Sentinel Help Center
  • Sentinel Overview
    • Dashboard
    • Environments
    • User Hub
    • Requests
    • Reports
  • Installation & Updates
    • Sentinel Shortcuts [From PS]
    • Sentinel VM Requirements
    • Host Server Setup RHEL/CentOS 7
    • Host Server Setup RHEL/CentOS 8
    • Host Server Setup RHEL/CentOS 9
    • Sentinel Server Update
    • Oracle Database Account
    • PostgreSQL Backups
  • Settings
    • Sentinel Accounts
    • Databases
    • System Settings
    • Single Sign-On
    • Access Request Settings
    • Role Groups
    • Role Approvers
    • Custom Forms
    • Sensitive Data Settings
    • Security Log
  • Security Administration
    • Menu Functions
    • Direct Access
    • Users
      • User Access Updates
      • User Profile Features
    • Roles
      • Role Updates
      • Role Features
    • Permission Lists
      • Permission List Updates
      • Permission List Features
    • Dynamic Security
    • Temporary Access
    • Fluid Security
    • Security Matrix
    • Compare Reports
  • Security Reports
    • Security Reports Setup
    • Page Analysis
    • User Access
    • Role Access
    • Permission List Access
    • Query Analysis
    • Compare Users
    • PeopleTools Access
    • Portal Menus
  • Audit Review
    • Audit Review Setup
    • Privileged Access
    • Sensitive Data
    • Segregation of Duties
    • Correction Access
    • Restricted Roles
    • Role Changes
    • Notifications
    • Manager Reports
  • Access Requests
    • Implementation Guide
    • Submit New Request
    • Review & Approve Requests
    • Workflows & Routing
    • Apply Changes
  • Resources
    • User Training Guide
    • Policies
      • Policy Overview
      • Data Privacy
      • Cloud Security
      • Software Development
      • Disaster Recovery
      • Service Level Agreement
      • Employees
Powered by GitBook
On this page
  1. Installation & Updates

Host Server Setup RHEL/CentOS 7

Installation Prerequisites

  • VM with Linux x64 installed - RedHat, CentOS, Oracle Linux 7

  • Root access to the server

  • The Domain name (For accessing the Sentinel Application)

  • SSL Certificate for Domain

  • SMTP Server Credentials

NGINX Server Installation (Step One)

Download and install the Stable Nginx version. Sentinel supports version 1.16+. Install and issue the following commands:

Install VIA Package Manager: 

sudo yum install nginx

Create:

`sentinel.conf` in `/etc/nginx/conf.dz`

Add to the following: 

upstream sentinel {
server 127.0.0.1:8787;
}

proxy_cache_path /var/cache/nginx/sentinel levels=1:2 keys_zone=sentinel_cache:50m max_size=1g inactive=60m use_temp_path=off;

server {
listen 80;
listen [::]:80;
server_name sentinel.yourdomain.com;

return 301 https://$host$request_uri;
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sentinel.yourdomain.com;

ssl_certificate /path/to/sentinel.certificate;
ssl_certificate_key /path/to/sentinel.certificate.private_key;

ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:30m;
ssl_session_tickets off;

# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam.pem
# ssl_dhparam /path/to/dhparam.pem;

# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;

# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security “max-age=63072000” always;

# OCSP stapling
#ssl_stapling on;
#ssl_stapling_verify on;

# verify chain of trust of OCSP response using Root CA and Intermediate certs
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

# replace with the IP address of your resolver
resolver 8.8.8.8;

gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 7;
gzip_buffers 32 128k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

location /_ping {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Accept-Encoding $http_accept_encoding;

proxy_pass http://sentinel;
}

location /static/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Accept-Encoding $http_accept_encoding;

proxy_cache sentinel_cache;
proxy_ignore_headers Cache-Control;
proxy_cache_lock on;
proxy_cache_valid any 24h;
add_header X-Cache-Status $upstream_cache_status;

proxy_pass http://sentinel;
}

location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Accept-Encoding $http_accept_encoding;

if ($request_method = ‘OPTIONS’) {
add_header ‘Access-Control-Allow-Origin’ ‘https://sentinel.yourdomain.com’;
add_header ‘Access-Control-Allow-Methods’ ‘GET, POST, OPTIONS’;

add_header ‘Access-Control-Allow-Headers’ ‘DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization’;
add_header ‘Access-Control-Max-Age’ 1728000;
add_header ‘Content-Type’ ‘text/plain charset=UTF-8’;
add_header ‘Content-Length’ 0;
return 204;
}

if ($request_method = ‘POST’) {
add_header ‘Access-Control-Allow-Origin’ ‘https://sentinel.yourdomain.com’;
add_header ‘Access-Control-Allow-Methods’ ‘GET, POST, OPTIONS’;
add_header ‘Access-Control-Allow-Headers’ ‘DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization’;
}

proxy_pass http://sentinel;
}
}

Replace the following:

  • Sentinel Domain – `sentinel.yourdomain.com`

  • Certificate / Chained Certificates – `/path/to/sentinel.certificate`

  • Certificate Private Key – `/path/to/sentinel.certificate.private_key`

Verify that the folder exists and is owned by the NGINX user - `/var/cache/nginx/sentinel` 

mkdir-p /var/cache/nginx/sentinel
chown-R nginx:nginx /var/cache/nginx/sentinel
chmod0664 /var/cache/nginx/sentinel

Enable NGINX SYSTEMD Service: Start Service / Check Status 

systemctl enable nginx
systemctl restart nginx
systemctl status nginx
Java Runtime Environment (Step Two)

Sentinel requires Java Runtime Environment (JRE). Long Term Supported OpenJDK 17 or 21 is preferred.

