On This Page
Installing TOS Classic
Tufin Orchestration Suite (TOS) Classic includes the following applications, SecureTrack, SecureChange, and SecureApp. During the installation process you can select which applications will be enabled.
See Licensing TOS for information on the required licenses.
Tufin Orchestration Suite should be treated as high-risk security resource, similar to how you would treat any LDAP product (for example, Active Directory). Therefore, you should only install Tufin Orchestration Suite in an appropriately secured network and physical location, and only authorized users should be granted access to TOS products and the operating system on the server.
Prerequisites
-
Verify locale
Changes to the locale configuration of the operating system can cause errors when you install or upgrade TOS. Make sure that the LANG value of the locale is set to
en_US.UTF-8
#
locale
LANG=en_US.UTF-8
...
LC_ALL=en_US.UTF-8If the locale is not set to
en_US.UTF-8
, change the locale as follows:For TufinOS or CentOS 7.x-
Edit the file
/etc/environment
LC_ALL=en_US.UTF-8
LANG=en_US.UTF-8 - Log out and log back in, and confirm the locale settings are correct.
-
-
Set Host Header
If your server is behind a NAT, the NAT device must be configured to send one of the following headers for each request:
X-Forwarded-Host
- usually used when the NAT device is a reverse proxyHOST
The header should also contain the remote host DNS name or IP. If a request does not include one of these headers, users will not be able to log in to SecureTrack.
Installing TOS Classic on a server
-
If your operating system is TufinOS:
-
Log in to the target server as user Tufin-admin.
-
run the command sudo -i
-
-
If your operating system is not TufinOS, log in to the target server as user root.
- Create the following directory: /opt/tufin/pkgs
- Copy the installation package file to /opt/tufin/pkgs
-
Run the following command on the TOS Classic server to verify package integrity:
sha1sum <filename>
where
<filename>
is in the format:tos-<TOS_version>-<release_level>-<TOS_build>-final-release.run.tgz
Compare the output to the number on the Tufin download site.
-
Extract the file:
tar zxvf <filename>
-
Run the screen command:
screen -S installtos
-
Run the extracted file:
/bin/sh <filename>
where
<filename>
is in the format:tos-<TOS_version>-<release_level>-<TOS_build>-final-release.run
-
If prompted to disable SELinux, select Yes.
-
When prompted, you can enable or disable a TOS application:
By default, SecureTrack, SecureChange, and SecureApp are enabled.
- To change the SecureTrack setting, enter:
1
- To change the SecureChange/SecureApp setting, enter:
2
- To change the Suite Administration setting, enter:
3
To apply the changes, enter:
c
To return to the product selection menu later, run:
tos conf
- To change the SecureTrack setting, enter:
-
For TOS Classic R21-3 HF5 and earlier running on TufinOS 3.100, we recommend manually configuring the SSH ciphers.
-
Install a valid license:
- Login to SecureTrack as an administrator.
- Go to: Settings > Administration > Licenses
-
Click Install to browse to the license file on your computer and click Open.
When you log in to SecureChange and click SecureApp you will see the application inventory page.
If you are going to use SecureChange or SecureApp, configure the following:
- SecureTrack server connection
- Mail server connection
- (optional) LDAP directory connection to use LDAP user accounts
- Local users and user roles
The TOS products are now installed and ready for you to login with your web browser.
You are now ready to build your applications and create workflows to manage your change requests, according to your product license.