Quick Links
|
i
|
Note: The following deployment instructions are for a single-node setup (deployment without any App Server). For a multi-node deployment, follow the additional instructions on this article: How to setup an on-premise multi-node deployment. |
There are 4 key steps to deploying Teramind On-Premise. Step 2-4 are identical no matter which virtualization platform you choose. Click a link to jump to its instructions section:
| 1 | Setting up the virtual machine On your VMware or Hyper-V environment – either through its client or web interface. |
|
| 2 | Setting up the IP, network and the machine role(s) On a console interface for the VM you created in Step 1. |
|
| 3 | Setting up the account and finishing installation From the Teramind Dashboard. |
|
| 4 | Installing the Teramind Agent (optional) Several options available. |
Teramind On-Premise Overview
Teramind is the world’s leading platform for employee monitoring, insider threat detection, data loss prevention and workforce productivity optimization solutions. All Teramind solutions are available to deploy On-Premise. This deployment guide will help you discover what you can expect from your Teramind On-Premise deployment and provide you with installation prerequisites, step by step instructions, technical and support information.
| Architecture | Self-contained, Linux-based VM |
| Data Center | Deploy in your own data center |
| License | Endpoint based. More information on licensing can be found here. |
| Server | Managed by you, VHD provided by Teramind |
| Updates | Periodic, single file, uploaded to the dashboard |
| Backups | Managed by you |
| Scalability | Horizontally scalable, from 1 to 50,000+ concurrent sessions. |
| Support | Installation assistance, 24/7 follow-the-sun, enterprise SLA |
| Additional Options |
|
|
i
|
After you have finished the deployment, you should update your server and apply any latest patch. Check out this article to learn how: How to update the Teramind Server and BI Classification (On-Premise / Private Cloud deployment). |
You can download a PDF version of the deployment guide by clicking the button below:
Deployment Videos
VMware ESXi 6.7 Deployment
Hyper-V Deployment
Benefits of Deploying Teramind On-Premise
Here are some benefits you can expect if you choose to deploy Teramind On-Premise:
| Control Your Environment
Use your own infrastructure and only pay for resources you consume (i.e. CPU, storage, memory). Full control of your environment means you can provide the SLA you need. |
Flexible Storage
Choose how much storage you want allocated for OCR, user data and application meta data. The nodes will communicate with the master nodes and each other automatically making storage management easier. |
| Flexible Deployment Options
Deploy the entire Teramind server with a single OVA/VHD. Support for VMware ESXi and Hyper-V gives you freedom to deploy Teramind on many environments. |
Control Your Own Backup
Control how often and when backups are taken. Teramind On-Premise supports both on-demand and scheduled backups. |
| Easy Updates
Single file model for security, patch management and feature deployment. One-click deployment from the dashboard makes it easy to keep your server running smoothly. |
Integration
Export data to SIEM, IDS/IPS and other threat analytics systems via syslog. Active Directory integration and REST-based API opens up possibility for coordinated security orchestration. |
| Security and Compliance
You control all aspects of security and compliance including firewall, SSL, VLAN, SSH tunnels, 2FA, IP whitelisting on your firewall etc. Your security measures combined with Teramind’s built-in support for HIPAA, GDPR, PCI DSS and other compliance-specific policy and rules, Teramind On-Premise is ideal for customers in government, healthcare, finance and other regulated industries. |
|
Primary Server Requirements
Deployments for under 1,000 concurrent users can be hosted on one all-inclusive server, in most cases. CPU and system memory should be provisioned based on the expected number of concurrent monitored sessions, according to the following table:
| Concurrent Users | Server Requirements | CPU/RAM Requirements |
