Private Sites or Service Watch Desktop can be packaged and deployed with installation tools like Microsoft SCCM or others. This is referred to as bulk deployment.
Why choose this method?
- Package and deploy sites with the same public/private key pair for moving synthetic sensors around that depend on MFA or encrypted credentials.
- If a machine needs to be re-imaged, the site can be re-deployed, and it will “re-attach” to sensors
- Enables centralized control of the cryptography keys
What are the steps?
- You need to create keys for the bulk installation. Navigate to https://secure.exoprise.com/locations/bulk_deploy and click ‘Create new keys’.
- Choose an existing public key to generate a batch of bulk deployment keys. You need to choose a public key that you have the corresponding private key for. You can either create a new public/private keypair or copy one from an existing installation.You’ll need to copy the private key and distribute it with your deployment. Existing private key files can be found in, by default, “C:\Program Files (x86)\Exoprise\Service\generated_key.pem”.
- Once you have the private key file for a public key, choose the public key and click ‘Generate Keys’ to generate a batch of them.
- From the Bulk Deployment Keys page, you can download the CSV file of bulk deployment keys. Each installation will need to be passed a join key on the command line. Also, from this page, you can download the following for packaging:
- Exoprise Secure Service Installer. This is the main service installer which is required.
Launching the Installation
To run the installer during a package and deployment, use the following command line and parameters:
exosvc_service_setup.exe /S /JOINKEY=0e76aa74e1fb35cb01b9fe3115abb201 /PEM="C:\users\bob\documents\token test key.pem" /PEMPASSWD="s3cr3tpasswd" /LOCATION="secure bunker #3"
NOTE: Please confirm that .NET 4.5 is installed and running on each target machine before installing the Secure Service.
Command Line Parameters:
/USER=, /PASSWORD=
To support installing the Secure Service Shell have the service run as a different user (other then Local System), pass the arguments /USER and /PASSWORD to the installer. The installer will install the Secure Service Shell to run as the user account with the supplied password. You can specify a domain user (domain\user) or a local user.
/JOINKEY=
To properly initialize a Secure Service Shell instance and join it with CloudReady you must provide a unique join key that is supplied by the CloudReady system. The join key uniquely identifies the incoming instance of the Secure Service Shell during initialization. Unique join keys supplied by CloudReady last a finite period of time and the service installer must be run before the join key expires.
/PEM=
To support public key encryption, the Secure Service Shell installer can copy a PEM file to its local execution directory. This PEM file will be used to encrypt the credentials needed for automation and monitoring. Pass the PEM file path as an argument to the installer.
/PEMPASSWD=
password to decrypt the private key. The password is encrypted and stored locally. The password is not required if the key was created without a password.
/LOCATION=
If a location string is supplied to the installer, this location string will be passed on during initialization to the CloudReady servers for identification. If a location string is not supplied then during initialization the name of the machine will be used.