Installing Skylar Compliance

Download this manual as a PDF file

Skylar Compliance (formerly Restorepoint) is available as a hardware appliance or a VMware virtual appliance. This section describes how to perform the initial configuration of your Skylar Compliance appliance and configure it to communicate with other devices on your network.

Before You Begin

Before you install your Skylar Compliance appliance, ensure you meet the following requirements:

  • For hardware installations, 1U of rack space available to install the appliance, with a standard 240V power socket
  • For hardware installations, allocate a port on your Ethernet switch for the appliance
  • The appliance has an allocated static IP address
  • You have configured your firewall to allow traffic between the appliance, and the network devices and servers that Skylar Compliance will control
  • For virtual deployments, verify that you are running VMware ESX vSphere 6.7U2 or later
  • For virtual deployments, verify your ESX host has 4 GB RAM available and the datastore where the virtual machine will be deployed has 256 GB available
  • Configure your firewall to allow outbound traffic from Skylar Compliance to the Internet. If you have a firewall between any of your devices and Skylar Compliance, you may need to open additional ports. For more information, see device-specific details in the Plugin Guide (Help > Plugin Guide) on the Skylar Compliance website.
  • Configure your mail server to allow Skylar Compliance to relay email

Firewall Requirements

This section lists the ports used to by clients connecting to Skylar Compliance and the ports used by Skylar Compliance to connect to network devices and other servers.

Your firewall policy might need to be modified for Skylar Compliance to function correctly.

Traffic from Clients to Skylar ComplianceSkylar Compliance

The following table lists traffic from Skylar Compliance to network devices:

Port

Purpose

443/tcp

Skylar Compliance user interface

22/tcp

Skylar Compliance shell access

161/udp

(optional) SNMP monitoring

Traffic from Skylar Compliance to Network Devices

Skylar Compliance connects to network devices in a variety of ways, depending on the vendor. Sometimes, devices use back-connections to transfer their configuration to Skylar Compliance. See the device-specific details in the Plugin Guide (Help > Plugin Guide).

Other Traffic Originating from Skylar Compliance

The following table lists outbound firewall requirements:

Port

Purpose

443/tcp

Download updates from Skylar Compliance update servers and HA database sync

53/udp

Lookup to DNS servers

25/tcp

Send notification emails using SMTP

123/udp

Time synchronization with NTP servers (optional)

22/tcp

Initiate remote support requests (jmp1.restorepoint.com and jmp2.restorepoint.com), or communicate with an agent’s manager. (optional)

Browser requirements

Skylar Compliance requires a modern browser with JavaScript enabled. Skylar Compliance has been tested with the following:

  • Chrome (v35)
  • Firefox (v25)
  • Internet Explorer 10
  • Safari (v6)
  • Opera (v12.10)

Skylar ComplianceVirtual Appliances

You can install Skylar Compliance with the following virtual appliances:

Amazon Web Services

If you want to deploy Skylar Compliance on your AWS instance, go to the Request Amazon AMI page and complete the Amazon AMI form. When making the request, you will supply your Amazon EC2 account ID and the Region to which you want to deploy your Skylar Compliance instance to your Support contact. Then Support will share the AMI to your Amazon EC2 account.

To launch a Skylar Compliance instance:

  1. Log in to the EC2 Console and click Launch Instance.
  2. Give your instance a name and tag your instance, if desired.
  3. On the My AMIs tab, select the Share with me radio button, and then select the Skylar Compliance AMI by searching "Restorepoint" in the Search field.
  4. Select an Instance Type. You can change the sizing at a later stage. Click Next after you make your selection. Note the following guidelines:
  • For evaluation purposes, t3.micro is usually sufficient
  • For production purposes, t3.medium or t3.large are recommended
  1. In the Key pair (login) pane, create an SSH key pair or select an existing one from the Key pair name drop-down field. After you select the SSH key pair, you can configure the instance details on the next screen.
  2. Skylar Compliance uses DHCP for private IP address assignment. Ensure that the VPC/Subnet are configured to auto-assign the instance private IP address or enter the instance IP address in the Advanced Details section. You will not be able to change the instance IP address after you create it.

