Nexus Server

Description


The Nexus Server is at the heart of the xcware platform, managing all operations, policies, Admin/User interactions, and providing a CLI, API, and the Flow-fx engine. While the Nebula system acts as the universal computing platform and is deployed directly on the node, the Nexus interfaces with these services to manage them.

In this document, we cover the installation process, configuration properties, and provide guidance on using the CLI and API. We also describe the Flow-fx engine, explain how to create a Nexus Server cluster, outline the implementation of the AD Domain authentication process, and highlight key administration topics.

  1. Installing/Updating/Uninstalling the Nexus Server
  2. Configure the Nexus Server
  3. Nexus Accounts
  4. AD Domain Authentication
  5. Installing the xcware License
  6. Create a Nexus Server Cluster
  7. Using the Nexus Server CLI/API
  8. Administration of the Nexus Server
  9. The Nexus Server Flow-fx engine




Installing the Nexus Server


Requirements

The Nexus Server supports x64-bit versions of Windows, Windows Server, and Linux (Debian-based and RHEL-based) operating systems. It can be installed on a physical device, a virtual machine, or a cloud server. A minimum of 1 CPU is required, although 2 CPUs or more are recommended for optimal performance. The server also requires a minimum of 4 GB of RAM and at least 50 GB of free disk space. An exception is required for the system firewall, if active, to permit traffic on the Nexus Server port.

Installation Path
The installation path will be set to the following location and must not be changed:
  • Windows: c:\xcware\nexus-server
  • Linux: /xcware/nexus-server
Installation User
The installation or update procedure must be performed by an Administrator on Windows and by the root user on Linux systems.

Nexus Image Repository Strategy

Before setting up your xcware environment, you need to define your Nebula image repository strategy, which also includes selecting the appropriate installation packages. The xcware platform can be deployed in various configurations, including Public, Private, Hybrid, Edge, On-Premises, Multi, or Mixed environments. You can even configure multiple Nexus servers for different use cases, which will influence how you deploy the Nebula system. There are two package options available for this purpose:
  1. Rollout Package
    The Rollout Package includes the Nexus Server and Nebula image repositories, making it the preferred choice for On-Premises, Private, or Hybrid environments.

  2. Server Package
    The Server Package includes only the Nexus Server, with the Nebula image repository hosted on xcware.com, making it the preferred choice for Cloud, Edge, or Mixed environments.

Installing the Nexus Server

  1. Download the package from our Downloads Section.

  2. Extract the archive to the installation path specified in the requirements.

  3. To verify the folder structure, ensure the following file exists:
    • Windows
      c:\xcware\nexus-server\web\c\index.html

    • Linux
      /xcware/nexus-server/web/c/index.html

  4. Now we need to install the Nexus Server Service. For that, open a terminal as an administrator and execute the following command:
    • Windows
      powershell.exe c:\xcware\nexus-server\register-nexus-server.ps1

    • Linux
      bash /xcware/nexus-server/register-nexus-server.sh

  5. That's it! You have successfully installed the Nexus Server.

Updating the Nexus Server

  1. Download the package from our Downloads Section.

  2. Stop the Nexus Server.

  3. Extract the archive to the installation directory, overwriting existing files.

  4. Start the Nexus Server.

  5. That's it! You have successfully updated the Nexus Server.

Starting the Nexus Server

Open a terminal as an administrator and execute the following command:
    • Windows
      powershell.exe c:\xcware\nexus-server\start-nexus.ps1

    • Linux
      bash /xcware/nexus-server/start-nexus.sh

Stopping the Nexus Server

Open a terminal as an administrator and execute the following command:
    • Windows
      powershell.exe c:\xcware\nexus-server\stop-nexus.ps1

    • Linux
      bash /xcware/nexus-server/stop-nexus.sh

Uninstalling the Nexus Server

  1. Open a terminal as an administrator and execute the following command:
    • Windows
      powershell.exe c:\xcware\nexus-server\uninstaller-nexus-server.ps1

    • Linux
      bash /xcware/nexus-server/uninstaller-nexus-server.sh

  2. That's it! You have successfully uninstalled the Nexus Server.
Finally, you may need to manually remove any remaining files and folders.





Configure the Nexus Server


To configure the Nexus Server, create a "settings.json" file next to the nexus executable and input the key elements in JSON format. Our Get Started document provides details on the required configuration settings and includes an example of the "settings.json" file.


