Install software

Additional software can be installed on a Managed OS VM.
The Temp Admin state allows you to install and configure software with Administrator or root privileges.
Note the restrictions below, otherwise the compliance check will fail and the Temp Admin state cannot be left.

Install software on Managed Windows

  1. Change to the Temp Admin state, for installing and configuring software
  2. In the Temp Admin state it is possible to login with RDP and the custadm user
  3. Install the software
  4. Change the state for the server back to the Full Managed state
This is an information message

Attention

Always install your software on a separate disk/partition and never on the disk/partition (C: drive) of the OS.

The only exception at this point in time is Microsoft Office, since Microsoft does not allow to install office elsewhere than on the C: drive of a Windows Machine. However, it is only allowed to install the actual software "Microsoft Office" on the systemdrive.

Files that are created with the office suite (*.docx, *.xlsx...) must be saved outside of the Systemdrive. Once you have installed Microsoft Office you must also configure the default file/autosave/save locations to point to a data drive.

If there are any problems regarding diskspace on the C: drive, Swisscom will move potential files created with the MS Office suite away from the systemdrive to a datadrive on the system.

If you encounter another situation similar to the situation with MS Office, please open a ticket and we will consider the software for an exception case aswell.

Install software on Managed RHEL

Please note the following restrictions, otherwise the compliance check will fail and the Temp Admin state cannot be left.

  • It is allowed to install an RPM from the Red Hat repositories which are attached to each VM.
    All software must be installed on a partition which does not belong to the OS filesystem.
  • All logfiles or variable data must be written on a partition which does not belong to the OS filesystem.
    Especially check if you write into a /var/log/* directory which must be on a separate partition.
  • It's not allowed to configure sudo rules with root privileges.
  • It's not allowed to create cronjobs for the user root.
  • It's allowed to configure a YUM repository in /etc/yum.repos.d/ for 3rd party software installation.
  • If you need the yum infrastructure for 3rd party software installation, you mustn't set a proxy in /etc/yum.conf.
    Instead place your proxy in your alternative repository under /etc/yum.repos.d/.
  • Check all other restrictions from the compliance checks in the Technical Description.
  1. Change to the Temp Admin state, for installing and configuring software.
  2. If not done during the VM provisioning, add an additional disk for the software installation according to this instructions and restrictions.
  3. In the Temp Admin state it is possible to login with a ssh client and the custadm user. Use the "sudo" framework for executing commands.
  4. Install the application
  5. On a Managed RHEL VM a local firewall (iptables) is running. Configure iptables to allow access to the service from other servers according to this instructions.
  6. Change the state for the VM back to the Full Managed state.

Workaround for output redirections with sudo

Output redirects to a file with sudo will not work if the user custadm has no write permissions for the file

$ sudo echo 'rouser custsnmp priv .1' >> /etc/snmp/snmpd.conf
-bash: /etc/snmp/snmpd.conf: Permission denied

The problem can be avoided with the "tee" command:

$ sudo echo 'rouser custsnmp priv .1' | sudo tee -a /etc/snmp/snmpd.conf
Last Updated: