...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
Table of Contents |
---|
Installation Overview
The installation process requires a one-time configuration done by running the setup.
Configuration info is stored in both “setup.properties” and “setup.properties.user”.
The “.properties” files need to be copied from the machine which the initial configuration was done on to the target server(s) needed for each component together with the setup itself.
When running the setup with the configuration file it will jump straight to the ‘install’ stage in the wizard.
Note that if they are to be moved between servers they needed to be placed under the “SkypeShield.Setup ”folder which is created when running the Installer EXE.
When first running the Installer EXE file it will first self-extract and create a folder at the same location named “SkypeShield.Setup”. This folder will contain 3 folders:
• Payload – A clean copy of every component and other installation tools and scripts
• Prerequisites – All the different prerequisites needed for the installer as well as for the different components (.NET, C++ Redistributable etc.)
• Scripts – The installation scripts used by the installer to install the different components
Installation
Right-click the SphereShield .exe file and run as an administrator.
In the following windows choose SphereShield for Teams with relevant mode to deployment method (Proxy includes API)If no user properties file was detected you will be prompted by a pop-up message to choose one.
Since this is your first time configuring SphereShield you won't have that file, so just click no and move onNext, the welcome page will open up. Here you can read a brief overview of our product, SphereShield for Skype for Teams
After you're done, click next and move on to the next page
In this page, you will be prompted with our End User License Agreement (EULA)
After you've read it click next and move on.
Database Configuration
To setup a database for production with the requisite size, location and proper specifications, contact support@agatsoftware.com
In the following page, we'll be required to fill in the configuration details for SQL database connection and creation
...
SQL Server Name - the FQDN or IP of your SQL server.
Port - the port you've configured for SQL connection (default is 1433).
Instance Name - the name of the SQL instance on which to install the database
Failover Partner - the node name for the secondary mirrored database.
Database Name - the name for the database.
Backup Location - only needed for upgrades to allow the database to be backed up before the update.
Admin Credentials - These credentials will only be used once in order to create the database. You may use your windows credentials (as long as you have the requisite permissions) or SQL permission.
Application Database Credentials - this user will be created during the installation and it will have limited access that will only allow it to have R/W permission for the Admin Portal's database.
Click in in order to verify correct DB configuration. A successful attempt should look like so (with variation depending on your Admin Portal version):
Admin Portal
The next page in the installer will be Admin Portal configuration:
...
Install Destination -The location on the server of the Admin Portal
Log Files Location - Where should the log files of the Admin Portal be stored.
Site Name - the name of the site to appear in the IIS.
Use SSL- a checkbox to determine whether to configure SSL to the Admin Portal site.
Port - The port to be used for connection to the site (make sure that the port is not used by other sites).
SSL Certificate - SSL certificate for a secure connection to the site (in the case where it's checked).
Overwrite web.config - not relevant for a fresh install.
Access Portal/Web API Site Host Name - relevant only in high-performance scenarios; this will create a dedicated web site to support the Access Portal Web API.
...
In this page, we'll need to configure the reverse proxy also known as the Bastion. If you chose the API mode at the beginning this page will not be displayed.
...
DMZ Bastion
Install Destination - Where should the Bastion be installed.
Log File Location - Where the log files of the Bastion and its filters are stored.
AGAT Bastion Agent
Bastion Agent Install Destination - Where should the Bastion Agent be installed.
Bastion Agent Log Files Location - Where the log files of the Bastion Agent are stored.
Bastion IP - The IP address of the Bastion (should be 127.0.0.1 unless multiple listeners are required).
Bastion Healthcheck Host Name - teams.microsoft.com
Install SphereShield Manager - this feature is still in beta. Do not check this box.
...
Installation Location - The location on the server to install the CASB adapter.
Log File Location - The location where log files will be saved.
Summary
In this page, you'll be able to review your current configuration before moving forward and beginning the installation.
...
After you've confirmed that all your settings are correct press next and move on to the installation phase.
Install
In the next page, you will be able to view all of the various components that are available to install.
It
For Admin Portal servers, you must install the Database first and the Portal second
For the rest of the components, it's recommended to install the components from top to bottom, starting with the database (not all components are on the same server).
...
If you install the Admin Portal on this server, click on the Install button next to Access Portal, and then follow this guide:
/wiki/spaces/SKYP/pages/1714028587
For future installations, take note that the default location of the setup.properties.user file is:
C:\Agat\SphereShield.Setup\setup.properties.user
...
After the installation process is finished, go to the IIS management console, and change the customer’s Admin Portal’s port to 443.
Pointing to the hostname (using the same format as all the other customers have):
...
and make sure that pool is configured correctly Configuring pool. Check with support@agatsoftware.com as to what is considered "configured correctly", which cert should be used, and the process for adding such a cert.
...