Matilda Discover Architecture #

The diagram below describes the components of Matilda Discover, and highlights the Discover Analysis Database, in which the data about your applications and their supporting software and hardware is stored for subsequent use by Matilda Migrate. Matilda Migrate automates the migration of the discovered applications to the clouds of your choice.

Matilda Discover Installation  #

The following installation guide pertains to on-premise installation. Please contact Matilda Cloud to assist with on-premise installation. 

Matilda Server Requirements #

Supported Operating Systems #

Note: cat /etc/os-release provides the details related to each operating system

Required Matilda Server Capacity #

Ports to be Open on the Matilda Server #

Access to External URLs #

The Matilda Discover server needs access to the external URLs below to set up Matilda Discover.

• https://auth.docker.io/
• https://bitbucket.org/
• https://dev.azure.com/
• https://hub.docker.com/
• https://matildacloud.atlassian.net/
• https://production.cloudflare.docker.com/
• https://registry-1.docker.io/
• https://dl.fedoraproject.org/

If you are unable to download the docker images, please use the below policies in your S3 bucket:

• arn:aws:s3:::docker-images-prod
• arn:aws:s3:::docker-images-prod/*

Matilda Software Installation Prerequisites – Linux Commands #

SSH into the instance and switch to root to execute the following commands:

To install the prerequisite Linux commands on a RHEL/Centos instance, please install the packages below:

# yum install -y git curl unzip bind-utils nmap-ncat openssl tar

To install the prerequisite Linux commands on an Ubuntu instance, install the packages below:

# apt-get install -y git curl unzip bind-utils nmap-ncat openssl tar

Steps for Running a Precheck on the Server #

For on-premise installation, Matilda Cloud will conduct prechecks on the environment.

1. Clone the below repository as root. The Matilda team will provide the necessary credentials to clone the git repository.

# git clone https://dev.azure.com/matildabuild/migrate/_git/discover 

2. Change the directory to discover.

# cd discover

3. Create a directory named /matilda and mount additional storage (350GB).

# mkdir /matilda

4. Run the binary script of matilda_precheck.sh and fix the errors.

# ./matilda_precheck.sh

The precheck script will fail in any one of the following cases:

• If the VM requirements (CPU/Memory/FileSystem Size) are not met.
• If the installation prerequisites commands list is not executed prior to the precheck.
• If the mount point /matilda is not created.

Matilda SME Access on the Matilda Server #

• The user account with root permissions must be created on the server.
• Enable switching to root context with no password authentication on Matilda Server

If the Matilda Server is Accessed Through a Bastion or Citrix server #

If accessing bastion server or Citrix server to connect to the Matilda Server, the following software and ports are required:

• Putty- Version 0.74 (any SSH client software)
• Google Chrome – Version 87.0
• Microsoft Office Excel
• Access to Matilda server from Bastion

If the Matilda Server is Running Behind a Proxy Server to Connect to the Internet #

Please perform the following steps:

1. Create the directory below:

#mkdir -p /etc/systemd/system/docker.service.d

2. Create and update the following file with the needed content

#vi /etc/systemd/system/docker.service.d/http-proxy.conf

File contents (if not using password):

[Service]

Environment=”HTTP_PROXY=http://<proxy_URL>:<port>”

Environment=”HTTPS_PROXY=https://proxy_URL:<port>”

If you are using a password to connect to the proxy, then update the following content in the file:

[Service]

http_proxy=http://SERVER:PORT/

http_proxy=http://USERNAME:PASSWORD@SERVER:PORT/ (if using password)

https_proxy=http://SERVER:PORT/

https_proxy=http://USERNAME:PASSWORD@SERVER:PORT/ (if using password)

3. Start the required services below:

#systemctl daemon-reload

#systemctl restart docker

Generate SSL certificates #

CA Certificate #

Follow your internal process to procure CA certificates and copy key and cert files to the Matilda server. Share the certificate’s location on the server to the Matilda SME.

Self-Signed Certificates #

Self-signed certificates will be automatically generated during installation. 

Discovery IP Request Template Link #

Use this template to fill in the details for assets that need to be discovered. The template uses the following mandatory entries:

• IP Address (Single IP Address, Range of IP Address or CIDR)
• Account Name (For Login)
• Application Name
• Environment
• Data Center
• Region
• Line of Business

Discovery Request Template #

The discovery input request template will be shared by the Matilda SME prior to installation. 

The Minimum Accounts and Permissions for a Successful Discovery of the Target Environment #

• All the accounts including database accounts (Oracle and MSSQL) should be created ahead and uploaded to Matilda platform.
• All the accounts uploaded to Matilda platform are securely stored in HashiCorp Vault
• Matilda provides plugins to integrate with CyberArk and Centrify.
• All Services can be uploaded to Matilda using the web interface.

Minimum Ports to be Opened on the Target Assets for Successful Discovery #

*All the Ports including database ports should be enabled on the target database servers. If the database server was configured with any custom database port, use custom database port communication from Matilda Discover instance to database instances. 

Prerequisites on Linux/UNIX Target Servers (to be discovered) #

*Follow the steps in the confluence pages to provide necessary privileges to the user account. If you are unable to access the confluence pages, please contact the Matilda team to gain access.

Matilda Discover Installation Steps #

Note: The preceding Matilda Discover Prerequisites must be properly performed before proceeding into the installation steps below.

Installation Support: Contact Matilda support team 24 hours prior to installation for necessary credentials for successful installation. The Matilda team will make necessary changes (IP whitelisting is required) to allow the connection from the client location to the Matilda installation repository. The provided credentials are valid for only 24 hours and this cannot be transferable to other systems.

Installation Steps #

1. Download the installation git repository from the following location:

# git clone https://dev.azure.com/matildabuild/migrate/_git/discover

2. Change the directory to discover and set executable permissions to installation script

# cd discover

# chmod +x matilda_install.sh

3. Update the config file in the installation directory. The Matilda team will provide the necessary details.

# vim config

USERNAME==<Matilda team to share>

PASSWORD=<Matilda team to share>

EMAIL=<Matilda team to share>

DNS_NAME=<Client to provide>

TLS_KEY_PATH=<Client to provide>

TLS_CRT_PATH=<Client to provide>

*Configuration updates are mandatory and without proper configuration, installation will not proceed.

4. Run the installation script.

# ./matilda_install.sh config

5. External Identity Provider Integration Steps (optional)

Please refer the below documentation for OIDC and SAML integration https://matildacloud.atlassian.net/wiki/spaces/MM/pages/2204106753/External+Identity

If you are unable to access the above confluence page, contact the Matilda team to gain access.

6. Once the installation is completed, use the following Matilda Application URLs:

• • Discovery URL: http://<dns_name>
  • Logins: Single sign on email / local login id
  • Password: < Admin password >   

The Matilda team will share the local admin credentials. SupportMatilda support is offered by email during working hours Monday-Friday. Please contact info@matildacloud.com for assistance.

RACI Matrix #

Client and Matilda Responsibilities