This article describes how to prepare the Linux Flowscape Server which will be running the Flowscape Solution.

Linux Server

A Linux Server is required for installing the Flowscape Solution.

Server Requirements

These are the server requirements for the Linux Server.

• Supported Distributions

  • Red Hat Enterprise Linux 9 (Latest tested version 9.6)

  • Ubuntu Noble 24.04 (LTS)

  • SUSE Enterprise Linux 15 SP7

• CPU

  • Minimum: 4 vCPUs (2.4 GHz or higher)

  • Recommended: 8 vCPUs (2.4 GHz or higher)

• RAM

  • Minimum: 8 GB

  • Recommended: 16 GB

• Disk space

  • Minimum:

    • Total: 64 GB

    • / (root): 25 GB

    • /var: 25 GB

    • /var/tmp: 2 GB

• Firewall

  • Allow the ports

    • 22 TCP

    • 443 TCP

    • 5432 TCP

Container Engines

The Flowscape Solution can be offered for the following container engines:

• Docker Engine (Supported for Red Hat & Ubuntu & SUSE)

• Podman Engine (Supported for Red Hat)

They both have different requirements on the server installation, and you should only install one of the suggested solutions on the Linux server.

Docker Engine

Supported Distributions:

• Red Hat Enterprise Linux 9 (Latest tested version 9.6)

• Ubuntu Noble 24.04 (LTS)

• SUSE Enterprise Linux 15 SP7

Follow the steps below if you want to install the Docker Engine on the Linux server.

1. Create a user named flowscape with the home directory set to /opt/flowscape

   • sudo useradd -s /bin/bash -d /opt/flowscape -m flowscape

2. Set a password for the user flowscape

   • sudo passwd flowscape

3. Grant sudo rights for the user flowscape

   • Red Hat

     • sudo usermod -aG wheel flowscape

   • Ubuntu

     • sudo usermod -aG sudo flowscape

   • SUSE

     • sudo usermod -aG wheel flowscape
       
       # You may have to edit the sudoers file
       # Find the line that starts with %wheel and ensure the # is removed to grant permissions to members of the wheel group
       sudo visudo

4. Install the unzip utility

   • Red Hat

     • sudo yum install unzip

   • Ubuntu

     • sudo apt-get install unzip

   • SUSE

     • sudo zypper install unzip

5. Install Docker Engine

   • Red Hat

     • Docker version: 29.3.0 - We recommend installing Docker using the rpm repository https://docs.docker.com/engine/install/rhel/

       • sudo dnf remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine podman runc

       • sudo dnf -y install dnf-plugins-core

       • sudo dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo

       • sudo dnf install docker-ce-3:29.3.0-1.el9 docker-ce-cli-1:29.3.0-1.el9 containerd.io docker-buildx-plugin docker-compose-plugin

       • sudo systemctl enable --now docker

   • Ubuntu

     • Docker version: 29.3.0 - We recommend installing Docker using the apt repository https://docs.docker.com/engine/install/ubuntu/

     • sudo apt install docker-ce=5:29.3.0-1~ubuntu.24.04~noble docker-ce-cli=5:29.3.0-1~ubuntu.24.04~noble containerd.io docker-buildx-plugin docker-compose-plugin

   • SUSE

     • Version: latest - We recommend installing Docker using the zapper repository https://documentation.suse.com/sles/12-SP5/html/SLES-all/cha-docker-installation.html

       • sudo zypper install docker
         sudo systemctl enable docker.service
         sudo systemctl start docker.service
         sudo /usr/sbin/usermod -aG docker flowscape

     • https://docs.docker.com/compose/install/linux/#install-the-plugin-manually

       • DOCKER_CONFIG=${DOCKER_CONFIG:-$HOME/.docker}
         sudo mkdir -p $DOCKER_CONFIG/cli-plugins
         sudo curl -SL https://github.com/docker/compose/releases/latest/download/docker-compose-linux-x86_64 -o $DOCKER_CONFIG/cli-plugins/docker-compose
         sudo chmod +x $DOCKER_CONFIG/cli-plugins/docker-compose

6. Add the user flowscape as a member of the docker group: https://docs.docker.com/engine/install/linux-postinstall/

   • sudo groupadd docker

   • sudo usermod -aG docker flowscape

Podman Engine

Supported Distributions:

• Red Hat Enterprise Linux 9 (Latest tested version 9.6)

Follow the steps below if you want to install the Podman Engine on the Linux server.

