This quick start guide outlines the steps required to install and begin managing the ClearOS server. It assumes the user is familiar with software installation principles and has a basic understanding of computer hardware and networking.
ClearOS is a computer (server) operating system (OS) that provides enterprise-level network security and application services to the Small/Medium-sized Business (SMB) market. It allows an organization to protect against incoming threats, enforce ongoing policy, and be more productive through the use of integrated services. This guide outlines the steps required to install and begin managing the ClearOS server on an HPE ProLiant server. It assumes the user is familiar with software installation principles and has a basic understanding of computer hardware and networking.
ClearOS can run in 'headless' mode. Which means that neither a keyboard nor a monitor is required once you have your system installed and running.
Depending on your requirements, you also need to consider the number of network cards required for your system.
|Mode||Required Network Cards|
|Multi-WAN/DMZ||3 or more|
Multi-WAN uses two or more connections through multiple Internet Service Providers (ISPs) for the benefit of load balancing and/or failover.
The hardware required depends on what resource demands are placed on your HPE ProLiant server. For example, providing proxy and website content filtering to 50 users requires higher processor and memory requirements than a system running a simple firewall. The following general guidelines can be used for estimating your system requirements:
|CPU and Memory||Less than 5 users||5-10 users||10-50 users||50-250 users|
|Processor/CPU||1 GHz||2 GHz||Quad Core 3 GHz||Dual Quad Core +|
|Hard Drive||Installation and logs require 6GB. Optional storage is up to the user.|
|RAID||Recommended for mission critical systems. For more information see the hardware user guide.|
|Optical Drive||A CD/DVD or USB drive is required for installation and for major upgrades.|
There are four stages to setup and run ClearOS.
For HPE ProLiant servers that do not have ClearOS preloaded, ClearOS is available for download through Intelligent Provisioning. This step focuses on the options available for installing ClearOS through HPE Intelligent Provisioning. The time to complete these steps is dependent upon download connection speeds. <br /><br />
This step focuses on unpacking hardware, setting up added hardware options, connect to peripherals, the Internet, and power. These steps take on average 10 minutes to complete. <br /><br />
The stage uses a graphical wizard to walk you through the steps of setting up ClearOS. These steps take on average 10 minutes to complete. <br /><br />
The ClearOS Marketplace, allows you to quickly find and install the apps your system needs. With ClearCenter and the ClearOS Marketplace, your server is transformed into a smart server that you can depend on for years to come. The ClearOS Marketplace delivers powerful apps and services at the click of a button. Continue to check back to the Marketplace to see what new integration options are available as new apps are being written all the time by third-party application developers and open source geniuses.
Intelligent Provisioning is a single-server deployment tool embedded in ProLiant Gen9 servers and HPE Synergy compute modules that replaces the SmartStart CDs and Smart Update Firmware DVD used with previous generations of ProLiant servers. Intelligent Provisioning simplifies server setup, providing a reliable and consistent way to deploy servers.
In the Intelligent Provisioning setup process, ClearOS has been added as an OS selection in the second step.
When ClearOS is selected, the user is presented with the following screen:
Select the Recommended installation method.
The user has several options for their source media: physical DVD or iLO virtual media, network share, FTP site, USB Key, or Installation from the web. Most users will select USB Key or installation Installation from the web. Installation from the web requires the server be connected to a live internet connection. If you select Installation from the web and the server is connected to the internet, clicking the forward arrow to the next step will initiate the downloading of ClearOS from one of the 13 mirrored sites around the world. <br /><br /><br />
For detailed images and step by step instructions, consult the: ClearOS 7 on HPE ProLiant Server Installation Guide.
