The most common way to install ISPadmin is using installation DVD which is available at promo events, or downloadable from download.ispadmin.eu. It is a ispadmin-XX-64bit-debian7-DVD.iso file (XX represents ISPadmin version).
ISPadmin runs on a Debian GNU/Linux distribution which is included in the installation DVD so there is no need to have a Linux installation ready prior to ISPadmin installation. Just burn the downloaded ISO file onto a DVD and follow the instructions.
The following procedure will show you how to set up the installation so that it can be remotely performed by our technical support.
The most common way to install ISPadmin is using installation DVD which is available at promo events, or downloadable from download.ispadmin.eu. It is a ispadmin-XX-64bit-debian7-DVD.iso file (XX represents ISPadmin version).
ISPadmin runs on a Debian GNU/Linux distribution which is included in the installation DVD so there is no need to have a Linux installation ready prior to ISPadmin installation. Just burn the downloaded ISO file onto a DVD and follow the instructions.
Switch to BIOS while booting up (by pressing Del / F2 or similar), and check that Advanced Host Controller Interface (AHCI) support is enabled for SATA hard drives. If your motherboard does not support AHCI, no problem. However, if there is such an option enable it. If you leave this option disabled the system will work with SATA drives in a mode compatible with older IDE drives, and I/O speed will be much lower than AHCI-enabled option.
Insert installation DVD into the drive and boot from it. There are 2 methods of booting from DVD.
Method 1 - Enable booting from DVD/CD in BIOS. The system will boot from DVD all the time. This might represent a problem while installing ISPadmin because you will need to boot from HDD after installation to finish configuration.
Method 2 - Press F11 or similar to get to boot menu. Select booting from DVD/CD. This way you will ensure that first booting will be done from DVD and then, after restart, from HDD as defined in BIOS. No help with server manipulation will be needed from your in this case.
When the system is launched, installation environment will be prepared and a welcome screen is displayed. Click OK to confirm and proceed to Remote install. If you cannot see this screen, press enter.
1. Set up IP address so that the server is accessible from the Internet. That is, either you enter public IP, or the machine is in your network so you enter private IP address and ensure mapping of ports 22, 80 and 443 from public IP address to your private one on your main router.
2. Enter network mask
3. Enter network gateway
You will see an overview of IP addresses that you have entered. Click Yes to activate them. Preparation is completed and you can contact your technical support.
And now just send us configured IP address to This email address is being protected from spambots. You need JavaScript enabled to view it. or call technical support. We will look after the rest.
The installation will have to be configured later on.
The most common way to install ISPadmin is using installation DVD which is available at promo events, or downloadable from download.ispadmin.eu. It is a ispadmin-XX-64bit-debian7-DVD.iso file (XX represents ISPadmin version).
ISPadmin runs on a Debian GNU/Linux distribution which is included in the installation DVD so there is no need to have a Linux installation ready prior to ISPadmin installation. Just burn the downloaded ISO file onto a DVD and follow the instructions.
The following procedure will guide you through preparation of disks, installation, and subsequent configuration of ISPadmin.
Switch to BIOS while booting up (by pressing Del / F2 or similar), and check that Advanced Host Controller Interface (AHCI) support is enabled for SATA hard drives. If your motherboard does not support AHCI, no problem. However, if there is such an option enable it. If you leave this option disabled the system will work with SATA drives in a mode compatible with older IDE drives, and I/O speed will be much lower than AHCI-enabled option.
Enable booting from DVD/CD in BIOS. Insert installation DVD into the drive and boot from it. When the system is launched, installation environment will be prepared and a welcome screen is displayed.
The model installation assumes two identical SATA disks from which a software mirror (RAID 1) will be created later on. It is used in cases when the server has no HW RAID.
First hard drive is connected as /dev/sda and the second one as /dev/sdb.
If your hard drives are up to 160GB in size, create only 2 new disk partitions. One partition for creation of software RAID (md0 for the system), and the second one for SWAP purposes. First of all, create partition for system installation. The capacity of the first partition will be determined by the deduction of a maximal capacity of the disk and a space which is reserved for the storage space, approx. 2 to 4GB. Then from the remaining space a second primary partition will be created, where also the SWAP will be situated.
