S3 - Viewer + Analysis, Multi-Machine (Docker)
Overview
This guide covers installing CAST Imaging with Viewer and Analysis capability across multiple machines using Docker. Users can run analysis and browse results through the Viewer interface.
What is installed:
| Install command | Component group | Containers | Machines |
|---|---|---|---|
imaging-services |
Front-end services + embedded database | 6 | One machine (install first) |
imaging-viewer |
Results viewer: ETL, APIs, AI service, Neo4j, server | 5 | One machine |
analysis-node |
Analysis engine (includes CAST Imaging Core ≥ 8.4) | 1 | One or more machines |
When to use: Environments that require analysis and result viewing but do not need CAST Dashboards.
- You can install any number of
analysis-nodecomponents on dedicated machines to load balance analysis requirements. imaging-servicesandimaging-viewermust each be installed only once across your network.imaging-servicesmust always be installed first, and must be fully running before any other component is installed.- The database instance (
postgresql) is bundled and deployed automatically as part of this installation. An external PostgreSQL instance can optionally be used instead - see theDB_MODEvariable below.
Requirements
Read and understand the following before starting:
Before you start
-
Air-gapped / offline environments: If your target machine does not have internet access, you must pre-download all required Docker images on an internet-connected machine and transfer them before running the installer. See the Air-gapped installation section below.
-
Extend Local Server: If your environment does not permit access to CAST Extend over the internet, you will need to install the Extend Local Server separately before completing this guide.
-
Network connectivity: All machines must be able to communicate with each other over the network. Before starting, confirm:
- The
imaging-servicesmachine is reachable from all other component machines - The database instance is reachable from all component machines
- All required ports listed in Hardware requirements are open inbound on each machine
- The
-
Shared folder: The
/opt/cast/sharedsub-folder (under yourINSTALL_DIRvariable) must be accessible in read/write mode from:- All
analysis-nodemachines - The
imaging-servicesmachine (required from 3.6.0-funcrel) - Options for sharing (do not share the parent
/opt/castfolder - share only/opt/cast/shared):- Mount the same network share (NAS or SAN) on all relevant machines
- Share
/opt/cast/sharedfrom one machine and mount it on all others - see Setting up an NFS share on Linux for step-by-step instructions.
- All
Step 1 - Download the installation media on each machine
Perform the following on each machine where you will install a component.
Download the installer using curl:
$ curl -# -O -J "https://extend.castsoftware.com/api/package/download/com.castsoftware.imaging.all.docker/<version>?platform=linux_x64" \
-H "x-nuget-apikey: <api-key>" \
-H "accept: application/octet-stream"
Where:
<version>: uselatestfor the most recent release, or a specific version such as3.6.0-funcrel<api-key>: your CAST Extend API key (obtain from https://extend.castsoftware.com/#/profile/settings )
Example for latest release:
$ curl -# -O -J "https://extend.castsoftware.com/api/package/download/com.castsoftware.imaging.all.docker/latest?platform=linux_x64" \
-H "x-nuget-apikey: a9999a9a-c999-999d-999b" \
-H "accept: application/octet-stream"
Unzip the resulting ZIP file anywhere on your local disk. The following files and folders will be created:
cast-imaging-dashboards/(folder)cast-imaging-node/(folder)cast-imaging-services/(folder)cast-imaging-viewer/(folder)tools/(folder)cast-imaging-install.shcast-imaging-install-podman.shcast-imaging-update.shconfiguration.conf
Air-gapped installation
If the target machine(s) has no internet access, pull and export all required images on an internet-connected machine, then transfer and load them on the target machine(s) before running the installer.
On an internet-connected machine - pull and export each image:
$ docker pull <image>:<version>
$ docker save <image>:<version> -o <filename>.tar
Transfer all .tar archives to the target machine (secure copy or removable media).
On the target machine - load each image:
$ docker load -i <filename>.tar
Verify all images are available:
$ docker image ls
Required images:
Depending on your chosen deployment scenario, it may not be necessary to download all images.
