Please note that changes to your existing BVQ configuration can only be made, using an update installation. This works even with the same installation file used in your current BVQ installation.

You have a running BVQ and want to change the java heap size of your BVQ Server?
Reinstall BVQ and change the specific value during the install wizard, you will keep your data, but have a different heap size value.

1. Start the installation
   After placing the core-installer on the specific host you are ready to start the installation.
   Open the core-installer.

   Welcome to the BVQ installer, the installation is about to begin shortly.
   

   -Click 'Next' to advance to the next page

3. Select Components
   For updates, it's necessary to select all of the BVQ components.

   Please note: Deselecting components in an existing installation will remove the deselected components during the installation process.      
   This can potentially result in loss of data or functionality, which may have serious consequences.     
   Ensure that you have backed up all necessary data before proceeding.

   -Click 'Next' to advance to the next page

4. Select Destination Directory
   The "Database server access" values are used by BVQ for the internal communication between the database and the BVQ Server.

   The Database name will be the name of the internal database, residing on the MongoDB-server.

   For the User authentication fields, it is important to understand that these credentials are your BVQ database -credentials,
   which BVQ uses to connect to the database.
   

   -Click 'Next' to advance to the next page

5. Database
   Your current port number will be displayed.
   Keep in mind that the port number varies according to the selected transfer protocol option.
   The default port for a server which will be accessible via HTTP is 80, the default port for the activated HTTPS option is 443.
   For example, if you change the port number to 8080 and choose "enable HTTPS" afterwards, the port number will be changed to the default value 443.
   Also please be aware that for every BVQ port change, you have to adjust the Grafana datasource. 

   Grafana configuration is the Grafana port, which will be used by the BVQ installed Grafana.

   The heap sizes are configured for both the BVQ Server which will run as a Webserver and the scanner service which will collect the data of the systems you will be scanning.
   If the number of scanners will increase considerably in the future, the specific values can be adjusted accordingly.
   BVQ Server max heap size = 4096 MB is recommended (depending on the environment).
   BVQ Scanner max heap size = 1024MB is recommended (depending on the environment).

   Select HTTPS to be enabled if you choose to.

6. Web server
   The port number under which BVQ will be accessible varies according to the selected transfer protocol option.
   The default port for a server which will be accessible via HTTP is 80, the default port for the activated HTTPS option is 443.
   For example, if you change the port number to 8080 and choose "enable HTTPS" afterwards, the port number will be changed to the default value 443.
   Also please be aware that for every BVQ port change, you have to adjust the Grafana datasource. 

   Report TTL: The reports you run in the future are available as a default, for 30 days.

   Grafana configuration is the Grafana port, which will be used by the BVQ installed Grafana.

   The heap sizes are configured for both the BVQ Server which will run as a Webserver and the scanner service which will collect the data of the systems you will be scanning.
   If the number of scanners will increase considerably in the future, the specific values can be adjusted accordingly.
   BVQ Server max heap size = 4096 MB is recommended (depending on the environment).
   BVQ Scanner max heap size = 1024MB is recommended (depending on the environment).

   Select HTTPS to be enabled if you choose to.

7. Use self-signed certificate
   If you are changing the default values:
   By enabling HTTPS and the use of a self-signed certificate, BVQ will create a certificate for you.
   The Keystore password has a default value, which can be adjusted,
   any of the following values must be set to continue.

   The "Domain name" field has to be the set to the FQDN like bvqtest.labwi.sva.de

   Also, the Windows user must have read access rights for the certificates.

   -Click 'Next' to advance to the next page

8. Use own-certificate
   If you are changing the default values:
   By enabling HTTPS and the use of an own-certificate, you must "browse" the location of your private and public key.
   If it is encrypted, enter the specific password for the key.

   The Keystore password has a default value, which can be adjusted,

   -Click 'Next' to advance to the next page

   SSL Certificate:

   1. For the installation of our BVQ Monitoring Tool, a specific SSL certificate is required. Please request this certificate from your security team or your certification authority.

   2. The private key must be in .key format and have an associated password. This password is essential for the security and proper configuration of the system.

   3. The SSL certificate itself should be provided in .crt format. This format is necessary for installation on an Apache web server that supports HTTPS.

   4. Inform your security team that the certificate and private key are intended for an Apache web server with HTTPS support.

   5. Ensure that all company and server information is correct when applying for the certificate to avoid compatibility issues.

   6. We recommend following our example guide for generating the private key and certificate on a Linux system. This guide explains step-by-step how to generate the key and certificate.
      SSL Guide

9. Windows service configuration
   To create and start the BVQ services an authorized Windows user is required.
   In case of possible vm reboots in the future, a local user is recommended to be used.
   For the use of a local user, the domain field must be empty.

   The given credentials will only be used, for the execution of Windows Services, as well as scheduled tasks in Windows..

