- Home
- Documentation
- Nexus Server
Nexus Server
-
Documentation
- Release Notes
- Get Started
- Nexus Server
- Nexus Application
- Nexus Stacks
- Nexus Two Factor Authentication
- Nexus GUI and Modules
- Access Gates
- Access Keys
- Block Storage
- Codespaces
- Cron Scheduler
- Data Bright
- Data Gate
- Data Insight
- Data Spark-house
- Data Spark-nodes
- Data Spark-solaris
- Data Stream
- Desktops
- Event Hub
- Firewall
- Flow-fx
- Groups
- Identities
- Instances-cn
- Instances-vm
- Instances-xvm
- Load Balancer
- Magna-app
- Magna-buckets
- Magna-db
- Magna-nodes
- Magna-s3
- Magna-se
- Magna-sqld
- Magna-sqlr
- Name Server
- Notification Gate
- Object Storage
- Private Network
- Repositories
- Roles
- SIEM Collector
- Secret Keys
- Security Scanner
- Serverless-api
- Serverless-flow
- Serverless-fx
- Serverless-json
- Serverless-mq
- Serverless-spark
- Sky Link
- Sky Nodes
- Solution Stacks
- VPN Manager
- Vista Sessions
- Nebula System
- Vista Connect
Description
The Nexus Server is at the heart of the xcware platform, managing all operations, policies, Admin/User interactions, and providing a CLI, API, and the Flow-fx engine. While the Nebula system acts as the universal computing platform and is deployed directly on the node, the Nexus interfaces with these services to manage them.
In this document, we cover the installation process, configuration properties, and provide guidance on using the CLI and API. We also describe the Flow-fx engine, explain how to create a Nexus Server cluster, outline the implementation of the AD Domain authentication process, and highlight key administration topics.
- Installing/Updating/Uninstalling the Nexus Server
- Configure the Nexus Server
- Nexus Accounts
- AD Domain Authentication
- Installing the xcware License
- Create a Nexus Server Cluster
- Using the Nexus Server CLI/API
- Administration of the Nexus Server
- The Nexus Server Flow-fx engine
Installing the Nexus Server
Requirements
The Nexus Server supports x64-bit versions of Windows, Windows Server, and Linux (Debian-based and RHEL-based) operating systems. It can be installed on a physical device, a virtual machine, or a cloud server. A minimum of 1 CPU is required, although 2 CPUs or more are recommended for optimal performance. The server also requires a minimum of 4 GB of RAM and at least 50 GB of free disk space. An exception is required for the system firewall, if active, to permit traffic on the Nexus Server port.
Important for Windows Installations
The "grep", "tail", and "find" commands are not available by default on Windows but are required by Nexus Server. As an alternative, please download and install the 64-bit version of Git (Standalone Installer) with the recommended options, which includes these commands, from https://git-scm.com/download/win. After installation, you may need to adjust the paths in the JSON configuration accordingly.
Installation PathThe "grep", "tail", and "find" commands are not available by default on Windows but are required by Nexus Server. As an alternative, please download and install the 64-bit version of Git (Standalone Installer) with the recommended options, which includes these commands, from https://git-scm.com/download/win. After installation, you may need to adjust the paths in the JSON configuration accordingly.
The installation path will be set to the following location and must not be changed:
- Windows: c:\xcware\nexus-server
- Linux: /xcware/nexus-server
The installation or update procedure must be performed by an Administrator on Windows and by the root user on Linux systems.
Nexus Image Repository Strategy
Before setting up your xcware environment, you need to define your Nebula image repository strategy, which also includes selecting the appropriate installation packages. The xcware platform can be deployed in various configurations, including Public, Private, Hybrid, Edge, On-Premises, Multi, or Mixed environments. You can even configure multiple Nexus servers for different use cases, which will influence how you deploy the Nebula system. There are two package options available for this purpose:-
Rollout Package
The Rollout Package includes the Nexus Server and Nebula image repositories, making it the preferred choice for On-Premises, Private, or Hybrid environments.
-
Server Package
The Server Package includes only the Nexus Server, with the Nebula image repository hosted on xcware.com, making it the preferred choice for Cloud, Edge, or Mixed environments.
Installing the Nexus Server
-
Download the package from our Downloads
Section.
xcware Repository
If your environment has Internet access, you can install the Nexus Server using the Server Package. In this case, you will need to set "https://xcware.com/c/_data/" as your repo_address in the configuration. -
Extract the archive to the installation path specified in the requirements.
