Preface
This installation guide is based on Ubuntu 22.04 server. Commands may vary for other Linux distributions. A recent and systemd-based Linux is highly recommended.
Supported Version
This guide refers to the following versions:
Router management | 2025.09.0a |
Autoupdate | 2025.09.0a |
System Requirements
Application Server
Requirements | 1 - 1.500 Routers | 1.500 - 3.000 Routers |
|---|---|---|
CPU | 8 vCPUs | 16 vCPUs |
RAM | 16 GB | 32 GB |
Storage | 100 GB HDD |
Optional: Dedicated Database Server for Larger Environments
Ubuntu 22.04 server (preferred)
8 vCPUs
16 GB RAM
100 GB HDD
Prerequisites before Installation
Docker installed with compose plugin (Docker Installation)
User is in docker group (Manage docker as non root user)
Downloaded icom Router Management Server Edition
insys-irm-2025_09_0a.tar.gzfrom icom Router Management Downloads
Installation
Configure VM
Extract the archive to your desired location (we recommend using /opt/insys-irm). Make sure to own that directory to prevent permission issues.
sudo mkdir /opt/insys-irm
sudo tar -xzf insys-irm-2025_09_0a.tar.gz -C /opt/insys-irm
sudo chown -R <USER>:<GROUP> /opt/insys-irmPlease note!
If you don’t have access to dockerhub or another docker registry hosting the official containers for
traefikand (if using the internal database)postgres, icom Router Management will use the included containers.
Configure the instance
In the .env file you need to provide information for: - connecting to Database - hosts ip or FQDN - desired level of network security - custom ports (optional) - usage of an external database (optional)
Network Modes
There are 3 modes available for running the icom Router M network
Mode | Description |
|---|---|
| run the network services without encryption |
| run the network services with encryption |
| additionally secure the communication between icom Router Management and devices with mutual authentication |
Please note!
When switching to
https-mtlslater, every device already connected previously, has to be added again or fitted with valid certificates!
http
No further configuration is required.
https
In addition to setting the network mode in .env, you need to place a valid server certificate and its key into the certs directory and name them cert.cert and cert.key.
https-mtls
You need to add certificates described in https and a custom certificate authority named client-ca.cert to the certs directory.
Startup application
To start the application execute ./start.sh and follow the instructions.
Configure the icom Router Management
To configure your application login into icom Router Management using the default accounts credentials.
Username: default
Password: secretPlease note!
Please change the password of the default account by navigating to
Administration⇒My User Profile. Default credentials in production environments pose a security risk.
Navigate to the System Settings page and adapt the following values:
Key | Value |
|---|---|
CONNECTION_PROFILE_HOSTNAME |
|
DEVICECONTROL_SERVER_CERT |
|
AUTOUPDATE_SERVER_CERT |
|
https
For https also set:
Key | Value |
|---|---|
INVENTORY_CONNECTION_PROFILE_PORT |
|
Navigate to Certificate Management ⇒ Certificates, upload your server certificate, select it and use it as server certificate via the Action button.
Such a server certificate can be aquired from e.g. Let’s Encrypt.
https-mtls
Navigate to Certificate Management ⇒ Certificate Authorities, upload your certificate authority, choose New certificate authority with key (Format: PKCS#12) and set a name and eventually the password. Now select its entry and Configure it as client CA via the Action button.
Please note!
When switching to
https-mtlslater, every device already connected previously, has to be added again or fitted with valid certificates!
Stopping and restarting
In the directory containing README.md execute: - ./start.sh to start the application - ./stop.sh to stop the application