Ontopic Docs

# AWS Marketplace installation

Ontopic Suite is available on AWS Marketplace as an AMI image (opens new window).

# Usage instructions

  1. Select action Launch though EC2.
  2. When filling the configuration form, we recommend you enable encryption for the two volumes. For that, in the Configure storage section, click on Advanced. For each volume, select Encrypted in the Encrypted menu. For the KMS key, we suggest selecting (default) aws/ebs.
  3. Once the instance is running, enter the public DNS provided by AWS into your browser. You will then see the Ontopic Suite application and be prompted to enter a username and a password. The default administrator is studio, and the password is the ID of the EC2 instance. To get this ID, please refer to this page (opens new window).
  4. You may change the username and password in the configuration service by navigating to port 8080 (add :8080 at the end of the url). Within the configuration service, you can also provision and manage local users.
  5. You can access your instance via SSH using the username ec2-user and your AWS private key.

# FAQ

Which ports are open?

  • HTTP on 80 for the main UI
  • HTTP on 8080 for the configuration service
  • HTTP on 4300 for the Semantic SQL endpoint
  • SSH on 22 for access to the terminal
  • SSH on 2222 for accessing to the Git repositories (read-only)

How can I enable HTTPS?

You have to set up a reverse-proxy on your own. We recommend using the Certificate Manager (opens new window) and the Network Load Balancer (opens new window) from AWS. For the Network Load Balancer, consider creating two TLS listeners for the ports 443 (to be mapped to the port 80) and 8080 (mapped to 8080), as well as two TCP listeners for the ports 2222 (mapped to 2222) and 4300 (mapped to 4300).

How can I provide a stable domain name for the SSH port of the Git repositories?

Go on the configuration service (on the port 8080) and in the Host section, set the value of Git public domain. When this value is not specified, the Git repository uses the public domain name provided by AWS in the SSH clone URLs. The public domain name provided by AWS is not stable and typically changes when the EC2 instance is deployed on a different physical machine.

Can I clone Git repositories using HTTPS?

No, this feature is not supported at the moment. Please register your personal SSH key in the settings of the Git repository manager and use the SSH URL for cloning the repository.

How can I migrate to a newer version?

Create a snapshot of the second volume (/dev/xvdba). When creating a new EC2 instance from the Marketplace, in the section Configure storage, click on "Advanced" and select the snapshot you created for the second volume (/dev/xvdba). Check that the new EC2 instance is working and decommission the previous one. To upgrade from version 2024.1.4 you need to migrate the volumes as explained in the Upgrade page.

How can I assess and monitor the health and proper function of the application?

First, navigate to your Amazon EC2 console and verify that you're in the correct region. Choose Instance and select your launched instance. Select the server to display your metadata page and choose the Status checks tab at the bottom of the page to review if your status checks passed or failed.

How can I add or update a JDBC driver?

See the dedicated section.

Where is sensitive data stored?

All data is stored within the /var/lib/ontopic-suite, /var/lib/ontopic-suite-configuration, /etc/ontopic-suite/secrets and /etc/ontopic-suite/configuration/secrets folders. All these folders are stored in the second volume (/dev/xvdba).

What is the data encryption configuration?

By default the volumes are not encrypted due to the publishing method. However, we recommend you enable it for both volumes, or at least for the second one containing data. See the steps at the beginning of the Usage instructions.

How can I rotate programmatic system credentials and cryptographic keys?

To rotate application credentials, you can use the configuration service running at port 8080. To rotate your SSH key, modify the contents of .ssh/authorized_keys.

How can I login with OpenID Connect authentication using Azure Active Directory?

See the dedicated section

How to register an application on Azure Active Directory?

See the dedicated section.

How to configure materialization with an S3 bucket?

See the dedicated section.

How to add a new user?

Navigate to the configuration service (port 8080) and in the Users section, click on Add user. When creating a user, you must assign a role:

  • ots-admin for administrators
  • ots-project-creator for users who should be able to create projects

Note: After making user changes, you need to logout from your existing session for the changes to take effect. Additionally, Ontopic Suite will take a few minutes to restart.

Windows Desktop installation