| Up to 100 | 1 Teramind Master Server (VM) | CPU: 4 cores RAM: 8 GB |
| Up to 500 | 1 Teramind Master Server (VM) | CPU: 8 cores RAM: 16 GB |
| Up to 1, 000 | 1 Teramind Master Server (VM) | CPU: 16 cores RAM: 24 GB |
| Larger deployments: 1,000 or more concurrent users |
1 Teramind Master Server (VM) | CPU: 16 cores RAM: 32 GB |
| 1 Teramind App Server (VM) per 1,000 concurrent users |
CPU: 16 cores RAM: 24 GB |
|
| 1 Teramind BI Server (VM) | CPU: 16 cores RAM: 32 GB |
OCR Server Requirements
|
i
|
You need to set up at least one OCR Database Node and one Mining Node for the OCR features to work. |
| No of Users | Server Requirements | CPU/RAM Requirements |
| Less than 200 users | 1 OCR Database Node | CPU: 4 cores RAM: 8 GB Disk: 100 GB |
| 1 OCR Mining Node | CPU: 16 cores RAM: 16 GB Disk: 24 GB |
|
| Larger deployments of 200 or more users | 1 OCR Database Node | CPU: 4 cores RAM: 8 GB Disk: 100 GB |
| 1 OCR Mining Node per 200 users | CPU: 16 cores RAM: 16 GB Disk: 24 GB |
|
i
|
You will need to adjust the disk size as you add or remove video recordings over time. See the Storage Requirements section below for more information. |
Storage Requirements
| Primary Storage |
The Teramind virtual appliance comes with a primary volume of 100 GB. This volume contains the Teramind server application and database. The size of this volume can be increased at a later point in time.
|
||||
| Storage for Screen Recordings |
The simplest way to add storage is from your hypervisor, by simply adding a second volume. Teramind will automatically detect, format, and mount the volume once you add it to the virtual appliance. If you use Hyper-V, this volume should be a VHDX file (not VHD). You can also use a NAS or any filesystem over NFS. You can contact us for the configuration details.
The size of this second volume can be estimated based on the number of sessions that will be recorded. Teramind uses approximately 1.5 GB per 160 hours of screen recording. This can vary due to multiple factors such as number or screens, resolution, framerate, color mode, if audio recording is enabled or not, user's activity level, etc. You can adjust retention policies and recording preferences in the monitoring settings to reduce the storage requirement. This storage is low-access and can be on magnetic / non-SSD media.
|
Agent Requirements
|
i
|
Detailed agent specifications can be found here. |
Installation Prerequisites
| Teramind Server Image – the OVA (VMware) or the VHD (Hyper-V) file | Provided by Teramind on the Self-Hosted Portal at: https://www.teramind.co/portal. |
| Teramind License Key | |
| Teramind Agent Installer – EXE / MSI / DMG file (Mac) | |
| Available IP Address | Supplied by you. |
| Virtualization Environment | Supplied by you. Teramind supports the VMware ESXi 6 and up and Hyper-V virtualization platforms in production. |
Step 1 (Option 1): Setting Up a VM with VMware ESXi 6.7 Web Interface
1.1 Creating the VM
From the VMware main interface, under the Navigation tab on the left, select Virtual Machines.
From the right side of the screen, click the Create / Register VM button.
1.2 Selecting the VM Type
A window will pop-up where you can specify settings for the new virtual machine you are about to create.
For the first screen, Select creation type, select Deploy a virtual machine from an OVF or OVA file option.
Click the Next button to continue.
1.3 Deploying the OVF/OVA File
Here, enter a name for your virtual machine. For example, ‘Teramind’.
Then click the area that says, Click to select files or drag/drop to upload the Teramind Server OVA file.
Click the Next button to continue.
1.4 Selecting the Storage
For now, you can keep the default settings as-is for the Select storage screen.
We will add a second hard disk later for the screen recordings.
Click the Next button to continue.
1.5 Specifying the Deployment Options
Select Thick for the Disk provisioning option.
You can keep the default settings as-is for the rest of the options.
Click the Next button to continue.
1.6 Completing the VM Creation
On the Ready to complete screen, you can see a summary of your VM’s settings. Click the Finish button to start the VM deployment process.
