Bomgar Vault Server Installation Guide

Similar documents
Privileged Identity App Launcher and Session Recording

Version Installation Guide. 1 Bocada Installation Guide

RED IM Integration with Bomgar Privileged Access

Prophet 21 Middleware Installation Guide. version 12.16

Security Provider Integration SAML Single Sign-On

Security Provider Integration SAML Single Sign-On

GoldMine Connect Installation Guide

Installation on Windows Server 2008

Installation Guide for Pulse on Windows Server 2012

Remote Support Web Rep Console

Ekran System v.6.1 Deployment Guide

Privileged Access Middleware Engine Installation and Configuration

Real-Time Dashboard Integration Bomgar Remote Support

Privileged Access Access Console User Guide 17.1

Privileged Access Management Android Access Console 2.2.2

Security Provider Integration RADIUS Server

Accops HyWorks v3.0. Installation Guide

GoldMine Connect Installation Guide

Security in Bomgar Remote Support

Automation Anywhere Enterprise 10 LTS

Privileged Access Access Console User Guide 18.2

Bomgar Connect Android Rep Console 2.2.6

Security in the Privileged Remote Access Appliance

Smart Cards for Remote Authentication 3. Prerequisites 3. Install the Smart Card Driver 4

HPE Security Fortify WebInspect Enterprise Software Version: Windows operating systems. Installation and Implementation Guide

Ekran System v.5.2 Deployment Guide

Privileged Access Access Console User Guide 18.1

Bomgar Privileged Access Smart Cards

Sage 200c Professional. System Requirements and Prerequisites

Sage 200c Professional. System Requirements and Prerequisites

MITEL. Live Content Suite. Mitel Live Content Suite Installation and Administrator Guide Release 1.1

Bomgar Connect Android Rep Console 2.2.9

NBC-IG Installation Guide. Version 7.2

Microsoft Dynamics CRM Integration with Bomgar Remote Support

Salesforce Integration Use Case

Installation and Deployment Guide for HEAT Service Management

LifeSize Control Installation Guide

JIRA Integration Guide

Installing Dell EMC OpenManage Essentials

Privileged Access Integration Client Guide

How to Use Session Policies

Click Studios. Passwordstate. Installation Instructions

Covene Cohesion Server Installation Guide A Modular Platform for Pexip Infinity Management October 25, 2016 Version 3.3 Revision 1.

Remote Support Jumpoint Guide: Unattended Access to Computers in a Network 4. Recommended Steps to Implement Bomgar Jump Technology 5

Ekran System v.5.5 Getting Started

December P Xerox FreeFlow Core Installation Guide

Oracle Hospitality Simphony Venue Management Installation Guide Release 3.10 E March 2018

PlateSpin Protect 11.2 SP1 Installation and Upgrade Guide. November 2017

Scout Enterprise Dashboard

Storage Manager 2018 R1. Installation Guide

Web Applications Installation. version

Installation Guide Worksoft Certify Execution Suite

Install and upgrade Qlik Sense. Qlik Sense 3.0 Copyright QlikTech International AB. All rights reserved.

KYOCERA Net Admin Installation Guide

Ekran System v.5.5 Deployment Guide

Sage 200c Professional. System Requirements and Prerequisites

A Quick start Guide. Version General Information: Online Support:

Connectware Manager Getting Started Guide

DefendX Software Control-Audit for Hitachi Installation Guide

Security Provider Integration Kerberos Server

Integration Client Guide

Privileged Access Administrative Interface 17.1

Privileged Remote Access Access Console User Guide 18.3

INSTALLATION GUIDE Spring 2017

Proficy Plant Applications 7.0 Quick Install Guide (And Best Practices)

Privileged Identity App Launcher and Session Recording

VMware Notification Service v2.0 Installation and Configuration Guide Configure ENS2 for cloud and on-premises deployments

Dell Storage Manager 2016 R3 Installation Guide

Accops HyWorks v2.5. HyWorks Controller Installation Guide. Last Update: 4/18/2016

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

WhatsUp Gold 2016 Installation and Configuration Guide

XLmanage Version 2.4. Installation Guide. ClearCube Technology, Inc.

