# Platform

{% hint style="warning" %}
To upgrade an existing platform, please refer to [Upgrade section](https://docs.datasentinel.io/manual/implementation/upgrade/platform)
{% endhint %}

## Availability

The platform is available exclusively on linux systems:

| Distribution                               |
| ------------------------------------------ |
| RHEL8, Rocky linux 8, AlmaLinux 8          |
| RHEL9, Rocky linux 9, AlmaLinux 9, SLES 15 |
| Debian Bullseye                            |

{% hint style="info" %}
To install Datasentinel on a different Linux system, please reach out to us at [support@datasentinel.io](mailto:support%40datasentinel.io)
{% endhint %}

## License

A license key is required to use Datasentinel.

Obtain a Datasentinel license key:

* Users who want to try Datasentinel can obtain a [60-day Trial Key](https://docs.datasentinel.io/manual/free-trial)
* Existing customers can obtain their license key from support: [support@datasentinel.io](mailto:support%40datasentinel.io)

Refer to the documentation for instructions on updating the [Token](https://docs.datasentinel.io/manual/implementation/platform-usage/configuration/license) to enable the license key.

## System Requirements

The sizing of the machine (cpus, memory, storage) to be provisioned, will depend on the number of PostgreSQL instances to monitor as well as the data retention chosen.\
\
Default sizing recommendations with a retention of 14 days

<table data-full-width="false"><thead><tr><th width="159">Instances</th><th width="107" data-type="number">CPUs</th><th width="192">Memory</th><th>Storage</th></tr></thead><tbody><tr><td>1 to 10</td><td>4</td><td>8GB</td><td>25GB</td></tr><tr><td>11 to 50</td><td>8</td><td>16GB</td><td>50GB</td></tr><tr><td>51 to 100</td><td>8</td><td>32GB</td><td>75GB</td></tr><tr><td>101 to 200</td><td>16</td><td>64GB</td><td>100G</td></tr><tr><td>>200</td><td>24</td><td>96GB</td><td>150GB</td></tr></tbody></table>

{% hint style="info" %}
We strongly recommend a machine with scale capabilities such as virtual machines&#x20;
{% endhint %}

For enhanced memory management on a server hosting Datasentinel, it is advised to set the **swappiness** parameter to a value of **5**.

You can confirm the current value:

```bash
cat /proc/sys/vm/swappiness
```

## Security rules

Here are the firewall settings necessary for **Datasentinel.** \
**NGINX** acts as the main entry point for Datasentinel, handling all incoming connections—both from agents and the user interface (GUI)—over port **443** by default. (can be changed)<br>

{% hint style="danger" %}
**NGINX** communicates locally with other Datasentinel components through their assigned ports.<br>

**IMPORTANT:** **SELinux Requirement**\
For proper operation of all Datasentinel services, SELinux **must be set to&#x20;*****Permissive*****&#x20;or&#x20;*****Disabled*** on the host. Running in *Enforcing* mode can block critical internal traffic and file access, preventing components from starting or communicating.

Refer to [How to configure SELinux](https://docs.datasentinel.io/manual/implementation/troubleshooting/selinux)
{% endhint %}

**1. Agent-based mode**

* The listening port of the platform server must be accessible in both directions (PUSH and PULL) from the agents' servers.
* Each agent listens on port **8282** by default (updatable).\
  The platform server must be able to communicate with the agent servers on this port (PUSH and PULL)

**2. Agentless mode**

* The platform connects directly to PostgreSQL instances.\
  The listening port of each PostgreSQL instance must be accessible from the platform

***

## Step-by-Step Installation Instructions

<table><thead><tr><th width="182.33333333333331">Date</th><th>Last available platform version</th><th></th></tr></thead><tbody><tr><td>2026-02-17</td><td><strong>2026.02</strong></td><td><a href="../../release-notes">Release Notes</a></td></tr></tbody></table>

{% stepper %}
{% step %}

### Download

{% hint style="info" %}
The platform is packaged as a single file, **install-datasentinel-platform-<\<OS>>-latest.tar.gz**, which includes all necessary [components](https://docs.datasentinel.io/manual/architecture#components).&#x20;
{% endhint %}

