...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
Table of Contents |
---|
Installation Overview
The installation process requires a one-time configuration done by running the setup.
Configuration info is stored in both “setup.properties” and “setup.properties.user”.
The “.properties” files need to be copied from the machine which the initial configuration was done on to the target server(s) needed for each component together with the setup itself.
When running the setup with the configuration file it will jump straight to the ‘install’ stage in the wizard.
Note that if they are to be moved between servers they needed to be placed under the “SkypeShield.Setup ”folder which is created when running the Installer EXE.
When first running the Installer EXE file it will first self-extract and create a folder at the same location named “SkypeShield.Setup”. This folder will contain 3 folders:
• Payload – Which contains a A clean copy of every component and other installation tools and scripts
• Prerequisites – Which contains all All the different prerequisites needed for the installer as well as for the different components (.NET, C++ Redistributable etc.)
• Scripts – Which contains the The installation scripts that used by the installer will use to install the different components
Installation
Right-click the SphereShield .exe file and run as an administrator.
chose
In the following windowschoose SphereShield for Teams with relevant mode to deployment method (Proxy includes API)
If no user properties file was detected you will be prompted by a pop-up message to choose one.
Since this is your first time configuring SphereShield you won't have that file, so just click no and move onNext, the welcome page will open up. Here you can read a brief overview of our product, SphereShield for Skype for Teams
After you're done, click next and move on to the next page
In this page, you will be prompted with our End User License Agreement (EULA)
After you've read it click next and move on.
Database Configuration
(Where should the database be setup for production? RDS? What size? Other specs? A.L. Feb 14, 2022)To setup a database for production with the requisite size, location and proper specifications, contact support@agatsoftware.com
In the following page, we'll be required to fill in the configuration details for SQL database connection and creation
...
SQL Server Name - the FQDN or IP of your SQL server.
Port - the port you've configured for SQL connection (default is 1433).
Instance Name - the name of the SQL instance on which you want to install the database
Failover Partner - the node name for the secondary mirrored database.
Database Name - the name for the database.
Backup Location - only needed for upgrades to allow the DB database to be backed up before the update.
Admin Credentials - These credentials will only be used once in order to create the DBdatabase. You may use your current windows credentials (as long as you have the required requisite permissions) or SQL Permissionpermission.
Application Database Credentials - this user will be created during the installation and it will have limited access that will only allow it to have R/W permission for the Access Admin Portal's DBdatabase.
Click in in order to verify correct DB configuration. A successful attempt should look like so (with variation depending on your access portal Admin Portal version):
...
Admin Portal
The next page in the installer will be Access Admin Portal Configurationconfiguration:
...
Install Destination -The location on the server of the Access Admin Portal
Log Files Location - Where should the log files of the Access Admin Portal be stored.
Site Name - the name of the site to appear in the IIS.
Use SSL- a checkbox to determine whether to configure SSL to the Acess Admin Portal site.
Port - The port to be used for connection to the site (make sure that the port is not used by other sites).
SSL Certificate - SSL certificate for a secure connection to the site (in the case where it's checked).
Overwrite web.config - not relevant for a fresh install.
Access Portal/Web API Site Host Name - relevant only in high-performance scenarios, ; this will create a dedicated web site to support the Access Portal Web API.
...
Install Destination - The location on the server where ClamAV exists
TCP IP Address - The address on which the ClamAV service listens to traffic.
TCP Port - The port which that will used to listen to traffic
...
In this page, we'll need to configure the reverse proxy also known as the Bastion. If you chose the API mode at the beginning this page will not be displayed.
...
DMZ Bastion
Install Destination - Where should the Bastion be installed.
Log File Location - Where the log files of the Bastion and its filters are stored.
AGAT Bastion Agent
Bastion Agent Install Destination - Where should the Bastion Agent be installed.
Bastion Agent Log Files Location - Where the log files of the Bastion Agent are stored.
Bastion IP - The IP address of the Bastion (should be 127.0.0.1 unless multiple listeners are required).
Bastion Healthcheck Host Name - teams.microsoft.com
Install SphereShield Manager - this feature is still in beta. Do not check this box.
...
Installation Location - The location on the server to install the casb CASB adapter.
Log File Location - The location where log file files will be saved.
Summary
In this page, you'll be able to review your current configuration before moving forward and beginning the installation.
...
After you've confirmed that all your settings have been set up correctly are correct press next and move on to the installation phase.
Install
In this following the next page, you will be able to view all of the various components that are available to install.
It
For Admin Portal servers, you must install the Database first and the Portal second
For the rest of the components, it's recommended to install the components from top to bottom, starting with the database (not all components are on the same server).
...
If you install the Admin Portal on this server, click on the Install button next to Access Portal, and then follow this guide:
/wiki/spaces/SKYP/pages/1714028587
For future installations, take note that the default location of the setup.properties.user file is at:
C:\Agat\SphereShield.Setup\setup.properties.user
after After the installation process is finished, go to the IIS management console, and change the customer’s Access Portal’s follow these steps:
Go to the customer’s AccessPortal Site.
Click on Bindings in the top right menu
Click Add to add a new site
Set the Type to https and port to 443
...
Pointing to the hostname (Please use the same format as all the other customers have) :
...
Enter the Host name in the format “CustomerName.agatcloud.com”
Choose a certificate
Click OK
See picture below:
...
For IT: review the next section and review if needed and if so rewrite it to hold actual information. (I.S. 26/4/22)
and make sure that pool is configured correctly Configuring pool. Check with support@agatsoftware.com as to what is considered "configured correctly", which cert should be used, and the process for adding such a cert.
Customers with Multiple Locations
If a customer has multiple locations we must be sure it is important to install the same product version in all locations