The following article will cover creating and deploying Private Sites as well as cover the proxy and firewall configurations required for Exoprise.
Guided Site Installation
Guided site installations are recommended to deploy a site when you are starting. For other installation methods, look at this article.
Why choose this method?
- A guided installation is a wizard drive and steps you through the process. This ensures you get your network configuration correct and assists with the setup of your first security keys
- Guided installations require the Management Client but, that’s OK, you’ll need it to validate sensor setups
- From the machine you want to install a Private Site to, download and start the Management Client
- Sign back into Exoprise
- Go to Sites > Deploy. Click the Guided Installation tab, then click ‘Get Started Installing a Private Site’
- On the Configure Keys step, if you have no public/private key pairs yet, click Next to create one automatically.
- On the Service Account step, you’ll configure how you want to run the service – the account that the service will run as. If you are not using a proxy or don’t know if you are, select Local System. For Proxy PAC and WPAD configurations, read this article first. If you plan on deploying many locations, then you may want to create a domain service account. Click Next after you choose the account setup that you want.
- Depending on if a proxy is detected, you may have to configure the proxy settings for the service setup. See this article on proxy configuration.
- On the final installation step, you should see a successful installation. If the service is unable to contact the Exoprise servers, you may see an error and reason code. Usually, its to do with proxies and authorization or some kind of permissions problem. If the installation fails, you may need to uninstall the service from the Windows Control Panel.
Pre-Configured Site Installation
You can configure and download a site installation that is tied to your Exoprise tenant. This is handy for giving a setup to another co-worker for installation on a machine that you may not have access to. The co-worker will be able to install the site, and it will be ready and attached to your Exoprise tenant. The co-worker doesn’t even have to have login rights to the Exoprise platform.
Why choose this method?
- A pre-configured setup enables you to easily deploy many Private Sites
- Pre-configured setups can be shared with others to install or packaged as a sub-installer. The installation is linked to your tenant automatically.
- You don’t have to separately download our Management Client
- Once a site is deployed, you can add sensors from any machine
What are the steps?
- Create an Install Key that securely identifies the setup to your account by clicking ‘Add New Install Key’. You can later delete the Install Key to block an installation that’s been given out.
- Configure the various account and proxy options for the setup. You can also configure what interactive installer options are available during setup for possibly overriding configuration options.
- Download, copy the setup to the machine where you’d like to install the site and run it!
Proxy Setup, Requirements, and Firewall Exclusions
Private sites and Service Watch Desktop installations support operating behind all kinds of proxies, proxy configurations, and firewalls. Depending on your proxy configuration there are several recommended ways to set up sites or installations to support proxies.
When you start with a Guided Installation to set up a private Site, the proxy configuration will be read from the Management Client. If you choose to deploy as Local System and your environment requires a proxy, you may have to explicitly set a fixed proxy for the site.
For private sites or Service Watch desktop installations to work and for setting up sensors, 2-3 DNS names need to be allowed through the proxy, firewall, or any network path blocking that might be in place:
- secure.exoprise.com for Management Client access
- service.exoprise.com for Private Site access
- pubsub.exoprise.com for Private Site alarm logging. This is optional.
Management Client Proxy Settings
By default when you install the Management Client to set up a site, the client will recognize that the desktop you are using is behind a proxy and will automatically utilize the same proxy that is configured for the desktop. Most network tools work this way.
Usually, the proxy settings are visible within Internet Explorer. To see or check your proxy configuration:
- Open up Internet Explorer, go to Tools > Options
- From the Internet Options go to the Connections Tab, click LAN Settings
- From here you can see whether you are using a proxy that is automatically configured within your environment or if a specific proxy is set.
To override the proxy that a Management Client is using:
- From the Management Client, click the green Tools icon in the upper left (or press Alt-F), then click ‘Preferences…’
- In the Settings dialog, click the Proxy tab
- From here you can change the proxy preferences for the Management Client. If you were explicitly prompted for proxy credentials you will see that a proxy server was chosen.
Proxy PAC or Proxy WPAD Configurations
If your environment uses Proxy PAC files or automatic WPAD configurations, the Management Client should natively support them upon startup. The Private Site (Windows Service) will need to be set to run as a non-Local System account (aka Service Account) for it to be able to leverage a Proxy PAC or WPAD Configuration.
Change the Proxy Setup for A Site
If you have a Private Site configured to use a fixed proxy, it can be changed from the Manage Local Site page using the Management Client on the machine that is running the service:
- Open the Management Client and Sign In.
- Go to Sites > Manage Local Site
- You should see a status page for the Private Site
- In the middle of the screen, there is a ‘Change’ dropdown. Click the entry ‘Service Proxy Settings…’ to bring up the proxy settings dialog.
- Enter the new proxy information and click Update. The service should be stopped and restarted with the new proxy settings.