Versions Compared

Old Version 3

changes.mady.by.user Sarabjeet Kaur

Saved on

compared with

New Version Current

changes.mady.by.user NIDHI BHANDARI

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Applies to:

...

Image Modified

...

Kyvos

...

Enterprise Image Modified

...

Kyvos Cloud (

...

SaaS on AWS)

...

Image Added Kyvos AWS Marketplace

Image Modified

...

Kyvos Azure Marketplace

...

Image Modified  Kyvos AWS Marketplace  GCP Marketplace Image Modified  Kyvos Single Node Installation (Kyvos SNI)  Image Removed Kyvos Free (Limited offering for AWS)

...

This section provides information on the validations that must be performed by the DevOps team after cluster deployment.

Ensure all EC2 instances are up and running.

The cluster should be completed with BI Server, Query Engines, Web server, Kyvos Manager servers, and Bastion Host.

Login to the AWeb Server console then go to EC2 service and check all instances like BI Server, Query Engines, Web server, Kyvos Manager servers, and Bastion Host.Image Removed

...

Ensure CFT deployed two BI Server, five Query Engines, one Web server, one Kyvos Manager server, and one Bastion Host 

In the cluster, there should be two BI Server, five Query Engines, one Web server, one Kyvos Manager server, and one Bastion Host as Jump host.

Five Query Engines:Image Removed

...

Two BI Servers:Image Removed

...

One Web Server (secondary web portal, this instance will be used to run the Kyvos web portal):Image Removed

...

One Kyvos Manager server (Primary web server, this instance will be used to run the Kyvos web portal and Kyvos Manager):Image Removed

...

One Bastion Host:Image Removed

...

Ensure BI servers are in different AZ’s

...

Check both BI severs, it should be in different availability zone as in below screenshot:Image Removed

...

Here, BI1 is in us-eat-2b AZ and BI2 is in us-east-2a AZ

...

Three Query Engines should be in AZ1, and two Query Engines should be in AZ2.Image Removed

...

Example, us-east-2a is AZ1 and us-ease-2b is AZ2.

...

Web Server1 instance should be in one region and Kyvos Manager instance should be in another region

Kyvos Manager instance:Image Removed

...

Web Server1 instance:

On the above screenshots, the Kyvos Manager instance is in us-east-2b, and Web Server1 is in us-east-2a.Image Removed

...

Autoscaling should be enabled on Bastion host

...

Refer to section Bastion Host autoscaling.Image Removed

...

Ensure all EC2 instances are attached to a security group <To be removed, as per now it's not required>

...

Login to the AWS EC2 console and search cluster name, and apply the filter with the security group. Check all EC2 instances should be attached to a security group.Image Removed

...

Check S3 replication is enabled If DR is enabled

...

In the primary cluster, S3 bucket and check under Management panel > Replication Rules and verify the S3 bucket replication region.Image Removed

...

Ensure RDS read replica is set If DR in enabled (In case of DR enabled)

...

Go to the Region where Disaster recovery (DR) is enabled, and check & verify the RDS replica status. RDS name should be as per the cluster name.Image Removed

...

Select DB > Connectivity & Security:Image Removed

...

Check Target group is healthy

...

Go to the DR region, then select VPC. VPC will be created by cluster name.

Verify the S3 bucket, it should be created with the cluster name.Image Removed

...

Check Secret Manager and RDS is replicated in DR (Applicable only when DR is opted)

...

Secret Manager Screenshot:Image Removed

...

Image Removed

RDS:Image Removed

...

Verify user can login to Kyvos Manager portal

...

Verify desired number of BI server and QE are available on Kyvos Manager portal

  1. On Kyvos Manager Portal, there is a cluster dashboard that contains the instance’s IP along with its Role (BI Server, Query Engines, Kyvos Manager, Web Server).

  2. Check instances and number of BI and QE services along with its role & all services should be healthy (green)

  3. Ensure license has been uploaded and verified from both Kyvos Manager and Kyvos UI

  4. In the license, the allowed number of BI Servers and Query engines can be verified.

  5. License verification from Kyvos Manager: Managing Kyvos License.

Verify user can login to Kyvos Portal

  1. After successfully cluster creation login on Kyvos Portal

  2. Verify completed jobs on Activity Monitor on Kyvos Portal (With Support team)

  3. All activities of the Kyvos portal can be monitored from the Kyvos Portal.

  4. Login on Kyvos Portal > Monitor >

...