<br /><br />
<br /><br />
<br /><br />
Detail is given in this section because a network connection and power are all that are needed to get started. Return to this section if you are not using a headless mode and instead need to connect a monitor to perform different operations such as setting the bootloader’s language, reinstalling ClearOS, setting a different RAID mode, reinstalling ClearOS, configuring manual network settings, or some other optional operation to get ClearOS running. The ease of installation is discussed here in the network configuration settings because if you simply connect three things, you are on the fast track to configuring ClearOS optimally: <ul> <li>Power: Connected and powered on.</li> <li>First NIC: Connected to the Internet-facing network (either your LAN or the ISP).</li> <li>Last NIC: Connected directly to a laptop or workstation that is configured to use DHCP.</li> </ul>
If this is your configuration and you boot ClearOS, you should be able to manage the rest of the installation process at the following URL: https://172.22.22.1:81. Installation Modes and Optional Network installation details ClearOS supports different modes. You can use ClearOS as a simple server that participates on your network or you can use ClearOS on your server to provide gateway services like firewall and content filtration to all your devices. Your choice to do one or the other is not a final decision and you can always change the mode later.
You need to identify your network interfaces. If you configure them and they are connected to the network, you can see from the graphical console which is which. If you are using a headless option and cannot connect to the management IP address, try switching the cable to see if you get an IP address on the 172.22.22.x network and if you can navigate to the Webconfig management address listed below.
If ClearOS came preinstalled on your server, it will attempt to setup a default network configuration. There are two ways to get your system configured quickly if ClearOS is pre-installed. If ClearOS is not pre-installed, use the second method:
1. With pre-installed ClearOS servers from HPE, the last interface (if you have more than one) is configured with a static IP address and is also configured to hand out addresses to anything plugged into it. You can connect a computer or laptop with your favorite browser and simply use this to get going quickly. This is by far the fastest method for deployment. Simply power on the server and connect an Ethernet Cable between the server and your laptop or desktop computer. Once the server is fully booted you will be able to navigate your web browser to the following IP address: https://172.22.22.1:81.
2. The first interface will be configured for DHCP and plugging it into your existing network where you have DHCP already configured will automatically obtain an address from your DHCP server. You can find out what that address is from your DHCP server (headless method) or you can look at the console when you first boot. The address will be listed there with the headless URL that you MUST use to complete the setup. If your DHCP server gave the address of 192.168.20.20, for example, you would configure your server from that same network to which it is attached using your favorite browser on your PC, laptop, or mobile device at: https://192.168.20.20:81.
You can also log into the Graphical Console of ClearOS with a monitor and keyboard attached and configure the IP settings.
In both cases, once you are in your browser and connected to the appropriate IP address, you will be presented with a self-signed certificate which will come as a warning in your browser. Accept the certificate and you will get a login screen where you can log in as ‘root’ with the password “password’ (the default password configured for new installations). Once the wizard is complete, be sure to change the password by clicking on the profile for the ‘root’ user at the upper-right corner of Webconfig.
One thing to consider is what mode you wish to run for ClearOS. There are three supported modes for how ClearOS behaves on the network and how it applies its firewall. In all of these modes ‘External’ means the network that faces towards the internet. Only ‘External’ interfaces are configured with gateway IP addresses. Whether or not ‘External’ is firewalled or not entirely depends on the mode. The modes are:
<ul> <li>Gateway Mode</li> <li>Private Server Mode</li> <li>Public Server Mode</li> </ul>
If you want ClearOS to be a file server, mail, or application server, you can set the mode to Private Server Mode if it is on a trusted network or Public Server mode if you want a default restrictive firewall in place suitable for Internet hosting or public IP environments that do not have other firewalling methods.
If you want ClearOS to be your router or gateway to the Internet and use applications that help to firewall your network or filter unwanted traffic, choose Gateway Mode.
If you want to do both of these types of activities related to server and gateway functions, choose Gateway Mode.
In Gateway Mode, you will need 2 (or more) network cards (NICs) and you will need to determine the mapping between each physical network card as represented in the software interface - as shown in Webconfig. Typically, users will set the first of their NICs as ‘External’ and their second of their NICs as ‘LAN’. In gateway mode, ‘External’ labeled interfaces are automatically firewalled.