-
To verify the folder structure, ensure the following file exists:
- Windows
c:\xcware\nexus-server\web\c\index.html
- Linux
/xcware/nexus-server/web/c/index.html
- Windows
-
Now we need to install the Nexus Server Service. For that, open a terminal as
an administrator and execute the following command:
- Windows
powershell.exe c:\xcware\nexus-server\register-nexus-server.ps1
- Linux
bash /xcware/nexus-server/register-nexus-server.sh
- Windows
- That's it! You have successfully installed the Nexus Server.
Updating the Nexus Server
-
Download the package from our Downloads
Section.
-
Stop the Nexus Server.
-
Extract the archive to the installation directory, overwriting existing files.
-
Start the Nexus Server.
- That's it! You have successfully updated the Nexus Server.
Starting the Nexus Server
Open a terminal as an administrator and execute the following command:-
- Windows
powershell.exe c:\xcware\nexus-server\start-nexus.ps1
- Linux
bash /xcware/nexus-server/start-nexus.sh
- Windows
Stopping the Nexus Server
Open a terminal as an administrator and execute the following command:-
- Windows
powershell.exe c:\xcware\nexus-server\stop-nexus.ps1
- Linux
bash /xcware/nexus-server/stop-nexus.sh
- Windows
Uninstalling the Nexus Server
-
Open a terminal as an administrator and execute the following command:
- Windows
powershell.exe c:\xcware\nexus-server\uninstaller-nexus-server.ps1
- Linux
bash /xcware/nexus-server/uninstaller-nexus-server.sh
- Windows
- That's it! You have successfully uninstalled the Nexus Server.
Configure the Nexus Server
To configure the Nexus Server, create a "settings.json" file next to the nexus executable and input the key elements in JSON format. Our Get Started document provides details on the required configuration settings and includes an example of the "settings.json" file.
Important
Please note that key names are case-sensitive.
Please note that key names are case-sensitive.
Configuration Keys
Key | Description | Default Value |
adaccount | Specifies the Nexus Account ID that will be associated with the login name during AD authentication. | string empty |
adenabled | Specifies whether the Nexus login session is authenticated against an AD Domain. | boolean false |
adignore | Specifies a comma-separated list of Nexus user email addresses that will be ignored by AD authentication and instead authenticate using Nexus identities. | string empty |
adserver | Specifies the suffix of your domain forest root. For example, if the root forest name is "corp.corporation.com", the suffix would be "corporation.com". | string empty |
center_address * | Specifies the address of the Nexus Server, which must be in the format "https://YOUR_SERVER_FQDN/" with a trailing forward slash. | string empty |
center_ip * | Specifies the IP address of the Nexus Server, which must be in the format "https://YOUR_SERVER_IP:NEXUS_SERVER_PORT/" with a trailing forward slash. | string empty |
repo_address * | Specifies the Nebula repository address, which must be in the format "https://YOUR_SERVER_IP:NEXUS_PORT/c/_data/" with a trailing forward slash. | string empty |
db_path | Specifies the path to the Nexus database folder. | string ./db |
default_cn_IP_start | Specifies the first segment of the Nebula private IP address range. This can be a number from 12 to 250. Please don't use 11, as this segment is reserved for the Nebula system. | string 10 |
find_command | Specifies the full path to the find command. This path must be adjusted for Windows systems. | string /usr/bin/find |
grep_command | Specifies the full path to the grep command. This path must be adjusted for Windows systems. | string /usr/bin/grep |
log_enabled | Specifies whether logs are written to the log file. | boolean false |
log_file | Specifies the name and location of the log file. | string ./log/v7v.log.json |
private_IP_start | Specifies the first segment of the Nebula private IP address range for the Network Service. This can be a number from 12 to 250. Please don't use 11, as this segment is reserved for the Nebula system. | string 15 |
request_limit | Specifies the number of requests per IP the Nexus Server allows within the timeframe defined by the request_limit_persecond key. | string 50 |
request_limit_blockduration | Specifies the number of minutes an IP is blocked if the number of requests exceeds the limit specified in the request_limit key. | string 60 |
request_limit_persecond | Specifies the time frame, in seconds, for the request limit defined by the request_limit key. | string 1 |
request_p_limit | Specifies the number of requests per IP the Nexus API allows within the timeframe defined by the request_p_limit_persecond key. | string 25 |
request_p_limit_blockduration | Specifies the number of minutes an IP is blocked if the number of requests exceeds the limit specified in the request_p_limit key. | string 30 |
request_p_limit_persecond | Specifies the time frame, in seconds, for the request limit defined by the request_p_limit key. | string 1 |
server_port | Specifies the Nexus Server port number. | string 443 |
session_timeout | Specifies the Nexus user session timeout in minutes. | string 480 |
tail_command | Specifies the full path to the tail command. This path must be adjusted for Windows systems. | string /usr/bin/tail |
ip_blocker | Specifies the script for IP blocking in the firewall of the Nexus Server's host system. This script should accept a single parameter, the offending IP address. It is used by the SIEM Collector service. | string empty |
