Skip to main content
Version: 8.2411.x.x RR

Installing nevisAdapt

Hardware recommendations

We recommend running nevisAdapt on a system with at least 4 CPU cores and 8 GB of RAM.

caution

If you use the extended version of the Geolocation database (which also includes the GPS coordinates), it is recommended that you allocate at least 5 GB memory for the nevisAdapt service. The size of the database file should be less than 500 MB.

The installation of the nevisAdapt service includes the following software packages:

Package nameComponentRemarks
nevisadapt-<version>.noarch.rpmnevisAdapt service- Contains an embedded Tomcat servlet container.- Contains the database schema.
nevisadaptcl-<version>.noarch.rpmnevisAdapt AuthStatesContains the specific AuthStates, such as DeviceCookieAuthState and NevisAdaptAuthState.

Install all software packages with the user "nvauser" and the group "nvbgroup". As a precondition, this user and group must exist.

File system layout

The table below describes the layout of the nevisAdapt file system:

PathDescriptionType
/opt/nevisadapt/Read-only base directory of the installation, owned by the user "nevisdetect" and group "nevisdetect".Installation directory
/opt/nevisadapt/util/util.shHelper script used during the post-install- and pre-remove-phase of the package.
/opt/nevisadapt/bin/nevisadapt-exec.jarExecutable jar file.
/opt/nevisadapt/bin/nevisadapt-exec.confLink to /var/opt/nevisadapt/conf/nevisadapt-exec.conf
/var/opt/nevisadapt/Read/write directory of the installation, owned by the user "nevisdetect" and group "nevisdetect".Spool directory
/var/opt/nevisadapt/logs/nevisadapt.logLog file(s).
/var/opt/nevisadapt/logs/nevisadapt.stdoutThe system redirects stdout to this file.
/var/opt/nevisadapt/conf/nevisadapt.propertiesnevisAdapt service configuration file.
/var/opt/nevisadapt/conf/riskscore-mapping.propertiesConfiguration file for the risk score mapping.
/var/opt/nevisadapt/conf/nevisadapt-exec.confConfiguration file for the init.d service.
/var/opt/nevisadapt/conf/logback.xmllogback configuration file.
/var/opt/nevisadapt/conf/role-to-permission.propertiesRole-to-permission mapping file.

Software package installation - nevisAdapt service

To install the nevisAdapt service, proceed with the next steps.

The installation of the nevisAdapt plug-in is described further below.

  1. Execute the following commands to install the component's software package:
rpm -i nevisadapt-<version>.noarch.rpm
rpm -i nevisadaptcl-<version>.noarch.rpm

During the installation, the following happens:

  • Registration of the component as init.d service with the name nevisadapt.

  • Creation of the spool directory structure (if not already existing).

  • Extraction of the following files from the file /opt/nevisadapt/bin/nevisadapt-exec.jar:

    • /var/opt/nevisadapt/conf.properties
    • /var/opt/nevisadapt/conf/nevisadapt-exec.conf
    • /var/opt/nevisadapt/conf/logback.xml
  1. Administer the component with the following commands:
service nevisadapt start
service nevisadapt status
service nevisadapt stop
service nevisadapt restart

The configuration of the runtime environment of a service is located in the file nevisadapt-exec.conf.

The following sample code block illustrates the installation of the nevisAdapt service:

Installation of the nevisAdapt service

# variables used by the exec /opt/nevisadapt/bin/nevisadapt-exec.jar used by init.d
APP_NAME=nevisadapt
JAVA_OPTS="-Xmx1024M -XX:+UseG1GC -Dlogback.configurationFile=/var/opt/nevisadapt/conf/logback.xml"
LOG_FOLDER=/var/opt/nevisadapt/logs
LOG_FILENAME=nevisadapt.stdout

# variables used by the application i.e. logback and spring
export NEVISADAPT_SPOOL_DIR=/var/opt/nevisadapt
export NEVISADAPT_APP_NAME=nevisadapt

Uninstalling the software package

To uninstall the nevisAdapt components, run the following commands:

rpm -e nevisadapt-<version>.noarch
rpm -e nevisadaptcl-<version>.noarch

During the uninstalling process, the service is stopped and deregistered. The spool directory is not modified, so a subsequent installation will have the same configuration.

Considerations for Kubernetes deployment

nevisAdapt requires the real source IP addresses of the login attempts in order to determine various risk factors such as geolocation or blacklisting. The ingress must be able to provide this data by populating the X-Original-Forwarded-For request header.

Internal Kubernetes services

If the container orchestration happens with first-party services, enable the PROXY protocol in NGINX (described in Accepting the PROXY Protocol) and add the following command to the setup configuration for the ingress rules:

start {
...

proxy_set_header X-Original-Forwarded-For $proxy_protocol_addr;

...
}

Kubernetes deployment with nevisAdmin4

If the container orchestration happens with nevisAdmin4, add a new NGINX Ingress Settings to the nevisProxy Instance under Advanced Settings / Additional Settings.

Add a new annotation with the key nginx.ingress.kubernetes.io/configuration-snippet and value proxy_set_header X-Original-Forwarded-For $proxy_protocol_addr;.