Do not refresh your browser while the VM is being deployed.
1.7 Accessing the VM’s Settings
Once the deployment is finished, you can see your newly created VM ‘Teramind’ on the main ESXi interface under the Virtual Machines tab.
We will now add a second volume to hold the screen recordings.
Click the VM Teramind to access it’s settings.
1.8 Shutting Down the VM
|
i
|
If the VM is already shut down, you can skip this step. |
If the VM is running, click the Shut down button to shut it down first.
Wait until the VM is shut down.
1.9 Powering Off the VM
|
i
|
If the VM is already powered down, you can skip this step. |
Click the Power off button to power off the VM.
1.10 Confirming the VM Power Off
You might see a warning message saying powering off the VM may cause data loss. Since our VM is brand new, we don’t have to worry about that.
Click Yes to continue.
Wait until the VM is powered off.
1.11 Adding New Hardware
Click the Actions button on the top-right corner. Select Edit settings from the pop-up menu.
A new window will pop-up where you can configure and add/remove hardware for your VM.
1.12 Adding a New Hard Disk
Under the Virtual Hardware tab, click the Add hard disk button then select New standard hard disk.
1.13 Changing the Size of the Hard Disk
You will see the new hard disk appear on the list of hardware at the left side of the window.
Click the New Hard disk. You can adjust its size on the right. You can start with a small size (i.e. 16 GB) and then increase as needed.
Click the Save button.
|
i
|
Please check out Storage for Screen Recordings under the Storage Requirements section for more information on storage requirements. |
1.14 Preparing for Step 2
Back on the main interface, click the Console button on top and select Open browser console.
Once the console window opens, you will be able to setup the IP, network and assign machine role(s).
|
✔
|
Step 1 (Option 1) Complete |
| Proceed to Step 2: Setting Up the IP, Network and the Machine Role(s) to continue with the deployment process. | |
Step 1 (Option 2): Setting Up a VM with VMware vSphere Client
1.1 Deploying the OVF/OVA Template
From the vSphere client interface, click the File menu and select Deploy OVF Template…
When prompted, select the Teramind Server OVA file.
The Deploy OVF Template window will pop-up.
1.2 Selecting the OVF/OVA Template Source
The first screen on the Deploy OVF Template window is called Source. On this screen, the Deploy from a file or URL box should already be populated by the OVA file path you selected in Step 1-1. If not, you can click the Browse… button to load the file again.
Click the Next button to continue.
1.3 Viewing the OVF/OVA Template Details
The OVF Template Details screen will show the details for the OVA file.
Click the Next button to continue.
1.4 Setting the Template Name and Location
On the Name and Location screen, enter a name for the deployed template. For example, Teramind.
Click the Next button to continue.
1.5 Changing the Disk Format
We can keep the default settings as-is for the Disk Format screen.
Click the Next button to continue.
1.6 Changing the Network Mapping
We can keep the default settings as-is for the Network Mapping screen.
Click the Next button to continue.
1.7 Completing the VM Creation
On the Ready to Complete screen, you can see a summary of your VM’s settings.
Click the Finish button to start the VM deployment process.
1.8 Accessing the VM’s Settings
Once the deployment is finished, you can see your newly created VM, Teramind on the main vSphere interface, on the list of servers.
We will now add a second volume to hold the screen recordings.
Right-click the Teramind server and select Edit Settings… from the pop-up menu.
The Virtual Machine Properties window will open.
1.9 Adding New Hardware
On the Virtual Machine Properties window, click under the Hardware tab you will see a list of existing hardware.
Select Hard disk 1 then click the Add… button on top.
The Add Hardware window will open.
1.10 Selecting the Device Type
On the first screen, Device Type of the Add Hardware window, select Hard Disk.
Click the Next button to continue.
1.11 Creating a New Virtual Disk
On the Select a Disk screen, make sure the Create a new virtual disk is selected.
Click the Next button to continue.
