Page created: 6 Nov 2020
|
Page updated: 12 May 2021
Complete the following steps to install PingIntelligence Dashboard:
- Create a
<ping_install_dir>
directory on your host machine. Make sure that the user has read and write permissions for the<ping_install_dir>
directory. - Download the PingIntelligence Dashboard binary
- Download Elasticsearch 6.8.1 (macOS/RHEL)
- Download Kibana 6.8.1 (RHEL 64-bit)
- Change directory to
ping_install_dir
:# cd pi_install_dir
- Untar the PingIntelligence Dashboard:
# tar -zxf pi-api-dashboard-4.4.tar.gz
- Change directory to
pingidentity/webgui/
# cd pingidentity/webgui/
- Install PingIntelligence Dashboard by entering the following command and follow the
instructions displayed on the prompt:
# ./bin/pi-install-ui.sh
elasticsearch-6.8.1.tar.gz file path > kibana-6.8.1-linux-x86_64.tar.gz file path > Use bundled ssl key and self signed certificate for ui server [y/n]? >[n] ssl private key path > ssl certificate path > Use default password [changeme] for all components and users [y/n]? > [n] UI login admin user 'admin' password > Renter UI login admin user 'admin' password > UI login regular user 'ping_user' password > Renter UI login regular user 'ping_user' password > ABS url > Use default access/secret key for ABS [y/n] ? > [n] ABS access key > ABS secret key > ASE management url > Use default access/secret key for ASE [y/n] ? > [n] ASE access key > ASE secret key > configuring elasticsearch… please wait for 15 seconds elasticsearch config is completed. configuring kibana…please wait 60 seconds kibana config is completed. configuring dashboard… generating new obfuscation master key dashboard config is completed. configuring webgui… generating new obfuscation master key webgui config is completed. saving auto generated credentials for all components to webgui_internal.creds file WebGUI installation completed. Start WebGUI [y/n] > [y] start elasticsearch... elasticsearch started. Log is available at elasticsearch/logs/elasticsearch.log start dashboard…… dashboard started. Log available at dashboard/logs/dashboard.log start kibana…… kibana started. Log available at kibana/logs/kibana.log start ui server…… UI server started. Log available at webgui/logs/admin/admin.log WebGUI started. Log available at webgui/logs/admin/admin.log Please access WebGUI at https://<pi_install_host>:8030 <pi_install_host> can be ip address, hostname or fully qualified domain name of this server. <pi_install_host> should be reachable from your computer. Important Action: 1) Credentials for all internal components are available in webgui_internal.creds file. Move this file from this server and securely keep it elsewhere. For any debugging purposes you will be asked to get credentials for a component from this file. 2) Two obfuscation master keys are auto-generated pingidentity/webgui/config/webgui_master.key pingidentity/dashboard/config/dashboard_master.key 3) For security purposes you should move obfuscation master keys from this server. But when components are restarted, master keys should be present at the original locations.
Verify the installation
You can verify the installation by checking the process IDs (PID) of each component. You
can check the
pid
of components at the following location: - Elasticsearch: <pi_install_dir>/elasticsearch/logs/elasticsearch.pid
- Kibana: <pi_install_dir>/kibana/logs/kibana.pid
- Dashboard: <pi_install_dir>/dashboard/logs/dashboard.pid
- Webgui: <pi_install_dir>/webgui/logs/webgui.pid
Tune Dashboard performance parameters
Configure the following three parameters for Dashboard's better performance. Note that the following tuning parameters if you have your setup of Elasticsearch and Kibana.
If you have used PingIntelligence automated deployment or
pi-install-ui.sh
script to deploy Dashboard, these tuning are done as part of installation.Parameter | Description | Location |
---|---|---|
Elasticsearch | ||
-Xms and -Xmx |
|
$ES_HOME/config/jvm.options |
thread_pool.search.size | Defines thread pool size for count/search/suggest operations in Elasticsearch. Configure it to 50% of total CPUs allocated. | $ES_HOME/config/elasticsearch.yml |
Kibana | ||
elasticsearch.requestTimeout | Time (in milliseconds) to wait for Elasticsearch to complete the request and return the response back to Kibana. Set the value to 60000 milliseconds. | $KIBANA_HOME/config/kibana.yml |
Mitigating Cross-Site-Scripting (XSS)
To detect and mitigate attacks like Cross Site Scripting(XSS), PingIntelligence Dashboard implements Content Security Policy (CSP). The following are the configuration details.
Response header - Content-Security-Policy
Response header value - default-src ‘self’; font-src ‘self’ use.typekit.net;
script-src ‘self’ use.typekit.net; style-src ‘self’ ‘unsafe-inline’ use.typekit.net
p.typekit.net; img-src ‘self’ data: p.typekit.net;