RCDevs Virtual Appliance Startup Guide

The RCDevs VMware Appliance is a streamlined Rocky Linux (64-bit) installation, preconfigured with RCDevs software packages installed via RCDevs RPM repositories. The appliance includes the following components:

  • WebADM Server (located in /opt/webadm/).
  • WebADM Web Services: OpenOTP, SMSHub, OpenSSO, SpanKey (located in /opt/webadm/websrvs/).
  • WebADM Web Applications: SelfDesk, SelfReg, PwReset, OpenID (located in /opt/webadm/webapps/).
  • Radius Bridge (located in /opt/radiusd/).
  • RCDevs Directory Server (OpenLDAP, located in /opt/slapd/).
  • MariaDB Database Server (MariaDB).
  • Postfix Local Mail Transfer Agent.

This configuration provides a ready-to-use environment for deploying RCDevs solutions.

Download, import and start the appliance

Visit the RCDevs Website to download the Appliance ZIP archive, available in Hyper-V format.

After downloading, unzip the archive and import it in your Hyper-V infrastructure.

If needed, you can adjust the CPU, memory and any other settings required for your infrastructure. By default, it is configured with 2 virtual CPUs and 1GB of memory.

Keep the boot console open during the startup process to monitor for any errors. The Appliance is configured to obtain its IP address via DHCP.

Hyper-V Import

  • Open Hyper-V Manager on the target host:
vm
  • In the right-hand pane, under Actions, click on Import Virtual Machine.
vm
  • Browse to the folder where you copied the exported VM, select the folder containing the VM configuration files, and click Next.
vm
  • Choose the import type:
    Copy the virtual machine (create a new unique ID): Select this option if you want to create a new instance of the VM with a unique ID.
vm
  • Review the settings and click Finish to begin the import process.
vm

Continue with the VM configuration:

vm

Start the Setup Script

This script runs only once, during the first boot, and does not require a login password. You can perform the setup via the console or by accessing the VM with SSH. To restart the setup, use the vm_init command.

The WebADM setup script will prompt you for:

  • Your time zone.
  • (Optional) Configuration of the network interface.
  • Selection and configuration of an LDAP server (the default LDAP server is already pre-configured).

Once the setup is complete, the script will start all necessary services:

  • WebADM HTTP, SOAP, PKI, and Session Manager Services;
  • Radius Bridge Service;
  • LDAP Server;
  • SQL Server: The SQL server is already pre-configured.

Setups

Simple setup with the Local LDAP database

The requirements for a simple setup are as follows:

  • Full internet access from the virtual appliance;
  • DHCP service running on your network

If these requirements are not met, the normal setup will be automatically triggered, allowing you to configure the network interface manually.

-------------------------------------------------------------------------
Welcome to RCDevs VMWare Appliance 2.3.20!
-------------------------------------------------------------------------
Do you wish to use the (s)imple, or  the  (n)ormal setup? 'Simple' sets
up a self-contained demo appliance and asks less questions. 'Normal'
allows you to use e.g. a remote LDAP server, like an Active Directory DC.
Please select (s) or [n]: s

Pinging cloud.rcdevs.com for up to 10 seconds.

Setting time zone to GMT-2, Google's guess according to your public IP address.

Checking system architecture...Ok
Creating self-signed certificate... Ok
Initializing LDAP data... Ok
Setting file permissions... Ok
Starting LDAP Directory... Ok
Adding systemd service... Ok
Adding logrotate script... Ok
Adding DB backup script... Ok
LDAP Directory has successfully been setup.
Stopping RCDevs LDAP Directory... Ok

Checking system architecture...Ok

Generating CA private key... Ok
Creating CA certificate... Ok
Adding CA certificate to the local trust list... Ok
Generating SSL private key... Ok
Creating SSL certificate request... Ok
Signing SSL certificate with CA... Ok
Setting file permissions... Ok
Adding systemd service... Ok
Adding SELinux context... Ok
Adding logrotate scripts... Ok
Generating secret key string... Ok
WebADM has successfully been setup.
WebADM license file is missing. Please install an Enterprise, Freeware or Trial license file.
If you just upgraded, WebADM v2.0 now requires a license file even in Freeware or Trial mode.

Please point your Web browser to the URL below to get your license file.
After generation, WebADM will auto-install your new license and start.

  https://cloud.rcdevs.com/freeware-license/?id=a9848f760d5174b1

Waiting for license file to be generated

At this step, access the provided license link to generate your license. Follow the instructions for the freeware license, and you will receive a confirmation email that will redirect you to the freeware license generator one last time. Select the products and features you want to include in your license.

The WebADM setup will continue as described below.

Waiting for license file to be generated.......... Ok
Checking library dependencies... Ok
Checking system architecture... Ok
Checking server configurations... Ok

Found Freeware license (FREE_0256554B011EB645)
Licensed by RCDevs Security SA to RCDevs
Licensed product(s): OpenOTP

Starting WebADM PKI service... Ok
Starting WebADM Session service... Ok
Starting WebADM Watchd service... Ok
Starting WebADM HTTP service... Ok

Checking server connections... 
Connected LDAP server: LDAP Server (127.0.0.1)
Connected SQL server: SQL Server (127.0.0.1)
Connected PKI server: PKI Server (127.0.0.1)
Connected Session server: Session Server (127.0.0.1)

Checking LDAP proxy user access... Ok
Checking SQL database access... Ok
Checking PKI service access... Ok
Checking Cloud service access... Ok

Checking system architecture...Ok
Creating self-signed certificate... Ok
Setting file permissions... Ok
Adding systemd service... Ok
Adding logrotate script... Ok
OpenOTP RADIUS Bridge has successfully been setup.

Checking the system architecture...Ok
Creating self-signed certificate... Ok
Adding the systemd service... Ok
Adding the logrotate script... Ok
OpenOTP LDAP Bridge has successfully been set up.

You can connect your server via SSH with 'ssh root@192.168.4.122'.

The password for root has just been changed to: pv8SNnBi

You can login RCDevs WebADM Admin Portal at 'https://192.168.4.122'.
WebADM login username is 'admin' (cn=admin,o=root).
WebADM login password is 'password'.

You can point your VPN appliance to 192.168.4.122, UDP port 1812 to
authenticate against OpenOTP using RADIUS. The secret is
'testing123'.

WARNING: This appliance is configured with permissive firewall,
dummy certificates, default passwords for services and root access.
You MUST re-configure your appliance before any production use!

Press any key to finish!

You can now log in to the WebADM Administrator portal to continue configuring applications and services, and proceed with client integrations.

Normal setup with Active Directory

With the normal setup, you can choose your preferred LDAP directory backend, such as Active Directory. In this example, we will use Active Directory. Follow the instructions provided by the VM setup script; afterward, the WebADM setup script will begin.

-------------------------------------------------------------------------
Welcome to RCDevs VMWare Appliance 2.3.20!
-------------------------------------------------------------------------


Do you wish to use the (s)imple, or  the  (n)ormal setup? 'Simple' sets
up a self-contained demo appliance and asks less questions. 'Normal'
allows you to use e.g. a remote LDAP server, like an Active Directory DC.
Please select (s) or [n]: n