1.12 Configuring the Hard Disk
On the Create a Disk screen, you can adjust the disk parameters or keep them as-is.
For the Disk Size parameter, you can start with a small allocation (for example 16 GB) and then increase as needed.
Click the Next button to continue.
|
i
|
Please check out Storage for Screen Recordings under the Storage Requirements section for more information on storage requirements. |
1.13 Changing the Advanced Options of the Hard Disk
You can keep the default settings as-is for the Advanced Options screen.
Click the Next button to continue.
1.14 Finishing the Add Hardware Step
The Ready to Complete screen will show a summary of your disk.
Click the Finish button to finish setting up the disk.
Close the Virtual Machine Properties window to go back to the main vSphere interface.
Next, we will power up the virtual machine.
1.15 Powering Up the VM
You can see the status of the machine under the Recent Tasks list.
Make sure the Status of the Power On virtual machine task shows ‘Completed‘ before moving on to the next step.
1.16 Preparing for Step 2
Once the VM is powered up, right click the VM Teramind and select Open Console from the pop-up menu.
Once the console window opens, you will be able to setup the IP, network and assign machine role(s).
|
✔
|
Step 1 (Option 2) Complete |
| Proceed to Step 2: Setting Up the IP, Network and the Machine Role(s) to continue with the deployment process. | |
Step 1 (Option 3): Setting Up a Virtual Server with Hyper-V
1.1 Creating the VM
From the main interface, on the left pane, under the Hyper-V Manager, right-click on the Hyper-V host that you wish to host the new virtual machine.
From the pop-up menu, select New then Virtual Machine…
A New Virtual Machine Wizard window will appear.
1.2 Getting Started with the VM Wizard
You can skip the first screen Before You Begin on the New Virtual Machine Wizard window.
Click the Next button to continue.
1.3 Specifying the VM Name and Location
On the Specify Name and Location screen, enter a name for your virtual machine. For example, Teramind.
Click the Next button to continue.
1.4 Specifying the VM Generation
On the Specify Generation screen, select Generation 1.
Click the Next button to continue.
|
i
|
You have to use Generation 1 VM type, otherwise you won't be able to attach a VHD disk to it. |
1.5 Assigning the VM Memory
On the Assign Memory screen, you can enter the Startup memory. Use the Primary Server Requirements table to get an idea of how much memory you might need. For this tutorial, we will use 4500 MB or about 4 GB.
Click the Next button to continue.
1.6 Configuring the Network
On the Configure Networking screen, you can choose your network connection. Select External Switch from the Connection list.
Click the Next button to continue.
1.7 Connecting a Virtual Hard Disk
On the Connect Virtual Hard Disk screen, select the Use an existing virtual hard disk and then click the Browse… button.
When prompted, select the Teramind Server VHD file. Once the file is loaded, click the Next button to continue.
1.8 Finishing the VM Deployment
On the Summary screen, you can see a summary of your VM’s settings.
Click the Finish button to start the VM deployment process.
1.9 Accessing the VM’s Settings
Once the deployment is finished, you can see your newly created VM, Teramind on the main Hyper-V Manager interface, under the Virtual Machines panel.
We will now add a second volume to hold the screen recordings.
Right-click the Teramind VM and select Settings… from the pop-up menu.
The VM Settings for Teramind on [your VM host name] window will open.
1.10 Adding an IDE Controller
Select the IDE Controller 0 from the list of hardware on the left panel.
Then, on the right, select Hard Drive and click the Add button. A new virtual drive will be added under your primary drive on the left panel.
1.11 Adding a New Hard Drive
Click the New button on the new Hard Drive screen.
The New Virtual Hard Disk Wizard window will open.
1.12 Getting Started with the HD Wizard
You can skip the first screen, Before You Begin on the New Virtual Hard Disk Wizard screen by clicking the Next button.
1.13 Choosing the Disk Format
On the Choose Disk Format screen, make sure VHDX is selected.
Click the Next button to continue.
