Install¶
A clean install on a single host takes about 30 minutes, most of it spent in the Google Cloud console. The pages below walk you through it in order.
At a glance¶
flowchart LR
P[Prerequisites] --> G[Google Workspace setup]
G --> C[Configure .env]
C --> R[docker compose up]
R --> L[First login]
L --> A[Deploy collector]| Step | What you do | Time |
|---|---|---|
| Prerequisites | Confirm Docker, a Google Workspace domain, and host requirements. | 2 min |
| Google Workspace setup | Create an OAuth client + a service account with two read-only scopes. | 15–20 min |
| Configure | Generate secrets, populate .env. |
5 min |
| Run with Docker Compose | Start Postgres, core, and web from Docker Hub images. | 5 min |
| First login | Sign in through the web UI as a Workspace user. | 2 min |
| Deploy the collector | Enable core ingest, configure a host collector, and verify forwarding. | 15–30 min |
| Troubleshooting | If something goes wrong. | — |
After a host collector is healthy, point each AI client at it — see Configure clients.
What gets installed¶
Three containers wired together by Docker Compose:
db— Postgres 16. Holds the identity tables (person,authentication_identity,employment_state,staged_identity).core—ryora/aris-corefrom Docker Hub. Runs migrations on boot, syncs your Google directory on a 1-hour cadence, serves the v1 API, and can expose collector enrollment, management, and ingest endpoints when configured.web—ryora/aris-webfrom Docker Hub. Handles Google OIDC login and proxies authenticated requests tocore.
Collectors are installed separately on the hosts you want to observe. They connect back to core over the ingest gRPC listener after the base install is working.
You will need one persistent data volume (the database) and one host file (the Google service-account JSON). Collector deployments also need per-host mTLS material.
Start with Prerequisites.