Skip to content

Deployment

THREATGET consists of a server and a client setup. The server is central to the organisation and typically runs Linux. The client must be a Windows Desktop. The client is set up on every user’s laptop.

THREATGET server can be deployed on a Linux server. In principle a deployment on Windows would be possible thanks to Docker, but that scenario is not supported.

If you are interested in maintenance tasks for a deployed THREATGET instance check the maintenance documentation.

Please involve your IT department if you are unsure about the Linux commands listed below.

Required information

You need a few pieces of information to complete the installation successfully. When we refer to these values (e.g. <registry-user>) in the scripts and commands below, please replace the values in <> with the actual value provided by AIT.

Information Description Origin
<registry-user> Login for the AIT docker registry Supplied by AIT
<registry-password> Password for the AIT docker registry Supplied by AIT
<threatget-version> Current version of THREATGET (e.g. 21.04) Supplied by AIT
<license-key> License-key (e.g. fec45e20-56f2-48b4-8ace-e0156e33adae) Supplied by AIT
<db-password> Password for the customer database Chosen by customer
<admin-password> Password for the web interface Chosen by customer

The <admin-password> should be known to users who need to define elements and rules. All other passwords should be kept secret by the system administrator.

Prerequisites

We assume a server running Ubuntu 20.04 LTS, but a Debian system will work as well. Customers typically run THREATGET in a virtual machine. The virtual machine needs to have internet access, but need not be accessible from the outside. AIT recommends that the machine is reachable only inside the corporate network (VPN for road warriors). Users need to reach port 80 of the machine.

One first needs to install Docker and Docker Compose on the server.

  1. Install Docker, described here.
  2. Install Docker Compose, described here.

The next step is to log in to the docker repository of AIT.

sudo docker login registry.threatget.com

Use the <registry-user> and <registry-password> to authenticate.

Finally, we need a folder for the database backups:

sudo mkdir -p /var/backups/postgres

Setting up a docker configuration

Create a folder name threatget. The folder can be anywhere. We assume it to be in your home directory for this manual. In that folder create a file docker-compose.yml with he following exact content (no need to replace anything here):

mkdir -p ~/threatget
cd ~/threatget
nano docker-compose.yml

and add the following content

version: '3'

services:
  db:
    image: postgres:10
    restart: always
    environment:
        - POSTGRES_DB=threatget
        - POSTGRES_USER=threatget
        - POSTGRES_PASSWORD=$DATABASE_PASSWORD
    volumes:
        - data:/var/lib/postgresql/data
  threatget:
    links:
      - db
    image: registry.threatget.com/threatget/server:$THREATGET_VERSION
    restart: always
    environment:
        - FMVEA_RULE_DATABASE_LINK=db
        - FMVEA_RULE_DATABASE_PORT=5432
        - FMVEA_RULE_DATABASE_DATABASENAME=threatget
        - FMVEA_RULE_DATABASE_USERNAME=threatget
        - FMVEA_RULE_DATABASE_PASSWORD=$DATABASE_PASSWORD
        - INITIAL_PASSWORD=$INITIAL_ADMIN_PASSWORD
        - INITIAL_LICENSE=$INITIAL_LICENSE_KEY
    ports:
      - "80:8080"

  backup:
    links:
      - db
    image: postgres:10
    volumes:
      - /var/backups/postgres:/var/backups
    command: /bin/bash -c  'pg_dump --dbname=postgresql://threatget:${DATABASE_PASSWORD}@db:5432/threatget -F c -f /var/backups/threatget-$$(date +%F_%H-%M-%S).dump'

volumes:
  data:

and also create a config file called .env in the same folder as the docker-compose.yml. Note the dot (.) in the beginning.

cd ~/threatget
nano .env

and add the following content

THREATGET_VERSION=<threatget-version>
DATABASE_PASSWORD=<db-password>
INITIAL_ADMIN_PASSWORD=<admin-password>
INITIAL_LICENSE_KEY=<license-key>

In this file the values from above need to be inserted.

Starting and stopping the containers

This setup is already sufficient to start THREATGET.

The containers can be started using

cd ~/threatget
sudo docker-compose up -d

The containers can be stopped using

cd ~/threatget
sudo docker-compose down

Next steps

You can now reach the THREATGET web interface, it is exposed on port 80 of the virtual machine.

You must also install the THREATGET Enterprise Architect Plugin on all client machines.

Advanced deployment scenarios like proxy servers and HTTPS are discussed here.