1.14 Choosing the Disk Type
You can keep the default settings as-is on the Choose Disk Type screen.
Click the Next button to continue.
1.15 Specifying the Hard Disk Name and Location
On the Specify Name and Location screen, give your virtual hard disk a name. For example, SecondDisk.vhdx. For location, you can keep the default path or change it wherever you want to store the virtual hard disk.
Click the Next button to continue.
1.16 Configuring the Hard Disk
On the Configure Disk screen, select the Create a new blank virtual hard disk. For the Size parameter, you can start with a small allocation (i.e. 16 GB) and then increase as needed.
Click the Next button to continue.
|
i
|
Please check out Storage for Screen Recordings under the Storage Requirements section for more information on storage requirements. |
1.17 Finishing the Hard Disk Setup
The Summary screen will show a summary of your disk.
Click the Finish button to finish setting up the disk.
The wizard window will close automatically and return you to VM settings window.
1.18 Viewing the Virtual Hard Disk on the Hardware List
You can see the newly created virtual hard disk SecondDisk.vhdx under the IDE Controller 0. The path to the hard disk will also be shown on the right panel on the Virtual hard disk field.
Click the OK button to save the changes and close the Settings window.
We are now ready to start the server.
1.19 Starting the VM
On the main Hyper-V Manager interface, under the Virtual Machines panel locate the VM Teramind.
Right-Click on it, and select Start from the pop-up menu to start the server.
When the VM is ready, the State of the sever will change from Off to Running.
1.20 Preparing for Step 2
When the VM is ready, right-click the Teramind VM again and select Connect… from the pop-up menu to open the Console window.
Once the console window opens, you will be able to setup the IP, network and assign machine role(s).
|
✔
|
Step 1 (Option 3) Complete |
| Proceed to Step 2: Setting Up the IP, Network and the Machine Role(s) to continue with the deployment process. | |
Step 2: Setting Up the IP, Network and the Machine Role(s)
If you have followed all the instructions on Step 1 correctly, you should now how a console window open for your VM. We will use this console window to configure IP and other network settings and the machine role.
2.1 Logging in to the VM
Log in using the following credentials:
- Username:
setup - Password:
setup
Press Enter to continue.
2.2 Entering the Connection Details
When prompted, fill out the following information:
- IP address
- Netmask
- Default gateway (optional)
- Domain name server (DNS)
2.3 Setting the VM Role
Since this is a single-server deployment*, we will leave the default role to master when asked by the New role [master]: prompt.
At this stage, we are done with the console commands.
|
i
|
*Check out this article for instructions on multi-node deployments: How to setup an on-premise multi-node deployment. |
Step 3: Setting Up the Account and Finishing Deployment
3.1 Accessing the Teramind Server
Open your browser and type in the IP address you used for the Teramind server setup in the previous step (Step 2.2 Entering the Connection Details).
You might see a warning message on your browser saying the connection is not private or secure. This is normal. The warning is shown because you haven’t assigned any SSL certificate to your server yet. You can upload your own certificate later from the Teramind dashboard.
If you are using Google Chrome, you can click the Advanced button on the warning page and then click the Proceed to link to continue. Other browsers have similar options to bypass the warning.
3.2 Setting the Language and Timezone
Once on the Teramind dashboard page, you will be greeted with a Welcome screen. You can select your default language and time zone from this screen.
Click CONTINUE to go to the next screen.
3.3 Setting Up Your Admin Account
You will now be able to enter your email and password to be used as your Administrator’s account. Enter the information and click CONTINUE to go to the next screen.
3.4 Getting Your License Key
Open a new browser tab and go to: https://www.teramind.co/portal. Login with the admin email and password.
Click the Licenses tab.
From the list of licenses, click the Key link under the Actions column. A pop-up will display the license key.
Copy the license key or write it down.
3.5 Entering the License Key
Go back to your Teramind Dashboard. Enter the license key in the YOUR LICENSE KEY field.