  1. On the Network settings pane in the Firewall (security groups) section, select the Select existing security group radio button or select the Create security group radio button. Ensure that you can communicate to the instance via HTTPS (port 443) and SSH (port 22). For more information, see the Firewall Requirements section in the Skylar Compliance User Guide.
  2. In the Configure storage pane, two volumes are listed: Root volume and EBS volume. Both are 40GB by default. If you wish to change the size of your appliance, ScienceLogic recommends you change the second volume labeled EBS volume.
  3. Review your settings and if they are correct, click Launch instance. The instance will launch. The first boot will take longer to launch than usual due to the initial volume encryption.
  4. When the launch is complete, connect to the Skylar Compliance instance via HTTPS. Log in with admin as the username and admin as the default password and encryption password to decrypt the appliance. After the first login, log in again with admin as the username and password, and the initial setup screen will appear. Be sure to change your password during the initial setup.

VMware vSphere 6.7

You can download the Skylar Compliance Virtual Appliance as a .ZIP file from the URL provided by the Skylar Compliance team. The following steps refer to VMware ESX vSphere 6.7U2 or later:

  1. Expand the Skylar Compliance .ZIP file in a suitable location on your PC.
  2. Launch the vSphere HTML Client.
  3. Right-click on the desired destination in the left-hand column and choose Deploy OVF Template, select Deploy from file and browse to the OVA file inside the extracted folder.
  1. Select all the files in the folder. There should be a .mf file, an .ovf file, and 2 .vmdk files. Click Next.
  2. Enter a name (or keep the default name) for the virtual machine and select the inventory location, then click Next.
  3. Choose the host or cluster, then click Next.
  4. Select which datastore should be used, then click Next.
  5. Choose Network Mapping, then click Next.
  6. Check the summary information, then click Finish.
  7. The virtual machine will now deploy. After completion, click Close in the completion dialog box.

Skylar Compliance is encrypted-at-rest for the secure storage of backups and databases. Any use of third-party tools to perform a scan of Skylar Compliance backups or databases may result in an error message.

ScienceLogic provides this procedure as a courtesy and does not offer support for third-party systems. For more information, including troubleshooting procedures for a VMware vSphere system, see the VMware documentation at https://vmware.com.

Hyper-V

You can obtain the Skylar Compliance Virtual Appliance from Support by entering a Service Request in the customer portal. Choose the Customer Operations Request option and the download will be provided.

  1. Expand the Skylar Compliance .Zip file to a file location on your system.
  2. Launch the HyperV Manager and select your system.
  3. From the Actions drop-down menu, select New, and then select Virtual Machine.
  4. From the New Virtual Machine Wizard, select Next and complete the following:
    • Specify the Virtual Machine Name, then click Next.
    • Select Generation 2 as the Virtual Machine generation type, and then click Next.
    • Assign memory for the Virtual Machine in the Startup memory field and then click Next. Configure networking on the next pane of the wizard. Then click Next.
    • Select Use an existing virtual hard disk and browse to the location where you expanded the .ZIP file. Select either restorepoint-master-disk001.vhdx or restorepoint-agent-disk001.vhdx depending on whether you are running a master or an agent as the Virtual Machine hard disk. Then click Next.
    • Review the specifications for the new Virtual Machine and click Finish.
  5. Right-click on the new Virtual Machine and select Settings.
  6. Go to Security and change the template from Microsoft Windows to Microsoft UEFI Certificate Authority.
  7. Go to SCSI Controller to select Add new hard drive. Select either restorepoint-master-disk002.vhdx or restorepoint-agent-disk002.vhdx depending on whether you are running a master or an agent hard drive.
  8. Click Apply to complete the setup. Your Virtual Machine is now ready to be started.

ScienceLogic provides this procedure as a courtesy and does not offer support for third-party systems. For more information, including troubleshooting procedures and updates for a HyperV system, contact Microsoft Support at https://support.microsoft.com/

IP Address Setup

To set up Skylar Compliance, you must configure the network parameters, which include the static IP address you have allocated to the appliance, and the DNS and gateway settings for your network. Follow these steps:

  1. Connect a monitor and keyboard to suitable ports on the rear panel of the appliance, or open the virtual machine console in the Virtual Infrastructure client.

  2. At the login prompt, typed the default user name (admin) and password (admin) for the device and then choose option 1 on the console menu:

    Image of the Interface Settings for the Restorepoint console

  1. Type the IP address, Netmask, default gateway, and primary DNS server as prompted. The DNS server must be able to resolve public names (for example, support.restorepoint.com), otherwise the appliance cannot retrieve software updates.