Installation Guide Worksoft Analyze

ControlPoint. Advanced Installation Guide. September 07,

OPPM Install and Config Guide. Legal Notices... 49

VMware Notification Service v2.0 Installation and Configuration Guide Configure ENS2 for cloud and on-premises deployments

Bomgar Connect ios Rep Console 2.2.7

LabTech Ignite Installation

Getting Started with. Management Portal. Version

Contents Overview... 5 Types of Installation Configurations... 5 Installation Prerequisites... 9

Remote Support 19.1 Web Rep Console

INSTALLING LYNC SERVER 2013 EE POOL ON WINDOWS SERVER 2012

Application Notes for Installing and Configuring Avaya Control Manager Enterprise Edition in a High Availability mode.

Intel Small Business Extended Access. Deployment Guide

VMware Notification Service v2.0 Installation and Configuration Guide Configure ENSv2 for cloud and on-premises deployments

Installation Guide Blueprint 8.1 Storyteller 2.2

Microsoft Windows Servers 2012 & 2016 Families

VMware Notification Service v2.0 Installation and Configuration Guide Configure ENS2 for cloud and on-premises deployments

Installation Guide. Mobile Print for Business version 1.0. July 2014 Issue 1.0

SafeConsole On-Prem Install Guide. version DataLocker Inc. July, SafeConsole. Reference for SafeConsole OnPrem

PERFORMING A CUSTOM INSTALLATION

Bomgar PA Integration with ServiceNow

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

Privileged Remote Access 18.3 Access Console User Guide

Workspace ONE UEM Notification Service 2. VMware Workspace ONE UEM 1811

SUREedge DR Installation Guide for Windows Hyper-V

Diagnostic Manager Advanced Installation Guide

Security Provider Integration: SAML Single Sign-On

Adlib PDF Enterprise Installation Guide PRODUCT VERSION: 5.3

ControlPoint. Installation Guide for SharePoint August 23,

Transcription:

Bomgar Vault 17.2.1 Server Installation Guide 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners. TC:12/19/2017

Table of Contents Vault Server Installation Guide 3 Prepare Your Environment for Installation 6 Enable Internet Information Services (IIS) for Vault Installation 12 Recommended Optional Steps to Disable SSLv3 16 Install Bomgar Vault 19 Begin Installation 20 CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 2

Vault Server Installation Guide Server Application Specifications The following details reflect the minimum hardware specification requirements for using Vault. Component Specification Processor RAM 2 CPU x 3.0 GHz 2GB Note: The memory requirement represented is for Bomgar Vault operations only. Assign more memory for your operating system and other applications as needed. Disk Cost Network Application - 1GB; Database - approximately 1 to 10GB dependent on number of credentials Fast Ethernet (100Mb) or greater Software Specifications Certain minimum application server and database software is required to use Bomgar Vault. System software requirements for Vault are as follows: Software Requirement Operating Systems Windows Server 2012 Windows Server 2012 R2 (Recommended) Windows Server 2016 IMPORTANT Windows operating system and database versions must be in English US. SQL Server Microsoft SQL Server 2012 Microsoft SQL Server 2014 (Recommended) Microsoft SQL Express 2014 Microsoft SQL Server 2016 Microsoft Internet Information Services (IIS) Internet Information Services (IIS) 8.0 Internet Information Services (IIS) 8.5 (Recommended) Internet Information Services (IIS) 10 Microsoft.NET Framework.NET Framework 4.7 Browsers Chrome for Windows 8.1 Internet Explorer for Windows 8.1 Edge for Windows 10 CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 3

Note: If using SQL Express, please review the sizing guidelines below and other important considerations in the prerequisites section of this document. Note: Bomgar Vault is not compatible with IPv6. Supported Platforms for Vault Users Note: This table allows you to compare which platforms support which Bomgar Vault capabilities. Please discuss your specific platform support needs with your Bomgar sales representative. Bomgar Vault enables centralized access controls through two specific capabilities: password check and rotate password. 2012 Password Check: The system periodically validates the credentials. You may configure notifications to send if any problem occurs. Rotate Password: The system changes the password either periodically or when a specified event occurs. Multi-Platform Support 2012r2 2016* Password Check Windows Server Rotate Password 7 Windows Desktop 10* Ubuntu 15.10 SSH RedHat 7 2014 11g 5.5.x Microsoft SQL Oracle MySQL 5.6.x 5.7.x Active Directory LDAP CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 4

