In this KB we are going to learn how to make the initial configuration using the SphereShield Installer.
Installation Overview
The installation process requires a one-time configuration done by running the setup.
Configuration info is stored in both “setup.properties” and “setup.properties.user”.
The “.properties” files need to be copied from the machine which the initial configuration was done on to the target server(s) needed for each component together with the setup itself.
When running the setup with the configuration file it will jump straight to the ‘install’ stage in the wizard.
Note that if they are to be moved between servers they needed to be placed under the “SkypeShield.Setup ”folder which is created when running the Installer EXE.
When first running the Installer EXE file it will first self-extract and create a folder at the same location named “SkypeShield.Setup” This folder will contain 3 folders:
• Payload – Which contains a clean copy of every component and other installation tools and
scripts
• Prerequisites – Which contains all the different prerequisites needed for the installer as well
as for the different components (.NET, C++ Redistributable etc.)
• Scripts – Which contains the installation scripts that the installer will use to install the
different components
Installation
- Right-click the SphereShield .exe file and run as an administrator.
In the following windows chose SphereShield for Teams with relevant mode to deployment method - If no user properties file was detected you will be prompted by a pop-up message to choose one.
Since this is your first time configuring SphereShield you won't have that file, so just click no and move on Next, the welcome page will open up. Here you can read a brief overview of our product, SphereShield for Skype for Teams
After you're done, click next and move on to the next page
- In this page, you will be prompted with our End User License Agreement (EULA)
After you've read it click next and move on.
Database Configuration
In the following page, we'll be required to fill in the configuration details for SQL database connection and creation
SQL Server Name - the FQDN or IP of your SQL server.
Port - the port you've configured for SQL connection (default is 1433).
Instance Name - the name of the SQL instance on which you want to install the database
Failover Partner - the node name for the secondary mirrored database.
Database Name - the name for the database.
Backup Location - only needed for upgrades to allow the DB to be backed up before the update.
Admin Credentials - These credentials will only be used once in order to create the DB. You may use your current windows credentials (as long as you have the required permissions) or SQL Permission.
Application Database Credentials - this user will be created during the installation and it will have limited access that will only allow it to have R/W permission for the Access Portal's DB.
Click in order to verify correct DB configuration. A successful attempt should like so (with variation depending on your access portal version):
Access Portal
The next page in the installer will be Access Portal Configuration:
Install Destination -The location on the server of the Access Portal
Log Files Location - Where should the log files of the Access Portal be stored.
Site Name - the name of the site to appear in the IIS.
Use SSL- a checkbox to determine whether to configure SSL to the Acess Portal site.
Port - The port to be used for connection to the site (make sure that the port is not used by other sites).
SSL Certificate - SSL certificate for a secure connection to the site (in the case where it's checked).
Overwrite web.config - not relevant for a fresh install.
Access Portal/Web API Site Host Name - relevant only in high-performance scenarios, this will create a dedicated web site to support the Access Portal Web API.
Maintenance Service
Install Destination - where should the maintenance service be installed.
Log Files Location - where the log files of the maintenance service are stored.
SphereShield AntiVirus (ClamAV)
Install Destination - The location on the server where ClamAV
TCP IP Address - The address on which the ClamAV service listens to traffic.
TCP Port - The port which that will used to listen to traffic
Bastion
In this page, we'll need to configure the reverse proxy also known as Bastion. If you chose the API mode at the beginning this page will not be displayed.
DMZ Bastion
Install Destination - Where should the Bastion be installed.
Log File Location - Where the log files of the Bastion and its filters are stored.
AGAT Bastion Agent
Bastion Agent Install Destination - Where should the Bastion Agent be installed.
Bastion Agent Log Files Location - Where the log files of the Bastion Agent are stored.
Bastion IP - The IP address of the Bastion (should be 127.0.0.1 unless multiple listeners are required).
Bastion Healthcheck Host Name - teams.microsoft.com
Install SphereShield Manager - this feature is still in beta. Do not check this box.
CASB Adapter
Installation Location - The location on the server to install the casb adapter.
Log File Location - The location where log file will be saved.
Summary
In this page, you'll be able to review your current configuration before moving forward and beginning the installation.
After you've confirmed that all your settings have been set up correctly press next and move on to the installation phase.
Install
In this following page, you will be able to view all of the various available to install.
It's recommended to install the components from top to bottom, starting with the database (not all components are on the same server).
For future installations, take note that the default location of the setup.properties.user file is at:
C:\Agat\SphereShield.Setup\setup.properties.user
after the installation process is finished, go to the IIS management console, and change the customer’s Access Portal’s port to 443.
Pointing to the hostname (Please use the same format as all the other customers have) :