The Cequence Unified API Protection (UAP) platform is a security platform that protects your web applications and APIs from cyber threats. This guide walks you through the installation of the Cequence UAP platform on a dedicated Red Hat Enterprise Linux 8 / 9 server, also known as a "bare metal" installation. Choose this installation when you have your own physical server or dedicated virtual machine and want full control over the environment.

What you'll need before you start

Make sure you have access to these items before you begin.

Hardware

Your server needs to have enough computing resources to handle substantial real-time data processing tasks.

• Processor: 16 virtual CPUs with an x86_64 architecture.
• Memory: 64 GB RAM.
• Storage: 200 GB of storage. Highly performant storage, such as a solid-state disk (SSD), will improve overall performance.

Software and configuration

The software on the server needs to meet the following requirements.

• Operating system: The latest available release of version 8.x / 9.x of Red Hat Enterprise Linux (RHEL).
• A User account with sudo privileges for installing packages and copying files.
• Access to a repository for OS package installation (local or remote).
• Standard OS installation with development tools included.
• SSH credentials for logging into the server.
• At least 150 GB of free space on the /var partition and 50 GB on the other /opt partition. When you're using a single mount point, the requirement changes to 200 GB of free space on the / partition.
• Networking configuration:
  • Static IP address, gateway, and DNS server
  • Firewall service (firewalld) disabled at startup
  • SELinux is disabled at startup
  • SSH access enabled
  • Ports 22 (SSH), 80 (HTTP), and 443 (HTTPS) are open for access from a jump server or network

Download the Cequence software

SSH to the instance using the user credentials created during OS installation. Download the Cequence UAP compressed archive file. Make sure the downloaded file is accessible on the server where you'll install the Cequence UAP platform.

Installing the Cequence UAP platform

Cequence UAP platform installation takes place over several phases.

Phase 1: DNS configuration

1. Choose a subdomain to access Cequence UAP resources, such as cqai.yourdomain.com.
2. Create DNS entries that point the following subdomains to your server's IP address.
   • auth.cqai.yourdomain.com
   • edge.cqai.yourdomain.com
   • ui.cqai.yourdomain.com
   • policy-engine.cqai.yourdomain.com

Phase 2: Install the Cequence UAP platform software

1. Extract the compressed archive file using the command below.

    

   sudo tar zxvf <path>/cequence-uap-bundle-xxx.tar.gz -C /opt

2. Set permissions on /opt/cequence

   sudo chown -R root:$USER /opt/cequence
   sudo chmod -R 775 /opt/cequence

3. Run the script

   sudo chmod a+x /opt/cequence/bin/ceqinstallk3s.sh 
   /opt/cequence/bin/ceqinstallk3s.sh

4. The script will prompt to enter the domain name. Enter cqai.<yourdomain.com>

   
   Installation takes approximately 20 minutes.

Phase 4: Open the web interface

1. Run the following command to display your Cequence UAP platform default password.

   kubectl get secret ui-default-user -n cequence --template={{.data.password}} | base64 -d
   

   Note this password securely for future use.

2. Navigate to the https://auth.cqai.yourcompany.com URL.
   A security warning about an untrusted security certificate displays. This is normal behavior for new installations.
3. Click Advanced, then Proceed to site.
4. Log in with the username cq-ui and the default password you noted earlier in this procedure.

What Happens Next

After completing these steps, your Cequence UAP platform is installed and ready for configuration. You now have:

• A working security platform running on your server
• Access to the web-based management interface
• The foundation for protecting your web applications and APIs

Immediate Next Steps

• Change the default password for security
• Configure security policies for your specific applications
• Set up monitoring and alerting based on your needs
• Integrate with your existing applications to begin protection

Common Questions

Why does the installation take so long?

The software includes multiple components (database, web server, security engines, etc.) that all need to be configured to work together.

Can I use a smaller server for testing?

While you might be able to run on smaller hardware for initial testing, the recommended specifications ensure proper performance in production environments.

What if I get certificate warnings in my browser?

This is normal during initial setup. The system uses a self-signed certificate initially. You can replace it with a proper SSL certificate from your organization later.

Why do I need to disable the firewall and SELinux?

Cequence UAP manages its own security and network configurations. The built-in RHEL security systems can interfere with this specialized software.

How do I know if the installation was successful?

If you can log into the web interface at `https://ui.cqai.yourcompany.com` and see the Cequence dashboard, the installation was successful.

What's the difference between this and the AWS installation?

This "bare metal" installation gives you complete control over the server but requires more manual setup. The AWS version uses pre-configured virtual machines but may have less flexibility.

Troubleshooting Tips

• If the web interface doesn't load: Check that all DNS entries are properly configured and pointing to your server
• If you can't connect using SSH: Verify that SSH is enabled and your firewall rules allow port 22
• If installation fails: Ensure you have enough disk space and that your user account has sudo privileges
• If you forget the password: Re-run the password retrieval command from phase 4.