Matilda Discover Installation Guide

Table of Contents

Matilda Discover Installation Pre-Requisites #

 

Matilda SME Discover Access Requirements #

  • Matilda SME should have VPN access to connect client network.
  • Matilda SME should be able to connect to Matilda instance using SSH clients like putty.

 

Matilda Discover Architecture #

The Matilda Discovery Architecture Diagram describes the components of the product, and highlights the database (The Discover Analysis DB) in which the data about your applications and their supporting software and hardware is stored, for subsequent use by Matilda Migrate which automates the migration of the discovered applications to the clouds of your choice..

Matilda.Discover.Architecture

 

Matilda Server Requirements (Per Data Center) – 1000 Nodes #

 

VM Requirements #

 

Compute Requirements #

  • vCPU – 12
  • Memory – 24 GB
  • Number of instances – 1

 

File System Requirements #

  • Root (/) – 40 GB
  • Var(/var) – 90 GB
  • Matilda Tool(/data) – 350 GB

 

Supported Operating Systems for the Matilda Server #

  • CentOS 7.8 or 7.9
  • Ubuntu 18.04 or 20.04

 

Ports to be Open on the Matilda Server #

  • Ports for Inbound traffic: 22, 32000 & 31111
  • Ports for Outbound traffic: 22, 5985/5986, 445, 1433, 1521, 3306, 27017 or Custom DB ports

 

Matilda SME Access on the Matilda Server #

  • User account with root permissions should be created on the server.
  • Enable switching to root context with no password authentication on Matilda Server

 

If the Matilda Server is Accessed Through a Bastion or Citrix Server #

  • If accessing “Bastion Server” or “Citrix” to connect Matilda Server, the following software’s and ports are required:
  • Putty- Version 0.74
  • Google Chrome – Version 87.0
  • Microsoft Office Excel
  • Access to Matilda server from Bastion

 

If the Matilda Server is running behind a proxy server to connect to the Internet. #

  • http_proxy=http://SERVER:PORT/
  • http_proxy=http://USERNAME:PASSWORD@SERVER:PORT/ (if using password)
  • https_proxy=http://SERVER:PORT/
  • https_proxy=http://USERNAME:PASSWORD@SERVER:PORT/ (if using password)

 

Provide Access to the Matilda Repository URLs below: #

If you are unable to download the docker images, please use the below policies in your S3 bucket:

  • arn:aws:s3:::docker-images-prod
  • arn:aws:s3:::docker-images-prod/*

 

Matilda software installation pre-requisites on the Matilda Server #

 

Package List: #

  • git
  • openssl
  • curl
  • wget

 

Generate SSL certificates #

 

CA Certificate: #

  • Follow internal process to procure CA certs and copy key and cert files to Matilda Server(/var/tmp/tls.key and /var/tmp/tls.crt)

 

Self-Signed Certificates: #

  • Pick the path where the generated cert needs to be saved.
  • Below command is given considering there is a path /var/tmp
  • RUN the below command from any location as root user.

openssl req -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out /var/tmp/tls.crt -keyout /var/tmp/tls.key -subj “/C=US/ST=TX/L=Dallas/O=Discovery/OU=Migration/CN=matilda_ip_address or dns_name

The Minimum Accounts and Permissions for the successful Discovery of Compute Devices #

 

Service or application account Account type
(Local, AD, Database)
Interactive?
(Yes or No)
Platform Privileges required Purpose and services/components
(See the column description)
Matilda_SVC Local/AD NO Windows Local Admin Role on Windows, WINRM Service Enabled and running. To discover the assets, and utilizations and Dependencies.
Matilda_SVC Local/AD NO NON-Windows SSH Access to the instances

Read access on all Non-Root Folders and Files

Service Account Login Shell should be “BASH”

Password less SUDO Access is required for Commands provided here

Commands List

Comment “Defaults requiretty” in “\etc\sudoers” file

To discover the assets, and utilizations and Dependencies.
Matilda_DB_SVC Database NO ORACLE DB Account for Databases with Select_Catalog_Role. To discover the ORACLE Databases
Matilda_DB_SVC Database NO MSSQL DB Account with view Server state Permissions and Select Access on system tables.

