Customer private cloud - On-premises installation
Overview
In this deployment model Entitle is deployed on the customer’s infrastructure. No transactions or data leave the customer’s environment. This guide will walk you through the steps required to set up Entitle's on-premises in your environment.
For more information about Entitle's other deployment models, please visit Security Assurance page.
Data Entitle uses and where it is stored
| Information/deployment model | Public cloud | Public + private clouds - self-hosted | Private cloud - on-premises |
|---|---|---|---|
| Secrets and Access Tokens to 3rd party services and apps | Entitle Cloud, Stored in AWS Secrets Manager and encrypted by AWS KMS | In a vault hosted by the customer | In a vault hosted by the customer |
| Users’ names, accounts, and emails | Entitle Cloud, Encrypted | Entitle Cloud, Encrypted | In customer cloud storage hosted and encrypted by the customer |
| User permissions (assignment of roles to users) | Entitle Cloud, Encrypted | Entitle Cloud, Encrypted | In customer cloud storage hosted and encrypted by the customer |
| Resources and roles mapping | Entitle Cloud, Encrypted | Entitle Cloud, Encrypted | In customer cloud storage hosted and encrypted by the customer |
| Entitle operational logs | Entitle Cloud, Encrypted | Entitle Cloud and hosted by the customer, Encrypted | In customer log aggregation service hosted and encrypted by the customer |
Entitle On-Premises Deployment Architecture
Prerequisites
Minimal hardware requirements
- Disk space: 50 GB
- Memory: 10 GB
- CPU: 5000m (approx. 5 cores)
For 500 users
Software requirements
Distribution requirements
To proceed to the installation, please contact Entitle's representative to provide you with a username and a password for Replicated, where the on-premises deployment distribution resides.
Installation
The installation process consists of three steps:
- Infrastructure setup - Install the required infrastructure services in order to use Entitle, including:
- Services
- Database instance
- Jobs
- Release management
- Logging
- Core setup - Configure a tenant and a first administrator user.
- Instant Messaging setup - Set up the Entitle Bot in your preferred Instant Messaging platform. The Bot will be used by employees to create and approve permissions and access requests.
Infrastructure setup
- Use the Replicated credentials provided by Entitle representative as the values of
%USERNAMEand%PASSWORD%, and run the following commands in your cluster:
helm registry login registry.replicated.com --username %USERNAME% --password %PASSWORD%
helm install entitle-infra oci://registry.replicated.com/entitle-infra/unstable/entitle-infra
Core setup
- To craft the on-premises deployment to your organization - please edit the values of the YAML template below and save its content to a file called
mainapi.yaml, where:COMPANY_NAME- a name that represents your organizationCOMPANY_DOMAIN- the domain of your organization, which employees will log in to Entitle withADMIN_EMAIL- the email of the first Entitle adminADMIN_FIRST_NAME- the admin's first nameADMIN_LAST_NAME- the admin's last name
main-api:
companiesDbInitJob:
enabled: true
envFromUser:
- name: COMPANY_NAME
value: "%YOUR_COMPANY_NAME%"
- name: COMPANY_DOMAIN
value: "%YOUR_COMPANY_DOMAIN%"
- name: ADMIN_EMAIL
value: "%ADMIN_ACCOUNT_EMAIL_ADDRESS%"
- name: ADMIN_FIRST_NAME
value: "%ADMIN_FIRST_NAME%"
- name: ADMIN_LAST_NAME
value: "%ADMIN_LAST_NAME%"
- An example of the
mainapi.yamlvalues:
Joseph Cohen is an employee of ACME corp, his email address is [email protected], and he will be the administrator of Entitle.
main-api:
companiesDbInitJob:
enabled: true
envFromUser:
- name: COMPANY_NAME
value: "Acme"
- name: COMPANY_DOMAIN
value: "acme.corp"
- name: ADMIN_EMAIL
value: "[email protected]"
- name: ADMIN_FIRST_NAME
value: "Joseph"
- name: ADMIN_LAST_NAME
value: "Cohen"
- Use the Replicated credentials provided by Entitle representative as the values of
%USERNAMEand%PASSWORD%, and run the following commands in your cluster:
helm registry login registry.replicated.com ---username %USERNAME% --password %PASSWORD%
helm install entitle-core oci://registry.replicated.com/entitle-core/unstable/entitle-core --values=values.mainapi.yaml
Standard Kubernetes network connectivity and monitoring should be applied.
Maintenance procedures are handled by Replicated.
Instant messaging - Teams setup
Please follow the Entitle App Guide for Microsoft Teams.
Test your installation
- Log in by SSO to your Entitle on-premises application (domain is set by Kubernetes ingress), using the administrator email address provided in the
mainapi.yamlfile - Create your first workflow
- Connect your IdP and provide Entitle with your users’ names and emails
- Add your first integration out of the large number of applications supported by Entitle
- Don't forget to Test your integration
You're all set!
Feel free to reach out to Entitle representative on any question that comes up!
Updated about 1 month ago