Installing the Collector for a Proof of Value

Overview

Applies to platforms | Windows | macOS |

Starting from V6.6 of the Windows Collector and V6.16 for the Mac Collector, the installation of the Collector requires two additional parameters from the primary Appliance:

  • The Customer Key.

  • The Root Certificate.

These parameters ensure the security of the TCP communications of the Collectors with the Appliances. In the context of a proof of value (PoV) however, it is customary to deploy a few Collectors before having installed the primary Appliance. As the primary Appliance is needed to generate both the Customer Key and Root Certificate, it is not possible though to install the Collectors before having one primary Appliance ready.

To solve this problem, the following method lets you to create a Customer Key and a Root Certificate from an ad hoc primary Appliance and later transfer the same Customer Key and Root Certificate to the actual primary Appliance that the customer will use in production.

Generating a Customer Key and Root Certificate in the ad hoc Appliance

To generate the Customer Key and Root Certificate:

  1. Set up a Nexthink Appliance including both the Portal and the Engine in an environment that you control. To avoid possible conflicts, preferably install the same version of the Appliance that will later be used in production.

    • You can use, for instance, the Appliance distributed with the official Nexthink Demo kit.

  2. Download the script for generating a new Customer Key and Root Certificate: gen_rck.sh.

  3. Copy the script to your controlled Appliance using any SCP tool.

  4. Log in to the CLI of the Appliance.

  5. Execute the script as root and verify in the output message that a new Root Certificate and Customer Key are generated:

sudo sh gen_rck.sh

  1. Open a web browser and log in to the Web Console of the Appliance as admin.

  2. In the Appliance tab, select the Collector management section on the left-hand side menu.

  3. Under Collector default certificates at the bottom of the page, click the button BACKUP CERTIFICATE AND KEY to get a backup of the generated Root Certificate and Customer Key. The backup file has the name root-ca-backup.tgz. You will later use this file to transfer the Root Certificate and Customer Key to the production Appliance.

Installing the Collectors

After generating the Root Certificate and Customer Key, use them to install the Collectors for your PoV:

  1. Open a web browser and log in to the Web Console of the Appliance as admin.

  2. In the Appliance tab, select the Collector management section on the left-hand side menu.

  3. Look for the section Collector default certificates at the bottom of the page.

    1. Click the button DOWNLOAD CUSTOMER KEY to get the file Nexthink-customer-key.txt.

    2. Click the button DOWNLOAD DEFAULT ROOT CERTIFICATE to get the file Nexthink-root-ca.txt.

    3. Click Yes in the dialog that shows up to confirm the download.

  4. Use the downloaded files for installing the Collectors by means of any of the available methods.

When installing the Collectors, use the appropriate name or IP address to point to your controlled Appliance.

Deploying the Customer Key and Root Certificate in the production Appliance

Once your PoV has been successfully completed and the customer has installed the definitive primary Appliance to be used in production, deploy the generated Root Certificate and Customer Key in the production Appliance:

  1. Copy the backup file root-ca-backup.tgz to the primary Appliance using any SCP tool.

  2. Download the script for deploying the Customer Key and Root Certificate: deploy_rck.sh.

  3. Copy the script to the primary Appliance using any SCP tool.

  4. Execute the script as root, passing the backup file as argument. sudo sh deploy_rck.sh root-ca-backup.tgz

  5. Open a web browser and log in to the Web Console of the primary Appliance as admin.

  6. In the Appliance tab, select the Network Parameters section on the left-hand side menu.

  7. Type in the External DNS name and the Internal DNS name of the primary Appliance.

  8. If the Portal and the Engines are hosted in different Appliances (the primary Appliance is not in a primary / secondary configuration itself):

    1. In the Appliance tab, select the Federated appliances section on the left-hand side menu.

    2. Remove all Engines from the list of federated appliances (if any) by repeatedly clicking the Delete link to the rightmost side of each entry.

    3. Log in to the Web Console of the Appliance hosting one of the Engines that you want to federate as admin.

    4. In the Appliance tab, select the Network Parameters section on the left-hand side menu.

    5. Type in the External DNS name and the Internal DNS name of the secondary Appliance (Engine).

    6. Repeat the previous three steps for every Engine that you want to federate.

  9. Back to the Web Console of the primary Appliance, select the Collector management section on the left-hand side menu.

  10. Click the button GENERATE CERTIFICATE that is displayed in red.

  11. If your Engines reside in separate secondary Appliances, federate them now:

    1. Select the Federated appliances section on the left-hand side menu.

    2. Click ADD APPLIANCE to add a new secondary and provide the necessary information.


RELATED TASKS

Last updated