Matilda DB discovery prerequisites – Matilda Discovery – Confluence (atlassian.net)

To discover the MSSQL Databases.
Matilda_DB_SVC Database No MariaDB/MySQL DB Account with view Server state Permissions and Select Access on system tables.

Matilda DB discovery prerequisites – Matilda Discovery – Confluence (atlassian.net)

To discover the MariaDB/MySQL Databases.
Matilda_DB_SVC Database No MongoDB DB Account with view Server state Permissions and Select Access on system tables.

Matilda DB discovery prerequisites – Matilda Discovery – Confluence (atlassian.net)

To discover the MongoDB Databases.

 

* All the Accounts including DB Accounts (Oracle and MSSQL) should be created ahead and uploaded to Matilda Platform.

* All the Accounts uploaded to Matilda Platform are securely stored in HashiCorp Vault

* Matilda Provides plugins to integrate with CyberArk and Centrify.

* All Services can be uploaded to Matilda using the web interface.

 

Minimum Ports to be opened on the Target Assets for successful Discovery #

Port Platform Source Target Interaction Purpose and services/components
(See the column description)
ICMP ALL Matilda VM ALL System to System Matilda can detect the device only if ICMP is enabled on device.
22 LINUX/UNIX Matilda VM on Customer Network LINUX/UNIX Machine on Customer Network System to System Matilda probe logins to the Linux Asset and completes the discovery using SSH connection.
161/162 ALL Matilda VM ALL System to System Matilda can identify the type of Device only if SNMP is enabled on the Device and 161/162 port is enabled.  This Port is Optional.
5985 WINDOWS Matilda VM on Customer Network Windows Machines on Customer Network System to System Matilda probe logins to the Windows Asset and completes the discovery using WINRM Connection.
445 WINDOWS Matilda VM on Customer Network Windows Machines on Customer Network System to System To let Service Account login to the Windows Asset and read the configuration files
1433* MSSQL Matilda VM on Customer Network SQL Servers on Customer Network System to System To let Service Account login to the MSSQL Server using SQL Server port. If Customer has configured Custom Port for SQL Server, respective port should be enabled.
1521* ORACLE Matilda VM on Customer Network ORACLE Servers on Customer Network System to System To let Service Account login to the ORACLE Server using Oracle Server port. If Customer has configured Custom Port for Oracle Server, respective port should be enabled.
3306 MariaDB/MySQL Matilda VM on Customer Network MySQL/MariaDB Servers on Customer Network System to System To let Service Account login to the MariaDB/MySQL Server using MariaDB/MySQL Server port. If Customer has configured Custom Port for Oracle Server, respective port should be enabled.
27017 MongoDB Matilda VM on Customer Network MongoDB Servers on Customer Network System to System To let Service Account login to the MongoDB Server using MongoDB Server port. If Customer has configured Custom Port for Oracle Server, respective port should be enabled.

 

 

*All the Ports including DB Ports should be enabled on the Target DB Servers.

If DB server was configured with any custom DB port, use custom DB port communication from Matilda Discovery instance to DB instances.

Discovery IP Request Template Link #

Use this template to fill in the  details for Assets that need to be discovered. The template uses the following mandatory entries:

  • IP Address (Single IP Address, Range of IP Address or CIDR)
  • Account Name (For Login)
  • Application Name
  • Environment
  • Data Center
  • Region
  • Line of Business

 

Refer to  the Discovery Request Template at the URL below:

 

Application Template Link #

Matilda allows the user to add the business applications and application host mapping through the Matilda website. Use this template if you would like to upload Applications into Matilda Discover and manage application groups and dependencies.

Application Name #

‘Application_Name’, ‘Environment’, and ‘Business_Criticality’ are mandatory fields to be filled by the user.

