Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

Table of Contents

...

Installation Overview

The installation process requires a one-time configuration done by running the setup.
Configuration info is stored in both “setup.properties” and “setup.properties.user”.

The “.properties” files need to be copied from the machine which the initial configuration was done on to the target server(s) needed for each component together with the setup itself.
When running the setup with the configuration file it will jump straight to the ‘install’ stage in the wizard.

Note that if they are to be moved between servers they needed to be placed under the “SkypeShield.Setup ”folder which is created when running the Installer EXE.

When first running the Installer EXE file it will first self-extract and create a folder at the same location named “SkypeShield.Setup”This folder will contain 3 folders:
• Payload – Which contains a A clean copy of every component and other installation tools and
scripts
• Prerequisites – Which contains all All the different prerequisites needed for the installer as well
as for the different components (.NET, C++ Redistributable etc.)
• Scripts – Which contains the The installation scripts that used by the installer will use to install the
different components

Installation

  1. Right-click the SphereShield .exe file and run as an administrator.

    In the following windows

    chose

    choose SphereShield for Teams with relevant mode to deployment method (Proxy includes API)

    Image RemovedImage Added



  2. If no user properties file was detected you will be prompted by a pop-up message to choose one.

    Since this is your first time configuring SphereShield you won't have that file, so just click no and move on

    Image Modified



  3. Next, the welcome page will open up. Here you can read a brief overview of our product, SphereShield for Skype for Teams

    After you're done, click next and move on to the next page

  4. In this page, you will be prompted with our End User License Agreement (EULA)

    Image RemovedImage Added


    After you've read it click next and move on.

Database Configuration

To setup a database for production with the requisite size, location and proper specifications, contact support@agatsoftware.com

In the following page, we'll be required to fill in the configuration details for SQL database connection and creationImage Removed

...


SQL Server Name - the FQDN or IP of your SQL server.
Port - the port you've configured for SQL connection (default is 1433).
Instance Name - the name of the SQL instance on which you want to install the database
Failover Partner - the node name for the secondary mirrored database.
Database Name - the name for the database.
Backup Location - only needed for upgrades to allow the DB database to be backed up before the update.
Admin Credentials - These credentials will only be used once in order to create the DBdatabase. You may use your current windows credentials (as long as you have the required requisite permissions) or SQL Permissionpermission.
Application Database Credentials - this user will be created during the installation and it will have limited access that will only allow it to have R/W permission for the Access Admin Portal's DBdatabase.

Click   in  in order to verify correct DB configuration. A successful attempt should look like so (with variation depending on your access portal Admin Portal version):

...


Admin Portal

The next page in the installer will be Access Admin Portal Configurationconfiguration:Image Removed

...

Install Destination -The location on the server of the Access Admin Portal
Log Files Location - Where should the log files of the Access Admin Portal be stored.
Site Name - the name of the site to appear in the IIS.
Use SSL- a checkbox to determine whether to configure SSL to the Acess Admin Portal site.
Port - The port to be used for connection to the site (make sure that the port is not used by other sites).
SSL Certificate - SSL certificate for a secure connection to the site (in the case where it's checked).
Overwrite web.config - not relevant for a fresh install.
Access Portal/Web API Site Host Name - relevant only in high-performance scenarios, ; this will create a dedicated web site to support the Access Portal Web API.

...

Install Destination - The location on the server where ClamAV exists
TCP IP Address -  The address on which the ClamAV service listens to traffic.
TCP Port -  The port which that will used to listen to traffic

Bastion

In this page, we'll need to configure the reverse proxy also known as the Bastion. If you chose the API mode at the beginning this page will not be displayed.Image Removed

...

DMZ Bastion

Install Destination - Where should the Bastion be installed.
Log File Location - Where the log files of the Bastion and its filters are stored.

AGAT Bastion Agent

Bastion Agent Install Destination - Where should the Bastion Agent be installed.
Bastion Agent Log Files Location - Where the log files of the Bastion Agent are stored.
Bastion IP - The IP address of the Bastion (should be 127.0.0.1 unless multiple listeners are required).
Bastion Healthcheck Host Name - teams.microsoft.com
Install SphereShield Manager - this feature is still in beta. Do not check this box.


CASB Adapter

...

Installation Location - The location on the server to install the casb CASB adapter.
Log File Location - The location where log file files will be saved.


Summary

In this page, you'll be able to review your current configuration before moving forward and beginning the installation.Image Removed

...

After you've confirmed that all your settings have been set up correctly are correct press next and move on to the installation phase.

Install

In this following the next page, you will be able to view all of the various components that are available to install.
It

For Admin Portal servers, you must install the Database first and the Portal second
For the rest of the components, it's recommended to install the components from top to bottom, starting with the database (not all components are on the same server).Image Removed

...


If you install the Admin Portal on this server, click on the Install button next to Access Portal, and then follow this guide:

/wiki/spaces/SKYP/pages/1714028587

For future installations, take note that the default location of the setup.properties.user file is at:

C:\Agat\SphereShield.Setup\setup.properties.user


after After the installation process is finished, go to the IIS management console, and change the customer’s Access Portal’s port to 443.

Pointing to the hostname (Please use the same format as all the other customers have) :

Image Removedfollow these steps:

  1. Go to the customer’s AccessPortal Site.

  2. Click on Bindings in the top right menu

  3. Click Add to add a new site

  4. Set the Type to https and port to 443

  5. Enter the Host name in the format “CustomerName.agatcloud.com”

  6. Choose a certificate

  7. Click OK

See picture below:

...

For IT: review the next section and review if needed and if so rewrite it to hold actual information. (I.S. 26/4/22)

and make sure that pool is configured correctly Configuring pool.   Check with support@agatsoftware.com as to what is considered "configured correctly", which cert should be used, and the process for adding such a cert.

Customers with Multiple Locations

If a customer has multiple locations it is important to install the same product version in all locations

This page is deprecated and will be transitioned into troubleshooting page or archived (I.S. )