Frequently asked questions

On this page:


How is Anaconda Server different from other software repositories?

Anaconda Server is built with the data scientist in mind! It is designed to manage data science and machine learning packages within channels, and outperforms other repositories in terms of secure data science due to its conda-native platform, which is maintained by the builders of conda packages. Anaconda scans each package for malware, then works the package through an exstensive and well established curation process. This means Anaconda knows exactly what’s inside our packages, so we can more accurately match common vulnerability and exposure (CVE) data to build artifacts than anyone else. Our CVE score information is also more up to date. We know when patches are implemented between releases. Anaconda also links dependency trees to CVE scores, and provides package metadata you can trust.

How do I manage security and control access to packages?

Access to Anaconda Server, channels, and packages is controlled through groups and roles. User access and identity management is controlled via Keycloak.

Control the risk level of packages available to your users by applying mirror filters to remove unsafe or undesired packages. Filter packages based on their CVE score, license type, platform type, version, package name, and more! Filter exceptions are also available for mirrors, so you can still get packages that would otherwise be removed by a filter.

Can I share artifacts and packages across my organization?

Yes! You can share artifacts and packages with your whole organization by uploading them to a public channel in Anaconda Server or share with select users by uploading them to a group channel.

How do I find a package once it’s uploaded to my organization’s repository?

Anaconda Server’s search feature looks for occurrences of your package across the entire system, for every channel you have access to. Once your package is uploaded, type its name into the search feature to find it.

Can Anaconda ensure that my packages are always available?

Because Anaconda Server is an on-premise repository, the maintenance and uptime of your server is completely dependent upon your IT infrastructure and system administrators.

What are the minimum requirements for installation?

For information on minimum installation requirements, see environment preparation.

What is a standard network?

A standard network is any network that can connect to another network (such as the Internet).

What is an air-gapped network?

An air-gapped network is any network that is physically isolated from any other networks. You can still use Anaconda Server on an air-gapped network.

How do I update my packages and CVEs on an air-gapped network?

Anaconda provides .zip files through Amazon Simple Storage Service (S3) buckets. You can download the files you need on a workstation that has access to the Internet, place the .zip files on a portable storage device, and then move them to a workstation on the air-gapped network.

../_images/air_gap_diagram.png

Once the files are on your air-gapped network, run the following commands to move them into the correct location:

Note

The file path here uses the default path of anaconda/repo/airgap as the storage location for CVEs. It is possible that your file path may be different, but the concept is the same. Use the mv command to place the files in the correct directory.

mv conda_main_airgap.zip /opt/anaconda/repo/airgap/
mv cve.zip /opt/anaconda/repo/airgap/

Your network will synchronize the next time your mirror runs. You can run a mirror at any time to force a synchronization.

How do I access the AWS S3 bucket to get updates for my packages?

You must first provide Anaconda with the IP address of the machine you are going to use to download files. Anaconda allowlists that IP address, granting it access to download files whenever you need.

How often are Packages and CVEs updated?

For standard networks, packages are updated every time your mirror runs, and CVEs are automatically brought into the system and updated hourly.

For air-gapped networks, Anaconda provides updated .zip files for packages monthly, and CVE .zip files are updated daily.

How are CVEs monitored?

For standard network implementations of Anaconda Server, a CVE mirror is created and automatically brought into your system when you enter your license. This mirror pulls from the Anaconda repository and updates itself every hour, ensuring your CVE information is current.

For air-gapped network implementations of Anaconda Server, you’ll need to download the CVE tarball on a nightly basis and apply the updated information to your repository. See How do I update my packages and CVEs on an air-gapped network?.

For more information about CVEs, see Common Vulnerabilities and Exposures (CVEs).

Does Anaconda Server update its own software?

Anaconda Server requires manual updates. For more information, see Upgrading Anaconda Server.

Can I integrate my Active Directory or LDAP identity server?

Yes! You can connect your instance of Anaconda Server to your external identity server and import a federated user base for Anaconda Server. For more information, see Establishing an LDAP connection.

How does Anaconda Server track which users are accessing the repository?

Anaconda is currently developing a tool to assist administrators in tracking who is accessing their repositories and what is being downloaded from them.

Does Anaconda Server include signed packages?

You can mirror the Anaconda channels from your Anaconda Business organization to include the package signature information in your Anaconda Server repository.

Can I mirror conda-forge into Anaconda Server?

Speak with your implementation engineer if you are thinking about mirroring conda-forge into Anaconda Server. While this is technically possible, it requires a more robust hardware setup.