Windows 10 and Windows Server 2016 Limitations * Microsoft implemented additional UAC filter controls in Windows 10 and Windows Server 2016 to reduce the attack surface for Pass The Hash attacks. Therefore, by default, Bomgar Vault limits credential rotation on these platforms and allows only the following scenarios and combinations: The Windows endpoint IS a domain-joined computer. Account Credential Manager Validation Rotation Local user Built-in administrator X X Local user Domain administrator X X Local admin user (not built-in admin) Built-in administrator X X Local admin user (not built-in admin) Domain administrator X X Built-in admin <none> X X Built-in admin Domain admin X X The Windows endpoint IS NOT a domain-joined computer (workgroup). Account Credential Manager Validation Rotation Local user Built-in administrator X X Local admin user (not built-in admin) Built-in administrator X X Built-in admin <none> X X Windows 10 and Windows Server 2016 Scenarios and Recommended Best Practices Scenario: Rotating a Windows local account on a domain machine with a manager credential. For best results, use a domain administrator 1 as the manager credential. A secondary option is to use the machine's built-in administrator account 2. Scenario: Rotating a Windows local account on a workgroup machine with a manager credential. For best results, use the built-in administrator as the manager credential. Scenario: Rotating a Windows local account on a domain machine or a workgroup machine without a manager credential ( i.e., account rotating itself): In general, self-rotation for users other than the built-in administrator are not expected to work in any case. Self-rotation works on older Windows versions, like Windows 7, Windows Server 2012, and Windows 2012 r2, but does not work on newer Windows versions. 1 You can also use a domain user who is a member of the machine's administrator group. 2 This is a secondary recommendation because the built-in administrator account can be disabled. Depending on the organization's group policies, the built-in administrator could be subjected to remote UAC filtering. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 5

Prepare Your Environment for Installation Use this guide to begin installation of Bomgar Vault. The Vault installation wizard verifies Vault access to the necessary system components. To ensure a trouble-free installation, have all the required components in place before you begin. You must install Windows Server 2012 or later as specified in the system requirements. Note also that a domain is required to complete the Vault installation. While it is possible to install Vault on a domain controller, we highly recommend that the Vault server have no other critical roles. Note: This information assumes you have a basic understanding of centralized network management and are installing Bomgar Vault in a standard configuration. If you have installation questions or need assistance, please contact Bomgar Technical Support at help.bomgar.com. IMPORTANT If the Windows server upon which Vault is operating has security settings configured to use FIPS-compliant algorithms for encryption, hashing, and signing, the installation of the Vault application will not be successful. For more information, please see Why We re Not Recommending FIPS Mode Anymore at https://blogs.technet.microsoft.com/secguide/2014/04/07/whywere-not-recommending-fips-mode-anymore/. SQL Server 2014 Prerequisites To install Bomgar Vault, certain requirements must be met. Please verify that you have these major components before proceeding Create a Bomgar Vault service account that is used for installing and running the Bomgar Vault application services and application pool. The Bomgar Vault Service Account needs to be a domain account with the following permissions: A member of the Domain Users group. A member of the local administrators groups on the host server of the Bomgar Vault application. Logon as a service permission (as of Vault version 16.1.6 the installer attempts to grant permission automatically). The following permission is needed in the SQL Server hosting the Vault databases: DB_Creator - This role is needed during the installation in order to create the Bomgar Vault and Maintenance databases. The DB_Creator role can be unassigned from the service account after installation is complete. If the installation is not executed as the Bomgar Vault Service Account, it may be necessary to manually add the DB_Owner role to the Bomgar Vault Service Account within SQL Server. Read/Write access to the physical file path on the SQL Server where backup files are stored during Bomgar Vault software upgrades..net Framework.NET.NET 4.7 is required for Vault. IPv6 IPv6 needs to be DISABLED on the host server for the Bomgar Vault application. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 6

p re BOMGAR VAULT 17.2.1 SERVER INSTALLATION GUIDE SQL Server Bomgar Vault uses Microsoft SQL as its database back-end. Please verify that the server on which you wish to install Vault is able to connect to your SQL Server. We recommend that you do not install SQL Server on the same server as the Bomgar Vault application, as a security best practice. However, Bomgar Vault is fully functional when deployed in this manner. Configuration IMPORTANT Windows operating system and database versions must be in English US. 1. Set up a MS SQL server instance (already joined to the domain). 2. Add a login to the SQL server for the vault_service account, with appropriate permissions. 3. Add the Server role of dbcreator and dbowner to that Vault database user. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 7

