> ## Documentation Index
> Fetch the complete documentation index at: https://docs.luumen.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# White-glove setup

> How Apiphani onboards new Luumen Enterprise customers — from the initial questionnaire through agent install and first compliance run.

Luumen Enterprise installs are handled end-to-end by Apiphani's engineering team. Your team provides the Patch server, the service user, and the list of hosts to monitor. Apiphani handles the agent install, the configuration, and the initial set of compliance checks.

## What you provide

Apiphani will ask for the following during onboarding:

* **Patch server access.** An engineer needs SSH or RDP access to the host that will run the agent. The user we use needs `sudo` on the Patch server only for the duration of the install (to register the agent as a system service).
* **Network confirmation.** Confirmation that the Patch server has outbound HTTPS to the Luumen API and outbound SSH or WinRM to the hosts you want to monitor. See [Prerequisites](/enterprise/get-started/prerequisites).
* **Host list.** The hostnames or IPs of the hosts the agent should connect to, plus any per-host credentials that differ from the default. We can accept this as a CSV for bulk import or load it into the Luumen UI for you.
* **Service user credentials.** Either a single default credential set (user + SSH key or user + password) or per-host credentials, depending on your environment.
* **A cloud environment (self-hosted only).** For self-hosted deployments, we'll need access to a cloud account in AWS, Azure, or GCP — or an on-prem environment with sufficient compute — to deploy the Luumen API and web application.

## The customer questionnaire

Before install, your Apiphani sales engineer will send a questionnaire that captures everything needed to scope the deployment:

* **Applications to monitor.** The platforms and workloads running in your environment that you want included in scope.
* **Host properties to monitor.** Memory, OS version, kernel parameters, custom properties — anything you want Luumen to collect and check against.
* **Compliance check frequency.** Hourly is the default. You can run more or less often, configured under the schedule settings in the Luumen UI (see [Scheduling runs](/enterprise/installation/scheduling)).
* **Initial compliance checks.** The rules you want pre-built before handoff. We'll translate your build sheets and SOPs into the platform's rule format.
* **Integrations.** Whether you want Vault for credential storage, plus any of the supported integrations like ServiceNow or Confluence. SSO and SCIM are configured separately. See [Integrations](/enterprise/integrations/overview).

The Luumen team reviews your answers and confirms what's in scope before the install.

## What Apiphani does during install

<Steps>
  <Step title="Provision the platform (self-hosted only)">
    For self-hosted deployments, Apiphani engineers deploy the Luumen API and web app into your environment, configure DNS and TLS, and verify the API is reachable. Apiphani-managed customers skip this step.
  </Step>

  <Step title="Install the agent on your Patch server">
    The engineer places the agent binary, configures your API key (via environment variable or `config.yaml`), and registers the agent as a system service. See [Install the agent](/enterprise/installation/agent-install) for the underlying mechanics.
  </Step>

  <Step title="Configure hosts and credentials">
    Hosts and credentials are configured in the Luumen UI — either added one at a time through the **Hosts** area, or bulk-imported via CSV. See [Defining hosts](/enterprise/connecting/defining-hosts).
  </Step>

  <Step title="Build initial checks and groups">
    Based on the questionnaire, we create host groups for your major host classes (production, non-production, application servers, databases, etc.) and assign the initial set of compliance checks to those groups.
  </Step>

  <Step title="Run end-to-end validation">
    The engineer triggers an agent run, confirms data is captured for every host, and reviews the first pass of compliance results with your team. Anything that needs correction (credential issues, unexpected check failures, missing properties) is resolved before handoff.
  </Step>

  <Step title="Hand off the workspace">
    Once validated, the engineer hands off the workspace to your team with login credentials and a walkthrough of the UI. From this point your team owns day-to-day operation, with ongoing support from your Apiphani account team.
  </Step>
</Steps>

## After handoff

Once installed, you own:

* Adding or removing hosts from the configuration.
* Creating new host groups and compliance checks.
* Reviewing check results and security alerts (NVD vulnerabilities, and SAP Security Notes if SAP is in scope).
* Acting on findings (patching, configuration changes, ticket creation).

Apiphani continues to own:

* Updates to the agent binary (we'll coordinate upgrades with you).
* Updates to the Luumen API and web app (Apiphani-managed is fully managed; self-hosted upgrades are scheduled with you).
* Data collectors for new properties or new platform versions.

If your environment changes meaningfully — new platform, new compliance framework, new property to monitor — reach out to your account team. New properties may require an agent update, which we'll coordinate. See [Support](/enterprise/troubleshooting/support).