Please identify a location so that time zone rules can be set correctly.
Please select a continent or ocean.
1) Africa							        7) Australia
2) Americas							        8) Europe
3) Antarctica							        9) Indian Ocean
4) Arctic Ocean							       10) Pacific Ocean
5) Asia								       11) none - I want to specify the time zone using the Posix TZ format.
6) Atlantic Ocean
#? 8
Please select a country.
1) Albania		  10) Czech Republic	    19) Hungary		      28) Malta			37) Romania		  46) Turkey
2) Andorra		  11) Denmark		    20) Ireland		      29) Moldova		38) Russia		  47) Ukraine
3) Austria		  12) Estonia		    21) Isle of Man	      30) Monaco		39) San Marino		  48) Vatican City
4) Belarus		  13) Finland		    22) Italy		      31) Montenegro		40) Serbia		  49) Åland Islands
5) Belgium		  14) France		    23) Jersey		      32) Netherlands		41) Slovakia
6) Bosnia & Herzegovina	  15) Germany		    24) Latvia		      33) North Macedonia	42) Slovenia
7) Britain (UK)		  16) Gibraltar		    25) Liechtenstein	      34) Norway		43) Spain
8) Bulgaria		  17) Greece		    26) Lithuania	      35) Poland		44) Sweden
9) Croatia		  18) Guernsey		    27) Luxembourg	      36) Portugal		45) Switzerland
#? 27

The following information has been given:

	Luxembourg

Therefore TZ='Europe/Luxembourg' will be used.
Local time is now:	Wed Sep  4 14:24:39 CEST 2024.
Universal Time is now:	Wed Sep  4 12:24:39 UTC 2024.

This VM is running with dynamic IP assignment (DHCP)
The current IP address is 192.168.4.122
Do you want to configure a static IP ([y]/n)? y
Please type the fixed IP address [192.168.4.122]: 
192.168.4.122
Please type the network mask [255.255.255.0]: 
255.255.255.0
Please type the gateway address [192.168.4.254]: 
192.168.4.254
Please type your primary DNS server IP [8.8.8.8]: 
8.8.8.8
Please type your secondary DNS server IP []: 

Fixed IP address: 192.168.4.122
Network address: 192.168.4.0
Network mask: 255.255.255.0
Gateway IP address: 192.168.4.254
Primary DNS server: 8.8.8.8
Do you confirm ([y]/n): y
Restarting network...
Please enter the hostname [rcvm.rcdevs.local]: webadm.rcdevsdocs.com

Checking system architecture...Ok
Creating self-signed certificate... Ok
Initializing LDAP data... Ok
Setting file permissions... Ok
Starting LDAP Directory... Ok
Adding systemd service... Ok
Adding logrotate script... Ok
Adding DB backup script... Ok
LDAP Directory has successfully been setup.
Stopping RCDevs LDAP Directory... Ok

Checking system architecture...Ok
RCDEVS WEBADM LICENSE AGREEMENT 

RCDevs WebADM Server ("WebADM")
Copyright (c) 2010-2024 RCDevs Security SA, All rights reserved.

IMPORTANT: READ CAREFULLY: By using, copying or distributing the Software
Product you accept all the following terms and conditions of the present
WebADM License Agreement ("Agreement"). 
If you do not agree, do not install and use the Software Product.

WebADM includes additional software products provided by RCDevs SA under
freeware and commercial licenses. These additional software are installed
under the "/opt/webadm/webapps" and "/opt/webadm/websrvs" directories. 
This Agreement is subject to all the terms and conditions of any such 
additional software license.

1. DEFINITIONS. "Software Product" means RCDevs Server with which the 
Agreement is provided which may include third party computer information
or software, including apache2, php, libcurl, libgmp, libxcrypt, libxml2, 
libpng, libqrencode, openldap, openssl, apcu, unixodbc, geoip, expat, 
hiredis, nghttp2, hiredis, libmaxmind, libcouchbase, cyrus-sasl, redis,
awesome-fonts unmodified software and libraries and related explanatory
written materials ("Documentation"). "You" means you or any recipient 
that obtained a copy of the Software Product pursuant to the terms and
conditions of the Agreement.

2. LICENSE. Subject to your compliance with the terms and conditions of
the Agreement, including, in particular, the provisions in Sections 3, 5
and 6 below, RCDevs hereby grants You a non-exclusive and royalty-free
license to use and distribute the Software Product solely for
non-commercial purposes in worldwide. You may:

a. download and install the Software Product on any computer in your
possession;

b. use the Software Product and any copy solely for a non-commercial
purposes;

c. make any original copies of the Software Product; and 

d. distribute any copy of the Software Product only in the form
originally furnished by RCDevs with no modifications or additions
whatsoever. If You have the slightest doubt that your copy of the
Software Product is not original, You must contact RCDevs for an 
original copy. 