<table><thead><tr><th width="259">OS</th><th>File to download</th></tr></thead><tbody><tr><td>RHEL, Rocky Linux, AlmaLinux 8</td><td><a href="https://app.datasentinel.io/ds-api/download/install-datasentinel-platform-rocky8-latest.tar.gz">install-datasentinel-platform-rocky8-latest.tar.gz</a></td></tr><tr><td>RHEL, Rocky Linux, AlmaLinux 9, SLES 15</td><td><a href="https://app.datasentinel.io/ds-api/download/install-datasentinel-platform-rhel9-latest.tar.gz">install-datasentinel-platform-rhel9-latest.tar.gz</a></td></tr><tr><td>Debian Bullseye</td><td><a href="https://app.datasentinel.io/ds-api/download/install-datasentinel-platform-debian-bullseye-latest.tar.gz">install-datasentinel-platform-debian-bullseye-latest.tar.gz</a></td></tr></tbody></table>

*The file size is approximately 690 MB.*

```bash
// Download example with wget
wget https://app.datasentinel.io/ds-api/download/install-datasentinel-platform-rhel9-latest.tar.gz

```

{% endstep %}

{% step %}

### Installation

{% hint style="danger" %}
During installation, you will need to be logged in as the **root** account. \
However, this is the only time this account is required. \
\
After installation, all modules and future updates will be executed using the defined application account.
{% endhint %}

Prior to starting the installation process, it is necessary to install [NGINX](https://www.nginx.com/), as it serves as the initial entry point for Datasentinel.

```bash
// Example
dnf install -y nginx
```

```bash
// Uncompress the downloaded file
tar xvzf install-datasentinel-platform-rhel9-latest.tar.gz
```

Uncompress the downloaded file to create two files: \
`init_datasentinel.sh` and `datasentinel-platform.tar.gz`

{% hint style="info" %}
The application binaries and the database for storing metrics will be installed in the **/datasentinel** directory. \
\
You can choose to pre-create the directory as a symbolic link, file system, or directory, or it will be created during installation. \
Make sure the directory is empty.
{% endhint %}

```bash
// Run the shell script
./init_datasentinel.sh
```

The script executes in less than 2 minutes and performs multiple actions:

* Requests user input for the application username (default is **datasentinel**). The user can be pre-created with bash as the default shell.
* Requests the application listening port (default is **443**)
* Creates the **/datasentinel** directory if it doesn't already exist
* Decompresses **datasentinel-platform.tar.gz** to install all components
* Creates entries in `bash_profile` and `crontab`
* Deploys services for automatic restart
* Starts all components.

{% hint style="info" %}
To install Datasentinel silently, use **`./init_datasentinel.sh -d`** \
Default values will be used
{% endhint %}

At the end of the installation, the platform should be up and running.

{% hint style="danger" %}
The listening port must be opened and accessible.\
Also, be careful with your firewall configuration (**SELinux**, **firewalld**) if any.\
\
**NGINX** is the entry component for **Datasentinel**, listening on port **443** by default for all incoming communications from other servers.\
**NGINX** communicates locally with other components using their designated listening ports. Refer to the configuration file located at `/etc/nginx/conf.d/datasentinel.conf`

\
If a **502** error appears on the graphical interface despite all components being up and running, it’s worth checking the firewall settings, such as **SELinux**
{% endhint %}

{% endstep %}

{% step %}

### SSL certificate

The on-premises platform utilizes a self-signed certificate configured with NGINX. \
The self-signed certificate is located in the **`/etc/nginx/certs`** directory. \
\
If desired, you can replace it with your own certificate. To do so:

* Generate a certificate for the platform machine.
* Replace the existing files **`cert_datasentinel.pem`**&#x61;nd **`key_datasentinel.pem`** with the real certificate&#x20;
* Restart NGINX or reload it: **`/usr/sbin/nginx -s reload`**

{% hint style="info" %}
The configuration file used by NGINX is `/etc/nginx/conf.d/datasentinel.conf`
{% endhint %}

{% endstep %}

{% step %}

### User interface

Once the installation is complete, access the UI using url and username:&#x20;

* URL: https\://<\<server\_name>>
* Username: datasentinel

{% hint style="info" %}
The password will be displayed at the end of the installation process
{% endhint %}

{% endstep %}

{% step %}

### License update

To begin using Datasentinel, you must update the license by following the instructions on [how to update the token](https://docs.datasentinel.io/manual/implementation/platform-usage/configuration/license).