1. Create a user named flowscape with the home directory set to /opt/flowscape

   • sudo useradd -s /bin/bash -d /opt/flowscape -m flowscape

2. Set a password for the user flowscape

   • sudo passwd flowscape

3. Install the unzip utility

   • sudo yum install unzip

4. Install podman version 5.4.0

   • sudo yum install -y podman-5.4.0

5. Install containernetworking-plugins version 1.6.2

   • sudo yum install -y containernetworking-plugins-1.6.2

6. Install podman-plugins version 5.4.0

   • sudo yum install -y podman-plugins-5.4.0

7. Grant access to /etc/containers/

   • sudo chmod 777 /etc/containers

8. Create the file /etc/cron.d/cron.allow and grant the required permissions for allowing scheduling of database backups

   • sudo touch /etc/cron.d/cron.allow

   • sudo chmod 666 /etc/cron.d/cron.allow

9. Set KillUserProcesses=no in /etc/systemd/logind.conf , this is required for containers not to stop when the user session ends.

   • sudo sed -i '/KillUserProcesses/c\KillUserProcesses=no' /etc/systemd/logind.conf

10. Update the value for net.ipv4.ip_unprivileged_port_start and set it to 80

    • grep -qxF 'net.ipv4.ip_unprivileged_port_start=80' /etc/sysctl.conf || echo 'net.ipv4.ip_unprivileged_port_start=80' | sudo tee -a /etc/sysctl.conf

    • Apply the changes by running the command

      • sudo sysctl -p

TLS Certificate

A TLS Certificate and a Private Key is required for the Flowscape Solution.

• The TLS Certificate must be a public CA signed certificate (self-signed certificates are not acceptable).

• The TLS Certificate must include the hostnames “flowscape” & “flowscape-login”, the hostnames can be added in the certificate´s SANs list.

  • flowscape.<domain-name> (example flowscape.customer.com)

  • flowscape-login.<domain-name> (example flowscape-login.customer.com)

• The TLS Certificate must support TLSv1.2 or higher.

• The TLS Certificate must contain the root and intermediate CA in the certificate chain.

  -----BEGIN CERTIFICATE-----
  <server certificate>
  -----END CERTIFICATE-----
  -----BEGIN CERTIFICATE-----
  <intermediate certificate>
  -----END CERTIFICATE-----
  -----BEGIN CERTIFICATE-----
  <root certificate>
  -----END CERTIFICATE-----

• The TLS Certificate must be SHA2 encrypted.

• The TLS Certificate must be in .crt format.

• The Private Key must be decrypted and not have any password set.

• The Private Key must be in .key format.

• Add the FQDN:s on your DNS server as Type A records.

  • flowscape.<domain-name> -> Server IP address

  • flowscape-login.<domain-name> -> Server IP address

Add the two generated files on the Linux server in the folder /opt/flowscape/

• cert.crt

• cert.key

Integrations

Identity Providers

Supported Identity Providers:

• Microsoft AD FS

  • Customized configuration for the ID Token may be required, see the AD FS Server article for instructions.

  • The Linux Server must access the ADFS Server on port 443 TCP. Direct access to ADFS Server is required; proxies are not supported.

• Microsoft 365 Entra ID

Calendar Services

Supported Calendar Services:

• Microsoft Exchange Web Service (Exchange Server 2013, 2016, 2019, SE)

  • The Linux Server must access the Exchange Server on port 443 TCP. Direct access to Exchange Server is required; proxies are not supported.

• Microsoft 365 Graph (Exchange Online)

  • The Linux Server must access Exchange Online Server on port 443 TCP. Direct access to Exchange Server is required; proxies are not supported.

  • The Exchange Online Server must access the Linux Server on port 443 TCP. This is required because the Flowscape System is subscribing to calendar events for the room resources.

    • This also requires the Linux Server to have a Public IP.

SMTP

An SMTP Server is required for sending emails to the end users. In the Flowscape Solution, there are several functions that requires an SMTP integration such as asset booking, admin portal login and reporting issues.

This is the information that will be required for setting up the SMTP integration in the Flowscape Solution:

• Server address

• Server port

• Sender email address - Only required if the user has to be authenticated

• Sender password - Only required if the user has to be authenticated

• Reply to email address

Sensor Providers

Supported Sensor Providers:

• Tektelic (PIR & BusyLight)
  • The Linux server must access Tektelic Cloud on port 8883 TCP. Direct access to Tektelic Cloud is required; proxies are not supported.
• Ubiqisense (People counter)
  • The Linux server must access Ubiqisense Cloud on port 7883 TCP. Direct access to Ubiqisense Cloud is required; proxies are not supported.

If you have successfully completed the tasks above, you should now be able to provide the information below. This information will be required when installing the Flowscape Solution. Fill in the information and send it to your Flowscape contact person:

• Have you installed the Docker Engine or Podman Engine on the Linux server?

• What is the password for the user flowscape that you created on the Linux server?

• What is the FQDN name for the TLS certificate you generated?

• Which Identity Provider would you like to have integrated?

• Which Calendar Service would you like to have integrated?

• Information about how to connect to the SMTP Server.

• Which Sensor Provider(s) would you like to have integrated?