Installing a Data Processor in a Dark Site

This topic describes how to install and upgrade a Data Processor in a site without internet connectivity (a dark site). See the following sections for details:

• Installing the DP in a Dark Site
• Upgrading a DP in a Dark Site
• Reconfiguring DNS Settings for a Dark Site DP

Installing the DP in a Dark Site

The standard DP installation procedure pulls the necessary Stellar Cyber software over the internet. Because this approach does not work in a dark site, you must work around it by first installing the Data Processor in a normal environment using the standard DP installation procedures. Once the software is successfully installed, you can move the Data Processor to the dark site and reconfigure its DNS settings.

Upgrading a DP in a Dark Site

The standard DP upgrade procedure also pulls the necessary Stellar Cyber software over the internet. Because this approach does not work in a dark site, you can must work around it as follows:

1. Work with Stellar Cyber Customer Support to obtain a password-protected zip file containing the installation software that is tied to the system ID of the DP installation targeted for upgrade.

2. Copy the zip file to an SCP server accessible to the target DP on the dark site.

3. Use the Offline Upgrade procedure to upgrade the DP. As part of the procedure, you point to the SCP server where you copied the zip file you received from Stellar Cyber.

Reconfiguring DNS Settings for a Dark Site DP

The DP image is configured to use the following public DNS servers by default:

• 8.8.8.8 (Google Public DNS)

Because a dark site does not have access to the outside internet by definition, DNS queries to this address will time out, causing performance issues for Stellar Cyber, including the possible restart of micro-services. You can use one of the following techniques to configure DNS for optimal DP performance in a dark site:

• Open access for the public DNS server at 8.8.8.8.

  Start by using the show dns command from the DP CLI. Then, open the dark site to each of the DNS entries reported by the command.

• If opening access for the public DNS server at 8.8.8.8 is not feasible, you can also remove the DNS configuration entirely. For example:

  1. Open a connection to the DP CLI and run the show dns command to see the configured DNS servers. For example:

     DataProcessor> show dns

     75.75.75.75

     8.8.8.8

  2. Remove the existing entries to the public DNS servers with the unset dns command. For example, using the two DNS servers in the previous step:

     DataProcessor> unset dns 75.75.75.75

     Success

     DataProcessor> unset dns 8.8.8.8

     Success

  3. Ensure the DNS configuration is completely removed using the show dns command. For example:

     DataProcessor> show dns

     DataProcessor>

• Finally, you can also install an internal DNS server in the dark site and point the DP to it. For example:

  1. Repeat the previous procedure to remove the DNS configuration entirely.

  2. Configure an internal DNS server.

  3. Use the set dns command to point the DP to your internal DNS server. For example, if you configured an internal DNS server on 192.168.1.25:

     DataProcessor> set dns 192.168.1.25

     DataProcessor>

     DataProcessor> show dns

     192.168.1.25

Reconfigure DNS for All DP Nodes in Dark Site

Note that you must use one of these DNS techniques for all master and worker nodes installed in the dark site.