Click CONTINUE.
|
✔
|
At this stage you are done setting up the Teramind Server. Continue to Step 4 to learn how to download and install the Teramind Agent and start monitoring the users. |
Step 4: Installing the Teramind Agent
Teramind Agent can be installed both locally and remotely. Check out this article to learn how to download and install the agent: How to download and install the Teramind Agent.
Firewall & Proxy Considerations
In most cases, you should not have to change any settings to get Teramind to work. By default, the Teramind Agents communicate with the Teramind server on two ports: 443, and 10000.
The Teramind management interface is entirely web driven and runs over HTTPS (port 443). This means that most proxies will allow the traffic through, provided you properly installed your SSL certificates.
For live and recorded screen playback, as well as live sessions listing, Teramind uses Websockets. Although Websockets operates as HTTPS over port 443, some older proxies may not recognize this protocol. In either case, if you are experiencing trouble accessing your Teramind dashboard, try to disable your proxy temporarily to isolate the cause.
Also note that, if audio recording is enabled, Teramind Agent will connect to the server on a random UDP ports in the range 1000-65535 to send the audio recordings. Make sure UDP ports in that range are enabled and open from the endpoint to the server.
|
i
|
If you encounter any issues with your firewall or proxy, check out this troubleshooting article for help: Firewall and proxy issues. |
Antivirus Considerations
Teramind Agent and its drivers come digitally signed with an extended-validation certificate. We’ve made every effort to coordinate our signature with the major antivirus vendors, and as a result, Teramind should work normally with the vast majority of antivirus software.
|
i
|
If you encounter any issues, check out the Antivirus Configuration Guide for help. |
On-Premise Additional Configurations
Once you have installed Teramind successfully, you can configure other aspects of the server, agent and other settings entirely from the web-based dashboard.
Changing the License Key
Check out this article for help: How to change the license key (On-Premise / Private Cloud Deployment).
Updating the Server
Check out this article for help: How to update the Teramind Server and BI Classification (On-Premise deployment).
Setting Up the Active Directory / LDAP Integration
Check out the Active Directory section on the Teramind User Guide to learn how to setup an Active Directory / LDAP integration.
SMTP Email
Check out this article for help: SMTP Configurations (On-Premise).
SSL Certificate
Check out the Settings > Security > SSL section on the Teramind User Guide to learn how to setup the SSL certificates. You can also create your own SSL certificates for use with your on-premise deployments. To learn how to generate such self-signed certificates, check out this article.
OCR Deployment
To set up OCR you will need one OCR database node and at least one OCR mining node (for every 200 users). These nodes will communicate with the master node and with each other.
|
i
|
Please make sure the following ports are enabled and open among all nodes (master, OCR database, OCR mining):443, 5432, 9200, 42001 and 50051. |
To configure an OCR database node or OCR mining node, simply select the machine role when first setting up the IP address of the virtual appliance in Step 2.3 Setting the VM Role.
After setting the machine role and specifying the master node’s IP address you will see the OCR node approval requests on the dashboard. For more information, check out the Settings > Server Management section on the Teramind User Guide.
Multi-Node Deployment
Check out this article for instructions on multi-node deployments: How to setup an on-premise multi-node deployment.
On-Premise Architecture
- Teramind Agent asks Management Server for an Application Server IP and port
- Management Server responds
- Teramind Agent connects to the assigned Application Server
- OCR Miner talks to the Management Server and asks for a record to process
- Management Server fetches a screen file from the Screen & Audio Storage and sends it to the OCR Miner Node
- Once OCR is done, the OCR Miner sends results as text to the Management Server
- Management Server writes the OCR result text to Elasticsearch
The Management Server serves the admin dashboard, load balances agents, and provides data to the OCR Miner Nodes. Teramind Agent connects to an Application Server via an always-on, TLS-encrypted connection, using our own protocol based on Google Protocol Buffers. OCR Miners are stateless and work with spot instances,