3. OBLIGATIONS AND RESTRICTIONS ON LICENSE. The license granted in
Section 2 is subject to the following obligations and restrictions:

a. The Software Product and copies are to be used only for non-commercial
purposes. Prohibited commercial purposes include, but are not limited to:

   (i) Selling, licensing or renting the Software Product to third
   parties for a fee (by payment of money or otherwise, whether direct or
   indirect);
   
   (ii) Using the Software Product to provide services or products to
   others for which you are compensated in any manner (by payment of
   money or otherwise, whether direct or indirect), including, without
   limitation,providing support or maintenance for the Software Product;
   
   (iii) Using the Software Product to develop a similar application on
   any platform for commercial distribution.
 
You shall use your best efforts to promptly notify RCDevs upon learning
of any violation of the above commercial restrictions.

b. RCDevs, in its sole and absolute discretion, may have included a
portion of the source code or online documentation of the Software.
Except for any such portions, YOU SHALL NOT MODIFY, REVERSE ENGINEER, 
DECOMPILE, DISASSEMBLE, OR OTHERWISE ATTEMPT TO DISCOVER THE SOURCE CODE
OF THE SOFTWARE PRODUCT, except to the extent this restriction is 
prohibited by applicable law. Further, You may not create derivate works
of or based on the Software Product.

c. Any copy of the Software Product that you make must conspicuously and
appropriately reproduce and contain RCDevs's copyright and other
proprietary notices that appear on or in the Software Product (see
Software Product for examples of such notices) and disclaimer of
warranty; keep intact the Agreement and all notices that refer to the
Agreement and any absence of warranty; and give any other recipients of
the Software Product a copy of the Agreement. 

d. As used in this Agreement, the term "distribute" includes making the
Software Product available (either intentionally or unintentionally) to
third parties for copying or using. Each time You distribute the Software
Product or any original copy of the Software Product, You are responsible
for the recipient expressly agree to comply with the terms and conditions
of the Agreement. The recipient automatically receives the license to
use, copy or distribute the Software Product subject to these terms and
conditions. You may not impose any further restrictions on the
recipients' exercise of the rights granted herein.

e. RCDevs shall have no obligation to provide any maintenance, support,
upgrades or new releases of the Software Product.

4. INTELLECTUAL PROPERTY OWNERSHIP, RESERVATION OF RIGHTS. Title,
copyright, ownership rights, and any other intellectual property rights
in and to the Software Product, including its Documentation, and each
copy thereof are and shall remain the only and absolute property of
RCDevs. Except as expressly stated herein, the Agreement does not grant
You any intellectual property rights in the Software Product and all
rights not expressly granted are reserved by RCDevs.

5. WARRANTY DISCLAIMER. 
THE SOFTWARE PRODUCT IS LICENSED FREE OF CHARGE, AND THERE IS NO WARRANTY
OF ANY KIND FOR THE SOFTWARE PRODUCT.
RCDevs PROVIDE THE SOFTWARE PRODUCT "AS IS" WITH ALL FAULTS AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE,
TITLE, CUSTOM, ACCURACY OF INFORMATIONAL CONTENT, SYSTEM INTEGRATION OR
NON-INFRINGEMENT ARE DISCLAIMED. 

THE ENTIRE RISK AS TO THE RESULTS, QUALITY AND PERFORMANCE OF THE
SOFTWARE PRODUCT IS WITH YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU
(AND NOT RCDevs) ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
CORRECTION.

