Bridge Installation for Linux
This document outlines the process for installing and configuring the OvalEdge Bridge Client on RHEL-based operating systems. The Bridge component enables secure connectivity between the OvalEdge cloud-hosted server and client data sources, whether hosted on-premise or in any public cloud environment.
OvalEdge’s cloud offering allows customers to utilize the platform as a hosted service without directly connecting to client data sources. This is achieved through the OvalEdge Bridge component, which enables secure communication between cloud and on-premise environments without modifying firewall rules.
The client component of the Bridge is installed within the client infrastructure, requiring only the whitelisting of the client’s IP address and port.
Purpose of the document
The purpose of this document is to outline the detailed procedure for installing, configuring, and validating the OvalEdge Bridge Client on RHEL-based systems, including prerequisites, system setup, connectivity validation, installation, and service management.
Prerequisites
Installation Files
The following files must be available before starting the Bridge Client installation:
Bridge Secure Connectivity Pack (.zip)
Contains certificates and configuration files required for secure communication between the Bridge Client and Bridge Server.
Bridge Client Installer (.jar)
Required to execute the Bridge Client installation process.
Bridge Component File (.nar)
Must be placed in the NiFi lib folder after installation to enable communication with the OvalEdge SaaS platform.
Before proceeding with the installation of the Bridge-Client, please ensure the OvalEdge App is up and running.
The OvalEdge GCS team provides these files via a secure channel (email) and must be copied to the Bridge Client VM before installation.
Recommended Hardware
RAM
32 GB
SSD
250 GB
vCPU
8
Recommended Software
OS
RHEL
Open JDK
17.0
Whitelisting Ports
Inbound
9443
Required for NiFi UI configuration changes
Outbound
9443
Communication from Bridge Client to Bridge Server
The Bridge Client IP must be whitelisted in all connector data sources.
Ensure outbound traffic on port 9443 is allowed to the Bridge Server.
Get a confirmation from GCS that the Bridge-Client IP is whitelisted in the Bridge-Server hosted in AWS.
OvalEdge Bridge Architecture and Communication Model
The Bridge works in a Pull Model where the Bridge client will be Polling (Checks for any commands that are stored at the Bridge Server, issued from the OE Platform, eg, establishing a connection to the dataSource) to execute, waiting in the queue (A queue is a Flow File that holds the data to be transmitted through Bridge) every 5 seconds.
The pull time can be configured, and the Bridge client pulls commands from the Bridge Server and transmits the metadata to the OE Platform for processing, securely over the whitelisted secure ports.
The Bridge is owned by OE, except for the client VM on which it is deployed in the client Data Center (OE provides all software components).
OE provides and maintains the bridge component. The Bridge Server is hosted along with the OE Platform and interacts with it. Users perform actions like crawling and profiling data sources and the Bridge Client Pools for the commands, and securely execute the same connection to the client data Sources over TLS 1.2 (Transport Layer Security) and SSL.
The Bridge Component, offered as part of the SaaS, reduces communication pain points with client data sources, whether hosted on a VM (provided by the client) or on-premises.
Bridge Components
Bridge Server
Hosted on the OvalEdge SaaS AWS environment and interacts directly with the OvalEdge platform.
Bridge Client
Installed on the client’s infrastructure (cloud or on-premise) and communicates securely with the Bridge Server.
The Bridge is owned and maintained by OvalEdge.
The client provides the VM and network configurations within their environment.
All communications are encrypted using TLS 1.2 and SSL protocols.
Deployment Scenarios
Cloud-based Sources
OvalEdge SaaS AWS Server
Public cloud VM (provided by client)
The Client VM IP address must be whitelisted to communicate securely with the Bridge Server hosted on the SaaS VM.
On-Premise Sources
OvalEdge SaaS AWS Server
On-prem VM (provided by client)
The Client VM IP address must be whitelisted to communicate securely with the Bridge Server hosted on the SaaS VM.
Installation Steps
Setting up the VM
Configure system settings in the OvalEdge application
Proceeding with Bridge Client Installation
1. Setting up the VM
Install Open JDK version 17
Run the following commands for RHEL OS:
Run the following command for Ubuntu OS:
Verify Installation:
Output:
Identify Public IP:
Share the static public or NAT IP of the VM with the OvalEdge team (GCS). The IP will be whitelisted on the OvalEdge SaaS system to allow traffic between the Bridge Client and Bridge Server.
On the customer’s network, make sure that outbound traffic is permitted to the bridge server IP (which will be shared by the OvalEdge team) on port 9443
Verify Connectivity:
The bridge_server_domain will be provided by the OvalEdge team.
For the OvalEdge application to crawl data from the customer's data sources, the VM running the bridge client must be able to connect to them. The customer must ensure that the Bridge client VM is allowed to access the data sources.
Ensure the Bridge Client VM has network access to all required data sources.
Only required ports on the data sources should be opened for traffic from the Bridge Client VM.
Service accounts should have read-only access.
2. Configure System Settings in the OvalEdge application
OvalEdge team must perform the following validations (bridge settings) before initiating the Bridge Client installation.
Navigate to Administration >system settings > system path ovaledge:temppath=/mnt/tmp/
Navigate to Administration > System Settings > Bridge.
