1. Help & Support
  2. Hyperglance Admin

Installing Hyperglance on your own Instance or VM

If you need to install Hyperglance on your own hardened/golden VM follow these instructions

The Hyperglance installer uses Ansible and Docker to install Hyperglance to your own Instance/VM. 

The installer has been tested against Amazon Linux 2 and CentOS 7. Please use one of these distributions.

General Pre-Requisites

  1. Docker Installed and Running on the system you're running the installer from.
    1. python - Found on most *nix based systems
    2. Access to the SSH key to access the target host.

    The Hyperglance Installer takes care of all other pre-requisites on the target host, including docker installation.

    AWS Prerequisites

    The Instance must have the appropriate role & policy applied so Hyperglance is authorised to pull data from the AWS API. See here for details of AWS commercial: https://support.hyperglance.com/knowledge/aws-iam-policy-requirements

    {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Effect": "Allow",
    "Action": [
    "access-analyzer:List*",
    "apigateway:GET",
    "autoscaling:Describe*",
    "backup:ListProtectedResources",
    "cloudwatch:Describe*",
    "cloudwatch:GetMetricStatistics",
    "cloudwatch:ListMetrics",
    "cur:DescribeReportDefinitions",
    "dax:Describe*",
    "dax:ListTags",
    "dynamodb:Describe*",
    "dynamodb:ListTables",
    "dynamodb:ListTagsOfResource",
    "ec2:Describe*",
    "ec2:Get*",
    "ec2:Search*",
    "ecs:Describe*",
    "ecs:List*",
    "eks:Describe*",
    "eks:List*",
    "elasticloadbalancing:Describe*",
    "iam:List*",
    "iam:Get*",
    "iam:GenerateCredentialReport",
    "lambda:List*",
    "ram:GetResourceShareAssociations",
    "redshift:Describe*",
    "redshift:List*",
    "rds:Describe*",
    "rds:ListTagsForResource",
    "route53:List*",
    "route53:Get*",
    "s3:Get*",
    "s3:ListAllMyBuckets",
    "s3:ListBucket",
    "sts:AssumeRole",
    "sts:GetCallerIdentity",
    "workspaces:Describe*"
    ],
    "Resource": "*"
    }
    ]
    }

    See here for GovCloud policy requirements:

    https://support.hyperglance.com/knowledge/aws-iam-policy-requirements-for-govcloud

     

    Deployment instructions


    This deployment should be run from any system that has ssh access to the target. Other deployments such as SSM can also uses, please contact us for Playbook and Role access.

    It is recommended to execute the deployment from a remote system, or control node where your private key(s) already resides.

    Deploying Hyperglance to your target instance

    This method will use a docker container to deploy Hyperglance to another system that you have SSH access to.

    Use the following Commands to start the deployment, this example assumes the Inventory file is in the same path as where the commands are being ran from.

    1. docker pull hyperglance/hyperglance_installer

    2. In the directory where you're executing the commands, create and inventory file:
      touch inventory 
    3. Populate this file with the following content, replace the IP Address with the target IP, and change the ansible and target ssh user if required, you do not need to change the key name.
      [hg]
      HOST_IP OR DNS NAME

      [all:vars]
      ansible_ssh_user=ec2-user
      target_ssh_user=ec2-user
      ansible_ssh_private_key_file=~/.ssh/private_key.pem

    You cannot use `localhost` or `127.0.0.1` as this resolves to the container.

    4.  Execute the following command, if the key is not in your current working directory, update the key path to the correct location i.e. -v ~/.ssh/id_rsa.pem:/root/.ssh/private_key.pem
    docker run --rm -it \
    -v ~/.ssh/private_key.pem:/root/.ssh/private_key.pem \
    -v $(pwd)/inventory:/ansible/playbooks/inventory \
    hyperglance/hyperglance_installer:latest deploy.yml -i inventory

    5. You will see some output from the container as it deploys, failed=0 is a good sign of success

    PLAY RECAP *******************************************************************************************************************************************************************************
    ip-172-31-30-191 : ok=14 changed=8 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

    DONE! Hyperglance should now be available using the IP / DNS Name of the host. 

    Apply the Hyperglance licence: https://support.hyperglance.com/knowledge/how-to-apply-a-new-license.