Configuration Keys


Key Description Default Value
adaccount Specifies the Nexus Account ID that will be associated with the login name during AD authentication. string
empty
adenabled Specifies whether the Nexus login session is authenticated against an AD Domain. boolean
false
adignore Specifies a comma-separated list of Nexus user email addresses that will be ignored by AD authentication and instead authenticate using Nexus identities. string
empty
adserver Specifies the suffix of your domain forest root. For example, if the root forest name is "corp.corporation.com", the suffix would be "corporation.com". string
empty
center_address * Specifies the address of the Nexus Server, which must be in the format "https://YOUR_SERVER_FQDN/" with a trailing forward slash. string
empty
center_ip * Specifies the IP address of the Nexus Server, which must be in the format "https://YOUR_SERVER_IP:NEXUS_SERVER_PORT/" with a trailing forward slash. string
empty
repo_address * Specifies the Nebula repository address, which must be in the format "https://YOUR_SERVER_IP:NEXUS_PORT/c/_data/" with a trailing forward slash. string
empty
db_path Specifies the path to the Nexus database folder. string
./db
default_cn_IP_start Specifies the first segment of the Nebula private IP address range. This can be a number from 12 to 250. Please don't use 11, as this segment is reserved for the Nebula system. string
10
find_command Specifies the full path to the find command. This path must be adjusted for Windows systems. string
/usr/bin/find
grep_command Specifies the full path to the grep command. This path must be adjusted for Windows systems. string
/usr/bin/grep
log_enabled Specifies whether logs are written to the log file. boolean
false
log_file Specifies the name and location of the log file. string
./log/v7v.log.json
private_IP_start Specifies the first segment of the Nebula private IP address range for the Network Service. This can be a number from 12 to 250. Please don't use 11, as this segment is reserved for the Nebula system. string
15
request_limit Specifies the number of requests per IP the Nexus Server allows within the timeframe defined by the request_limit_persecond key. string
50
request_limit_blockduration Specifies the number of minutes an IP is blocked if the number of requests exceeds the limit specified in the request_limit key. string
60
request_limit_persecond Specifies the time frame, in seconds, for the request limit defined by the request_limit key. string
1
request_p_limit Specifies the number of requests per IP the Nexus API allows within the timeframe defined by the request_p_limit_persecond key. string
25
request_p_limit_blockduration Specifies the number of minutes an IP is blocked if the number of requests exceeds the limit specified in the request_p_limit key. string
30
request_p_limit_persecond Specifies the time frame, in seconds, for the request limit defined by the request_p_limit key. string
1
server_port Specifies the Nexus Server port number. string
443
session_timeout Specifies the Nexus user session timeout in minutes. string
480
tail_command Specifies the full path to the tail command. This path must be adjusted for Windows systems. string
/usr/bin/tail
ip_blocker Specifies the script for IP blocking in the firewall of the Nexus Server's host system. This script should accept a single parameter, the offending IP address. It is used by the SIEM Collector service. string
empty
ip_blocker_emailto Specifies the comma-separated email addresses where notifications will be sent in the event of an SIEM Collector incident. string
empty
http_log_skipper If an SIEM Collector service is set up for Nexus logs, set this configuration to true to skip collecting HTTP requests to pages and images (to reduce noise). boolean
false
observer_lines Specifies the maximum number of records that can be retrieved in the SIEM Observer dialog. string
1000
observer_turnoversize Specifies the maximum size, in megabytes (MB), of the SIEM Collector file before it is deleted and a new collection begins. string
1024
log_turnoversize Specifies the maximum size, in megabytes (MB), of the Nexus log file before it is renamed and a new log file begins. string
1024
smtp_server Specifies the SMTP server host or IP. This configuration is used by the Nexus Server to send notifications. string
empty
smtp_port Specifies the SMTP server port number. This configuration is used by the Nexus Server to send notifications. string
empty
smtp_user Specifies the SMTP server username. This configuration is used by the Nexus Server to send notifications. string
empty
smtp_pass Specifies the SMTP server username password. This configuration is used by the Nexus Server to send notifications. string
empty
* Indicates a required key.





Nexus Accounts


The Nexus Server installation creates two accounts:

  • system@nexus.local
    It is the System account, which is used to create Administrator Accounts, also serving as Tenant Accounts. The default password for this account is: SystemNexus7!