If you have greater hard disks (250GB, 320GB, 500GB, 1000GB ), you´d better separate the system from the backups and the NETflow data to your own partitions. So create the first system partition of approx. 100GB (md0 array), the second partition is for SWAP (approx. 4GB), and the last partition for backup/NETflow data (md1 array).
If there is already any SW raid activated, you have to delete it, otherwise it would be impossible to manipulate with the disk partitions. If not, you may continue.
mdadm --manage --stop /dev/md0
Run fdisk -l to see if the system has detected harddisks and how they are marked.
Often they are marked as /dev/sda and dev/sdb, yet they can be marked differently (e.g. /dev/hda).
Run fdisk with /dev/sda parameter (first harddisk).
fdisk /dev/sda
List disk partitions using "p” and, if applicable, delete already created ones using "d” to make sure the disk is empty.
If the disk is empty start creating a new primary partition using "n”.
Create SWAP partition from remaining space accordingly.
List partitions to make sure they are big enough. If not, discard all partitions and start over.
The first - system - partition must be of FD (Raid Autodetect) type, and the second one - SWAP - of 82 (Linux swap / Solaris) type.
Then mark the first - system - partition for booting.
Check again, if partition size / type is correct as well as boot flag.
The last step is to save changes in fdisk which updates MBR table.
Configuration of the first disk /dev/sda is finished now. Apply the same procedure to /dev/sdb. First, run fdisk /dev/sdb and repeat previous steps on the second drive. If you have a big harddisk, create 3 partitions instead of 2.
ATTENTION! Created partitions must be identical on both disks! Check it by running fdisk -l.
You now have to create RAID1 (mirror) from first partitions of both disks /dev/sda1 and /dev/sdb1. To do so, use
mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sda1 /dev/sdb1
Display raid status by
cat /proc/mdstat
Here you can see that the array:
The array will be fully redundant upon completion.
Do not restart server prior to synchronization of disks!
If you use a big harddisk and create 3 partitions, you initiate second RAID1 by:
mdadm --create /dev/md1 --level=1 --raid-devices=2 /dev/sda3 /dev/sdb3
Finally, format partitions. Formatting bigger harddisks may take up to several minutes.
Formatting possible second RAID array
mkfs.xfs /dev/md1 ### formatting second md1 array (physical partitions /dev/sda3 and /dev/sdb3) to xfs file system
Why using xfs for second data partitions? It is more efficient with big disk partitions and big amount of small files - Netflow data typically. Always use ext4 native file system for system partition (array md0)!
It is assumed that you have a server with RAID controller, and disk mirroring is done on HW level. Follow the same procedure for servers with one disk only. Just one disk is passed to the OS, e.g. /dev/sda.
Run fdisk with /dev/sda (change accordingly) parameter.
fdisk /dev/sda
List disk partitions using "p” and, if applicable, delete already created ones using "d” to make sure the disk is empty.
If the disk is empty start creating a new primary partition using "n”. In case of disk bigger than 200GB, we recommend you create 3 partitions. First partition is for system, the second one for SWAP, and the third one for data.
Create SWAP/data partition from remaining space accordingly.
List partitions to make sure they are big enough. If not, discard all partitions and start over.
The first - system - partition must be of Linux 83 type, and the second one - SWAP - of 82 (Linux swap / Solaris) type. Modify SWAP partition.
Then mark the first - system - partition for booting.
The last step is to save changes in fdisk which updates MBR table.
Finally, format partitions. Formatting bigger harddisks may take up to several minutes.
mkfs.ext4 /dev/sda1
mkswap /dev/sda2
Format eventual third data partition, if created.
mkfs.xfs /dev/sda3
Check if ispadmin.tgz source archive is available. It should be located in /install if DVD-ROM drive is correctly detected.
ls -la /install
If the installation archive is not present in /install, DVD-ROM drive might not have been detected correctly. Therefore, you have to connect the content of installation DVD manually. To detect the device with the installation DVD run dmesg | more, which will list, page by page, reports about the detection of individual components of the server during the start of the system.
mount /dev/XXX /install ### replace XXX with the device representing DVD-ROM drive which is, most often, hdc, hdd, or sr0.
