Installing TOS Classic

Tufin Orchestration Suite (TOS) Classic includes the following applications, SecureTrack, SecureChange, and SecureApp. During the installation process you can select which applications will be enabled.

See Licensing TOS for information on the required licenses.

Tufin Orchestration Suite should be treated as high-risk security resource, similar to how you would treat any LDAP product (for example, Active Directory). Therefore, you should only install Tufin Orchestration Suite in an appropriately secured network and physical location, and only authorized users should be granted access to TOS products and the operating system on the server.

Prerequisites

  • Verify locale

    Changes to the locale configuration of the operating system can cause errors when you install or upgrade TOS. Make sure that the LANG value of the locale is set to en_US.UTF-8

    # locale
    LANG=en_US.UTF-8
    ...
    LC_ALL=en_US.UTF-8

    If the locale is not set to en_US.UTF-8, change the locale as follows:

  • Set Host Header

    If your server is behind a NAT, the NAT device must be configured to send one of the following headers for each request:

    • X-Forwarded-Host - usually used when the NAT device is a reverse proxy
    • HOST

    The header should also contain the remote host DNS name or IP. If a request does not include one of these headers, users will not be able to log in to SecureTrack. 

Installing TOS Classic on a server

  1. If your operating system is TufinOS:

    1. Log in to the target server as user Tufin-admin.

    2. run the command sudo -i

  2. If your operating system is not TufinOS, log in to the target server as user root.

  3. Create the following directory: /opt/tufin/pkgs
  4. Copy the installation package file to /opt/tufin/pkgs
  5. Run the following command on the TOS Classic server to verify package integrity:

    sha1sum <filename>

    where <filename> is in the format:

    tos-<TOS_version>-<release_level>-<TOS_build>-final-release.run.tgz

    Compare the output to the number on the Tufin download site.

  6. Extract the file:

    tar zxvf <filename>

  7. Run the screen command:

    screen -S installtos

  8. Run the extracted file:

    /bin/sh <filename>

    where <filename> is in the format:

    tos-<TOS_version>-<release_level>-<TOS_build>-final-release.run

  9. If prompted to disable SELinux, select Yes.

  10. When prompted, you can enable or disable a TOS application:

    By default, SecureTrack, SecureChange, and SecureApp are enabled.

    • To change the SecureTrack setting, enter: 1
    • To change the SecureChange/SecureApp setting, enter: 2
    • To change the Suite Administration setting, enter: 3

    To apply the changes, enter: c

    To return to the product selection menu later, run: tos conf

  11. For TOS Classic R21-3 HF5 and earlier running on TufinOS 3.100, we recommend manually configuring the SSH ciphers.

  12. Install a valid license:

    1. Login to SecureTrack as an administrator.
    2. Go to: Settings > Administration > Licenses
    3. licenses 4.5

    4. Click Install to browse to the license file on your computer and click Open.

      When you log in to SecureChange and click SecureApp you will see the application inventory page.

If you are going to use SecureChange or SecureApp, configure the following:

  1. SecureTrack server connection
  2. Mail server connection
  3. (optional) LDAP directory connection to use LDAP user accounts
  4. Local users and user roles

The TOS products are now installed and ready for you to login with your web browser.

You are now ready to build your applications and create workflows to manage your change requests, according to your product license.