  • administrator@nexus.local
    It is the default Administrator account with full access rights to all services on the xcware platform within the Tenant. The default password for this account is: AdminNexus7!

Please take into account the following hierarchy structure of the Nexus when creating accounts and user identities:

  • System Account
    It is used solely for creating Administrator accounts.

    • Administrator Account 1
      Has full-access to services under the Tenant "Administrator Account 1".

      • User Account 1
        Has access to services through policies under the Tenant "Administrator Account 1".

      • User Account 2 ...

    • Administrator Account 2
      Has full-access to services under the Tenant "Administrator Account 2".

      • User Account 1
        Has access to services through policies under the Tenant "Administrator Account 2".

      • User Account 2 ...
The "Administrator Account 1" cannot view or manage services under the "Administrator Account 2". Cross-account management is not possible, but cross-account service operations can be performed using Flow-fx.





AD Domain Authentication


By default, the Nexus Server uses the Identities service to authenticate users on the xcware platform. If you require AD Domain authentication, it can be integrated by setting the appropriate configuration keys in the "settings.json" file.

How does AD Domain authentication work?


When your AD Domain authentication is set up, the following workflow applies:

  1. Users sign in to Nexus using their Microsoft account email address and password.

  2. Nexus contacts the AD domain to verify the user's credentials.

  3. If it does not already exist, Nexus creates an Identity object in the Identities service using the Microsoft email address.


Why is an Identity object necessary?


The AD Domain Authentication service only handles authentication against a domain. To assign xcware platform-related groups and permissions, an Identity object is created. Users must sign in with their AD Domain credentials, but their policies are managed and received from the Identities service.





Installing the xcware License


By default, the Nexus Server comes with a pre-installed xcware Free Edition license, so no additional installation is necessary. If you have subscribed to a premium edition of xcware, a new license will be provided after the ordering process. To activate it, open the existing license key in the Nexus Server's licenses.crt file, located in the database folder, with a text editor and replace it with the new key. After updating the key, restart the Nexus Server to apply the new license.

You can verify your license by opening the "About" dialog in the Nexus GUI interface. Just click on the logo in the top left corner, where you'll find the edition name and license expiration (month/year). The edition name is also displayed in the lower right corner of the Nexus GUI.





Create a Nexus Server Cluster


You can create a Nexus Server cluster with multiple instances by simply changing the db_path key in the "settings.json" file to point to a shared folder that is accessible over the network from all Nexus Server instances. No additional configuration is necessary.





Using the Nexus Server CLI/API


You can find a detailed description of how to use the API and CLI in the document xcware API and CLI Reference.





Administration of the Nexus Server


The Nexus Server requires minimal administration, but we recommend regularly backing up the folder specified in the db_path key in the "settings.json" file in case you need to restore the database.





The Nexus Server Flow-fx engine


The Flow-fx engine is integrated into the Nexus Server and can manage thousands of parallel flows, depending on the CPU limits of the system where the Nexus Server is installed. If you have significant Flow-fx automation requirements, consider allocating additional CPU cores to the Nexus Server for optimal performance. As a general guideline, one CPU core can handle approximately 100 parallel processes.

We utilize xcware specifically for our external CAD/CAE workforce needs. Our vGPU Workstations outperform our previously used VMware Horizon on the same hardware. More importantly, it is now easier to onboard and scalable for every project.

— Mark K.
IT-Manager @ Bielomatik

I rely on xcware for crafting and implementing solutions for my clients due to its scalability and quick setup time for projects. 8 out of 10 customers remain with the initial xcware project setup, streamlining my delivery process.

— Thomas B.
Cloud Solutions Architect

We have successfully migrated 500+ servers and desktops from VMware to xcware. We extend our gratitude to the xcware Consulting Team for delivering exceptional work.

— Franco O.
IT Manager @ SportSA

We were pleasantly surprised by how effortlessly we could construct our Big Data platform and extend it to various production lines across the globe.

— Simone C.
Big Data Engineer @ UBX

As a developer specializing in native cloud solutions, I am delighted that xcware is available for free for developers like me. This allows me to enhance my cloud skills and expand my expertise.

— Sindra L.
Cloud Engineer

My favorite is the Flow-fx engine and the API. With Nexus Flow-fx, you can automate everything, and I mean everything! I manage over 150+ Linux servers fully automated.

— Mirco. W.
Linux Administrator @ S&P

xcware Strategic Partners