  2. Enter y to confirm the settings. If the settings are applied successfully, the console menu will be redisplayed. You can exit now.

You can disconnect your monitor and keyboard. To continue the initial setup, open a browser window on a network connected PC and enter the IP address you set for the appliance in the URL bar.

Alternative Method for Setting the IP Address

You can also connect to the Skylar Compliance appliance for initial setup over a network using the factory-configured default IP address/netmask (192.168.1.1/255.255.255.0), if these settings do not conflict with any devices already on your network. Use a browser to connect to https://192.168.1.1 and set the IP address as shown above.

If these settings are in use on your network, you may connect the device directly to a PC using an Ethernet cross-over cable. Configure your PC to use an address in the 192.168.1.2 - 254 range, then use a browser to connect to https://192.168.1.1.

Connecting to Skylar Compliance for the First Time

After you set the IP address for Skylar Compliance, use a browser on a network-connected PC to connect to the IP address and complete the initial configuration.

Skylar Compliance initially uses a self-signed certificate. Because of this, your web browser will warn you of an invalid (untrusted) certificate. This is normal behavior because the appliance certificate is not signed by a Trusted Certificate Authority. The session will still be encrypted. Refer to your browser instructions on how to proceed and accept the unsigned certificate. A valid (signed) certificate can be uploaded to Skylar Compliance after the initial configuration is completed.

To connect to Skylar Compliance for the first time:

  1. Log in with the default username (admin) and default password(admin). Be sure to change your password after the initial login.
  2. Skylar Compliance displays the End-User License Agreement. Read the terms of the Agreement, then click Accept to signify that you accept the Agreement. You will not be able to use Skylar Compliance if you do not accept the Agreement.
  3. The Installation Wizard page appears. You can use this page to configure your network settings.
  4. Installation wizard

  1. Supply values in the following fields:
  • Interface. Select an interface from the drop down list.
  • Use DHCP. Select this checkbox if you want to use a DHCP server for your interface and other options will be disabled.
  • IP Address. Type your Skylar Compliance IP address. Skylar Compliance and its agents can add IPv4 and IPv6 IP addresses. “Host” fields across Skylar Compliance can now accept an IPv4/IPv6 address or a hostname (excluding DNS servers (IP address-only).
  • Subnet Mask. Type your subnet mask associated with the IP address
  • Speed/Duplex. Select the link speed and duplex from the drop down list.
  • DNS Server 1. Type the DNS Server address for your network. Click Ping to check connectivity.
  • DNS Server 2. Type the second DNS Server address from your network. This field is optional. Click Ping to check connectivity.
  • Gateway. Type the default gateway for your network. Click Ping to check connectivity.
  • Domain Name. Type the default domain name.
  • Use Proxy. Select this checkbox if proxy is required for internet access.
  • NAT Address. Type the NAT address if connection is required by your firewall.
  • Additonal Static Routes. If the devices that you want to add to Skylar Compliance are located on different networks, you may need to define additional static routes. If required, type the network IP address and the destination gateway IP address and click Add.
  • Throttle SCP/SFTP. Select this checkbox to limit the amount of network bandwidth Skylar Compliance uses.
  1. Click Next and the Alerts and SMTP page appears. You can use this page to configure credentials for system notifications. Supply values in the following fields:
  • Email errors to. Type the email address you would like the error alerts to be delivered to.
  • Email from. Type the email address you want the email to originate from.
  • Host. Type the IP address of your mail server. Click Ping to check connectivity.
  • Port. Click the arrows in the right of the field to navigate to the correct port number for your mail server. Click Test to test the connection.
  • Username. Type the username for your mail server.
  • Domain Name. Type the password for your mail server.
  • From. Type an email address to use in the "From" field for notifications.
  • To. Type a default email address to send email alerts to.
  1. Click Next and the Admin User page appears. You can use this page to configure the account for an admin level user. Supply values in the following fields:
  • Username. Type a Skylar Compliance username.
  • Email. Type an email for the administrator user.
  • Password. Type a password for the administrator user. Your password must be a minimum of 8 characters with mixed case, numbers, symbols, and cannot be a dictionary word. Your password must be different from your encryption password. Click Show to display the password.
  • Encryption Password. Type an encryption password for the admin user. Encryption passwords are required for decryption after a restart. Click Show to display the password.
  • Recovery Question. Type a recovery question to be used if the user forgets their password. A recovery token will be sent to you from ScienceLogic via email.
  • Recovery Answer. Type the answer to the recovery question.
  1. Click Next and the Activation page appears. You can use this page to configure contacts and other settings to activate Skylar Compliance. Supply values in the following fields:
  • Company Name. Type the name of the company that is using the Skylar Compliance system.
  • Contact Name. Type a name for a point of contact regarding the Skylar Compliance system.
  • Email. Type an email for a point of contact regarding the Skylar Compliance system.
  • Phone. Type a phone number for a point of contact regarding the Skylar Compliance system.
  • Address. Type an address for a point of contact regarding the Skylar Compliance system.
  • Reseller. Type the company name of the reseller, if applicable.
  • Activation Code. Type the activation code you received from ScienceLogic if you are connected to the internet.
  • Offline?. Select this checkbox if you are using Skylar Compliance offline.