  1. Completed processes.

  2. Verify in KMS keys "DevOps AWS console user (Pramod, Humera, Vikas)" are added

  3. In the current CloudFormation Template, the member who creates the cluster only can start the cluster. Other team members can only stop the cluster. To provide the access to team member then their AWS login username should be added to the KMS key.

  4. Go to the AWS KMS (Key Management Service) console at Primary Region, then select customer-managed keys and select cluster KMS key and its key policy.

  5. Go to the AWS KMS console at Disaster Recovery Region, then select customer-managed keys and select cluster KMS key and verify its key policy.

  6. Verify Pem keys and EMR certificate are saved in central S3 bucket

  7. The PEM key and EMR certificate are used in the cluster. The PEM keys are used to login on Bastion host and Kyvos Manager host. These keys are used by DevOps & Support team members. The DevOps team is responsible for saving the keys.

  8. Following S3 bucket used to save the keys & EMR certificate
    Example: S3: kyvos-devops/<region-name>/customer_data/<Stack Name>

  9. Go to S3 bucket and search cluster name, verify PEM keys and EMR certificate in it.

  10. No Error in Application logs after enabling TLS

  11. When the cluster is deployed then application logs should be clear (without an error). To check application logs, login on BI. KM and Web server from terminal then verify the logs from following locations.
    Logs file Location:

Kyvos application Logs (KM Node & WS1 Node) 

  1. Kyvos Manager logs on KM instance: /data/kyvos/installs/kyvos/jakarta/logs

  2. Kyvos user portal logs on KM instance: /data/kyvos/app/kyvos/jakarta/logs

  3. Kyvos Web Portal Logs on WS1 instance: /data/kyvos/app/kyvos/jakarta/webapps/kyvos/client/logs

 BI  BI server Logs (BI server Node) 

/data/kyvos/app/kyvos/olapengine/logs

 QE Logs QE Logs (QE Node) 

/data/kyvos/app/kyvos/queryengine/logs

Ensure WAF is enabled

WAF helps to protect the Applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources. Web Application Firewall should be enabled for Kyvos Environment.

Go to AWS WAF & Shield console, select WAF & Shield, then select WebACLs with cluster name.Image Removed

...

Pre-validation

RDS Postgres version should be 13.6

Verify it from the CloudFormation template.Image Removed

...

Post-validation

Kyvos Component version should be matched as per the release version

Verify it from the Kyvos Manager and Kyvos Web portal.

Kyvos Manager Portal

Kyvos Web portal

Image Removed
Image Added
Image Removed
Image Added

Load Balancer Configuration and rules should be proper

...

Attaching screenshots of Load balancer configuration:

Image Removed

Image Removed

Image Removed

Image Removed

Image Removed

...

KM-ALB should be associated with a separate security group to provide an additional level of security.

For “Kyvos Manager ALB”, it should be associated with a separate security group and inbound rule as Protocol: TCP, Type: HTPPS, Port 443, Inbound: 103.250.170.125/32 (Impetus VLAN IP)
 
New KM-ALB SG:   sg-088fa4b571423b5a3

...

In Kyvos Manager, under the Settings configure the SMTP using the given details.Image Removed

...

After applying the changes, validate the email ID.

...

You will receive a verification link for validation. Click on it to validate

Verification link: https://127.0.0.1:9443/kyvosmanager/mailverify/noreply-alerts.365@kyvos.ioImage Removed

...

LDAP Integrations

Configure LDAP from Kyvos Manager UI under the Settings section and verify the same by logging in to Kyvos Manager and Kyvos Portal using Kyvos Support Team’s id and password

...

Open new excel file Under “Data” click on “From Web” Now provide the URL and search.Image Removed

...

Email Validation Page:Image Removed

...

https://kyvosqa.free-trial.kyvosinsights.com/kyvos/

...

In Kyvos Manager, go to Java Options Configurationand append the below parameter in Additional Java Options.
-Dmail.smtp.starttls.enable=true -Dmail.debug=true -Dmail.smtp.ssl.protocols=TLSv1.2 Image Removed

...

 Under Under Security Configurations, update the LDAP values. Save it, apply, and then verify the same by logging in to Kyvos UI using support credentials.

Image Removed 

...

Secret Manager Validation

Go to Secret Manager from the AWS console. Click on Retrieve secret value.Image Removed

...

You will see the password is encrypted. To verify them, ping Mayuresh to decode the passwords. After conversion, validate them.

...

From the AWS console verify the EMR version, it should be 6.5 and Livy enabled.Image Removed

...

EMR-Livy Configuration

Property for livy timeout livy.server.yarn.app-lookup-timeout ->1800s should be present on EMR under configuration section.Image Removed

...

TLS –Certificate Validation

...