| Component | Image | Pull & export | Load |
|---|---|---|---|
Gateway (imaging-services) |
castimaging/gateway |
docker pull castimaging/gateway:<ver> · docker save castimaging/gateway:<ver> -o gateway.tar |
docker load -i gateway.tar |
Control Panel (imaging-services) |
castimaging/admin-center |
docker pull castimaging/admin-center:<ver> · docker save castimaging/admin-center:<ver> -o admin-center.tar |
docker load -i admin-center.tar |
SSO Service (imaging-services) |
castimaging/sso-service |
docker pull castimaging/sso-service:<ver> · docker save castimaging/sso-service:<ver> -o sso-service.tar |
docker load -i sso-service.tar |
Auth Service (imaging-services) |
castimaging/auth-service |
docker pull castimaging/auth-service:<ver> · docker save castimaging/auth-service:<ver> -o auth-service.tar |
docker load -i auth-service.tar |
Console (imaging-services) |
castimaging/console |
docker pull castimaging/console:<ver> · docker save castimaging/console:<ver> -o console.tar |
docker load -i console.tar |
Dashboards (dashboards) |
castimaging/dashboards-v3 |
docker pull castimaging/dashboards-v3:<ver> · docker save castimaging/dashboards-v3:<ver> -o dashboards-v3.tar |
docker load -i dashboards-v3.tar |
Analysis node (analysis-node) |
castimaging/analysis-node |
docker pull castimaging/analysis-node:<ver> · docker save castimaging/analysis-node:<ver> -o analysis-node.tar |
docker load -i analysis-node.tar |
ETL Service (imaging-viewer) |
castimaging/etl-service |
docker pull castimaging/etl-service:<ver> · docker save castimaging/etl-service:<ver> -o etl-service.tar |
docker load -i etl-service.tar |
AI Service (imaging-viewer) |
castimaging/ai-service |
docker pull castimaging/ai-service:<ver> · docker save castimaging/ai-service:<ver> -o ai-service.tar |
docker load -i ai-service.tar |
APIs Service (imaging-viewer) |
castimaging/imaging-apis |
docker pull castimaging/imaging-apis:<ver> · docker save castimaging/imaging-apis:<ver> -o imaging-apis.tar |
docker load -i imaging-apis.tar |
Viewer Server (imaging-viewer) |
castimaging/viewer |
docker pull castimaging/viewer:<ver> · docker save castimaging/viewer:<ver> -o viewer.tar |
docker load -i viewer.tar |
Neo4j (imaging-viewer) |
castimaging/neo4j |
docker pull castimaging/neo4j:<ver> · docker save castimaging/neo4j:<ver> -o neo4j.tar |
docker load -i neo4j.tar |
PostgreSQL (required for 3.0.x-funcrel - 3.5.x-funcrel, for 3.6.0-funcrel or later, required only when DB_MODE=embedded) |
postgres:15 |
docker pull postgres:15 · docker save postgres:15 -o postgres15.tar |
docker load -i postgres15.tar |
| curl (≥ 3.6.0-funcrel: for 3.6.0-funcrel use curl 8.7.1; for 3.6.1-funcrel or later use 8.19.0.) | curlimages/curl |
docker pull curlimages/curl:<ver> · docker save curlimages/curl:<ver> -o curl.tar |
docker load -i curl.tar |
psql (required in ≥ 3.6.0-funcrel when using a custom/external PostgreSQL instance - DB_MODE=external) |
alpine/psql |
docker pull alpine/psql:latestdocker save alpine/psql:latest -o psql.tar |
docker load -i psql.tar |
| CAST Extend Local Server | castimaging/extend-proxy |
docker pull castimaging/extend-proxydocker save castimaging/extend-proxy -o extend-proxy.tar |
docker load -i extend-proxy.tar |
After loading all images, open configuration.conf in a text editor and set:
OFFLINE_MODE=true
Step 2 - Configure the installation on each machine
Perform the following on each machine. All machines must use consistent values for shared variables (hostnames, database settings, install directory).
Locate configuration.conf at the root of the unzipped files and open it in a text editor (nano or vi). See Installation variables for a full reference.
General rules:
- Use forward slashes for all paths
- Do not use
localhost,127.0.0.1, or simple hostnames for_HOSTNAMEvariables - Ensure the same variable values are used consistently across all machines*
- CAST recommends leaving port numbers at default values where possible
Note in particular:
Hostname variables
Configure the appropriate xxx_HOSTNAME variable on each machine to the FQDN or static IP of the machine hosting that component:
# Find the FQDN of the current machine
$ hostname -f
# Or find the IP address
$ hostname -I
| Variable | Value | Required on |
|---|---|---|
IMAGING_SERVICES_HOSTNAME |
FQDN/IP of the imaging-services machine |
All machines |
IMAGING_VIEWER_HOSTNAME |
FQDN/IP of the imaging-viewer machine |
imaging-viewer machine |
IMAGING_NODE_HOSTNAME |
FQDN/IP of the analysis-node machine |
Each analysis-node machine |
INSTALL_DIR and shared folder
The INSTALL_DIR variable defines where configuration and data files are stored (default: /opt/cast).
You must ensure that /opt/cast/shared (or <INSTALL_DIR>/shared) is mounted and accessible in read/write mode on:
- All
analysis-nodemachines - The
imaging-servicesmachine (required from 3.6.0-funcrel)
See Setting up an NFS share on Linux for configuration steps.
