Matilda Discover Installation Guide

Matilda Discover Architecture #

The diagram below describes the components of Matilda Discover, and highlights the Discover Analysis Database, in which the data about your applications and their supporting software and hardware is stored for subsequent use by Matilda Migrate. Matilda Migrate automates the migration of the discovered applications to the clouds of your choice.

 

Matilda Discover Installation  #

The following installation guide pertains to on-premise installation. Please contact Matilda Cloud to assist with on-premise installation. 

Matilda Server Requirements #

Supported Operating Systems #

Operating System Versions Supported
RHEL 7.8 or 7.9 
CentOS 7.8 or 7.9
Ubuntu 18.04 or 20.04
SUSE 12 or 15

Note: cat /etc/os-release provides the details related to each operating system

 

Required Matilda Server Capacity #

Matilda Discover Requirements for a Customer Environment Size: 1-100 Instances
vCPU 4
RAM 8 GB
Storage 100 GB
File System Requirements Root(/) – 30 Gb

Var(/var) – 90 Gb

Tool(/matilda) – 100 Gb

User Access Requirements 1) User account with root permissions should be created on the server.

2) Enable switching to root context with no password authentication on Matilda Server.

 

Matilda Discover Requirements for a Customer Environment Size: 1-500 Instances
vCPU 8
RAM 16 GB
Storage 200 GB
File System Requirements Root(/) – 30 Gb

Var(/var) – 90 Gb

Tool(/matilda) – 200 Gb

User Access Requirements 1) User account with root permissions should be created on the server.

2) Enable switching to root context with no password authentication on Matilda Server.

  

Matilda Discover Requirements for a Customer Environment Size: 1-1000 Instances
vCPU 12
RAM 24 GB
RAM 350 GB
File System Requirements Root(/) – 30 Gb

Var(/var) – 90 Gb

Tool(/matilda) – 350 Gb

User Access Requirements 1) User account with root permissions should be created on the server.

2) Enable switching to root context with no password authentication on Matilda Server.

 

Ports to be Open on the Matilda Server #

Ports Direction Comments
22

443

8443

Incoming to Matilda Server Port 22 is to connect to server to deploy the tool

Ports 443 & 8443 are useful to run the Matilda Platform in customer environment and accessible Matilda Discover platform from VDI/VPN/Customer Internal Network

22

5985/5986

445

1433

1521

3306

27017

Custom Database Ports

Outgoing from Matilda Server SNMP: 161/162 (Optional)

Linux/Unix – SSH: 22

Windows – WinRM: 5985/5986 SMB: 445

Database Ports:

Oracle DB: 1521

MSSQL: 1433

MySQL: 3306

MongoDB: 27017

Cloud Services: HTTPS/443

 

Access to External URLs #

The Matilda Discover server needs access to the external URLs below to set up Matilda Discover.

 

If you are unable to download the docker images, please use the below policies in your S3 bucket:

  • arn:aws:s3:::docker-images-prod
  • arn:aws:s3:::docker-images-prod/*

 

Matilda Software Installation Prerequisites – Linux Commands #

SSH into the instance and switch to root to execute the following commands:

Packages Operating System-RHEL/Centos Operating System-Ubuntu
curl yum install -y curl apt-get install -y curl
git yum install -y git apt-get install -y git
host yum install -y host apt-get install -y host
nc yum install -y nc apt-get install -y nc
openssl yum install -y openssl apt-get install -y openssl
unzip yum install -y unzip apt-get install -y unzip
tar yum install -y tar apt-get install -y tar

 

To install the prerequisite Linux commands on a RHEL/Centos instance, please install the packages below:

# yum install -y git curl unzip bind-utils nmap-ncat openssl tar

 

To install the prerequisite Linux commands on an Ubuntu instance, install the packages below:

# apt-get install -y git curl unzip bind-utils nmap-ncat openssl tar

 

Steps for Running a Precheck on the Server #

For on-premise installation, Matilda Cloud will conduct prechecks on the environment.

  1. Clone the below repository as root. The Matilda team will provide the necessary credentials to clone the git repository.
# git clone https://dev.azure.com/matildabuild/migrate/_git/discover 
  1. Change the directory to discover.
# cd discover
  1. Create a directory named /matilda and mount additional storage (350GB).
# mkdir /matilda
  1. Run the binary script of matilda_precheck.sh and fix the errors.
# ./matilda_precheck.sh

 

The precheck script will fail in any one of the following cases:

  • If the VM requirements (CPU/Memory/FileSystem Size) are not met.
  • If the installation prerequisites commands list is not executed prior to the precheck.
  • If the mount point /matilda is not created.