Mount system partition to /hd and unpack data from /install/ispadmin.tgz into it.
mount /dev/md0 /hd ### mount created disk to /hd where you will unpack installation files (for HW RAID), or for one disk enter /dev/sda1
gzip -d < /install/ispadmin.tgz | tar xvf - -C /hd ### unpacks installation archive into created disk
Modification of partitions in configuration file /etc/fstab. For SW RAID, modify according to the following:
nano /hd/etc/fstab
/dev/md0 / ext4 errors=remount-ro 0 1
/dev/sda2 none swap sw 0 0
/dev/sdb2 none swap sw 0 0
/dev/md1 /data/ xfs defaults 0 2 ## only if you have data partition
Modification of partitions in configuration file /etc/fstab. For HW RAID, or in case of one disk on server, modify according to the following:
When the installation is completed, set up boot sector and create a boot loader. Switch to the new disk and edit /etc/lilo.conf.
Then run lilo to create boot sector.
lilo
To have the server with a new IP address after the restart instead of the default one 192.168.1.100, you have to save new address details into /etc/rc.local: IP address, network mask and default port. Just edit default addresses in commands ifconfig and route.
Leave chroot environment.
exit
Unmount disks.
Remove DVD from the drive so that newly installed system would be loaded after restart. If the drive is connected through SATA, everything is OK, if it is connected through IDE, you have to specify which block device it is. If the command does not work, eject DVD manually.
eject or eject /dev/hdc or eject /dev/sr0
Finally, restart the server to load the new system.
reboot -f
Newly installed system is being loaded after restart. If not, check booting sequence in BIOS configuration, and edit first item to be system hard drive.
If you have done everything as needed, the system boots up and you can log into it. Default login credentials are:
Command line
Web interface:
The system needs to be configured after installation. This usually includes: configuration of domain names, web server and administrator passwords, and activation of licence.
The most common way to install ISPadmin is using installation DVD which is available at promo events, or downloadable from download.ispadmin.eu. It is a ispadmin-XX-64bit-debian7-DVD.iso file (XX represents ISPadmin version).
ISPadmin runs on a Debian GNU/Linux distribution which is included in the installation DVD so there is no need to have a Linux installation ready prior to ISPadmin installation. Just burn the downloaded ISO file onto a DVD and follow the instructions.
We have great experience with VMware virtualization technology which has been used for many ISPadmin installations without problems. However, you may also try to run ISPadmin on another platform supported by Linux. In this case, we cannot guarantee you its functionality and reliability.
A lot of ISPs´ have been running ISPadmin on VMware. Its main advantage is hardware scalability based on current needs and server load, and also the hierarchical system of snapshots. It turns out that despite easy administration and low cost operation it is a viable solution for ISPadmin. To install it, create a virtual machine, mount image with ISPadmin installation DVD to it, set the default GW and IP address, and contact our technical support to complete the installation. If you prefer doing it yourself, follow the installation guide.
USB - VMware supports USB2.0 so it will connect the device to a subordinate system.
SMS gateway - We have succeeded in activating both COM, and USB SMS gateway.
To run ISPadmin, a dedicated server is required, or you can use one of the supported platforms (VMWARE, Proxmox). Hardware requirements may differ from number of clients, supported routers and devices.
