discovery Platform on the provisioned VM | Matilda |
Pre-check and validation of Matilda deployment | Matilda |
Windows/Linux Service Accounts and DB Accounts Need to be Updated in Matilda Discovery Web Interface | Client/Matilda |
Dry Run for handpicked Servers (windows, Linux for different Execution Methods like sudo, dzdo and pbrun) to test end to end | Client/Matilda |
Pre-Check for the identified IP’s to verify all the pre-requisites met | Client/Matilda |
Initiate Discovery of the targeted assets (Windows/Linux/UNIX) | Matilda |
Utilizations Collections/Connections includes Memory, CPU, Storage, Network connections etc. | Matilda |
Assessment and Reporting | Matilda |
Matilda Discover Installation Steps #
Run the below Script (Kubernetes standalone setup) #
Download the installation git repository from the location below:
# git clone https://bitbucket.org/matildaapp/discovery_setup.git
Change the directory to discovery_setup and set executable permissions to installation script
# cd discovery_setup
# chmod +x matilda_install.sh
Update the installation directory, TLS cert and TLS key path in config file execute the below script
# vim config
INSTALL_DIR=<Matilda team to share>
USERNAME=<Matilda team to share>
PASSWORD=<Matilda team to share>
TLS_KEY_PATH=<Client to provide>
TLS_CRT_PATH=<Client to provide>
DNS_Name=<Client to provide>
EMAIL=<Matilda team to share>
# ./matilda_install.sh config
*Config updates are mandatory and without proper configs, installation will not be proceeded.
External Identity Provider Integration Steps (Optional) #
Please refer the below documentation for OIDC and SAML integration https://matildacloud.atlassian.net/wiki/spaces/MM/pages/2204106753/External+Identity
Matilda Application URLs #
Discovery URL: http://<dns_name:32000>
Logins: Single sign on email / local login id
Password: < Admin password > The Matilda team will share the local admin credentials
Support #
Matilda support is offered by email during working hours Monday-Friday.
Please contact info@matildacloud.com for assistance.