SQL Server Express 2014 Prerequisites Bomgar Vault can use Microsoft SQL Express 2014 for certain types of deployments. If you are installing Vault as part of a proof of concept (POC) or are leveraging Vault in a limited capacity that falls into the sizing guidelines below, then SQL Express can be used. Some important factors to consider when using SQL Express 2014 are: SQL Express is not capable of supporting native SQL High Availability SQL Express is limited to the following hardware restrictions that could hinder performance when scaling: o o o Single CPU (4 cores allowed) 1 GB of RAM Max database size 10 GB The supported sizing guidelines of a Vault deployment using SQL Server Express 2014 are: o o o o SQL Express 2014 on Windows 2012 R2 15 users 50 endpoints 500 passwords The following database permissions are required: The user executing the Vault installer must be assigned the DB_Creator system privilege. The account running the application pool must possess the DB_Owner database privilege for the Vault database. The account running services must possess the DB_Owner database privileged for the Vault database. The user upgrading the Vault application via the installer must be assigned the Sysadmin privilege. This is required only if you wish to create a backup during installation. Bomgar recommends executing installation and upgrades as the Vault services account user because the account naturally becomes the database owner. If not, it is essential that the DB_Owner privilege be added post-installation. This is also required post-installation for any of the following scenarios as well: Upgrading a Vault installation connected to integrated security. The user installing the application is not the account running the application pool and services. The user upgrading also needs permission on the ccurent Vault database. Configuration IMPORTANT Windows operating system and database versions must be in English US. 1. Download SQL Express Server 2014 from Microsoft here: Microsoft Download Center at https://www.microsoft.com/en- US/download/details.aspx?id=42299. 2. Run the executable file to begin installation. During the installation, choose all default settings. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 8

3. Depending on your needs, select to install a new SQL Express Server installation or to upgrade an existing installation. 4. Check the box labeled I accept the license terms and click Next. 5. Choose the default feature selection and directory settings and click Next. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 9

6. Ensure that the Instance Configuration is set to Named instance: SQLExpress and Instance ID: SQLEXPRESS. 7. Accept the default settings for Server Configuration. 8. Accept the default settings for Database Engine Configuration. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 10

Other Requirements Internet Information Services (IIS) IIS is the web server used for Vault. Setting up IIS for Vault is detailed in Enable Internet Information Services for Vault Installation at www.bomgar.com/docs/vault/installation/server-installation/install-iis. Secure Sockets Layer (SSL) Bomgar integrations require SSL to use Vault. Note: During a proof of concept (POC), a self-signed certificate can be used. See Create a Self-Signed Server Certificate in IIS 7 at https://technet.microsoft.com/en-us/library/cc753127(v=ws.10).aspx for instructions on creating a self-signed certificate. Import your SSL certificate at the server level in IIS. You must import both the certificate and the private key to the server. After Vault installation is complete, you are able to bind the certificate to the Vault instance in the IIS interface. Note: SSL configuration is outside of the Bomgar Vault installation. We recommend that you test to ensure that the default website works with SSL communication before installing Vault. SQL Server Configuration For proper operation, Bomgar Vault requires that the SQL instance uses a static port assignment. Additionally, ensure that network and host layer firewalls are appropriately configured to allow for TCP 1433. As of Vault version 16.1.6, the application only supports using the default named instance of a SQL deployment. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 11

