Installing ASM

Alation Cloud Service Applies to Alation Cloud Service instances of Alation

Customer Managed Applies to customer-managed instances of Alation

To prepare for ASM installation, two directories are required on the new instance you have provisioned. To create these:

sudo mkdir /opt/alation_fde
sudo mkdir /opt/alation_fde/asm

Change Ownership

You will need to change the ownership of the alation_fde folder to the same user Docker is running as.

cd /opt
sudo chown -R <user_name_here>:docker alation_fde

or

cd /opt
sudo chown -R $USER:docker alation_fde

Copy the ASM Zip File

Copy the provided ASM zip file to machine you will be using to host ASM (note, you may need a pem file to access the machine):

scp -i your_pem_file_here.pem alation_asm_mm_dd_yyyy.zip user@instance_location:~/.

Unzip the ASM zip file

Now unzip the installer:

cd /home/user
mkdir targetFolderName
unzip alation_asm_mm_dd_yyyy.zip -d targetFolderName

Optional: Configure SAML

If you choose to authenticate users using SAML when they log into ASM, first copy the XML file from your IDP that you collected in the Prerequisites section to the directory where the ASM installer files are located.

Next you will need to configure the provided saml.config file. Enable SAML by setting USE_SAML=True, and provide the details you collected as part of the Prerequisites as follows:

USE_SAML=True                      # True or False (default: False for no SAML)
SAML_PROVIDER='entra_id'           # 'entra_id' or 'okta'
ENTITY_ID='https://alation.com/'   # example 'https://alation.com' - needs to match the entity id set up on the IDP (Entra ID, Okta)
WANT_ASSERTIONS_SIGNED=True        # True or False (default: True)
WANT_RESPONSE_SIGNED=False         # True or False (default: False)

Run The Installer

Finally, run the installer and follow the prompts:

chmod +x installer_asm.sh
installer_asm.sh -h http://localhost

Once the installer completes ASM’s containers will be running.

Optional: Install Load Balancer and enable SSL/TLS

We recommend customers install a load balancer in front of their ASM instance. Customers can configure an SSL cert on the load balancer and this will handle all HTTPS traffic. Work with your devops / cloud admin team to install the load balancer, obtain a certificate, and configure SSL/TLS.

Test ASM

To test ASM, point your browser to the ASM machine and check you see ASM’s login page:

../../../_images/FDEasmLogin.png

Click the login icon top-right and check you can login.

  • If you are not using SAML you will be asked to create an account for first-time use. The password must contain at least one number and one uppercase and lowercase letter and at least 8 or more characters.

  • If you are using SAML you will be redirected to your IDP (Entra ID or Okta) to authenticate.

You have now installed ASM.

Upgrading ASM

To upgrade ASM, copy the updated ASM zip file to the host machine (note, you may need a pem file to access the machine).

Now login to your ASM machine and on the command line run the following commands:

docker-compose -f /opt/alation_fde/asm/docker-compose.prod.yml down
installer_asm.sh -h http://localhost