Install the module in the production environment

To deploy CEM, you must install the module in the production environment and then classify the nodes on which you want to enforce Center for Internet Security (CIS) compliance.

Before you begin
If you have not done so, install and evaluate CEM in a test environment before running CEM in a production environment. In this way, you can help to detect and avoid possible issues. For instructions, see Install and evaluate the module in a test environment.
  1. If you have not done so, download CEM from Puppet Forge. The module is available as a premium content subscription. For more information, see the Premium content page.
  2. If the host server is connected to the internet, install the module by following the instructions in Installing modules from the Forge by using an internet connection.
  3. If the host server is not connected to the internet, install the module by following the instructions in Installing modules from the Forge in an air-gapped environment.
  4. If you installed Puppet Enterprise (PE), specify the nodes on which you want PE to run and enforce compliance. To specify the nodes, open the PE console and assign the cem_windows class to one or more node groups. For instructions about creating and classifying node groups, see Grouping and classifying nodes.
  5. If you installed open source Puppet, specify the nodes on which you want Puppet to run and enforce compliance. Follow the instructions in Classifying nodes.