Enable Internet Information Services (IIS) for Vault Installation It is important to verify some basic system requirements. One of these requirements is the IIS application. Internet Information Services (IIS) Manager enables you to configure, control, and troubleshoot IIS and ASP.NET. Ensure that IIS is running and accurately configured and is using SSL for the default website. To install Vault, you must have IIS on your web server with a minimum set of required features. Note that, in general, an existing web server installation already has the features enabled you need to use Vault. Otherwise, you can use the Windows Server Manager to add IIS and the required related web platform technologies to your server instance. Verify installation of the required features, as generally described below. Note: Depending on your server version, the Server Manager user interface may appear differently than the screen shots below. 1. Start the Server Manager. Go to Manage and select Add Roles and Features. 2. Next, choose your server, and then select Server Roles from the left-hand menu. You are making this server an IIS server. The specific set of roles needed are detailed for you in the following sections. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 12

3. Add the Web Server roles and associated features. Verify that each set of features contained in the overarching web server role is correctly enabled. Verify that the correct Common HTTP Features are enabled. Note that you do not need HTTP Redirection unless you are setting up SSL on your site and wish to forward nonsecure requests to your secure site. Verify that the Health and Diagnostics feature indicates that HTTP Logging is selected. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 13

Verify that the Performance feature indicates that Static Content Compression is selected. Verify that the following three Security features are selected: Request Filtering, Basic Authentication, and Windows Authentication. Verify that the following Application Development features are selected:.net Extensibility 3.5,.NET Extensibility 4.5, ASP, ASP.NET 3.5, ASP.NET 4.5, CGI, ISAPI Extensions, and ISAPI Filters. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 14

Verify that the Management Tools feature indicates that IIS Management Console, IIS Management Scripts and Tools and Management Service are selected. 4. Select Features from the left-hand menu. Verify that the.net Framework 3.5 and.net Framework 4.5 features are enabled. ASP.NET 4.5 should also already be enabled in the.net Framework 4.5 feature set. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 15

Recommended Optional Steps to Disable SSLv3 As a best practice, it is recommended to disable SSLv3. Vulnerability scanners often flag and classify the use of SSLv3 as a medium risk to your organization. The following steps explain how to disable SSLv3 on your IIS server. 1. Open the registry editor and run it as an administrator. In the Start menu search field, type regedit.exe. Right-click on regedit.exe and click Run as administrator. 2. In the registry editor window, go to HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\ Control\ SecurityProviders\ Schannel\ Protocols\. 3. In the navigation tree, right-click on Protocols, and in the popup menu, click New > Key. 4. Name the key SSL 3.0. 5. In the navigation tree, right-click on the new SSL 3.0 key that you just created, and in the pop-up menu, click New > Key. 6. Name the key Client. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 16

7. In the navigation tree, right-click on the new SSL 3.0 key again, and in the pop-up menu, click New > Key. 8. Name the key Server. 9. In the navigation tree, under SSL 3.0, right-click on Client, and in the pop-up menu, click New > DWORD (32-bit) Value. 10. Name the value DisabledByDefault. 11. In the navigation tree, under SSL 3.0, select Client and then, in the right pane, double-click the DisabledByDefault DWORD value. 12. In the Edit DWORD (32-bit) Value window, change the value to 1 in the Value Data and then click OK. 13. In the navigation tree, under SSL 3.0, right-click on Server, and in the pop-up menu, click New > DWORD (32-bit) Value. 14. Name the value Enabled. 15. In the navigation tree, under SSL 3.0, select Server and then, in the right pane, double-click the Enabled DWORD value. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 17

16. In the Edit DWORD (32-bit) Value window, leave the value at 0 in the Value Data and then click OK. 17. Restart your Windows Server. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 18

Install Bomgar Vault After the Bomgar Vault system prerequisites are in place, you are ready to start the Vault installer. You must be running Windows Server 2012 or later. The Vault installation wizard verifies that all system components are in place before performing the installation. Obtain Bomgar Vault Installation Files Use the files provided by Bomgar Support to begin installation. Place the license file where you can access it later during installation. Among the files included in your installer package are these files: license.lic (license file needed after logging into Vault for the first time) Installation binaries (Vault Installation Wizard) Set Up the Vault Application Server IMPORTANT Windows operating system and database versions must be in English US. 1. Ensure that the IIS prerequisite has been met on the application server. Note: Ensure that IIS is configured to use SSL. 2. Set the Vault service account as allowed to log on as a service on the application server, and ensure that IPV6 is disabled on the host server. 3. Test the connection to the SQL Server from the application server. Note that you may need to sign into the application server as the Vault service account. The best way to confirm connectivity is to launch SQL Management from the application server and make sure you can access the SQL database server. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 19