We recommend to use high-quality equipment with the following recommended configuration:
| Recommended configurations | 1 000 clients and 100 routers | 5 000 clients | 10 000 clients |
|---|---|---|---|
| Processor | 2GHz and more, 64-bit architecture required!, recommended: Xeon with two, for or more cores | Xeon 6 Core (12 cores in total) | 2 Xeon Core (24 cores in total) |
| RAM | 4 GB RAM and more | 32 GB RAM | |
| Hard disks | 2x 250GB and more (SATA or SAS) with RAID1 for system, 1x 500GB (1000GB is better) for NETflow module Use a hardware controller as RAID, if possible. Otherwise we should be able to set up software RAID during the instalation (attention - software RAID cannot be set up in the installation utility!). The size of the system even after a five-year-long operation does not usually exceed 35GB + the backup system data. The data bulk for NetFlow at the operation 200 Mbit/s is about 1,5 GB a day, which is approximately 300 GB for 180 days (half of a year). |
SAS HDD (15k RPM, ideally), 2x 300 GB of capacity at least (system and database), and 2x 600 GB for stored data. Consider using SSD disks for their I/O speed. | |
| CD-ROM | The drive is necessary only for the installation of the system and in case of serious system failure; an external drive can be used. | ||
| COM port | If you want to connect your own SMS gateway to the server and send client reminders, plans to technicians, outage messages from Nagios etc. through it, we recommend to purchase a server with this port. It is possible to connect telephone/SMS gateway through USB as well, but the instalation is more complicated and it may not be always possible to activate the device. An optional solution of a missing COM port is an additional extension card with COM ports. In this case, it is necessary to find out before the purchase whether this particular type is supported by Linux (if there are available drivers for it). Another option is to use SMPP protocol for connection of SMS gateway which is connected in the network and uses TCP/IP protocol. |
||
In case of virtual installation with more applications / system on the same HW, bear in mind that all operations share the same HDD, and may reduce their speed due to IOPS which the HDD is capable of managing. Disproportional use of IOPS on HDD may affect the actual operation speed of ISPadmin. We recommend sufficiently configured HW, or a dedicated HW solution solely for purposes of ISPadmin. Consider having the database on separate HW for higher number of clients. If you are not sure with regards to the right HW configuration contact us on This email address is being protected from spambots. You need JavaScript enabled to view it..
For cases of blackout, it is advisable to connect the server to a UPS back up source because a sudden disconnection of the system might cause a damage of the database or of the system itself.
Sometimes HW RAID driver or a network card problems arise. A lot of problems can be solved even when the purchased server is not supported (ie. patch cores, driver compilation, or copying of installing archive through the Internet, etc.).
You may also host the installation of ISPadmin on our servers thus leaving all HW-related troubles to us. We guarantee you a 100%-availability and security of your data. Also, unlimited technical support is provided.
You will need to choose symbolic DNS addresses for web administration interface and client portal to complete the basic installation. Third level domains must be selected at least.
Take these as inspirations:
DNS records pointing to IP address of installed ISPadmin server must be created for selected symbolic addresses. These should usually be configured by your Internet provider, or you should be able to configure them yourself through your administration account (each provider has a different solution).
If DNS records point correctly to your server, test them by ping. Then continue with system configuration.
ping admin.yourcompany.cz
PING to yourcompany.cz [81.0.237.137] - 32 bytes of data:
...
Ping statistics for 81.0.237.137:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
Let´s assume that IP address of your server is 10.0.0.1, translated to public IP 81.0.237.137. DNS records point to IP 81.0.237.137, and server IP address is 10.0.0.1
Enter server name into /etc/hostname: admin
pico -w /etc/hostname
Enter IP address and hostname into /etc/hosts like this: 10.0.0.1 admin.yourcompany.cz klient.yourcompany.cz admin klient
pico -w /etc/hosts
Modified marked address in /etc/apache2/httpd.conf so that the file looks like this:
pico -w /etc/apache2/httpd.conf
#Listen 81 ### comment port 81 at the beginning
#Listen 82
#Listen 84
options FollowSymLinks
#NameVirtualHost 10.0.0.1:80 ### modify address for virtual hosts for relevant ports
#NameVirtualHost 10.0.0.1:443
### ISP Admin
### modify domain name for unsecured access
ServerName admin.vasefirma.cz
DocumentRoot "/data/support_nossl/"
## ISP Admin SSL
ServerName admin.yourcompany.cz
DocumentRoot "/data/support/ispadmin/"
AddDefaultCharset UTF-8
Options ExecCGI
AllowOverride All
CustomLog /var/log/apache2/access_support_ispadmin.log combined
AddType application/x-httpd-php .php .php3 .php4
php_admin_value open_basedir "/data/support/:/tmp/:/data/:/usr/local/script/ispadmin/:/data/backup/"
php_admin_value include_path ".:/usr/local/lib/php/:/tmp/:/data/support/:/usr/local/script/ispadmin/"
php_admin_value disable_functions "openlog, exec, passthru, proc_open, proc_close, shell_exec"
php_admin_value display_errors "On"
php_admin_value safe_mode "Off"
php_admin_value safe_mode_exec_dir "/usr/local/script/ispadmin/"
php_admin_value safe_mode_allowed_env_vars none
php_admin_value safe_mode_include_dir ".:/usr/local/lib/php/:/tmp/:/data/support/:/usr/local/script/ispadmin/" php_admin_value register_globals "On"
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f This email address is being protected from spambots. You need JavaScript enabled to view it."
