3. Installing NP-Live
Overview
NP-Live has been designed to be easily installed by a single person in less than an hour. This article provides step-by-step instructions on the installation process, which includes:
- Provisioning a server
- Downloading NP-Live
- Installing NP-Live
- Installing a SSL Certificate
Provisioning a Server
The following table documents the CPU, memory, and disk requirements based on the number of network device configuration files monitored by NP-Live:
> 1,000 devices please contact support to discuss requirements
| Number of network devices monitored (firewall, router, switch) / concurrent users |
Min. CPU | Memory | Disk Space |
| Up to 10 devices / 2 concurrent users | 2-core | 8GB | 100GB |
| Up to 50 devices / 5 concurrent users | 4-core | 16GB | 200GB |
| Up to 100 devices / 10 concurrent users | 8-core | 32GB | 400GB |
| Up to 500 devices / 20 concurrent users | 16-core | 64GB | 2TB |
| Up to 1,000 devices / 20 concurrent users | 32-core | 128GB | 4TB |
Note that loading and analyzing devices utilizes the majority of the CPU and Memory capacity. The higher the server capacity and the faster the CPU, the faster devices will load and be analyzed.
Network ports used by NP-Live
The following ports are used by NP-Live. Please ensure these ports are open on your firewall for proper communication.
- TCP/22: SSH server to provide secure console access to the NP-Live server (required)
- TCP/80: access to NP-Live Web UI through HTTP (optional)
- TCP/389: access to Active Directory / LDAP for LDAPv3 TLS (optional)
- TCP/443: access to NP-Live Web UI through HTTPS (required)
- TCP/636: access to Active Directory / LDAPS for TLS/SSL (optional)
- TCP/8080: access to NP-Connect Web UI through HTTP (optional)
- TCP/8443: access to NP-Connect Web UI through HTTPS (required)
Firewall Rules
The source IP should be the client workstation that will access NP-Live and the destination IP should be the NP-Live Linux server.
Downloading NP-Live
Sign up on the Portal website to download the latest version of NP-Live and the license key. A SHA256 checksum is supplied with each download by clicking on the “show checksum” link. You can calculate the checksum on the files you download to verify their integrity:
- Windows 10 using Powershell:
Get-FileHash /the/full/path/to/your/file/name/extension | Format-List - Linux:
sha256sum /the/full/path/to/your/file/name/extension - MACOS:
shasum -a 256 /full/path/to/your/file/name/extension
Installing NP-Live
NP-Live is a Linux server application. It can be installed on a virtual machine or physical hardware. There are 2 package formats available:
- NP-Live Virtual appliance (~2GB OVF) that works on all major hypervisor with support for the .vmdk disk format (e.g., VMWare ESXi).
- NP-Live Linux installer (~600MB) that works on all major Linux distributions (Red Hat, CentOS, Debian, Ubuntu) on which Docker can be installed
The NP-Live OVF uses the CentOS 7.9 (core) Linux distribution. Root access is provided (see the text file provided with the .OVF) so the operating system can be periodically updated. This option should be used for new installations. The NP-Live Linux installer is used to update NP-Live on an existing system or for a new install on a Linux server.
Note: Network Perception does not recommend running NP-Live in a double virtualized environment (Linux VM encapsulated within a Windows VM) as the operation of connectors, notifications and external interfaces can be unpredictable. Additionally, running the OVF on AWS or Azure also falls into the double virtualization category and does not work. The user will be required to build a Linux server and install the Linux installer.
Option 1: Using the NP-Live Linux Installer
Once downloaded onto the Linux server, the NP-Live Linux Installer can be launched with the following commands:
- SSH onto the Linux server
- Get root privilege with the command
sudo -i - Go to the directory in which the NP-Live Linux installer was downloaded and run it with the command
sh NP-Live_server_installer.sh
The installer will automatically check if an internet connection is available and if Docker is installed. If an internet connection isn’t available but Docker is installed, the installation will proceed offline. If an internet connection isn’t available and Docker isn’t installed, the installation will stop and you will have to manually install the latest version of Docker before continuing. Finally, if an internet connection is available and Docker isn’t installed, the installer will automatically download and install the latest version of Docker.
Option 2: Using the NP-Live Virtual Appliance
Once the Virtual Appliance OVF file has been downloaded, extract the .zip archive and import the appliance files into your hypervisor. Please make sure to update the CPU, memory, and disk space for the VM according to the requirements above. Once imported, launch the appliance and log into the terminal using the credentials provided in the README.txt file inside the OVF archive. Once logged in, the NP-Live shell script will guide you through setting up the network configuration and then launching the NP-Live server.
