Exoprise CloudReady® Help
Search:     Advanced search

Secure Service Bulk Deployment Guide

Article ID: 35
Last updated: 20 Jun, 2016

Exoprise has built several tools to facilitate large scale deployments of the Exoprise Secure Service.  The Secure Service can be silently installed across a large number of machines using tools like BigFix or System Center Configuration Manager.  The silent install automatically configures the target machine via a join key.  The join key is generated at secure.exoprise.com and associates a public key with a new installation of the secure service. 

Bulk deployment workflow:

  1. The user logs into secure.exoprise.com, clicks on the profile link, and uploads a new public key or generates a new key pair.
  2. The user clicks on the Monitor tab and then clicks on the Bulk Deployment link.
  3. Next, the user clicks on the "create new keys" link and generates a set number of deployment keys.
  4. The deployment keys are now available for download in CSV format from the bulk deployment page.
  5. An IT technician will use the CSV file to generate a script that automates the installation of the Secure Service via the command line arguments described in the next section.  The join key, private key file, and private key file password all must be specified as arguments to the secure service installer.
  6. Finally, an IT technician will run the automated deployment script.  As the Secure Services are installed and started they will be listed on the "manage locations" page.

Example installation of the Secure Service using a join key:

exosvc_service_setup.exe /S /JOINKEY=0e76aa74e1fb35cb01b9fe3115abb201 /PEM="C:\users\bob\documents\token test key.pem" /PEMPASSWD="s3cr3tpasswd" /LOCATION="secure bunker #3"

NOTE:  Please confirm that the .NET 3.5 service is installed and running on each target machine before installing the Secure Service.

Reference for additional command line options that the Exoprise Secure Service Installer (exosvc_secure.exoprise.com_setup.exe):


To support installing the Secure Service Shell have the service run as a different user (other then LocalSystem), pass the arguments /USER and /PASSWORD to the installer. The installer will install the Secure Service Shell to run as the user account with the supplied password. You can specify a domain user (domain\user) or a local user. 


To properly initialize a Secure Service Shell instance and join it with CloudReady you must provide a unique join key that is supplied by the CloudReady system. The join key uniquely identifies the incoming instance of the Secure Service Shell during initialization. Unique join keys supplied by CloudReady last a finite period of time and the service installer must be run before the join key expires.


To support public key encryption the Secure Service Shell installer can copy a PEM file to its local execution directory. This PEM file will be used to encrypt the credentials needed for automation and monitoring. Pass the PEM file path as an argument to the installer.


password to decrypt the private key.  The password is encrypted and stored locally.  The password is not required if the key was created without a password.


If a location string is supplied to the installer, this location string will be passed on during initialization to the CloudReady servers for identification. If a location string is not supplied then during initialization the name of the machine will be used.

Prev   Next
What are the installation requirements?     Public Sites Overview