If the The appliance is not connected to the Internet option is checked, the appliance will operate in offline mode and will not attempt to contact the update server. The Force Check button changes to Manual Upgrade, which you can click to download an update package to your workstation and manually upload it to Skylar Compliance. For more information, see Offline Installation/Upgrade.

  1. Click Finish.
  2. If you entered an activation code, you will be redirected to the Skylar Compliance login page once installation is complete.
  3. If you selected the Offline? checkbox, the Upload Registration File pane appears.
  4. An image of the Upload Resigstration File pane.
  5. Copy the Appliance Key provided in the pane and click the Skylar Compliance support link (https://support.sciencelogic.com/s/create-case) provided in the middle of the pane.
  6. On the Skylar Compliance Support page, paste the Appliance Key that you copied above and click Register.
  7. Skylar Compliance provides a file to download with a filename similar to rpupdate_20250106154424.bin. Click Download.
  8. Navigate back to your Skylar Compliance system and drag the file to the Upload Registration File pane to upload it or click inside the pane to select the file.
  9. Click Submit and you will be redirected to the Skylar Compliance login page once installation is complete.

The Skylar Compliance installation process time can vary and may take up to 30 minutes. ScienceLogic recommends that you do not click Submit more than once, but wait for Skylar Compliance to redirect you to the login page.

Connecting to Skylar Compliance After a Reboot

When Skylar Compliance is rebooted, it will start in a locked state. It is not able to perform any operations until the encryption password is entered, and only admin-level operators can log in to the appliance.

To enter the encryption password, use a browser to connect to the appliance and provide your administrator credentials and the encryption password:

Image of the Restorepoint login page

The appliance will then transition to the normal operation mode, and subsequent administrator logins will not require an encryption password.

Converting Skylar Compliance to Oracle Linux 8

While some versions of Skylar Compliance currently run on CentOS Linux, updates and releases of CentOS Linux were discontinued, as follows:

  • CentOS Linux 8 reached End of Life (EOL) on December 31, 2021
  • CentOS Linux 7 reached EOL on June 30, 2024
  • CentOS Linux 6 reached EOL on November 30, 2020

Skylar Compliance now uses OL8 as the primary supported operating system. This topic covers how to migrate from the CentOS Linux platform to the OL8 operating system.

Skylar Compliance releases are completely independent of SL1 platform releases.

Prerequisites for Converting Skylar Compliance to Oracle Linux 8

  • All appliance types. Open a case with Support to request an upgrade, if you have not already done so.
  • Ensure you are running the latest Skylar Compliance version 5.6 release. You cannot upgrade from a re lease earlier than 5.6. See Migration Paths for CentOS Virtual Machines to Oracle Linux 8.
  • Take a snapshot or backup of your Skylar Compliance appliance in case a rollback is needed. For more information, see System Archive.
  • Virtual machines only. Acquire virtual machine(s) with an OL8 operating system having similar or better specifications (CPU, memory, disk size) than the existing virtual machine for the primary Skylar Compliance appliance and all existing agents, if you are using agents.
  • Ensure you have the encryption password, administrator password, and serial number (if this is a hardware appliance) of your existing appliance.