6. LIMITATION OF LIABILITY. 
YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT IN NO EVENT WILL RCDevs BE
LIABLE FOR ANY DAMAGES, CLAIMS OR COSTS WHATSOEVER INCLUDING ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, CONSEQUENTIAL OR EXEMPLARY
DAMAGES,INCLUDING BUT NOT LIMITED TO,DAMAGES FOR LOSS OF USE, DATA, OR
OTHER INTANGIBLE LOSSES, ARISING OUT OF, OR RELATED TO THE AGREEMENT OR
TO YOUR USE OR THE INABILITY TO USE THE SOFTWARE PRODUCT OR
DOCUMENTATION, EVEN IF RCDevs HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
LOSS, DAMAGES OR CLAIMS.

7. TERMINATION. The license granted hereunder is effective until 
terminated by RCDevs, in its sole discretion, after notification.
You may terminate the Agreement at any time by uninstalling and
destroying all copies of the Software Product in your possession 
or control. 
This license will terminate automatically if you fail to comply with the
terms and conditions of the Agreement above. Upon such termination, you
must destroy all copies of the Software Product. 

The provisions of Section 5 and 6 shall survive the termination of the
Agreement.

8. APPLICABLE LAW AND GENERAL PROVISIONS. The Agreement will be governed
by and construed in accordance with the Luxembourg law and submitted to
the Luxembourg competent courts.

The URL-link of any open-source files and libraries relating to the
Software Product is located in the file docs/licenses.txt.

If you have any questions, notices or information relating to the
Agreement, please use the address and contact information included with
the Software Product or via the web at http://www.rcdevs.com/.

I agree with RCDevs WebADM terms and conditions (Yes/No): yes

Will this WebADM master server be part of a cluster? (y/[n])? n

Setup WebADM as a Standalone CA (1) or Subordinate CA (2) ([1]/2)? 1

Configuring WebADM as a Standalone CA requires defining a subject for the CA certificate.
This subject information matters as it will be visible in chain of every certificate issued by WebADM! 
Do you want to define yourself this subject (1) or
let the setup script generates a default name like '/CN=WebADM CA# XXXXX' (2)?
Please select (1) or [2]: 2

WebADM proposes 4 default configuration templates: 
  1) Default configuration (RCDevs Directory in localhost)
  2) Other generic LDAP server (Novell eDirectory, Oracle, OpenLDAP)
  3) Active Directory with schema extention (preferred with AD)
  4) Active Directory without schema extention
  5) Active Directory schemas Mixed (Extended and Not Extended schema setup used)
Choose a template number [1]: 4

Please type the name/ip of the LDAP server: ad1.rcdevsdocs.com
Please type the port for LDAP [389]: 
Checking LDAP port 389 on ad1.rcdevsdocs.com... Ok
Please choose the encryption ([TLS]/SSL/NONE)?NONE


Please type domain FQDN (i.e. dc=lab,dc=local) []: dc=rcdevsdocs,dc=com

Please type a service account with read/write access to LDAP [cn=proxy-webadm,cn=Users,dc=rcdevsdocs,dc=com]: cn=administrator,cn=users,dc=rcdevsdocs,dc=com

Please type the proxy user password for cn=administrator,cn=users,dc=rcdevsdocs,dc=com: 

Testing user access...Ok

Please type an account or group DN with read/write access to LDAP (multiple accounts and groups can be
configured later in webadm.conf. Nested groups are not supported for super_admins) [cn=administrator,cn=users,dc=rcdevsdocs,dc=com]: 

cn=administrator,cn=users,dc=rcdevsdocs,dc=com]

Please type the WebADM container [cn=WebADM,dc=rcdevsdocs,dc=com]:

cn=WebADM,dc=rcdevsdocs,dc=com

Enter the server fully qualified host name (FQDN) [webadm.rcdevsdocs.com]: 

webadm.rcdevsdocs.com

Enter your organization name: RCDevs Documentation 
Generating CA private key... Ok
Creating CA certificate... Ok
Adding CA certificate to the local trust list... Ok
Generating SSL private key... Ok
Creating SSL certificate request... Ok
Signing SSL certificate with CA... Ok
Setting file permissions... Ok
Adding systemd service... Ok
Adding SELinux context... Ok
Adding logrotate scripts... Ok
Generating secret key string... Ok
WebADM has successfully been setup.
WebADM license file is missing. Please install an Enterprise, Freeware or Trial license file.
If you just upgraded, WebADM v2.0 now requires a license file even in Freeware or Trial mode.

