Deploying via OVA
Last updated
Last updated
The Polarity Server Open Virtual Appliance (OVA) is the fastest way to stand up a fully functional Polarity Server. The OVA contains all the components of the Polarity Server and is suitable for deployments with under a 100 users.
The Polarity Single Server architecture consists of a web proxy (nginx) which sends request to our REST API via HTTPS and web socket traffic to our integration framework via WSS. Annotation data is managed in a PostgreSQL database (version 13.x). In addition there are multiple redis caches that perform various cache functions (Redis v6.x)
You must deploy Polarity Server's OVA to VMWare vSphere v5.0 or later. Prior to deployment, please ensure the ESX/ESXi host can support a VM requiring:
64 bit Minimum
32GB of RAM
4 Logical Cores
250 GB of Disk Space
The following minimal level of hardening has been applied to the Polarity Server OVA.
SELinux on and enforcing.
Enabled the firewall to only allow inbound traffic on ports 22/tcp and 443/tcp.
Disabled IPv6 Installed a very basic CentOS 7 software profile (@Core, net-tools, and wireless drivers have been removed)
Disabled several services that are not required/needed (avahi-daemon, cups, etc)
Applied minimal changes to the SSHD configuration (set Ciphers to aes256-ctr, disabled X11 forwarding)
Follow the steps below to deploy the Polarity Server VM:
Verify Prerequisites
You must ensure your VMware ESX/ESXi instance can support the VM's RAM and disk space requirements.
Download the OVA file
You can access the required .ova file using the link provided by your Polarity Account Manager.
Deploy the OVA as an OVF template
A step-by-step wizard in the vSphere Client guides you through this process. After you have completed the step-by-step wizard, you can review all of the information that you provided, make any corrections, and then deploy the OVA.
Power on the VM Power on the deployed Polarity Server VM.
root userAfter powering on the OVA you will be prompted to login. Login as the root user using the credentials provided to you by the Polarity customer success team.
root passwordYou will be prompted to change the OVA's root password. Please change the password to a strong password.
You will then be prompted to setup networking (usually as simple as activating the network connection)
For example, if you plan to access your Polarity Server at https://polarity.mycompany.corp then you would set your FQDN to be “polarity.mycompany.corp”. The FQDN you enter will be used to generate a self-signed certificate for the Polarity Server.
You will be prompted to provide information required for the self-signed certificate. Valid default values are automatically provided for you and can be accepted by pressing <ENTER> at each prompt.
The final step is to set a user password for the default “admin” Polarity User. You will use the admin user and password to initially log into the Polarity Server to create additional user accounts. Your Polarity Server is now running and will be accessible at the FQDN you entered or the IP address provided.
By default the Polarity server will assume the fully qualified domain name (FQDN) for your server matches the server hostname. If this is not the case, you will need to modify the Polarity Server config file to set the appropriate FQDN.
To modify the Polarity server config begin by opening the config file in an editor.
Find the setting rest.fullyQualifiedDomainName and set it to your FQDN (you can also set this to an IP address):
Save the change and restart the server process:
Before you can login to your new Polarity Server you will need to install a Polarity License. Please see the Installing License guide for instructions on how to do this.
To login to the Polarity web interface for the first time you can use a web browser and navigate to https://<your_polarity_fqdn> .
You can login with the username admin and the password you generated as part of the Polarity Server OVA setup process. After logging in you can create additional user accounts and change the admin user account name.
The above steps are the minimum necessary for getting your OVA up and running. However, we recommend additional steps depending on your environment.
If you will be running integrations that need to connect to the Internet and your organization requires the use of a web proxy for the Polarity Server to reach the Internet, please see the Configuring Proxy guide.
Installing Certificate Authority
If you will be running integrations that need to connect to internal APIs and services over SSL/TLS and those services are using certificates signed by an internal Certificate Authority then you will want to add that Certificate Authority to the OVA. See the Installing Certificate Authority guide for information on how to do this.
If you will be using local accounts on the Polarity server then we recommend enabling SMTP on the Polarity Server. This will allow the Polarity server to send account creation emails to new users. Please see the Enabling SMTP guide for more information.
Once you have deployed your OVA you can keep it up-to-date using Polarity upgrade RPMs. For instructions on upgrading to the latest release you can review the current release upgrade guide for CentOS 7 provided by your Customer Success representative.
To determine your current server version you can run the following status script from your Polarity server.
The self signed certificate is meant to get you up and running quickly but should be replaced by a trusted certificate as soon as possible. See the guide for how to install a trusted certificate.