If you have difficulty knowing which NIC is which, you can start the Network Configuration page from the Desktop interface or navigate to the Network Settings portion of the startup wizard (or both) to see the interface list. The simplest way to see which is which is to configure the interface and to physically connect only one cable to an interface and look for which one says/flashes ‘yes’ in the ‘Link’ field. Once it is determined which network card has been assigned an interface by the operating system, you can proceed to configure the role (i.e. ‘External’ or ‘LAN’) of each card by highlighting an interface and executing the configuration wizard.
Be aware that in ClearOS terms, when an interface is marked ‘External’, it means internet-facing. You will need at least one ‘External’ interface to register ClearOS.
Using ClearOS’s graphical console (Webconfig), go to the Interfaces Screen. You will need to login as ‘root’ and supply the password you used during the installation. If ClearOS came pre-installed on your server, use the password “password’ for the root user.
Configure the Mode to be Gateway in the Network Configuration interface. This interface can be accessed in the Installation Wizard during the early steps, in Webconfig after the Installation Wizard under Network » Settings » IP Settings, or through the Desktop Graphical Console before, during and after the Installation Wizard.
Besides ‘External’ and ‘LAN’ designations for your network interfaces, two other configurations can be useful for advanced users. These are ‘HotLAN’ and DMZ and they both work similar to each other. In both of these modes, servers and workstations behind them will use the ClearOS as their gateway, in HotLAN mode, all devices will be able to access the internet using the public IP address of the ClearOS server through NAT (Name Address Translation.) The devices on this network will not be able to access the LAN devices except through special exceptions you can create in the Custom Firewall Rules app. With ‘DMZ’ devices are routed but not run through NAT. This means that you will need a separate and distinct subnet of public IP addresses in addition to any subnet that you may use on your external interface. Devices in a DMZ are also firewalled from your LAN but you can create pinholes of access in your configuration.
If you would like to run in Public Server Mode, physically connecting the ClearOS server to your existing network is straightforward. Public Mode assumes that the External (Internet-facing) interface should not trust incoming traffic by default. Once Public Server Mode is selected, it will firewall all the ports except for the Webconfig port (port 81). This is done so that you can complete the wizard with the configuration that you are currently using. After the installation, you can open ports that you need and even close the Webconfig port using the ‘Incoming Firewall’ app in the Network section. Often Public Server mode installations require static IP addresses or even dynamic addresses which are not easily configured in headless mode on the default Internet-facing NIC.
Because of this, you can use the last NIC to configure via headless options (ie. https://172.22.22.1:81 in your browser). Merely treat it as a trusted management interface during configuration and feel free to remove it once everything is set up or keep it for future use. The server will not act as a router by default in this mode.
In many ways, Private Server Mode is similar to Public except for the key difference that Private Server Mode runs your server without the firewall. This is ideal for networks that are already secure or have a high level of trust. Encryption protocols and best practices can and should still be implemented but a lack of connectivity due to firewalling will not be an issue in this mode. In this mode, ‘External’ is still your Internet-facing device and any interface labeled ‘LAN’ is used for management networks only. The server will not act as a router by default in this mode.
Because of this, you can use the last NIC to configure via headless options (ie. https://172.22.22.1:81 in your browser). Merely treat it as a trusted management interface during configuration and feel free to remove it once everything is set up or keep it for future use. <br /><br />
For detailed step by step instructions, consult the: ClearOS 7 on HPE ProLiant Server Installation Guide. <br /><br /><br />
You can access the Install Wizard at [Add IP address.] In this stage, use the graphical Install Wizard to walk you through setting up ClearOS. These steps include:
<ul> <li>Selecting a network mode</li> <li>Configuring network interfaces and DNS</li> <li>Selecting your ClearOS edition</li> <li>REgistering the server</li> <li>Performing updates</li> <li>Setting up an internet domain</li> <li>Assigning a hostname</li> <li>Setting the date and time on the server</li> <li>Navigating the Marketplace wizard</li> <li>Selecting the Marketplace Apps best suited for your environment</li> </ul>
These steps will take on average 15 minutes to complete. <br /><br />
<br /><br />
During the install wizard, the system will ask the user to select their preferred system mode. The user may select either Public Server, Gateway, or Private Server mode.
