Installing the Collector for a POC

Contents

Installing the Collector for a POC

Overview

Starting from V6.6 of the Windows Collector and V6.16 for the Mac Collector, the installation of the Collector requires two additional parameters from the master Appliance:

  • The Customer Key.
  • The Root Certificate.

These parameters ensure the security of the TCP communications of the Collectors with the Appliances. In the context of a proof of concept (POC) however, it is customary to deploy a few Collectors before having installed the master Appliance. As the master Appliance is needed to generate both the Customer Key and Root Certificate, it is not possible though to install the Collectors before having one master Appliance ready.

To solve this problem, the following method lets you to create a Customer Key and a Root Certificate from an ad hoc master Appliance and later transfer the same Customer Key and Root Certificate to the actual master Appliance that the customer will use in production.

Applies to platforms: PlatformWindows.png PlatformMac.png

Generating a Customer Key and Root Certificate in the ad hoc Appliance

To generate the Customer Key and Root Certificate:

  1. Set up a Nexthink Appliance including both the Portal and the Engine in an environment that you control. To avoid possible conflicts, preferably install the same version of the Appliance that will later be used in production.
    • You can use, for instance, the Appliance distributed with the official Nexthink Demo kit.
  2. Download the script for generating a new Customer Key and Root Certificate: gen_rck.sh.
  3. Copy the script to your controlled Appliance using any SCP tool.
  4. Log in to the CLI of the Appliance.
  5. Execute the script as root and verify in the output message that a new Root Certificate and Customer Key are generated:
    sudo sh gen_rck.sh
  6. Open a web browser and log in to the Web Console of the Appliance as admin.
  7. In the Appliance tab, select the Collector security section on the left-hand side menu.
  8. Click the button DOWNLOAD under Certificate and key backup to get a backup of the generated Root Certificate and Customer Key. The backup file has the name root-ca-backup.tgz. You will later use this file to transfer the Root Certificate and Customer Key to the production Appliance.

Installing the Collectors

After generating the Root Certificate and Customer Key, use them to install the Collectors for your POC:

  1. Open a web browser and log in to the Web Console of the Appliance as admin.
  2. In the Appliance tab, select the Collector security section on the left-hand side menu.
  3. Click the button DOWNLOAD CUSTOMER KEY to get the file Nexthink-customer-key.txt.
  4. Click the button DOWNLOAD DEFAULT ROOT CERTIFICATE to get the file Nexthink-root-ca.txt.
    1. Click Yes in the dialog that shows up to confirm the download.
  5. Use the downloaded files for installing the Collectors by means of any of the available methods.

When installing the Collectors, use the appropriate Engine name or IP address to point to your controlled Appliance.

Deploying the Customer Key and Root Certificate in the production Appliance

Once your POC has been successfully completed and the customer has installed the definitive master Appliance to be used in production, deploy the generated Root Certificate and Customer Key in the production Appliance:

  1. Copy the backup file root-ca-backup.tgz to the master Appliance using any SCP tool.
  2. Download the script for deploying the Customer Key and Root Certificate: deploy_rck.sh.
  3. Copy the script to the master Appliance using any SCP tool.
  4. Execute the script as root, passing the backup file as argument.
    sudo sh deploy_rck.sh root-ca-backup.tgz
  5. Open a web browser and log in to the Web Console of the master Appliance as admin.
  6. In the Appliance tab, select the Network Parameters section on the left-hand side menu.
  7. Type in the External DNS name and the Internal DNS name of the master Appliance.
  8. If the Portal and the Engines are hosted in different Appliances (the master Appliance is not in a master / slave configuration itself):
    1. In the Appliance tab, select the Federated appliances section on the left-hand side menu.
    2. Remove all Engines from the list of federated appliances (if any) by repeatedly clicking the Delete link to the rightmost side of each entry.
    3. Log in to the Web Console of the Appliance hosting one of the Engines that you want to federate as admin.
    4. In the Appliance tab, select the Network Parameters section on the left-hand side menu.
    5. Type in the External DNS name and the Internal DNS name of the slave Appliance (Engine).
    6. Repeat the previous three steps for every Engine that you want to federate.
  9. Back to the Web Console of the master Appliance, select the Collector security section on the left-hand side menu.
  10. Click the button GENERATE CERTIFICATE that is displayed in red.
  11. If your Engines reside in separate slave Appliances, federate them now:
    1. Select the Federated appliances section on the left-hand side menu.
    2. Click ADD APPLIANCE to add a new slave and provide the necessary information.