Migration Paths for CentOS Virtual Machines to Oracle Linux 8

Before you can convert your Skylar Compliance virtual appliance to Oracle Linux 8 (OL8), you must ensure it is updated to a version supported by the conversion process and you must open a case with a Skylar Compliance Support engineer so they can assist in the process. They will be able to help determine your operating system and your Skylar Compliance version.

CentOS 5 Virtual Machines

These appliances run Skylar Compliance version 5.3 (or earlier) and must be updated to version 5.3.1 and CentOS 8 as the operating system. Support can assist you with this update.

Skylar Compliance requires that you update your appliances from version 5.3 to version 5.3.1 and CentOS8.

After you have migrated to CentOS 8, follow the steps for CentOS 8-based Virtual Machines below.

CentOS 6 Virtual Machines

These appliances can run Skylar Compliance version 5.3, 5.3.1, 5.4 or 5.5. Support can assist you to ensure you are running at least Restorepoint version 5.3.1.

After you have migrated to CentOS 8, follow the steps for CentOS 8-based Virtual Machines below.

If you are using a Skylar Compliance hardware appliance, see Converting a Skylar Compliance Hardware Appliance to OL8.

CentOS 8 Virtual Machines

After you confirm your Skylar Compliance operating system is CentOS 6 or CentOS 8 running on Skylar Compliance version 5.3.1, you can begin your conversion.

To convert your system to OL8, you must update to Skylar Compliance version 5.6.

To update your Skylar Compliance system to version 5.6:

  • Update from Restorepoint version 5.3.1 to Skylar Compliance version 5.4:
    • Ask the Restorepoint Support engineer to set the appliance to version 5.4 in the Skylar Compliance backend.
    • Update to your virtual appliance Skylar Compliance version 5.4.
  • Update from Skylar Complianceversion 5.4 to Skylar Compliance version 5.6:
    • Ask the Skylar ComplianceSupport engineer to set the appliance to version 5.6.
    • Update your virtual appliance to Skylar Compliance version 5.6.

After your Skylar Compliance appliance is updated to Skylar Compliance version 5.6, you can proceed to update your appliance to OL8. This process requires you to create a new appliance and then follow the migration steps.

Converting a Skylar Compliance Hardware Appliance to a Hardware Appliance Running OL8

If you have a Skylar Compliance hardware appliance, you must contact Customer Operations to submit a service request with ScienceLogic Support. You must provide your hardware serial number so they can validate the hardware and provide a new appliance with OL8 installed. When you have the new hardware appliance, you can update your Skylar Compliance appliance. See Updating a Skylar Compliance Appliance for more information.

Converting a Skylar Compliance Virtual Appliance to a Virtual Appliance Running OL8

If you are using Skylar Compliance on a virtual machine running CentOS, you must contact Customer Operations to submit a service request with ScienceLogic Support to request an upgrade. They will provide you with a download link for the latest image for the platform you are using, for example, AMI for an AWS installation. See Updating a Skylar Compliance Appliance for more information.

Converting a Skylar Compliance Virtual Appliance to a Hardware Appliance on OL8

If you want to move from using a Skylar Compliance virtual appliance to using a Skylar Compliance hardware appliance, you must contact Customer Operations to submit a service request with ScienceLogic Support to request the hardware appliance. Customer Operations will work with you and your Account Executive to procure a new appliance with OL8 installed. After you receive the Skylar Compliance hardware appliance, you must perform a full migration of your virtual appliance data to the new hardware appliance. See Full Migration for more information.

Skylar Compliance Appliance Migration

This section covers how to migrate your data to a new hardware or virtual appliance.

Before you Begin the Migration

  1. Provide the existing serial number to Customer Operations so they can generate a new activation code and share the new image or hardware appliance.
  2. Configure the appliance IP address on your network and complete the online registration.
  3. Using your new activation code, install and configure the new appliance. For more information, see Installing Skylar Compliance.
  4. Make sure that both Skylar Compliance appliances are running the same software version. You can verify the software versions on the System Status page (System Status > Appliance Software).
  5. The appliances normally update themselves by connecting to the Skylar Compliance update servers, but you can force an update using the Force Check button on the Appliance tab (Administration > System Settings > Appliance). The same page shows the current software version and build number.

