Cloud Connector Guide II - On-Premise Customers

Cloud Connector Guide II: On-Premise Customers
CLOUD CONNECTOR CONFIGURATION

This section describes the cloud connector configuration for On-Premise Scenarios. The Cloud Connector ensures for
the Silverback server to be located in a remote and network separated environment. With the Cloud Connector in place,
Silverback can establish a direct communication only through the Cloud Connector to your internal servers and services
like:
• Active Directory
• Certification Authority
• Exchange
PREREQUISITES
Accounts & Access

• Administrative Access on the Server that will host the Cloud Connector
• Administrative Access to Silverback Server
• Administrative Access to Silverback Management Console
◦ Administrator
◦ Settings Administrator
• Matrix42 Account to download the Cloud Connector installer
Server
Ensure that your Cloud Connector Server must have installed at minimum Microsoft .NET Framework 4.7.2 and has TLS
1.2 activated for communication and ensure that the following Features are installed on the hosting cloud connector
server. Use Add Roles and Features inside the Server Manager to install the required features.
Windows Server Windows Server Windows Server Windows Server

2022 2019 2016 2012 R2
• .NET • .NET • .NET • .NET

Features
Framework Framework Framework Framework
https://help.matrix42.com/010_SUEM/020_UEM/30Enterprise_Mobility_Management/010Installation_and_Update/30_CloudC…
Updated: Mon, 05 Aug 2024 13:54:44 GMT
Copyright © 2024. Matrix42 is a registered trademark of Matrix42 GmbH. All other brands and product names are trademarks …
1
Windows Server Windows Server Windows Server Windows Server
2022 2019 2016 2012 R2
4.8 Features 4.7 4.6 Features 4.5 Features

◦ .NET ◦ .NET ◦ .NET ◦ .Net
Framework Framework Framework Framework
4.8 4.7 4.6 4.5
◦ ASP.NET ◦ ASP.NET ◦ ASP.NET ◦ ASP.NET
4.8 4.7 4.6 4.5
◦ WCF ◦ WCF ◦ WCF ◦ WCF
Services Services Services Services
▪ TCP ▪ TCP ▪ TCP ▪ TCP
Port Port Port Port
Sharing Sharing Sharing Sharing
Firewall
Ensure that the following port are open to ensure the communication:
Source (from) Destination (to) Port/Protocol
General
Cloud Connector Silverback 443/tcp
Cloud Connector Domain Controller 389,636,3268,3269/tcp
Cloud Connector DNS Server 53/udp, 53/tcp
Cloud Connector Certificate Revocation Lists 80/tcp
Certificate Distribution
Cloud Connector Domain Controller 464/udp,464/tcp
Cloud Connector Certification Authority 443/tcp
Cloud Connector Certification Authority Random Port above 1023 /tcp
Exchange Protection Integration
Cloud Connector Silverback 443/tcp
DOWNLOAD AND INSTALL
2
Download Cloud Connector
• Open Matrix42 Marketplace
• Login with your Matrix42 Account
• Navigate to Unified Endpoint Management
• Select Silverback
• Download your current Cloud Connector Version
Install Cloud Connector

Perform the installation on the Cloud Connector Endpoint Server.
• Double Click the Cloud Connector executable

• Process with Yes
• Press Next
• Select I accept the terms in the license agreement
• Proceed with Next
• Click Next
• Select the number of Cloud Connector services you want to install
◦ Choose 2 as our recommendation
◦ Press Next
• Click Install
• Click Finish
• Open Start Menu
• Under recently added you should Cloud Connector Config Generation, we will need this tool later.
• Proceed with Certificate Generation
CERTIFICATE GENERATION
The cloud connector requires two public/private key-pairs, one for the Silverback server and one for the Cloud
Connector Client
Cloud Connector
• Connect to your Cloud Connector Server via RDP
Download Tool
• Download Matrix42 Cloud Connector Tool.zip
• Perform a right click on Matrix42 Cloud Connector Tool.zip
3
• Select Extract All
• Change the Destination path to C:\
Attention: For certificate generation its important that the files are located under C:\M42Certs\ due to a hard
coded file location within the script
• Click Extract
• Double Click M42Certs
• Navigate to
◦ OpenSSL
◦ Archive
Generate Certificates
Note: All certificates will generated by default with the Password 2secret4you. You can edit the batch file to
change the password if needed.
• Double Click CloudConnector-v1.1.bat

• Enter the following information and proceed with Enter
◦ Enter your country code, e.g DE
◦ Enter your company state, e.g. Hessen
◦ Enter your company city, e.g. Frankfurt
◦ Enter your company name, e.g. Imagoverum
• Review your information
◦ Proceed with 1
◦ If you want to make changes press 2 and proceed
• Wait until the process is finished
Tip: You can ignore WARNING: can't open config file: /usr/local/ssl/openssl.cnf
• When the Certificate created successfully information is shown, press any key
Review Creation
In your folder you should see now a bunch of new files. The following ones will be needed:
• Client.cer
• Client.pfx
• RootRSA.cer
4
• RootRSA.pfx
• Server.cer
• Server.pfx
Certificate Overview
Review the following files and to whom they are issued and where to import them. Proceed with Install Certificates
afterwards.
File Name Issued to Install Location
Client.cer Cloud Connector Client Silverback server
Client.pfx Cloud Connector Client Cloud Connector Server
RootRSA.cer Silverback Root Authority Cloud Connector Server
RootRSA.pfx Silverback Root Authority Silverback Server
Server.cer Silverback Tunnel Certificate Cloud Connector Server
Server.pfx Silverback Tunnel Certificate Silverback Server
INSTALL CERTIFICATES
Import Certificates
As mentioned above we need to import the pairs or certificates into the corresponding Certificate Stores on Cloud
Connector and Silverback server.
Cloud Connector Server

• On your Cloud Connector Server, import the following certificates
• Please mark the Private Key for the Client.pfx as exportable
File Name Issued to Issued By Certificate Store Exportable Key
Client.pfx Cloud Connector Silverback Root Local Computer > Yes
5
Client Authority Personal
Silverback Tunnel Silverback Root Local Computer >

Server.cer No
Certificate Authority Personal
Local Computer >

Silverback Root Silverback Root Trusted Root
RootRSA.cer No
Authority Authority Certification
Authorities
Silverback Server
• On your Silverback Server , import the following certificates
• Please mark the Server.pfx and RootRSA.pfx private key as exportable
Cloud Connector Silverback Root Local Computer >

Client.cer No
Client Authority Personal
Silverback Tunnel Silverback Root Local Computer >

Server.pfx Yes
Certificate Authority Personal
Silverback Root Silverback Root Local Computer >

RootRSA.pfx Yes
Authority Authority Personal
Network Service
• Navigate to your Cloud Connector Server
◦ Right the click the Cloud Connector Client Certificate
▪ Select All Tasks
▪ Click Manage Private Keys
▪ Click Add
▪ Type Network Service
▪ Click Check Names
▪ Click OK
◦ Uncheck Full Control
◦ Click OK
• Navigate to your Silverback Server
◦ Right the click the Silverback Tunnel Certificate Certificate
6
▪ Click Add
▪ Click OK
◦ Click OK
◦ Right the click the Silverback Root Authority Certificate
▪ Click Add
▪ Click OK
◦ Click OK
CONFIGURE SILVERBACK
• Open your Silverback Management Console
• Login as Settings Administrator
• Navigate to Cloud Connector
• Configure Cloud Connector
◦ Enable Send LDAP Request through Tunnel
◦ Enable Request Client Certificates through tunnel (optional)
◦ Enable Exchange Protection (optional)
◦ Add your Client Certificate Thumbprint public key (Silverback Server > Client.cer > Cloud Connector Client)
◦ Add your Silverback Server Tunnel Certificate private key (Silverback Server > Server.pfx > Silverback Tunnel
Certificate)
Tip: Ensure to remove spaces for thumbprints, e.g. 259ad790e3485931b489d6bc6d2ebd7401f597bb
• Press Save
Restart Services
• Open PowerShell with Administrator Privileges
• Type: restart-service w3svc,silv*,epic*,mat*
7
• Click Enter
• Wait until services all services have been restarted
CREATE CONFIGURATION
• Navigate to your Cloud Connector Server
• Open Start Menu
• Under recently added you should Cloud Connector Config Generation
• Confirm with Yes
• Paste your Silverback Tunnel URL
◦ e.g. https://silverback.imagoverum.com/tunnel/
Tip: You find the Tunnel URL in your Silverback Management Console under Settings Admin > Cloud
Connectors
• Click the certificate button next to Client Certificate Thumbprint (private key)
◦ Select your Cloud Connector Client Certificate
◦ Click OK
• Disable Certificate Pinning
• Click the certificate button next to Silverback Server Tunnel Certificate (public key)
◦ Select your Silverback Tunnel Certificate
◦ Click OK
• Disable Encrypt Config Files
• Click Export
◦ Create Make New Folder
◦ Name it e.g. Configuration Files
◦ Click OK
◦ Confirm with OK
• Open on your File Explorer the following path
◦ Configuration Files\SilverbackConfigs\srv\Cloud Connector Client
◦ Copy the following file SilverbackMDM.SilverBack.Service.CCClient.exe.config
◦ Paste the file into the following path C:\Program Files (x86)\Matrix42\Cloud Connector\Service
START SERVICE
• Open Services MMC
• Start Silverback Cloud Connector Service 1
• Start Silverback Cloud Connector Service 2
8
CHECK CONNECTION
Silverback
• Open your Silverback Management Console
• Login as Administrator
• Navigate to Admin
• Select Cloud Connectors
• You should see here now your running Cloud Connectors
Monitoring
Tip: If you are running Silverback 21.0 or older, use the adjusted URL: https://silverback.imagoverum.com/
tunnel/TunnelInfo or press the Cloud Connectors Monitoring link to open the Cloud Connector Logs for reviewing
Clients, Traffic and Errors.
• Open the Log section by clicking the Log icon next to your account name
• Now press Cloud Connector
◦ Select Connectors to review your connected clients
◦ Select Traffic to review Traffic Logs and Errors
CONFIGURE ACTIVE DIRECTORY

• Logout as Administrator
Add Active Directory

• Navigate to LDAP
• Configure your LDAP Connection
◦ Enter your LDAP Server IP Address or FQDN (e.g. dc01.imagoverum.com)
◦ Enter your LDAP Lookup Username
◦ Enter your LDAP Lookup Password
• Press Check LDAP Connection
◦ You should see the confirmation the LDAP server is available
• Click Save
9
• Click OK
Restart Services
• On your Silverback Server, restart services
◦ restart-service w3svc,silv*,epic*,mat*
• Navigate back to your Cloud Connector Server instance
• Restart Silverback Cloud Connector Services
CHECK LOGIN
• Open a second browser or incognito window
• Open Self Service Portal (e.g https://silverback.imagoverum.com/ssp)
• Try to Login with your Active Directory Credentials
NEXT STEPS
• Check our Getting Started Guide
• Check our Administrator Guide
• Check our Certification Authority Integration
• Check our Exchange Protection Integration
10

Cloud Connector Guide II - On-Premise Customers

Uploaded by

Copyright:

Available Formats

Cloud Connector Guide II - On-Premise Customers

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cloud Connector Guide II - On-Premise Customers

Uploaded by

Copyright:

Available Formats

Cloud Connector Guide II: On-Premise Customers

CLOUD CONNECTOR CONFIGURATION

Accounts & Access

Windows Server Windows Server Windows Server Windows Server

• .NET • .NET • .NET • .NET

4.8 Features 4.7 4.6 Features 4.5 Features

Source (from) Destination (to) Port/Protocol

Cloud Connector Silverback 443/tcp

Cloud Connector Domain Controller 389,636,3268,3269/tcp

Cloud Connector DNS Server 53/udp, 53/tcp

Cloud Connector Certificate Revocation Lists 80/tcp

Cloud Connector Domain Controller 464/udp,464/tcp

Cloud Connector Certification Authority 443/tcp

Cloud Connector Certification Authority Random Port above 1023 /tcp

Exchange Protection Integration

Cloud Connector Silverback 443/tcp

DOWNLOAD AND INSTALL

Install Cloud Connector

• Double Click the Cloud Connector executable

• Double Click CloudConnector-v1.1.bat

File Name Issued to Install Location

Client.cer Cloud Connector Client Silverback server

Client.pfx Cloud Connector Client Cloud Connector Server

RootRSA.cer Silverback Root Authority Cloud Connector Server

RootRSA.pfx Silverback Root Authority Silverback Server

Server.cer Silverback Tunnel Certificate Cloud Connector Server

Server.pfx Silverback Tunnel Certificate Silverback Server

Cloud Connector Server

File Name Issued to Issued By Certificate Store Exportable Key

Client.pfx Cloud Connector Silverback Root Local Computer > Yes

Client Authority Personal

Silverback Tunnel Silverback Root Local Computer >

Local Computer >

File Name Issued to Issued By Certificate Store Exportable Key

Cloud Connector Silverback Root Local Computer >

Silverback Tunnel Silverback Root Local Computer >

Silverback Root Silverback Root Local Computer >

Tip: Ensure to remove spaces for thumbprints, e.g. 259ad790e3485931b489d6bc6d2ebd7401f597bb

CONFIGURE ACTIVE DIRECTORY

Add Active Directory

You might also like