Please point your Web browser to the URL below to get your license file.
After generation, WebADM will auto-install your new license and start.

  https://cloud.rcdevs.com/freeware-license/?id=8af8a183d2464b9b

Waiting for license file to be generated.... Ok
Checking library dependencies... Ok
Checking system architecture... Ok
Checking server configurations... Ok

Found Freeware license (FREE_0256554B011EB645)
Licensed by RCDevs Security SA to RCDevs
Licensed product(s): OpenOTP

Starting WebADM PKI service... Ok
Starting WebADM Session service... Ok
Starting WebADM Watchd service... Ok
Starting WebADM HTTP service... Ok

Checking server connections... 
Connected LDAP server: LDAP Server (192.168.4.163)
Connected SQL server: SQL Server 1 (::1)
Connected PKI server: PKI Server 1 (127.0.0.1)
Connected Session server: Session Server 1 (::1)

Checking LDAP proxy user access... Ok
Checking SQL database access... Ok
Checking PKI service access... Ok
Checking Cloud service access... Ok

Checking system architecture...Ok
Creating self-signed certificate... Ok
Setting file permissions... Ok
Adding systemd service... Ok
Adding logrotate script... Ok
OpenOTP RADIUS Bridge has successfully been setup.

Checking the system architecture...Ok
Creating self-signed certificate... Ok
Adding the systemd service... Ok
Adding the logrotate script... Ok
OpenOTP LDAP Bridge has successfully been set up.

You can connect your server via SSH with 'ssh root@192.168.4.122'.

Please enter a new root password for console and ssh login: 
Please enter it again: 
Updating password
Please try a ssh login to 192.168.4.122 in an other session, does it work? (y/[n]): y

You can login RCDevs WebADM Admin Portal at 'https://192.168.4.122'.
WebADM login user DN is 'cn=administrator,cn=users,dc=rcdevsdocs,dc=com'.

You can point your VPN appliance to 192.168.4.122, UDP port 1812 to
authenticate against OpenOTP using RADIUS. The secret is
'testing123'.

WARNING: This appliance is configured with permissive firewall,
dummy certificates, default passwords for services and root access.
You MUST re-configure your appliance before any production use!

Press any key to finish!
[root@rcvm ~]# 

You can now log in to the WebADM Administrator portal by accessing the server's IP address or FQDN through your web browser and completing the graphical setup.

When accessing the Administrator portal, you will be prompted that No domain domain has been configured and you must login for the first time with the super_admin distinguishedName. In that documentation, we use the default Active Directory administrator account, where the DN is :

cn=administrator,cn=users,dc=rcdevsdocs,dc=com

WebADM first login

Once authenticated on the WebADM Administrator Portal, you will be prompted to fnish the graphical setup.

WebADM first login

Scroll down and click on Create default containers and objects button:

WebADM first login
WebADM first login

Click Ok, then you can navigate to the Applications tab to Register and configured the desired applications and services.

Resetting the Appliance

At any time, you can reset the VMware appliance to its original state by running the vm_init command from the shell (e.g., if you want to restart the initial setup). Note that re-running the vm_init script will remove any work data on the VM.

You can find the WebADM setup script in /opt/webadm/bin/, the Radius Bridge setup script in /opt/radiusd/bin/, and the OpenLDAP setup script for the RCDevs Directory Server in /opt/slapd/bin/.

Please refer to the INSTALL and README files located in /opt/webadm/, /opt/radiusd/, and /opt/slapd/ for additional information.

Upgrade the Appliance

To upgrade the RCDevs appliance, simply run the following command:

dnf update

This will update all RCDevs packages and other software installed on the appliance. A restart may be required to complete the upgrade.