<br /><br />
Configuring your Internet Settings correctly is crucial to the connectivity and performance of your network. Unless your Internet Service Provider (ISP) provides a static IP address, it is recommended that you use Dynamic IP Configuration (DHCP).
If your ISP assigns a static IP address, enter the individual TCP/IP settings as provided by your ISP.
Make sure you have these settings available during the installation process:
<ul> <li>IP Address</li> <li>Netmask</li> <li>Default gateway (IP)</li> <li>Primary Nameserver</li> </ul>
Unless you are experienced in network topology, it is recommended that you use the typical values provided when configuring your Local Area Network (LAN). For your reference a typical LAN settings are listed below:
<ul> <li>IP Address: 192.168.1.1</li> <li>Netmask: 255.255.255.0</li> </ul> <br /><br />
<br /><br />
<br /><br />
Once your system is online, one of the most important actions to take is to register your server. Registration ensures your software is kept up-to-date with the latest software errata and new features, which ensures a secure, reliable, and productive network. Registration also enables the Marketplace, the onboard app installation engine for ClearOS.
<br /><br />
<br /><br />
The hostname is a unique name by which the internal network can identify the ClearOS server.
If you are unsure what the server hostname should be, use the entries in the following table as a guideline.
|I own (or will buy) a domain for this server||gateway||mydomain.com|
|I want to use a free domain from ClearCenter||mylastname||poweredbyclear.com|
|Private Server Mode|
Some services on a ClearOS server require a fully qualified domain name (FQDN). A FQDN consists of a host and domain name, including a top-level domain. For example, www.clearcenter.com is a fully qualified domain name <br /><br />
<br /><br />
To simplify your setup, ClearOS can be configured By Function, Category, by using a Quick Select File, or by skipping the Install Wizard completely and choosing apps one at a time.
This allows you to choose common functions the server is used for and helps get you on your way to being fully configured quickly.
This gives you groups of apps linked together in the navigation menu. This requires some networking knowledge but provides more flexibility during setup.
This is a text file that can be created as a recipe when replicating servers as mirror configurations. See this URL for more information: https://www.clearos.com/resources/documentation/clearos/content:en_us:cc_doc_marketplace_quick_select#where_can_i_get_qsf_files
This allows you to pass through the Install Wizard without installing any apps. However, for the serer to be functional, apps need to be installed through the Marketplace post install.
<br /><br />
ClearOS Marketplace is unique in its design. It allows an administrator full control over how many services/applications run on any particular installation. For example, where security of the network is paramount, only edge device services like the firewall, intrusion detection/prevention, and virus scanning would be selected. In applications where the budget is limited and an ‘all-in-one’ server/appliance suits the environment, additional services can be added through Marketplace by selecting needed apps. It should be noted that not all apps are available together in combination.
<br /><br />
<br /><br />
<br /><br />
<br /><br />
<br /><br />
Welcome to the ClearOS Marketplace, where you can quickly find and install the apps your system needs. With ClearCenter and the ClearOS Marketplace, your server is transformed into a smart server that you can depend on for years to come. The ClearOS Marketplace delivers powerful apps and services at the click of a button. Continue to check back to see what is new and intelligently integrated into your new server.
<br /><br /><br />
The ClearOS Marketplace provides a simple framework where you can deploy a variety of IT functions such as Mail, File, Print, Messaging, Filtration, Load-Balancing, and other features and benefits.
The ClearOS Marketplace delivers powerful apps and services at the click of a button. Quickly find and install the apps your system needs. With the ClearOS Marketplace, your server is transformed into a smart server that you can depend on for years to come. <br /><br />
Webconfig is an easy-to-use, browser-based administrative tool that allows an administrator to configure and manage all aspects of the ClearOS server. The administrator can connect from within the LAN or from an access device located on the other side of the world.
Webconfig uses HTTPS protocol, which allows for secure, remote management of the server from an access device outside the LAN.
Webconfig listens for incoming client requests on a non-standard port (port 81). This is done in case you want to run a web server with the same encryption/security policies. As a result, there is one small (but important) addition to the URL that you will enter in a web browser when connecting to ClearOS’s Webconfig® user interface. https://192.168.1.1:81.