Install VIA Package Manager: 

yum install java-17-openjdk

Check Java Version:

java -version

Time Synchronization Daemon (Step Three)

The Sentinel VM should have the same time zone setting as your PeopleSoft environment. A time synchronization daemon, such as NTPD or Chrony, should be used.

Install NTPD: 

yum install ntp

Enable and start SYSTEMD NTPD Service:

systemctl enable ntpd
systemctl start ntpd

Check Time Offsets: 

ntpq -p
PostgreSQL Database (Step Four)

Sentinel requires the PostgreSQL 11+ database to be installed. Follow this article for PostgreSQL installation instructions.

Run the following to add a PostgreSQL repository to the package manage and install PostgreSQL:

yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm -y
yum update
yum install postgresql12 postgresql12-server

Check that the default SYSTEMD Service is stopped: 

systemctl stop postgresql-12.service
systemctl status postgresql-12.service

Create the new service file: 

touch /etc/systemd/system/postgres-snt.service

Create PostgreSQL data directory and set owner to Postgres User: 

mkdir -p /opt/pgdata12
chown postgres:postgres /opt/pgdata12

Extend default service profile and set data directory: 

.include /usr/lib/systemd/system/postgresql-12.service

[Service]
Environment=PGDATA=/opt/pgdata12/

Reload SYSTEMD Daemon and start Postgre-SNT service: 

systemctl daemon-reload
systemctl status postgres-snt

Init PostgreSQL data directory: 

/usr/pgsql-12/bin/postgresql-12-setup initdb postgres-snt

Navigate to the data directory and add the following directives to the PostgreSQL.conf file: 

# bind to localhost IP address or change to local network address in case
# Sentinel server and DB server uses separate VM
listen_addresses = ‘127.0.0.1’

# set strong password encryption
password_encryption = scram-sha-256

Edit pg_hba.conf file in the PostgreSQL data directory to allow connection from the Sentinel server:

# Use localhost IP or local network address if separate VM’s are used
host sentinel dean 127.0.0.1/32 scram-sha-256

Start PostgreSQL instance using SYSTEMD and check status: 

systemctl start postgres-snt
systemctl status postgres-snt

Create a database and list databases to ensure it was created: 

>sudo -u postgres createdb sentinel
>sudo -u postgres psql -l

Create a user dean, set a password, and grant access to the Sentinel database: 

sudo -u postgres createuser dean
sudo -u postgres psql -c “ALTER USER dean WITH ENCRYPTED PASSWORD ‘SetPassword’;”
sudo -u postgres psql -c “GRANT ALL PRIVILEGES ON DATABASE sentinel to dean;”

Replace 'setpassword' with a preferred password. Verify that users can connect: 

psql -U dean –host 127.0.0.1 sentinel -c “Select 1;”

Optional - Create a .pgpass file in /root folder to be able to automatically pass connection settings to backup scripts: 

echo “127.0.0.1:5432:sentinel:dean:SetPassword” > /root/.pgpass
chmod 0600 /root/.pgpass
Setup Sentinel Server (Step Five)

Create a folder for Sentinel Software- /opt/sentinel : 

mkdir -p /opt/sentinel

Copy the Sentinel server file to /opt/sentinel and create SYMLINK: 

cd /opt/sentinel
ln -sf sentinel-19.7.2.jar sentinel.jar

Create a service file for the Sentinel server: 

touch /etc/systemd/system/sentinel.service

Add the following content to this file and set credentials for PostgreSQL: 

[Unit]
Description=Seninel Server daemon

[Service]
#User=userowner
Type=simple
Restart=always

Environment=DB_NAME=sentinel
Environment=DB_USER=dean
Environment=DB_PASSWORD=SetPassword
Environment=DB_HOST=127.0.0.1
Environment=DB_PORT=5432

ExecStart=/usr/bin/java -Xms4g -Xmx8g -jar /opt/sentinel/sentinel.jar start –port 8787 –hostname 127.0.0.1

[Install]
WantedBy=multi-user.target

Update SYSTEMD configuration and enable the Sentinel server: 

systemctl daemon-reload
systemctl enable sentinel.service

Using your License Key and PostgreSQL database credentials, run Sentinel's init job: 

DB_NAME=sentinel DB_PASSWORD=SetPassword DB_HOST=127.0.0.1 DB_PORT=5432 java -jar sentinel.jar register –license-key “Your-licence-key”

Using an email, create the first account with admin access level: 

DB_NAME=sentinel DB_PASSWORD=SetPassword DB_HOST=127.0.0.1 DB_PORT=5432 java -jar sentinel.jar create_user –email “admin@your.domain”

Start the Sentinel server and check status: 

systemctl start sentinel.service
systemctl status sentinel.service

Using a Chrome browser (required), enter the Sentinel domain to load the application.

PreviousSentinel VM RequirementsNextHost Server Setup RHEL/CentOS 8

Last updated 1 year ago