 

Matilda SME Access on the Matilda Server #

  • The user account with root permissions must be created on the server.
  • Enable switching to root context with no password authentication on Matilda Server

 

If the Matilda Server is Accessed Through a Bastion or Citrix server #

If accessing bastion server or Citrix server to connect to the Matilda Server, the following software and ports are required:

  • Putty- Version 0.74 (any SSH client software)
  • Google Chrome – Version 87.0
  • Microsoft Office Excel
  • Access to Matilda server from Bastion

 

If the Matilda Server is Running Behind a Proxy Server to Connect to the Internet #

Please perform the following steps:

  1. Create the directory below:
#mkdir -p /etc/systemd/system/docker.service.d

 

  1. Create and update the following file with the needed content
#vi /etc/systemd/system/docker.service.d/http-proxy.conf

File contents (if not using password):

[Service]

Environment=”HTTP_PROXY=http://<proxy_URL>:<port>”

Environment=”HTTPS_PROXY=https://proxy_URL:<port>”

If you are using a password to connect to the proxy, then update the following content in the file:

[Service]

http_proxy=http://SERVER:PORT/

http_proxy=http://USERNAME:PASSWORD@SERVER:PORT/ (if using password)

https_proxy=http://SERVER:PORT/

https_proxy=http://USERNAME:PASSWORD@SERVER:PORT/ (if using password)

 

  1. Start the required services below:
#systemctl daemon-reload

#systemctl restart docker

 

Generate SSL certificates #

CA Certificate #

Follow your internal process to procure CA certificates and copy key and cert files to the Matilda server. Share the certificate’s location on the server to the Matilda SME.

 

Self-Signed Certificates #

Self-signed certificates will be automatically generated during installation. 

 

Use this template to fill in the details for assets that need to be discovered. The template uses the following mandatory entries:

  • IP Address (Single IP Address, Range of IP Address or CIDR)
  • Account Name (For Login)
  • Application Name
  • Environment
  • Data Center
  • Region
  • Line of Business

 

Discovery Request Template #

The discovery input request template will be shared by the Matilda SME prior to installation. 

 

The Minimum Accounts and Permissions for a Successful Discovery of the Target Environment #

  • All the accounts including database accounts (Oracle and MSSQL) should be created ahead and uploaded to Matilda platform.
  • All the accounts uploaded to Matilda platform are securely stored in HashiCorp Vault
  • Matilda provides plugins to integrate with CyberArk and Centrify.
  • All Services can be uploaded to Matilda using the web interface.

 

Minimum Ports to be Opened on the Target Assets for Successful Discovery #

Port Platform Source Target Interaction Purpose and services/components

(See the column description)

ICMP ALL Matilda VM ALL System to System Matilda can detect the device only if ICMP is enabled on the device.
22 LINUX/UNIX Matilda VM on Customer Network LINUX/UNIX Machine on Customer Network System to System Matilda probe logs in to the Linux Asset and completes the discovery using SSH connection.
161/162   ALL Matilda VM ALL System to System Matilda can identify the type of device only if SNMP is enabled on the device and 161/162 port is enabled.  This port is optional.
5985 WINDOWS Matilda VM on Customer Network Windows Machines on Customer Network System to System Matilda probe logs in to the Windows asset and completes the discovery using WINRM connection.
445 WINDOWS Matilda VM on Customer Network Windows Machines on Customer Network System to System To let the service account login to the Windows asset and read the configuration files
1433* MSSQL Matilda VM on Customer Network SQL Servers on Customer Network System to System To let the service account login to the MSSQL server using the SQL server port. If the customer has configured the custom port for the SQL server, the respective port should be enabled.
1521* ORACLE Matilda VM on Customer Network ORACLE Servers on Customer Network System to System To let the service account login to the ORACLE Server using the Oracle Server port. If the customer has configured a custom port for an Oracle server, the respective port should be enabled.
3306 MariaDB/MySQL Matilda VM on Customer Network MySQL/MariaDB Servers on Customer Network System to System To let the service account login to the MariaDB/MySQL server using the MariaDB/MySQL server port. If the customer has configured a custom port for an Oracle server, the respective port should be enabled.
27017 MongoDB Matilda VM on Customer Network MongoDB Servers on Customer Network System to System To let the service account login to the MongoDB Server using the MongoDB server port. If the customer has configured a custom port for an Oracle server, the respective port should be enabled.

*All the Ports including database ports should be enabled on the target database servers. If the database server was configured with any custom database port, use custom database port communication from Matilda Discover instance to database instances. 