Note the addition of the port number by placing the characters “:81” after the IP address (192.168.1.1). Of equal importance, the example given above assumes you are connecting from within your LAN (or over a VPN tunnel) and that you selected the default IP settings for your LAN. You may modify the IP to suit your configuration or substitute the IP with a domain name that has been mapped correctly. For example, the server’s hostname as described earlier in this guide if this has been previously configured.
Your browser will issue an “Invalid Certificate” message when you access the site. Your connection is still secure, however, and is encrypted, but your server certification is not official. A valid certificate can be purchased and applied but is not required for the browser-based Webconfig administration tool. <br /><br />
The system password is the “root” account password - and the highest level of permission/access to the server. It is highly recommended that you use a STRONG password. A strong password would be a randomly generated series of characters that:
<ul> <li>is at least 8 characters long (longer is better)</li> <li>contains a mix of upper and lower case letters</li> <li>includes numerals, special characters, and/or punctuation</li> </ul>
An example of a good password is: s3f1$8Ba. Do not lose or forget the system password. You can always change your password used for ‘root’ by logging into Webconfig as ‘root’ and clicking [user profile] under the name ‘root’ in the upper right-hand corner of Webconfig. <br /><br />
In Gateway Mode, ClearOS requires a high-speed (broadband) network connection to the Internet. With a ClearOS server acting as the gateway to your Internet Service Provider (ISP), you will be able to share internet access to computers on the LAN while protecting your network against attacks from external threats. In many cases, an organization will also want to enforce access and user policy from within the LAN.
Today, it is not uncommon for organizations to have both a wired and wireless network. Wireless access can be achieved by adding an inexpensive wireless router to the network (in non-router mode) or by selecting a supported wireless card and installing it into the ClearOS server. <br /><br />
Once you have selected and assembled your hardware, it is time to install the software. Keep in mind, you can always add non-essential hardware later (for example, an additional network card, a USB mass storage device, and so forth.) without having to re-install the ClearOS software.
An installation “wizard” guides you through the install process. By prompting you to answer specific questions related to your setup, the wizard will help customize your install to your particular requirements.
The step-by-step software installation Guide is available at: https://www.clearos.com/resources/documentation/clearos/index:userguide7
For a step-by-step Screen Illustration for what to expect during setup, view this link https://www.clearos.com/resources/documentation/what-to-expect <br /><br />
<br /><br />
Support for ClearOS is purchased and delivered by ClearCenter not Hewlett Packard Enterprise. You can purchase single support incidents by submitting a support ticket to ClearCenter or purchase a Bronze, Silver, Gold, or Platinum ClearCARE subscription. To purchase a support inclusive license or configure your own subscription, click here: https://secure.clearcenter.com/portal/be1.jsp
ClearCARE Professional Tech-Support is also available On-Demand for those with a self-supported ClearOS server. For more details click here: https://secure.clearcenter.com/portal/support_sub.jsp
For more information on what is covered by ClearCARE, visit: https://www.clearos.com/products/support/clearcare-overview <br /><br />
<ul> <li>Phone: +1.800.977.0574</li> <li>Email: email@example.com</li> </ul>
<ul> <li>Phone: +1.801.851.5555</li> <li>Email: firstname.lastname@example.org</li> </ul> <br /><br />
ClearOS is driven by a very engaged and rapidly growing community. Community members enjoy helping each other with setting up, developing, troubleshooting, and pushing the boundaries of ClearOS. Get started participating in the community.
<ul> <li>Hewlett Packard Enterprise Information Library (http://www.hpe.com/info/enterprise/docs)</li> <li>Online User Guides, Community Sites, Online How-To Documents, Community Forums, Tech Support, and Search Engine (https://www.clearos.com/resources/documentation/documentation-overview)</li> </ul>
The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.
Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise website.
ClearCenter and ClearOS are either registered trademarks or trademarks of ClearCenter Inc. in the United States and/or other countries.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.