Installing AppScan 360° on a single virtual machine

$ mv AppScan360_v1.4.0.run ascp-AppScan360_v1.4.0.run
$ mv AppScan360_ASRA_v1.4.0.run asra-AppScan360_ASRA_v1.4.0.run

[AppScan360_SingleVMsetup.run] ~/<AppScan360 extraction folder>/

1. Do you want to verify minimum resources requirements (y/n)?

   Default is y.

   • y: The script validates the availability of minimum resources required for scanning, specifically, CPU, RAM, and local storage. If the system meets minimum requirements, the script displays informational messages (INFO) confirming available resources. If the system does not meet minimum resources, the script displays error messages warning of insufficient resources.
   • n: The script checks the required resources and displays informational messages about the availability of required resources.

   Regardless of answer, the script proceeds with the install. However, if resources are insufficient you may have difficulty scanning.

2. Is the VM connected with the local DNS server (y/n)?

   Default is n.

   • y: The system uses the machine name (hostname) instead of requiring the IP address of the DNS server.
   • n: The system uses IP addresses directly for any network-related configurations or communications; it will not rely on DNS for resolving names.
3. Is the deployment targeted for POC (y/n)?
   Default is y.

   • y: The system generates a self-signed certificate. This is easier for testing but is not trusted by web browsers or clients. A self-signed certificate is suitable for internal use or when a custom certificate is not necessary, as would be the cast for most proof of concept (POC) deployments.
   • n: You must use an external certificate with the deployment. As such, the script asks:

     Do you want to use your certificate as the applicable external (out-of-cluster) facade (y/n)?

     Default is n.

     • y: Enter relevant details for the certificate, including CA signing certificate, and public and private keys.
     • n: The system generates a self-signed certificate. This is easier for testing but is not trusted by web browsers or clients. A self-signed certificate is suitable for internal use or when a custom certificate is not necessary.

   When you answer y to this question, the setup notes that the replicas count override is set to 1. This is not an editable setting in AppScan 360° single VM setup.

4. Do you want to use your own resources (BYOD): Docker Private Registry, Microsoft SQL Server, remote (NFS mounted) shared storage (y/n)?

   Default is n.

   • y: Use your own infrastructure or services and be ready to provide details related to Docker Private Registry, SQL server and storage, including location, credentials, and more.
   • n: Rely on the default resources provided by the setup script. The script installs the Docker Private Registry, SQL server and K0S in a local docker container.
5. What is the domain name?

   Default is appscan.il.

   • appscan.il: When installation is complete, the specified hostname is followed by the http://appscan.il domain. For example, https://lp1-ap-5224663.appscan.il.
   • your_domain: When installation is complete, the specified hostname is followed by the your domain. For example, https://lp1-ap-5224663.your_domain.
6. What is the shared storage capacity in GB?

   Default is 100.

   The shared storage is used for storing data that multiple components (like Docker containers or services in your system) will access or share, such as logs, configuration files, or persistent data. Make sure that the stated shared storage is available and that it will support desired scanning capacity.

7. Select desired external IDP mode. (AutoOnboard/GroupsAccess/ManualOnboard)

   Default is AutoOnboard.

   Specify how users will be onboarded or authenticated using an external IdP:

   • AutoOnboard: New users are automatically granted access based on predefined rules or roles from the IdP. The default user is "Admin" with global Admin credentials for logging in.
   • ManualOnboard: To manually onboard users after installation, connect to their respective Active Directory (AD)/LDAP/OAuth providers as noted in the next question.
   • GroupsAccess: Matches the group from the LDAP with that of "LdapAuthorizedGroups"; if it matches, AppScan 360° allows the user to AutoOnboard as a Tester.

   Note: If you select ManualOnboard or GroupsAccess and do NOT provide AD credentials in the next step, only the system defined default user ("Admin") will be able to log in AppScan 360°.
8. Do you want to connect with your Active Directory (AD) (y/n)?

   Default is n.

   • y: Integrate your deployment with Active Directory (AD) for managing user identities, authentication, and access control. This helps users to onboard directly while application installation is in progress. Enter the appropriate credentials and connection details to complete the connection.
   • n: Only the system defined default user ("Admin") will be able to log in AppScan 360°
9. Do you want to connect with your SMTP Mail Relay (SMR)(y/n)?

   Default is n.

   An SMTP mail relay is an intermediary server that accepts outgoing emails from your system and forwards them to the recipients' email servers. The relay helps ensure email delivery and can apply certain rules like spam filtering. In AppScan 360°, setup a relay to receive notification emails when a scan is completed, if a scheduled scan kicked off, and so on.

   • y: Integrate AppScan 360° with an SMTP Mail Relay for sending emails from the deployment. Enter the appropriate location and credentials for the SMR to complete the connection.
   • n: No SMTP server is set up; users cannot receive any related email notifications.

The setup process installs and configures numerous elements, including Kubernetes with an open source license, all of which are written back to the configuration file (singular-singular.clusterKit.properties) at the end of the installation.