To upload an application into Discover use the Application Template from the URL below:

 

Application Host Mapping #

‘Application_Name’ and ‘IP_Address’ are mandatory fields in this template

Use the App Host Mapping template from the URL below to create your custom mappings :

 

Pre-requisites on Linux/UNIX Target Servers (To be discovered) #

 

Account Creation: #

 

Ports and Services Access Requirements #

  • ICMP Ping
  • UDP 161/162 for SNMP – Optional
  • 22 – SSH
  • For detailed service discovery results (Apache, Nginx, Tomcat, Jboss, Kubernetes, WebLogic etc…), add matilda discovery service account to necessary Linux/UNIX system groups to read the service configuration files.
  • Client to notify Matilda team whether NFS/CIFS file system, external mounts, and network mounts to be scanned

 

Pre-requisites on Windows Target Servers (To be discovered) #

 

Account Creation: #

  • Create a service account with a member of the Admin Group and the Remote Management Group with read access on all the file systems and files on target assets.
  • Community Name for SNMP details.
  • Configure WinRM to accept remote connections from Matilda Discovery instance.
  • Allow Windows servers firewall to accept WinRM connections from Matilda Discovery instance.

 

Ports and Services Access Requirements #

  • ICMP Ping
  • UDP 161/162 for SNMP – Optional
  • 5985/5986 – WinRM service
  • 445
  • File Read access on entire file system on target assets.
  • As a administrator in PowerShell enable WinRM service (winrm quickconfig).

The Client should notify the Matilda team if NFS/CIFS file system, external mounts, and network mounts need to be scanned. Client should verify if any antivirus agents are present. If they are present, add/enable an exception to allow WinRM session (wsman) to run PowerShell commands.

 

Pre-requisites for Oracle DB’s (To be discovered) #

 

Pre-requisites for SQL DB’s (To be discovered) #

 

Pre-requisites for MySQL DB’s (To be discovered) #

 

Pre-requisites for MongoDB’s (To be discovered) #

 

RACI Matrix #

 

Description Responsibility
Matilda Discovery VM provisioning Client
Matilda SME On Boarding with required user account privileges Client
Service account creation/validation with required privileges for Windows & Linux as requested in the document Client
DB account creation with required privileges for ORACLE/MSSQL/MariaDB/MySQL/MongoDB Servers Client
VPN/VDI/RDP Access and Matilda SNE Access to Matilda Discovery VM Client
Fill Discovery Template and upload to Matilda or Share with Matilda. Business Application Name mapping with IP Address is preferred Client
Set up of Matilda Discovery Platform on the provisioned VM Matilda
Pre-check and validation of Matilda deployment Matilda
Windows/Linux Service Accounts and DB Accounts Need to be Updated in Matilda Discovery Web Interface Client/Matilda
Dry Run for handpicked Servers (windows, Linux for different Execution Methods like sudo, dzdo and pbrun) to test end to end Client/Matilda
Pre-Check for the identified IP’s to verify all the pre-requisites met Client/Matilda
Initiate Discovery of the targeted assets (Windows/Linux/UNIX) Matilda
Utilizations Collections/Connections includes Memory, CPU, Storage, Network connections etc. Matilda
Assessment and Reporting Matilda

 

Matilda Discover Installation Steps #

 

Run the below Script (Kubernetes standalone setup) #

Download the installation git repository from the location below:

# git clone https://bitbucket.org/matildaapp/discovery_setup.git

Change the directory to discovery_setup and set executable permissions to installation script

# cd discovery_setup

# chmod +x matilda_install.sh

Update the installation directory, TLS cert and TLS key path in config file execute the below script

# vim config

INSTALL_DIR=<Matilda team to share>
USERNAME=<Matilda team to share>
PASSWORD=<Matilda team to share>
TLS_KEY_PATH=<Client to provide>

TLS_CRT_PATH=<Client to provide>

DNS_Name=<Client to provide>
EMAIL=<Matilda team to share>

# ./matilda_install.sh config

*Config updates are mandatory and without proper configs, installation will not be proceeded.

External Identity Provider Integration Steps (Optional) #

Please refer the below documentation for OIDC and SAML integration https://matildacloud.atlassian.net/wiki/spaces/MM/pages/2204106753/External+Identity

Matilda Application URLs #

Discovery URL: http://<dns_name:32000>

Logins: Single sign on email / local login id

Password: < Admin password >   The Matilda team will share the local admin credentials

Support #

Matilda support is offered by email during working hours Monday-Friday.

Please contact info@matildacloud.com for assistance.

Powered by BetterDocs