CentOS Hardened Image

This section contains information about using the hardened image that is distributed to customers as a platform that is pre-configured as a hardened environment ready to run the CA API Developer Portal.
This section contains information about using the hardened image that is distributed to customers as a platform that is pre-configured as a hardened environment ready to run the CA API Developer Portal.
On this page, learn about:
Hardened Image Versions
The following CentOS OVA version images are available to customers:
The CentOS 7 OVA Version images are available for download on CA Support or the CA API Developer Portal Solutions & Patches page.
Image Version
Filename
CentOS 7 OVA Version 3 Image
API Developer Portal Virtual CentOS 4.3.1.ova
CentOS 7 OVA Version 2 Image 
API Developer Portal Virtual CentOS 4.2.9.1.ova
CentOS 7 OVA Version 1 Image
API Developer Portal Virtual CentOS 4.2.2.ova
Enhancements and Improvements
The CentOS 7 OVA Version 3 Image contains the following updates and improvements from version 2:
  • Requires CentOS 7.6 that includes numerous security fixes not available in CentOS 7.4 or 7.5.
  • Updated Docker version to docker-ce-18.09.x
  • The 
    var/log
     partition size increased to 50 GB.
The CentOS 7 OVA Version 2 Image contains the following updates and improvements from version 1:
  • Requires CentOS 7.5 that includes numerous security fixes not available in CentOS 7.4.
  • Hard drive capacity increased to 500 GB.
  • The 
    /home
     partition size increased to 20 GB.
  • The host 
    ssh
     keys are removed during image creation, so new host 
    ssh
     keys are created when the OVA is first booted. This mitigates the possibility of MITM (man in the middle) attacks, because the host private keys cannot be known in advance and are not shared with other servers built from the same OVA image.
  • The filesystem has been changed from 
    ext4
     to 
    xfs
    .
  • Swap is disabled.
Upgrading to the Latest Hardened Image
CentOS 7 OVA Version 3 Image is the recommended hardened image for
API Developer Portal
 4.3.x.
If you are upgrading from version 1, be aware of the following consequences:
  • The default username for the system is now
    centos
    . Previously, the default username was "portal". This change
    maintains alignment with the AMI platform. The default password is still
    7layer
    .
  • The number of required CPU cores increased from 4 to 8 to address performance.
  • Additional memory is required.
To upgrade to the OVA Version 3 image from a previous OVA version:
  1. If you are using an internal PostgreSQL database, back up your database. If not, skip this step.
  2. Configure and start your new OVA following the instructions in Configure and Start CentOS 7 OVA Version 3 Image.
  3. On the new OVA, extract the Portal installation package:
    sudo tar zxvf <filename>.tar.gz
  4. On the old OVA, create an archive for the entire Portal installation directory:
    sudo tar -zcvf <filename.tar.gz> -C <parent-dir-of-portal-install-dir> <portal-install-dir>
  5. Copy the archive to new OVA:
    sudo scp <filename.tar.gz> centos@<new-ova-hostname>:/home/centos
  6. On the new OVA, extract the archive from the old OVA onto the new installation:
    sudo tar -xzvf /home/centos/<filename.tar.gz> -C <portal-installation-dir> --strip-components=1
  7. Start the Portal on the new OVA:
    sudo ./portal.sh
  8. Run status check on the Portal:
    ./status.sh
  9. If you are using an internal PostgreSQL database, restore your database. If not, skip this step.