Review the Bridge configuration values listed below. If any configuration value differs from the required configuration, update the value according to the standard configuration provided below.
ovaledge.bridge.mode
true
ovaledge.bridgesoftware.path
/mnt/BridgeSoftware/
bridge.type
nifi
bridge.server.host
<Ovaledge Team will provide the bridge server host>
bridge.nifiversion
nifi-1.28.1
3. Proceeding with Bridge Client Installation
Deploy a RHEL machine that serves as a mediator between the Bridge Server and data connectors.
Navigate to Administration > Connectors and click Manage Bridge.
Click "+" to add the Bridge.
Enter the public IP address of the Bridge Client machine in the Bridge IP Address field
A pop-up displays the Bridge ID, Security Code, and download links for the Bridge Secure Connectivity Pack and Bridge Installation Software.
Download the file and copy the security code to the Bridge Client VM.
Download and copy the Bridge Secure Connectivity Pack ( zip file) to the bridge client VM. Note the Security Code displayed during the Bridge Installation process.
Note the Security Code in the format:
Click on the Ok button, and the new bridge is created and displayed on the Bridge page.
Download the Bridge Installation Software file shared by the OvalEdge GCS Team via email and move it to the bridge client VM.
The installation file size is approximately 700 MB.
Install and Register the Bridge
Installation Steps
Create three folders:
bridge_artifacts
bridge_client
temp
Copy the Bridge Secure Connectivity Pack (zip file) and ovaledge-bridge-client-installer.jar into the bridge_artifacts folder.
Run the installation:
Upon running the JAR file, press "1" and "Enter" to confirm your choice. Please follow this step for any future confirmations of this nature.
When prompted, select the installation path for the Bridge Client.
The default installation path is /usr/local/ovaledge_bridge.
Enter the path of the folder created earlier, named bridge_client.
Press "1" and "Enter" to confirm your choice
Enter the Security Code noted during the bridge creation process in the OvalEdge application.
Provide the same IP Address used when adding the bridge IP details in the OvalEdge application under the M/C IP Address field.
Enter a suitable Bridge Name to identify the Bridge Client.
Provide the Bridge Server URL shared by the OvalEdge team.
For the Certificates Path, enter the location of the Bridge Secure Connectivity Pack (ZIP file) copied earlier to the VM.
For the Bridge Temp Path, enter the location of the temp path on the VM
Enter the required User Name and Email Address, then press 1 and Enter to confirm.
The user details are mandatory and must be entered without spaces.
This information is recorded for reference purposes to identify the individual who performed the Bridge (NiFi) setup on the VM.
For NIFI service creation, enter the service name.
For the Is askEdgi option, specify whether the askEdgi feature should be enabled.
Enter true to enable askEdgi.
Enter False to proceed without enabling askEdgi.
Press “1” again and Enter to proceed.
Press “1” again and Enter to proceed.
Confirm the action by entering Y and pressing Enter.
When prompted, provide the configuration file path enclosed in square brackets, for example:
Wait for the installation to complete. A message stating “Installation was successful” will appear.
After successful installation, verify that the message “Bridge software installed successfully” is displayed.
Copy the oe-bridge-bundle-nar-<version>.nar file to the NiFi lib folder.
If any third-party JAR files are provided by the OvalEdge team, copy the JAR files to the appropriate NiFi library directory along with the Bridge NAR file.
Restart the NiFi service from the NiFi bin folder using the command:
After restarting, check the NiFi logs to confirm that the service has started correctly.
Verify the bridge status from the OvalEdge application UI.
The bridge status should display as green, indicating successful installation and connectivity.
Add the bridge.temppath in the application Bridge settings.
Navigate to Administration > System Settings> Bridge
Provide the path that was created in the Bridge Client VM during the Bridge installation process.
Running Bridge as a Service
OvalEdge offers Bridge functionality as part of its cloud offering, allowing customers to use the platform as a hosted service without connecting to client data sources.
Bridge installation on a client machine is managed manually via commands, which causes a server outage when the machine stops. To overcome this, OvalEdge is providing Bridge-as-a-Service on the client's machine.
Bridge as a Service Benefits
The Bridge Component is deployed as a Service. The installation of the Bridge Component, which is server-hosted on SaaS and client-hosted on client cloud or on-prem, runs as a service to avoid manual intervention.
Exposing the Bridge as a service ensures that, if a VM is brought back, the Bridge components (Server and client, respectively) start without manual Intervention.
This ensures that the Bridge component's availability meets an SLA (Service Level Agreement) of 99.999%.
Steps to Configure Bridge as a Service
Before creating NiFi as a service, stop the running NiFi instance
Navigate to the NiFi bin folder.
Become the root user.
Navigate to:
Create a new service file:
Insert the following content:
ExecStart: Path to NiFi bin/nifi.sh file.
ExecStop: Path to NiFi bin/nifi.sh file.
User: VM username.
Group: VM group name.
Service Management Commands
Reload Service
systemctl daemon-reload
Start Service
systemctl start nifi.service
Enable Service
systemctl enable nifi.service
Check Status
systemctl status nifi.service
Troubleshooting
If an error occurs while starting the NiFi service, execute the following:
After running these commands, attempt to restart the NiFi service again.
Copyright © 2025, OvalEdge LLC, Peachtree Corners GA USA
Last updated
Was this helpful?