ip_blocker_emailto | Specifies the comma-separated email addresses where notifications will be sent in the event of an SIEM Collector incident. | string empty |
http_log_skipper | If an SIEM Collector service is set up for Nexus logs, set this configuration to true to skip collecting HTTP requests to pages and images (to reduce noise). | boolean false |
observer_lines | Specifies the maximum number of records that can be retrieved in the SIEM Observer dialog. | string 1000 |
observer_turnoversize | Specifies the maximum size, in megabytes (MB), of the SIEM Collector file before it is deleted and a new collection begins. | string 1024 |
log_turnoversize | Specifies the maximum size, in megabytes (MB), of the Nexus log file before it is renamed and a new log file begins. | string 1024 |
smtp_server | Specifies the SMTP server host or IP. This configuration is used by the Nexus Server to send notifications. | string empty |
smtp_port | Specifies the SMTP server port number. This configuration is used by the Nexus Server to send notifications. | string empty |
smtp_user | Specifies the SMTP server username. This configuration is used by the Nexus Server to send notifications. | string empty |
smtp_pass | Specifies the SMTP server username password. This configuration is used by the Nexus Server to send notifications. | string empty |
Nexus Accounts
The Nexus Server installation creates two accounts:
-
system@nexus.local
It is the System account, which is used to create Administrator Accounts, also serving as Tenant Accounts. The default password for this account is: SystemNexus7!
-
administrator@nexus.local
It is the default Administrator account with full access rights to all services on the xcware platform within the Tenant. The default password for this account is: AdminNexus7!
- System Account
It is used solely for creating Administrator accounts.
- Administrator Account 1
Has full-access to services under the Tenant "Administrator Account 1".
- User Account 1
Has access to services through policies under the Tenant "Administrator Account 1".
- User Account 2 ...
- User Account 1
- Administrator Account 2
Has full-access to services under the Tenant "Administrator Account 2".
- User Account 1
Has access to services through policies under the Tenant "Administrator Account 2".
- User Account 2 ...
- User Account 1
- Administrator Account 1
Important
Please ensure that you change the default passwords for both the System and Administrator accounts.
Please ensure that you change the default passwords for both the System and Administrator accounts.
AD Domain Authentication
By default, the Nexus Server uses the Identities service to authenticate users on the xcware platform. If you require AD Domain authentication, it can be integrated by setting the appropriate configuration keys in the "settings.json" file.
How does AD Domain authentication work?
When your AD Domain authentication is set up, the following workflow applies:
-
Users sign in to Nexus using their Microsoft account email address and password.
-
Nexus contacts the AD domain to verify the user's credentials.
-
If it does not already exist, Nexus creates an Identity object in the Identities
service using the Microsoft email address.
Why is an Identity object necessary?
The AD Domain Authentication service only handles authentication against a domain. To assign xcware platform-related groups and permissions, an Identity object is created. Users must sign in with their AD Domain credentials, but their policies are managed and received from the Identities service.
Installing the xcware License
By default, the Nexus Server comes with a pre-installed xcware Free Edition license, so no additional installation is necessary. If you have subscribed to a premium edition of xcware, a new license will be provided after the ordering process. To activate it, open the existing license key in the Nexus Server's licenses.crt file, located in the database folder, with a text editor and replace it with the new key. After updating the key, restart the Nexus Server to apply the new license.
You can verify your license by opening the "About" dialog in the Nexus GUI interface. Just click on the logo in the top left corner, where you'll find the edition name and license expiration (month/year). The edition name is also displayed in the lower right corner of the Nexus GUI.
Create a Nexus Server Cluster
You can create a Nexus Server cluster with multiple instances by simply changing the db_path key in the "settings.json" file to point to a shared folder that is accessible over the network from all Nexus Server instances. No additional configuration is necessary.
Using the Nexus Server CLI/API
You can find a detailed description of how to use the API and CLI in the document xcware API and CLI Reference.
Administration of the Nexus Server
The Nexus Server requires minimal administration, but we recommend regularly backing up the folder specified in the db_path key in the "settings.json" file in case you need to restore the database.
The Nexus Server Flow-fx engine
The Flow-fx engine is integrated into the Nexus Server and can manage thousands of parallel flows, depending on the CPU limits of the system where the Nexus Server is installed. If you have significant Flow-fx automation requirements, consider allocating additional CPU cores to the Nexus Server for optimal performance. As a general guideline, one CPU core can handle approximately 100 parallel processes.