 

Prerequisites on Linux/UNIX Target Servers (to be discovered) #

Service or application account Account type

(Local, AD, Database)

Interactive?

(Yes or No)

Platform Privileges required Purpose and services/components

(See the column description)

Matilda_SVC Local/AD NO Windows Local Admin Role on Windows, WINRM Service Enabled and running. To discover the assets, and utilizations and Dependencies.
Matilda_SVC Local/AD NO NON-Windows SSH Access to the instances

Read access on all Non-Root Folders and Files

Service Account Login Shell should be “BASH”

Password less SUDO Access is required for Commands provided here

Commands List

Comment “Defaults requiretty” in “\etc\sudoers” file

To discover the assets, and utilizations and Dependencies.
Matilda_DB_SVC Database NO ORACLE DB Account for Databases with Select_Catalog_Role

Oracle Database

To discover the ORACLE Databases
Matilda_DB_SVC Database NO MSSQL DB Account with view Server state Permissions and Select Access on system tables.

MSSQL Database

To discover the MSSQL Databases.
Matilda_DB_SVC Database No MariaDB/MySQL DB Account with view Server state Permissions and Select Access on system tables.

MySQL Database

To discover the MariaDB/MySQL Databases.
Matilda_DB_SVC Database No Mongo database Database account with view server state permissions and select access on system tables.

Mongo Database

To discover the MongoDB Databases.

*Follow the steps in the confluence pages to provide necessary privileges to the user account. If you are unable to access the confluence pages, please contact the Matilda team to gain access.

 

Matilda Discover Installation Steps #

Note: The preceding Matilda Discover Prerequisites must be properly performed before proceeding into the installation steps below.

Installation Support: Contact Matilda support team 24 hours prior to installation for necessary credentials for successful installation. The Matilda team will make necessary changes (IP whitelisting is required) to allow the connection from the client location to the Matilda installation repository. The provided credentials are valid for only 24 hours and this cannot be transferable to other systems.

 

Installation Steps #

  1. Download the installation git repository from the following location:
# git clone https://dev.azure.com/matildabuild/migrate/_git/discover

 

  1. Change the directory to discover and set executable permissions to installation script

# cd discover

# chmod +x matilda_install.sh

 

  1. Update the config file in the installation directory. The Matilda team will provide the necessary details.
# vim config

USERNAME==<Matilda team to share>

PASSWORD=<Matilda team to share>

EMAIL=<Matilda team to share>

DNS_NAME=<Client to provide>

TLS_KEY_PATH=<Client to provide>

TLS_CRT_PATH=<Client to provide>

*Configuration updates are mandatory and without proper configuration, installation will not proceed.

 

  1. Run the installation script.
# ./matilda_install.sh config

 

  1. External Identity Provider Integration Steps (optional)

Please refer the below documentation for OIDC and SAML integration https://matildacloud.atlassian.net/wiki/spaces/MM/pages/2204106753/External+Identity

If you are unable to access the above confluence page, contact the Matilda team to gain access.

  1. Once the installation is completed, use the following Matilda Application URLs:
    • Discovery URL: http://<dns_name>
    • Logins: Single sign on email / local login id
    • Password: < Admin password >   

 

The Matilda team will share the local admin credentials. SupportMatilda support is offered by email during working hours Monday-Friday. Please contact info@matildacloud.com for assistance.

 

RACI Matrix #

Client and Matilda Responsibilities

Description Responsibility
Matilda Discover VM provisioning Client
Matilda SME On Boarding with required user account privileges Client
Service account creation/validation with required privileges for Windows & Linux as requested in the document Client
Database account creation with required privileges for ORACLE/MSSQL/MariaDB/MySQL/MongoDB Servers Client
VPN/VDI/RDP Access and Matilda SNE Access to Matilda Discover VM Client
Fill Discovery Template and upload to Matilda or Share with Matilda. Business Application Name mapping with IP Address is preferred Client
Set up of Matilda Discover Platform on the provisioned VM Matilda
Pre-check and validation of Matilda deployment Matilda
Windows/Linux Service Accounts and database accounts need to be updated in Matilda Discover Web Interface Client/Matilda
Dry Run for handpicked servers (Windows, Linux for different execution methods like sudo, dzdo and pbrun) to test end to end Client/Matilda
Pre-Check for the identified IP’s to verify all the prerequisites met Client/Matilda
Initiate Discover of the targeted assets (Windows/Linux/UNIX) Matilda
Utilizations Collections/Connections include Memory, CPU, storage, network connections etc. Matilda
Assessment and Reporting Matilda

 

Powered by BetterDocs