This guide can help you get IQ Server up and running for the purpose of trying out the associated Nexus Firewall functionality before installing it in your development environment. If you have an available Nexus Repository Manager Pro server available, you can expect to spend 15 to 30 minutes for installation and configuration, a bit longer if you don’t.
To dive into Nexus Firewall a bit further, check out the Audit and Quarantine section of the Nexus Repository Chapter.
To integrate Nexus Repository Manager with IQ Server you need Nexus Repository Manager Pro and IQ Server installed with the Repository Pro license that also supports Nexus Firewall. If you do not have a license contact us, and we’ll be happy to assist. |
Installing the IQ server is really a case of downloading the archived server, picking a location, and unpacking the contents. Since we won’t be focused on mimicking a production experience, most laptop and desktop configurations should run IQ Server with no problem. If you are looking to plan for the future though, be sure to review the server requirements section of the Requirements chapter.
tar.gz
or .zip
file.
Once you’ve extracted the contents, follow the steps below to run IQ Server
nexus-iq-server-x.xx.x-xx-bundle
.
Run one of the following commands to start IQ Server:
Linux or Mac: ./demo.sh
Windows: demo.bat
Log in using the default Administrator account:
Username: admin Password: admin123
Install the required product license supplied to you by the Sonatype Support team.
.lic
) and click Open.
IQ Server needs access to an external data service to perform evaluations, which may be blocked in your internal environment. For a workaround, see Running IQ Server Behind a HTTP Proxy Server in the IQ Server documentation. |
Policy is at the core of IQ Server’s automation capabilities. This is true for both Nexus Firewall and Nexus Lifecycle. While you can create a completely custom set of policies, importing the Sonatype Sample Policy set set is the quickest way to get started. This set includes multiple policies for triggering violations on security vulnerabilities, licensing issues, architecture issues, and more.
.json
file) from the IQ Server documentation.
.json
file you downloaded, and click Open.
Policy Actions directly affect how IQ Server can automate processes in the available integrations when policy violations are encountered. In the case of Nexus Firewall, you can set an action to warn, which will audit, or simply display any violations. Alternatively you can set the action to Fail, which will quarantine, or block developers from accessing new components entering a repository that also violate the specified policy. To set Policy actions for the Proxy stage:
When using the Fail action (Quarantine), the repository will need to be configured accordingly. In addition only new components entering the repository can be quarantined. Components with violations that already exist in repository will not be quarantined. |
For additional information on what actions can be set and how they can affect automation, be sure to check out the actions section of our chapter on Policy Management.
IQ Server for Nexus Repository Manager allows you to integrate IQ Server’s policy management and component intelligence features with proxy repositories in Nexus Repository Manager Pro. In order to do this, first you will need to configure the capabilities that allow for communication between IQ Server and Nexus Repository Manager. In addition, because Nexus Firewall is compatible with both Nexus Repository Manager 2.12.x or higher and 3.2.x or higher, there are specific instructions for each major version.
There are two steps in order to allow IQ Server to interact with an instance of Nexus Repository Manager, and evaluate repositories. First, you need to configure the IQ Server connection:
Select an Authentication Method:
User Authentication: Enter the username and password.
PKI Authentication: Delegate to the JVM for authentication.
If successfully connected, a list of available applications in IQ Server displays in the Server Connection tab.
For this quick start guide, using the default admin credentials is acceptable. However, for a real implementation, you would want to create a unique user for this integration, making sure to review the section on Section 7.5, “Role Management” in the Security Adminstration chapter. |
Next, add the Audit and/or Quarantine capability for each repository you want to evaluate. To configure Audit and/or Quarantine:
An audit of the selected repository automatically starts. Nexus Repository Manager contacts IQ Server and evaluates the components within the selected repository against any associated policy.
These features use IQ Server policy management to identify, and if desired, prevent a proxy repository from serving unwanted components. If you have chosen to Audit, policies must also be configured with a fail action. Additional information is available in the Audit and Quarantine section of the Nexus Repository Chapter. |
There are two steps in order to allow IQ Server to interact with an instance of Nexus Repository Manager, and evaluate repositories. First, you need to configure the IQ Server connection:
Select an Authentication Method:
User Authentication: Enter the username and password.
PKI Authentication: Delegate to the JVM for authentication.
For this quick start guide, using the default admin credentials is acceptable. However, for a real implementation, you’d want to review the chapter on Security Adminstration, making sure to review Section 7.5, “Role Management”. |
Next, add the Audit and/or Quarantine capability for each repository you want to evaluate. To configure Audit and/or Quarantine:
An audit of the selected repository is automatically started. Nexus Repository Manager contacts IQ Server and evaluates the components within the selected repository against any associated policy.
These features use IQ Server policy management to identify, and if desired, prevent a proxy repository from serving unwanted components. If you have chosen to Audit, policies must also be configured with a fail action. Additional information is available in the Audit and Quarantine section of the Nexus Repository Chapter. |
Once configured, the evaluation of the repository is automatic and will occur given any repository changes (e.g. adding a new component). Depending on the size (number of components) of the repository you configured, the evaluation could take a minute or so, but in general is very quick.
As you review the results, if you are not continuing on to review Nexus Lifecycle functionality, you can skip ahead to the investigation and remediation section, which provides additional details for drilling deeper into the results and available intelligence. Of course, a much more in-depth review of Nexus Firewall IQ Server can be found in the Nexus Firewall section of the IQ for Nexus chapter.
Accessing repository results will differ depending on the version of Nexus Repository Manager you have installed (differences highlighted below). |
To review results in Nexus Repository Manager 2.x, click Repositories under the Views/Repositories menu. Repository Results are summarized in the IQ Policy Violations column of the Repositories tab.
To view detailed results, click the open icon in the IQ Policy Violations column of the Repositories tab. IQ Server will open in a new tab showing detailed Repository Results.
In Nexus Repository Manager 3.x, the results of an audit are summarized in the IQ Policy Violations column of the Repositories view as shown in the figure below. Access the Repositories view from the Repository sub menu of the Administration menu.
To view detailed results, click the open icon in the IQ Policy Violations column of the Repositories view. IQ Server will open in a new tab showing detailed Repository Results.
Repository Results allow you to drill down to learn specific details about a violation, including the ability to isolate quarantined components. Click an individual component to open the Component Information Panel (CIP). The CIP displays many details, which are divided into different sections or tabs. To get you started using the CIP, take a look at these sections:
This is just a small sample of the component information available in the CIP. For a complete discussion of the CIP, see Component Information Panel in the Nexus IQ Server Documentation.
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia