Install connector in other environments

Install a connector in an OpenStack environment/KVM environment

Install an Enterprise Application Access (EAA) connector in an OpenStack or KVM environment.

Prerequisite:
Admin rights to access OpenStack services such as Glances, Horizons, and others.

  1. Create and download a connector in EAA.

  2. In Connector Package select OpenStack/KVM.

  3. Extract the image file you downloaded in previous steps to a known location.

  4. Transfer the downloaded connector image file to the OpenStack Glances server.

  5. Log in to an SSH session on the Glances server.

  6. Enter the command to convert the downloaded image file format to the Qcow2 image format:

qemu-img convert -f raw -O qcow2 image.img image.qcow2

Install a connector in a Microsoft Hyper-V environment

Prerequisite:
Make sure your Microsoft Hyper-V environment is setup with sufficient compute and storage resources.

The connector footprint is as follows:

RequiredRecommended
ProcessorsIntel-VT or AMD-V with hardware virtualization enabled four cores
Memory (RAM)8 GB
Storage16 GB
Network1 vNIC. 1 GB/s, static IP address or dynamic IP assigned from DHCP server, DNS

If you access browser based applications, configure connector with 4 vCPUs, 8 GB RAM and 40 GB storage space at a minimum.

  1. Create and download a connector in EAA.

  2. Open your Microsoft Hyper-V management console and import the downloaded .vhd file into your Hyper-V environment.

  3. In Microsoft Hyper-V Manager, create a new VM. A wizard opens to guide you through the process.

  4. Specify a name for the connector VM.

  5. Select the appropriate settings for Generation (Generation 1 for connector).

  6. Configure the memory for the connector (8 GB).

  7. Select the NIC for the connector to communicate with the internal network, which should have a route to the Internet and be able to communicate with the EAA service.

  8. Specify the location where you downloaded and saved the .vhd file.

  9. Verify the configuration in Summary and click Finish.

  10. Start your connector VM.

  11. Return to Enterprise Center and verify that the connector shows the private and public IP addresses assigned to it.

  12. Click Need your approval. Wait while the EAA service verifies the connector.
    Connector runs on Microsoft Hyper-V server.

Install a connector in Amazon Web Services

Create an EAA connector Amazon Machine Image (AMI) in your Amazon Web Services (AWS) environment.

The connector does not receive traffic from outside but it may need to connect to EAA cloud instances for configuration and other data. Make sure the security group associated with the connector is set up with the following policy:

  • Outgoing traffic: Allow all.

  • Incoming traffic: Deny all.

  1. Create and download a connector in EAA.

  2. Log in to Enterprise Center.

  3. In the Enterprise Center navigation menu, select Application Access > Clients & Connectors > Access and Identity Connectors.

  4. Select your connector for AWS to open it. It's package type should be: Amazon AWS EC2/VPC.

  5. Download the CloudFormation template.

  6. Log in to your AWS console and select AWS services menu > AWS CloudFormation > CREATE STACK.

  7. Under Create Template, select Upload a template to Amazon S3.

  8. Click Choose File.

  9. Select the downloaded CloudFormation template.

  10. Enter a stack name, NAT instance type, VPC ID, and subnet information and click Next.

    ūüďė

    For the NAT instance type, a recommended minimum is m4.xlarge.

  11. Complete the configuration of tags, storage, and other features as needed. Since AWS does not use swap space for storage use a minimum of 16 GB RAM.

  12. Click CREATE. Once the stack creation is complete, the connector instance starts and automatically connects to the EAA cloud.

  13. Return to Enterprise Center.

  14. In the Enterprise Center navigation menu, select Application Access > Clients & Connectors > Access and Identity Connectors.

  15. Select your AWS connector VM and click Approve.

Install a Docker-based connector

Set up ‚ÄčControl Center‚Äč connector as a Docker image on a Docker-ready environment.

Prerequisite:
Installed Docker. Enterprise Application Access (EAA) connectors installed as Docker containers require a Docker-ready OS environment.

ūüďė

Client-access applications cannot be attached to a Docker-based connector. For RDP and SSH, make sure you choose browser-based applications for docker to support.

  1. Create and download a connector in EAA.

a. In your Docker environment, open a terminal window.

b. Go to the downloaded Docker container.

c. Unzip the Docker image:

  $ gunzip <Connector_docker_image_filename.tar.gz>

d. Load the image into Docker:

  $ sudo docker load -i <Connector_docker_image_filename.tar>

e. Check that the image is loaded properly and find the <docker_image_name>:

  $ sudo docker images

f. Create a docker volume to persist runtime updates:

  $ sudo docker volume create <Volume_Name>

g. Run the Docker image:

  $ sudo docker run --name <Connector_Name> --restart=always --volume <Volume_Name>:/opt/wapp -d <docker_image_name>

h. Confirm that the Docker-based container is running:

  $ sudo docker ps
  1. Return to Enterprise Center and verify that the connector shows the private and public IP addresses assigned to it.

a. Click Need your approval hyperlink. Wait while the EAA service verifies the connector.
A success message appears. Docker-based connector runs as a container.

  1. To prevent abnormal behavior in the event of the agent being restarted, commit the connector to a new image:

    $ sudo docker commit <Connector_Container_ID> <new_image_name>
    
  2. Replace <new_image_name> with the name of your connector.
    Docker-based connector now runs as a container on your server, and you can add your applications and secure them with Enterprise Application Access.

Install a connector in a Google Cloud Platform environment

  1. Log in to Enterprise Center.

  2. In the Enterprise Center navigation menu, select Application Access > Clients & Connectors > Access and Identity Connectors.

  3. Click on the + sign on the top right of the page to add a new Connector. Enter a Name, Description and select the Google GCE package.

  4. In the Google Cloud menu, navigate to Cloud Storage > Browser. Create or select an existing bucket and upload the connector-id.tar.gz file.

  5. Create an image using the connector-id.tar.gz file. Click Compute Engine > Images > Create Image.

  6. Enter a name for the connector.

  7. In Source Type select Cloud Storage File.

  8. Click Browse and select the bucket that contains the tarball file.

  9. Spawn an instance using the new image. Select the image name and click Create Instance.

  10. Enter a name for the instance, select the zone, and make sure the Machine Type is n2-standard (recommended minimum is 2 vCPU with 8 GB memory for connectors).
    Make sure the image has the correct connector image.

  11. Make sure the connector has Internet connectivity. Assign Ephemeral or New static IP address.

  12. Click Create. GCP creates and boots up the connector instance in Google Cloud.
    The connector connects to the EAA cloud.

  13. Return to Enterprise Center.

  14. Select the connector labeled GCEtest.

  15. Click Approve (thumbs up icon)
    Connector runs in the Google Cloud Platform environment.

Install a connector in a Microsoft Azure environment

Prerequisites:

  • Set up Microsoft Azure account and billing.

  • Make sure an Azure administrator created a resource group necessary for template deployments. If not, to create a resource group, refer to the Microsoft Azure documentation on managing resource groups in Azure portal.

ūüďė

A minimum size of Standard_F4s_v2 is required to secure any type of application.

  1. Create and download a connector in EAA.

  2. Log in to your Microsoft Azure portal.

  3. Deploy the EAA connector template in Azure. Select New.

  4. In the search field, type template deployment and select Template deployment.

  5. In Template Deployment select Create.

  6. In Custom deployment select Build your own template in the editor.
    Edit template appears.

  7. Replace all properties and elements in the template file with the contents of the connector file:

    1. Manually delete everything in the template file.

    2. Paste the contents of the connector file.

    3. Click Save.

  8. Configure the basic settings:

    1. In Subscription select a type of subscription.

    2. For Resource select Use existing, and in the menu, select your resource group.

    3. In Location select the location where resources are located.

  9. In Settings configure the following:

    1. In Vnet Resource Group enter the resource group of the virtual network.

    2. In Admin Password enter the administrator password of the virtual machine.

    3. In Subnet Name enter the name of the subnet in the virtual network.

    4. In Admin Username enter the administrator's username of the virtual machine.

    5. In Existing Virtual Network Name enter the name of the virtual network.

  10. Review the Terms and Conditions and select I agree to the terms and conditions stated above.

  11. Select Purchase.

Next, verify that the connector was successfully created in Microsoft Azure or deploy a second Azure template.

Verify that the connector was successfully created in Microsoft Azure

Verify that the connector is successfully created in Microsoft Azure and runs in Enterprise Application Access.

  1. To check if the virtual machine was created in Microsoft Azure log in to your Microsoft Azure portal.

    1. In the Microsoft Azure menu click Virtual Machines.

    2. Check if the virtual machine appears and is running.

  2. To check if the connector is running in Enterprise Center, log in to the Enterprise Center.

  3. In the Enterprise Center navigation menu, select Application Access > Clients & Connectors > Access and Identity Connectors.

  4. Verify that the connector you created shows the private and public IP addresses. The system asks you to approve the connector. Click Click here to approve.
    Wait until service verifies the connector. A success message appears. Connector runs.