Installation Checklist

This document serves as a checklist to outline the information needed for EDG installations. Please use this guide to pull in appropriate IT resources and gather needed information prior to installation. The links in this guide will be very useful for new customers. Please read them completely.

  1. Read the documentation for server installation at EDG Installation and Authentication. Details on the below items will be found in this document.

  2. Provision Tomcat server with appropriate sizing for users and data, plan for growth. Follow the guidelines provided upon purchase. Contact TopQuadrant support if you need a new copy of this information.

  3. Decide where the workspace, properties file, and vault will be located. The workspace contains configuration, connector and data files.

  4. Ensure Tomcat has access to write to the directory for the workspace. For Debian based Linux distributions, see the notes for using Tomcat 9: https://salsa.debian.org/java-team/tomcat9/blob/master/debian/README.Debian.

  5. Server must be running supported Tomcat and Java. See https://www.topquadrant.com/products/supported-platforms/

  6. Decide on authentication mechanism, LDAP, SAML for users, OAuth for APIs, Tomcat users.

If LDAP, have LDAP groups ready and know the following:

  • Username for server connection

  • Password for server connection

  • User pattern string

  • Role definition base

  • Role name identifier

  • Role search string

  • Membership search string

  • More info at LDAP Configuration

If SP-Initiated SAML SSO, have the following ready:

  • SAML will only work with secure connections so set up HTTPS on your instance

  • Path to IDP Federated Metadata URL or a copy of the file

  • SP URL/Entity ID

  • Attribute mapping URIs for username and role and optionally display name and email

  • Backup authentication method for APIs such as OAuth, LDAP or Tomcat users. (TopBraid Explorer as well as Send Projects to Another Server use APIs)

  1. Decide on active database storage options. TDB will be contained in the workspace. Data Platform will enable all EDG collections to be synced between EDG nodes. See TopBraid Data Platform for specific instructions on setting up Data Platform. You cannot change this later without creating a new environment workspace.

  2. Implement a backup strategy for the workspace and/or database. Backup often. See EDG Backup and Restore.

  3. If implementing more than 1 server (for instance Explorer) both should have the ability to talk to each other.

  4. Obtain the .war file and license file from TopQuadrant Jira ticketing system. If the ticket is closed, you can still access it in the portal.

  5. After reading the installation guide and preparing the above information, you will be ready to deploy EDG application, setup users and rights management. See Rights Management Admin Page for Rights Management assistance. See The Governance Model and Workflows for using the governance collection to control user permissions as well.

  6. Follow the rest of the Server Administration Page guide for additional configurations in EDG. Please go through the EDG Configuration Parameters Admin Page and the Server Configuration Parameters Admin Page prior to use. These have important configurations such as the Mail Settings Section.

  7. Highly Recommended:

  • Monitoring software (such as Splunk, Zabbix, ELK)

  • Update the log4j.xml file in EDG/WEB-INF with appropriate parameters for rollover size

  • Create a playbook/runbook for deployment and installation of EDG for future use

  1. Security:

  • EDG will create temporary files (including potentially sensitive files such as uploaded documents) in the temp directory that is used by the Java VM. The specific location of that can be controlled using the system property java.io.tmpdir. If the temp files are deemed a security risk, the system administrator may elect to change the temp dir location and adjust permissions accordingly.

  • Hashicorp can be used for secure storage data encryption. See the edg-setup.properties file in your distribution. see:ref:hashicorp

  • Several configuration settings exist to limit security risk for EDG, please check the Server Admninistration page in EDG and edg-setup.properties file to enable/disable these settings.