DB_MODE
Use DB_MODE (on the machine running imaging-services for multi-machine mode) to control whether the embedded PostgreSQL Docker container is used or an external PostgreSQL instance:
DB_MODE=embedded(default) - deploys apostgrescontainer as part of the installationDB_MODE=external- uses an existing external PostgreSQL instance (configure the relevantDB_*variables)
See Installation variables and Database requirements for details.
Neo4j memory settings (optional, imaging-viewer machine only)
If you need to reduce Neo4j memory usage before installation (e.g. for a test deployment), edit the cast-imaging-viewer/.env file (on the imaging-viewer machine) and modify:
NEO4J_server_memory_heap_initial__size=<size>
NEO4J_server_memory_heap_max__size=<size>
NEO4J_dbms_memory_transaction_total_max=<size>
Default values are 12 GB each. See Customizing Neo4j for details.
Domain mapping (optional, imaging-services machine)
To isolate imaging-viewer results per domain in dedicated Neo4j databases, you can enable the domain/tenant mapping feature. CAST strongly recommends enabling this now, before any applications are onboarded - enabling it later in an existing installation causes irreversible loss of customizations (tags, saved views, post-it notes, custom objects).
Update the following variable in configuration.conf (on the imaging-services machine for multi-machine deployments):
IMAGING_DOMAIN_SYNCHRO_ENABLED=true
See Domain/tenant mapping feature for full details and prerequisites.
Firewall ports
Open all ports listed in Hardware requirements inbound on each machine to ensure:
- Users can access all CAST Imaging resources in their browser
- CAST Imaging components can communicate with each other correctly
Step 3 - Make the install script executable on each machine
On each machine:
Ensure the installation script is set to executable:
$ chmod +x cast-imaging-install.sh
Step 4 - Run the installation (in order)
Install components in the following sequence. Wait for each step to complete fully before proceeding to the next.
On the imaging-services machine - install first:
$ ./cast-imaging-install.sh imaging-services
On each analysis-node machine:
$ ./cast-imaging-install.sh analysis-node
On the Imaging-viewer machine:
$ ./cast-imaging-install.sh imaging-viewer
Step 5 - Verify the installation
On each machine, check that all containers are running:
$ docker ps
You should see 12 containers (or 11 if using an external PostgreSQL instance):
| Command | Expected containers |
|---|---|
imaging-services |
6 |
imaging-viewer |
5 |
analysis-node |
1 |
Full list:
| Container | Port(s) | Base OS |
|---|---|---|
postgres |
2285 | Debian GNU/Linux 12 |
gateway |
8090 | Alpine Linux |
console |
8091 | Alpine Linux |
auth-service |
8092 | Alpine Linux |
sso-service |
8096 | Red Hat Enterprise Linux 9 |
control-panel |
2381, 8098 | Alpine Linux |
neo4j |
7473, 7474, 7687 | Debian GNU/Linux 13 |
etl |
9001 | Debian GNU/Linux 13 |
open_ai_manager |
8082 | Alpine Linux |
server |
9000, 8084, 8083 | Alpine Linux |
imaging-apis |
8070 | Debian GNU/Linux 13 |
analysis-node |
8089 | Rocky Linux 8 |
- The
sso-servicecontainer memory allocation is set to 70% of available container memory by default. See SSO service memory management to adjust this. - If a container fails to start, check its logs via
$ docker logs <container_name>
Set permissions on each analysis-node machine
On each machine where you installed analysis-node, run:
$ chown -R 0:0 /opt/cast/shared
Replace /opt/cast/shared with the shared sub-folder of your INSTALL_DIR if you changed the default.
If a container fails to start, check its logs:
$ docker logs <container_name>
Data storage
All analysis data is stored under the INSTALL_DIR path (/opt/cast by default).
Database data for the embedded PostgreSQL instance is stored in Docker volume v3-db-data (view with docker volume ls). If you reinstall imaging-services and this volume already exists, it will be reused and existing applications will remain visible.
Step 6 - Initial startup configuration
Browse to:
http://<IMAGING_SERVICES_HOSTNAME>:8090
Log in using the default credentials: admin / admin
Configure the Licensing strategy. Choose one of:
Named Application- each onboarded application requires its own dedicated license keyContributing Developers- a global license key based on the number of contributing developers
You can switch license key strategy after onboarding applications. See Manage your license keys.
Configure CAST Extend settings and Proxy settings:
Verify that all components are available:
http://<IMAGING_SERVICES_HOSTNAME>:8090/admin/services
Step 7 - Configure authentication
Out-of-the-box, CAST Imaging uses Local Authentication (admin/admin) managed by Keycloak.
CAST recommends switching to your enterprise authentication system (LDAP or SAML) before onboarding applications. Access the Keycloak UI using the kcadmin account (or the value of KEYCLOAK_LOGIN_ADMIN_USER if customized during installation). See Authentication for full instructions.