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/cert/server.crt
SSLCertificateKeyFile /etc/httpd/conf/cert/server.key
SSLCertificateChainFile /etc/httpd/conf/cert/ca.crt
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
#### ISP Admin support
#
# DocumentRoot "/data/support_nossl/"
#
## ISP Admin support SSL
ServerName klient.yourcompany.cz
DocumentRoot "/data/support/ispadmin/new/www/clientinterface/"
AddDefaultCharset UTF-8
Options ExecCGI
AllowOverride All
CustomLog /var/log/apache2/access_support_ispadmin_support.log combined
AddType application/x-httpd-php .php .php3 .php4
php_admin_value open_basedir "/data/support/ispadmin/:/tmp/:/usr/local/script/ispadmin/"
php_admin_value include_path ".:/usr/local/lib/php/"
php_admin_value disable_functions "openlog, exec, passthru, proc_open, proc_close, shell_exec"
php_admin_value display_errors "On"
php_admin_value safe_mode "Off"
php_admin_value register_globals "On"
# SSLEngine on
# SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# SSLCertificateFile /etc/httpd/conf/cert/server.crt
# SSLCertificateKeyFile /etc/httpd/conf/cert/server.key
# SSLCertificateChainFile /etc/httpd/conf/cert/ca.crt
# SetEnvIf User-Agent ".*MSIE.*" \
# nokeepalive ssl-unclean-shutdown \
# downgrade-1.0 force-response-1.0
Options ExecCGI FollowSymLinks
AllowOverride None
Options ExecCGI
AllowOverride All
include /usr/local/script/ispadmin/apache_ispadmin_vhost.conf
Further steps to be made:
We strongly recommend to follow the principles of so called strong passwords. This way you will greatly reduce the possibility of compromising the system, database, even the application itself.
Do not use ISPadmin with default passwords included in the installation!
An example: Suppose you want an easy to remember password, which meets the requirements for a strong password: it contains both uppercase and lowercase letters, numbers and special characters, and is at least 8 characters long.
Weak password: frantavomacka
The transformation of a weak password into a strong one:
1)You put uppercase letters instead of some lowercase ones - this way you will meet the condition of uppercase and lowercase letters.
2)Replace "o" with "0", "i" or "l” with "1" or use a few numbers at the end of the password - this way you will meet the condition of numbers presence in a password.
3)Replace "a" with "@" or between words frantavomacka you will use the underscore sign "_" - this way you will meet the condition of special character in a password.
Strong password: Fr@nta_V0macka957
Change default SQL database passwords; you can use help:
/usr/local/script/ispadmin/ispadmin_change_pass.pl
Change of default password for user SQL DB "ispadmin":
/usr/local/script/ispadmin/ispadmin_change_pass.pl ispadmin ispadmin new_password
Change of default password for user SQL DB "root":
/usr/local/script/ispadmin/ispadmin_change_pass.pl mysql_root ispadmin new_password
Also, change root password for access to Linux via SSH:
passwd root
You don´t have to be afraid about it. If you accidentally change the password and forget it, contact our technical support. There is no need to reinstall the system.
Now restart the server again with reboot to apply all changes in the system.
reboot
When the system is restarted, log into web interface using default data (user: admin, password: ispadmin) and change system administrator password - admin - in Settings Administrators Administrators to a new, more secure one following rules for strong passwords.
For full use of ISPadmin you need to purchase and activate licence for certain amount of clients.
If you have configured your installation correctly, run a command to update to the latest stable version of ISPadmin.
To prevent server attacks, you have to configure firewall for ISPadmin. If you wish to access the server remotely, you will need to define the appropriate firewall rules to allow traffic via SSH and other protocols only from strictly necessary IP addresses (networks). To do so, go to Settings System Settings Security where you enable SSH access for administrator devices only, or directly for your network only.
A must; no doubt it belongs among first steps during implementation. It is important to realize that the entire business of your ISP company will now be dependent on the availability of ISPadmin. System recovery from a backup can be performed in tens of minutes, which is absolutely crucial for a company providing connectivity to hundreds of homes and dozens of companies in case of a sudden system failure.
Please do not underestimate the importance of backups.