   -Click 'Install' to advance to installation

10. Installation
    The installation starts and the current processes are displayed from top to bottom.

11. For research purposes only
    When the installation of BVQ is completed, you can find the installation log here:

    C:\Program Files\SVA\BVQ\bvq-core\.install4j\installation.log
    or

    C:\Programme\SVA\BVQ\bvq-core\.install4j\installation.log

    When you encounter issues during the installation, please be aware,
    that the complete log of the installation is only visible, as long as the installation wizard is active
    and the log can be found in the AppData directory, the name of the log file will be:
    i4j_log_bvq-core_<hash-code>.log

    And it will be placed here:
    C:\Users\<windows_user>\AppData\Local\Temp

12. Completing the BVQ Setup Wizard
    The update has been successful.

    You can choose to start the BVQ WebUI after finishing the wizard, which is enabled by default.
    Displayed is also the BVQ Web address as well as the Grafana address.

    The next steps will be to access the BVQ WebUI to complete the maintenance which is active after every update or installation
    and if you have chosen a HTTPS installation, the Grafana-Datasource has yet to be adjusted.

    After using the 'Finish' -Button, the wizard will be closed and your default browser will open, directing you to the localhost webpage.
    Please keep in mind, that the start of the BVQ services could take a minute

    Thank you for using a supported browser, such as:
    "Firefox, Chrome, Safari, Edge"

13. Accept the Certificate
    The localhost webpage has opened up,
    if you created your own certificate during the installation of BVQ, an exception is necessary, to continue to the BVQ webpage.

Maintenance

Login to your BVQ maintenance
Open a supported browser and use the following (HTTP or HTTPS):

http://localhost/#/ui/login for the BVQ Maintenance Mode
or
http://localhost/ui/login for the BVQ Web Server
On any other client in the network, you can use a browser and type: http://<BVQ-ServernameOrIP>

To Access the BVQ-Maintenance-Page please use the credentials, created during the installation, here

We do also provide a selection of the supported browsers as well as the specific links.

The BVQ maintenance page that you will be redirected to after each update and installation, is the last step for BVQ to check and confirm specific configurations.
Only checks that require values or actions will be displayed.

When you have completed the last step, of your maintenance, you will be shown a "Maintenance completed successfully" window, the services of BVQ will be restarted and your are directed to the BVQ webpage.

2. Java Version
   BVQ checks the installed Java version of your system, if the current version is suitable to run BVQ.

3. Share Usage Statistics
   Our aim is to give our customers the best possible BVQ experience, we want to understand how we can serve you better.
   We would recommend you to help us, by sending the statistics.

4. Filesystem
   BVQ will check the BVQ folders on your filesystem, to confirm that the placed files are in order.
   If you are updating a running BVQ, its going to take more time, the bigger the database.

5. MongoDB Version
   The database server used by BVQ is a MongoDB, this check confirms that the used version is corresponding.

6. Database Schema
   BVQ database structures do change by version, so that the running database schema may have to be adjusted.
   If your database schema has to be adjusted, BVQ will ask you to "Start DB schema adjustments".
   The duration of this task varies according to the size of your database, most adjustments take less than 15 minutes.

7. Web Server Base URL
   With the correct firewall configuration, you are able to reach your BVQ webserver from all over your network.
   BVQ is able to send notifications to users and machines, to clearly state from which host these notifications are coming from we need you to add the host address.

8. BVQ License
   During an initial installation or when your license is no longer valid, you have to choose to activate a trial license or upload a valid license.
   The trial license is for a period of six weeks, after which the BVQ will no longer collect data.

9. Maintenance completed
   Due to the fact that every necessary action has been performed, you have completed the maintenance and are redirected to the BVQ webpage shortly.

Grafana Datasource

1. Grafana
   For each update where you have created a new HTTPS certificate, you must adjust the BVQ datasource within the Grafana.

   Additionally for each update where you have changed the port number for the BVQ server, you have also to adjust the BVQ datasource within the Grafana.

   Open your Grafana with the Grafana button, a new tab will open up and login to Grafana using the default BVQ-Credentials, here

2. Move to your Grafana Datasource
   Open the Configuration menu and click on Data source,
   the installed Data source plugins are listed,
   click on BVQ Server to move to the specific Data source.

3. Change the URL
   The BVQ Data Source is shown and can be adjusted.

   If you changed the protocol from HTTP to HTTPS during the BVQ update, you need to adjust the address accordingly.
   https://FQDN

   You have to edit the HTTP/URL field as well as the BVQ Settings/BVQ Server URL field on the bottom of the page.

4. Add a Certificate
   For adding the certificate,
   you only need to activate "With CA Cert"
   and paste the certificate text to "CA Cert", shown here
   (You can also find the self-signed certificate by default here: C:\Program Files\SVA\BVQ\bvq-core\cert\)

   Click on "Safe & Test" to adjust the data source.

BVQ GUI

1. Update your GUI
   For each change of the database schema, your BVQ GUI has to be updated as well.
   
   The BVQ GUI is an application, which connects to your BVQ database and gives you the freedom to browse through your collected data.
   When you completed the installation, the BVQ GUI installer is by default located in the following directory:
   C:\Program Files\SVA\BVQ\bvq-core\bvq-server\gui

   You can download the BVQ GUI installer on every client, that can reach the BVQ Web Server.
   Please be aware that the BVQ GUI installer is for Windows only.

   The third option for downloading the install file is to move to your "Server information", which is located under the Support tab.
   You will find 4 available tabs, the download button is located under "Database".
   The BDPM-File is the prefilled connection profile which enables the  BVQ GUI to connect to a specific BVQ database.