DivvyCloud

Welcome to the DivvyCloud Docs!

DivvyCloud is a Cloud Security Posture Management (CSPM) platform that provides real-time analysis and automated remediation across leading cloud and container technologies.

For questions about documentation reach out to us [email protected]

Take Me to the Docs!    Release Notes

Infrastructure Recommendations

Overview

This page contains our recommended server and network technical specifications for configuring your DivvyCloud setup. We'd suggest that you review the information on this page before getting started with your installation.

Updates in Progress

We are in the process of updating the information included on this page to provide clearer details on components, deployment requirements, and instructions based on your individual CSP.

If you have questions or are unsure of what options may best suit your configuration, reach out to [email protected]

DivvyCloud Components

Instances

DivvyCloud runs on Ubuntu and CentOS variants. We recommend using Ubuntu 18.04+.
CentOS 7+ may also be used.

For evaluation purposes, check out one of our Test Drive Deployments. DivvyCloud can run on a standalone instance, but most enterprise deployments require at least two instances with at least:

  • 4 cores
  • 8 GB of memory
  • 30 GB root volume

Backend Services

In addition to a frontend layer, DivvyCloud has a backend that consists of MySQL 5.7.x and Redis greater than or equal to 3.x and less than or equal to 5.0.6. These services can be fulfilled by dedicated virtual machines or public, cloud-based services such as AWS RDS and Elasticache.

Version Requirements and Limitations

We recommend you verify the requirements that apply to your individual cloud provider, for example AWS requirements are specified here.

Contact [email protected] with questions or with any issues.

The MySQL database instance should have at least:

  • 4 cores
  • 16 GB of memory
  • 100 GB volume

The Redis memcache instance should have at least:

  • 1 core
  • 2 GB of memory

Browsers

For the best experience, we recommend using the latest version of Google Chrome.

Network Connections

DivvyCloud’s platform needs access to some public Internet services in order to function properly. All of these network connections are HTTPS traffic on outbound TCP port 443. The specific list of network connections varies based upon requirements, but commonly include:

Connection
Purpose

divvycentral.divvycloud.com

DivvyCloud licensing server

backoffice.divvycloud.com

DivvyCloud Insight distribution

*.amazonaws.com

Amazon Web Services API endpoints

management.azure.com

Microsoft Azure API endpoints

www.googleapis.com/*

Google Cloud Platform API endpoints

*.aliyuncs.com

Alibaba Cloud API endpoints

*.zopim.com

Zendesk support widget

divvycloud.zendesk.com

Zendesk support widget

*.sentry.io

Sentry (optional error reporting)

In addition, DivvyCloud requires customer-defined API endpoints when connecting to VMWare vSphere or OpenStack cloud platforms.

For end-user access, DivvyCloud runs on port 8001 but can be mapped to port 80 or 443 using any number of proxy services including Apache2, Nginx, AWS ELB or others.

Proxy Configuration

Many customers have network security requirements that prohibit all outbound traffic from VPCs. DivvyCloud customers have successfully implemented DivvyCloud using proxy servers. The following describes a typical two-part approach: pre-install and post-install. Pre-install, you must set system environment variables. Post-install, you must set DivvyCloud environment variables. To update system environment variables:

For Ubuntu, log into each instance via SSH and append the following to /etc/environment

http_proxy="http://<PROXYSERVERIP:PORT>"
https_proxy="https://<PROXYSERVERIP:PORT>"
no_proxy="mysql,redis,169.254.169.254"

For CentOS, log into each instance via SSH and append the following to /etc/profile.d/proxy.sh

export http_proxy="http://<PROXYSERVERIP:PORT>"
export https_proxy="https://<PROXYSERVERIP:PORT>"
export no_proxy="mysql,redis,169.254.169.254"

Where you replace PROXYSERVERIP and PORT values with the actual IP and port values of your proxy servers. If your proxy server requires a username and password, you can format the proxy server variable as follows:

http_proxy="http://<USERNAME:[email protected]:PORT>"

If you are installing a Test Drive deployment, then update your no_proxy variable further by adding these local and loopback IPs:

no_proxy="mysql,redis,169.254.169.254,localhost,127.0.0.0,127.0.1.1"

After configuring the proxy, change to the user, divvy, and verify the change:

sudo su - divvy
env | grep proxy

The proxy configuration variables should be displayed. If not, log out of the system and log back in so that the environment variables take effect.

Next, install DivvyCloud using a Test Drive or Scalable deployment.

Post-install, after stopping DivvyCloud, update DivvyCloud environment variables, which are located in /divvycloud/prod.env. You will need to uncomment and update the following lines in the prod.env file on each instance:

# Uncomment and adjust the below values if behind a proxy. Please note that
# 169.254.169.254 are used for AWS Instance/STS AssumeRole.
#http_proxy=http://proxy.acmecorp.com
#https_proxy=http://proxy.acmecorp.com
#no_proxy=mysql,redis,169.254.169.254

As before, replace proxy.acmecorp.com with the actual IP and port values of your proxy servers. And, as before, if you are following the Test Drive deployment, add these local and loopback IPs to your no_proxy to have the following:

no_proxy=mysql,redis,169.254.169.254,localhost,127.0.0.0,127.0.1.1

Note re CentOS and MySQL

SE Linux prevents Docker from writing MySQL data to the host system. The workaround is to run this command from the ‘divvycloud’ directory on each instance:

chcon -Rt svirt_sandbox_file_t data

Cloud Components

The following instructions walk you through our recommendations for the core components for a standard deployment of DivvyCloud across Amazon, Google, and Microsoft cloud platforms. DivvyCloud uses several basic components and the names of these basic components differ from platform to platform.

Refer to the individual sections below for specifics around what components are required on each platform to install and host DivvyCloud.

Amazon Web Services (AWS) Deployment

Recommendations

While Test Drive deployments are a great way to experiment for the best experience and the quickest install to explore our features, we recommend using our scalable deployment for AWS. Learn more here: Scalable Deployment.

"Administration" in each of these depictions is the DivvyCloud dashboard.

Specific Recommendations for AWS Deployment

Type
Min Rec'd
Specifications

User Interface

1, 2

OS - Ubuntu 18.04+ or CentOS 7+, EC2 Type - c5.large (2 vCPU, 4 GB Memory)

Scheduler

1, 2

OS - Ubuntu 18.04+ or CentOS 7+, EC2 Type - c5.large (2 vCPU, 4 GB Memory)

Worker

2

OS - Ubuntu 18.04+ or CentOS 7+, EC2 Type - c5.xlarge (4 vCPU, 8 GB Memory)

NoSQL

1

1) Cluster Engine - Redis, (Cluster Mode NOT Required)
2) Engine Version Compatibility - >=3.x<=5.0.6
3) Node Type - cache.t2.medium
4) Number of Replicas - Replicas NOT required
5) Multi-AZ with Auto-Failover NOT required
6) Preferred availability zones - Same AZ as UI, Scheduler, Worker
7) Encryption at-rest NOT required
8) Encryption in-transit disabled
9) Enable automatic backups disabled
10) Choose appropriate maintenance

Relational Database

1

1) RDS - MySQL
2) Production - MySQL
3) MySQL, v5.7.23
4) db.m5.large (2 vCPU, 8 GB Memory)
5) Multi-AZ Deployment NOT required
6) 100GB storage
7) Choose the same VPC where the UI, Scheduler, and Workers will run
8) Public Accessibility - No
9) Availability Zone - Same AZ as UI, Schedulers and Workers
10) Database Name - divvy
11) IAM DB Authentication - Disable
12) Encryption - Enable Encryption
13) Backup Retention - 7 Days
14) Disable Enhanced Monitoring
15) Disable Performance Insights
16) Error Log enabled
17) Slow Query Log enabled
18) Disable auto minor version upgrade
19) Choose appropriate maintenance window
20) Enable Deletion Protection

Load Balancer

0, 1

Not required, but recommended with UI x 2
Health Check - HTTP:8001/Status

Google Cloud Platform (GCP) Deployment

For GCP, the necessary components are:

  1. Cloud SQL for the database
  2. Redis for Redis
  3. Three Compute Nodes for DivvyCloud's scheduler, WebUI, and worker instances
  4. Cloud Load Balancing for WebUI for the load balancer
  5. Firewall Rules for Internet Access for connecting back to the Internet

Note: Specific recommendations for a GCP deployment are still under review, for questions reach out to [email protected]

Microsoft Azure Deployment

For Microsoft Azure, the necessary components are:

  1. MySQL for the database
  2. Redis for Redis
  3. Three Compute Nodes for DivvyCloud's scheduler, WebUI, and worker instances
  4. Azure Load Balancer and SNAT for the the cloud load balancing for WebUI for the load balancer
  5. Firewall Rules for Internet Access for connecting back to the Internet

Note: Specific recommendations for an Azure deployment are still under review, for questions reach out to [email protected]

Updated about a month ago

Infrastructure Recommendations


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.