{% endstep %}
{% endstepper %}

***

## Components

### Architecture

<figure><img src="https://1072624949-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlcWi6G1jtNuyGT9C0pkc%2Fuploads%2FnR3p6I72VzW2un8iZTo1%2Farchitecture.png?alt=media&#x26;token=a84cae44-b487-4699-a825-320b4deed505" alt=""><figcaption><p>Datasentinel architecture</p></figcaption></figure>

Datasentinel utilizes the following components:

1. Nginx web server
2. Datasentinel [Backend API](https://docs.datasentinel.io/manual/implementation/platform-usage/api-reference)
3. Datasentinel dispatcher ([Agentless](https://docs.datasentinel.io/manual/features/other-features/agentless-monitoring) feature)
4. Timeseries database InfluxDB
5. Grafana Frontend, which includes a PostgreSQL database and Datasentinel Frontend as a plugin.

{% hint style="info" %}
Each component is restarted automatically with a system service located on **`/usr/lib/systemd/system`**
{% endhint %}

### Management

```bash
// Start All
systemctl start datasentinel_influxdb datasentinel_postgresql datasentinel_grafana datasentinel_backend datasentinel_dispatcher nginx
```

```bash
// Stop All
systemctl stop datasentinel_influxdb datasentinel_postgresql datasentinel_grafana datasentinel_backend datasentinel_dispatcher nginx
```

```bash
// Component status
systemctl -l | egrep -i "datasentinel_|nginx"
```

{% hint style="info" %}
An alias is available when connected as **datasentinel** to check the availability of all components
{% endhint %}

```bash
// alias
status_datasentinel
```

```
// Output
datasentinel_backend.service                                       loaded active running   Datasentinel backend APIs
datasentinel_dispatcher.service                                    loaded active running   Datasentinel dispatcher
datasentinel_influxdb.service                                      loaded active running   InfluxDB service
datasentinel_grafana.service                                       loaded active running   Grafana daemon
datasentinel_postgresql.service                                    loaded active running   PostgreSQL 10 database server
nginx.service                                                      loaded active running   The nginx HTTP and reverse proxy server

```

### Status Check via the API

Another method to check the status of the platform is by querying its API using the following curl command

```bash
// curl
curl -k https://localhost/ds-api/
```

```json
// output
{
"status": "OK",
"message": "Datasentinel Backend up and running",
"datasentinel_version": "2023.05",
"services": [
   {
      "name": "nginx",
      "description": "Nginx web server",
      "running": true
   },
   {
      "name": "datasentinel_grafana",
      "description": "Grafana frontend",
      "running": true
   },
   {
      "name": "datasentinel_postgresql",
      "description": "PostgreSQL instance",
      "running": true
   },
   {
      "name": "datasentinel_backend",
      "description": "Backend service and API",
      "running": true
   },
   {
      "name": "datasentinel_dispatcher",
      "description": "Agentless service",
      "running": true
   },
   {
      "name": "datasentinel_influxdb",
      "description": "Influxdb database",
      "running": true
   }
]
}

```

## Installation demo

{% @arcade/embed flowId="dDPOjW1F89lyWobC5g9T" url="<https://app.arcade.software/share/dDPOjW1F89lyWobC5g9T>" %}

## Log files

Datasentinel generates logs, which are located in the `/datasentinel/log` directory, except for the NGINX log file

<table><thead><tr><th width="370">Log file</th><th>Information</th></tr></thead><tbody><tr><td><code>/var/log/https_datasentinel.log</code></td><td>Nginx log access (by default, access log is <strong>off</strong>)</td></tr><tr><td><code>datasentinel.log</code></td><td>Backend log file</td></tr><tr><td><code>dispatcher.log</code></td><td>Agentless feature log file</td></tr><tr><td><code>alerting.log</code></td><td>Alerting and Notification log file</td></tr><tr><td><code>scheduler.log</code></td><td>Scheduler log file</td></tr><tr><td><code>backend_to_influx.log</code></td><td>Log data copied to influxdb database in case of errors</td></tr><tr><td><code>grafana.log</code></td><td>Grafana log access</td></tr></tbody></table>