Migration Paths

There are two migration paths:

  1. Partial Migration. Migrates the device information, such as IP addresses, credentials, and so on. Most users choose partial migration, because it is simpler, and you can complete it within a few minutes.
  2. Full Migration. Includes all of the device backups and restores the appliance SSH keys.

Only a full migration will restore the appliance SSH keys. This is an important consideration if you are using SSH Public Key Authentication (PKA ), because devices will not allow the new appliance to log in until the new appliance SSH key is authorized. Devices that perform strict SSH checks may also prevent logins, even if using SSH password authentication.

Partial Migration

This migration moves over only your device settings. Device configuration files and Skylar Compliance settings are not migrated.

  1. Log in to the existing Skylar Compliance appliance and click Devices in the left-side menu.
  2. Select the check box next to the column title Name to select all devices (or select which devices to export individually).
  3. Click Exportto generate a CSV file with the device data.
  4. Log in to the new appliance, and then click Devices in the left-side menu.
  5. Click Import. In the dialog that appears, choose the CSV file you exported in step 3. This file is typically in your the Downloads folder. All of the devices should appear in the list.

Full Migration

The full migration uses the Skylar Compliance Archive feature, which exports all of the system configuration to an external server.

  1. Configure archiving on the existing appliance. This should already be in place, as it is an essential disaster recovery function.
  2. Go to the Archive page (Administration > System Setting > Archive).
  3. Configure the file server to which Skylar Compliance uploads its archive and set up an automated disaster recovery Archive. Skylar Compliance supports FTP, SCP, SFTP, or Windows file servers for archiving.
  4. Create a new archive on the server by clicking Archive Now. This operation may take a long time, depending on the amount of data stored on the appliance.
  5. On the new appliance, import the archive from the server.
  6. On the Archive page (Administration > System Settings > Archive), configure archiving in the same way as it was on the existing appliance (that is, IP address, protocol, path and credentials), and then click Restore Archive.
  7. Skylar Compliance displays a list of archives available on the remote server in a drop-down list. Choose the most recent archive and click Restore.
  8. Full Migration Restore Archive modal.

During the process, you might be prompted for the password and encryption password of your existing appliance. Provide the details for the administrator account. Again, this may take a long time to complete; at the end of the process, all of the Skylar Compliance settings (except the IP address for the appliance) and all data stored on the old appliance will be restored on to the new one. For more information about archiving, see System Archive.

Migration with Agents

To perform migration when your environment has Agents:

  1. Deploy new agents on a new virtual machine with the Oracle Linux 8 operating system and perform the Initial Master Setup in the agent.
  2. Set the IP address of the new appliance for each agent.
  3. Skylar Compliance supports agent deployment within an RPM. Additionally, Skylar Compliance also supports communication from agent to Skylar Compliance appliance over a port of your choosing. The default port 22 can be changed when setting up the agent.

If you need HTTPS enabled on the new appliance, you must create a new certificate. For more information, see HTTPS Certificates.

Updating a Skylar Compliance Appliance

The following steps are for virtual deployments only.

The Skylar Compliance appliance checks the update server for software updates every 24 hours and installs them automatically. Installation updates only occur when there are no other tasks running, so there is no service downtime.

Force Check for Upgrade

If you have either of the following options selected (Administration > System Settings > Appliance), you must do a Force Check to update your appliance. Automatic updates will not occur for:

  • Disable Automatic Version Upgrades
  • Disable Automatic Minor Updates

For more information about Force Check, see Software Updates.

If the The appliance is not connected to the Internet option is checked, the appliance will operate in offline mode and will not attempt to contact the update server. The Force Check button changes to Manual Upgrade, which you can click to download an update package to your workstation and manually upload it to Skylar Compliance. For more information, see Manual Updates. You can also see the Knowledge Base article Offline Installation/Upgrade.

 

Frequently Asked Questions

Known Issues

  • Issues with Agents. This topic encompasses a wide range of problems, but usually the cause is the agents have not been migrated to Oracle like the primary and there are conflicting ciphers, macs, and Kexs.
  • Domain not Found. This error message can appear when viewing a device. Follow the steps in the article to resolve the issues.
  • Converting Last Alert Policy. This is a common database issue that occurs if the customer uses the Generic Push device plugin.

If you run into any of these problems, contact a support engineer.