Installing a SSL Certificate
NP-Live listens on both port TCP/80 (HTTP) and TCP/443 (HTTPS). For HTTPS, it uses a self-signed SSL certificate by default. Users can also provide their own SSL certificate by simply copying a valid .pem file into the NP-Live db folder. If using HTTPS, the best practice is to disabled or forwarded HTTP to HTTPS.
The following command can be used to generate a valid .pem file:
openssl req -new -x509 -days 365 -nodes -out cert.pem -keyout cert.pem
To learn more about generating your own SSL certificate, please visit python documentation.
Please note that .pem file should include both the private key and the full certificate. If you received the private key and the certificate as two separate files, you can concatenate them into a single .pem file.
Setting the NP-Live Virtual Appliance Time Zone
By default, the NP-Live Virtual Appliance install creates the file `/opt/np-live/local-settings.yml`. set to America/Chicago. This file needs to be updated to reflect your local time zone. To change to a different time zone, log into the server using SSH and become root with the command sudo -i. You can then perform the following updates.
Update TZ= to a value from timedatectl list-timezones
version: '3.4'
x-environment-tz: &timezone
TZ=America/Chicago
services:
manager:
environment:
- *timezone
report:
environment:
- *timezone
webserver:
environment:
- *timezone
redis:
environment:
- *timezone
monitor:
environment:
- *timezone
Once you have set the new time zone, you can restart NP-Live with the command /opt/np-live/stop_NP-Live.sh and then /opt/np-live/start_NP-Live.sh
Additional Installation Information
Upgrading Np-Live
To upgrade an existing NP-Live server, the steps are:
- Download the latest release Linux Installer Release (not the .OVF) from the Network Perception Portal and copy it onto your NP-Live server using SCP (or WinSCP from a Windows client)
- Login onto the NP-Live server using SSH (or Putty from a Windows client)
- Get root permissions using the command:
sudo -i - Execute the new NP-Live release file using the command:
sh NP-Live_installer.sh(where NP-Live_installer.sh is the name of the new release file downloaded in step 1). - Follow the guided steps of the installer, which will automatically start NP-Live once the upgrade is complete.
- Connect to the user interface of NP-Live using your web browser and check in the bottom-left corner of the home page that the version number matches the new release
If the server upgrade or restart fails due to lack of disk space, please perform the following clean-up procedure:
- sudo rm -f /opt/np-live/db/log/system/nplive.log.*
- sudo docker system prune –volumes
- sudo rm /opt/np-live/docker-compose.yml.backup
If issues continue to occur during the upgrade, please reach out to the Tech Support team.
Default Disk Encryption
As the NP-Live OVF is typically installed within a secure environment, the disk is not encrypted by default for data at rest. The Linux Admin can encrypt the system drive for increased security knowing that system performance will be slightly degraded to accommodate the data decryption and encryption.
Personalize the Login Page
To add a custom message to the login page, a NP-Live administrator can edit the file /opt/np-live/docker-compose.yml with the following entry in the webserver environment section: “- banner=Welcome to NP-Live”
For NP-View, the file ~/Documents/NPLive/config.ini can be edited to add: “banner=Welcome to NP-View”
Upload File Size Limit
When users upload a file through the Web user interface, NP-Live and NP-View will enforce a maximum file size which is 200MB by default. To change it, a NP-Live administrator can edit the file /opt/np-live/docker-compose.yml with the following entry in the webserver environment section: “- MAX_IMPORT_SIZE=209715200”. The value is in bytes, so 209715200 corresponds to 200MB.
Complete Removal of NP-Live
If you wish to completely remove NP-Live from you server to start with a fresh install, perform the following steps:
- Stop NP-Live using the script /opt/np-live/stop_NP-Live.sh
- Remove Docker containers using the command
docker system prune -aas root (WARNING: this will completely reset Docker, so if non NP-Live containers have been added they will be deleted as well) - Remove the NP-Live folder with the command
rm -rf /opt/np-liveas root (WARNING: the NP-Live database will be permanently deleted)
Next: Configure NP-Live
Once installed, please proceed to the NP-Live Configuration section of the Knowledge Base. If you have any question, please don’t hesitate to contact support@network-perception.com.