Begin Installation Note: When installing Bomgar Vault, run the installer as an administrator in a console session or, optionally, with the admin switch via Remote Desktop Protocol (RDP). Ensure that no other applications are running during installation. View Installer Instructions and EULA 1. Accept the End User License Agreement on the next page. Click Accept and Continue. 2. Choose what components you would like to install. Then click Next. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 20

Installer Verification When you start the installation wizard, Bomgar Vault automatically verifies that all required system components are installed and accessible. 3. Once the installer detects the required system components, click Next. Note: You are not allowed to proceed with installation if even one required component is missing. Resolve any items marked Not Detected and proceed with installation. Identify the Vault Application and Application Pool 4. Complete the fields on the Bomgar Vault Settings page, as described in the table below. Click Next when all fields are complete. Label Installation Directory Vault Website FQDN IIS Application Name Application Pool Description The location in which you intend to install the Bomgar Vault application. The path should not already exist. Note that the application name you selected is appended to this path. The recommended value is C:\Program Files\Bomgar\. Enter in the URL from which your Vault instance will be accessible. Name of the application in IIS. Application pools are groups of one or more URLs served by one or more worker processes. You must create a new application pool. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 21

Label Application Pool Name Account Type Description Type in the name of the application pool designated for the Vault application. Select whether you are using a Local System or Domain for the account type. Create Your Private Encryption Key 5. Complete the encryption key page to make Vault recoverable. Sensitivee data in the Bomgar Vault database is encrypted using this key. The key typically is needed only in case of disaster recovery, and you are free to use whatever strings you like for the key. It is not used for routine administration of Vault. Note: As a best practice for disaster recovery, after you have successfully installed Vault, you should back up the install directory on the Vault app server. Be sure to include the encrypted files in a decrypted state. Move the backup to a secure location. 6. Click Re-Generate to repopulate the field automatically. 7. Click Next when you are ready to proceed. IMPORTANT Note: We recommend that you do not store your encryption keys digitally. Rather, best practice is to make a hard copy of the keys and store it safely in more than one physically secure location. You cannot recover access without your encryption key. Configure the Primary Database 8. On the Database configuration page, enter the information in the required fields, described in the table. The section refers to your main Vault database. 9. Click Next to continue. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 22

Label Server Name Instance Description Enter the name of your Vault database server. This connection information must match what you used to test your database connection using the test.udl file. Input the name of your SQL instance. Default SQL instances should have no name. This field can be left blank. Note: If using Microsoft SQL Express, specify localhost as the server name and SQLExpress as the instance name. Database Name Integrated Security? Enter the name of the main database where all of your Vault information is stored. When connecting to the database server to create the database, checking Integrated Security uses the credentials under which the IIS application pool runs. Set the Default Service Configuration 10. Select the account typeand specify the service account username and password. If the Vault service runs as a named account, that account must have rights to manage services, log in as a service, access the Vault installation files, and write to the database. Note: If using SQL Server Express, you can choose Use Local System as the service account. Specify the Initial Vault User CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 23

11. On the initial Vault user page, enter the username of the account that first logs into Vault. Enter the AD account you created earlier to be the first administrative account in Vault. It should be entered in the following format: domain\username. Next, click Check. The information is pulled in from Active Directory and displayed on the page for your verification. Instead of using an AD account, you can choose to create a local account. Select Local and enter in the User and Password. 12. Click Next to review installation settings on the next page. Click Install. Click Ok. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 24

Monitor the Installation Process 13. The installer displays the status of your installation, and a dialog advises you of the installation status. Click OK to finish. 14. Click Go to Application to log into Vault or Finish to quit the installer. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 25

15. After completing the installer, there are four Vault Windows Services running under the service account specified during installation. These three services are: Vault - Scheduler Service This service manages automatic and periodic tasks. Vault - Dispatcher Service: This service is responsible for sending emails generated by the Vault application. Vault - Remote Service: This service manages the credential rotation and validation processes. Begin Configuring Vault Access Bomgar Vault using the URL and the initial Vault user automatically configured by the installer. Note: Remember to set up SSL on your site before using it in production. Note: As a best practice for disaster recovery, after successfully installing Vault, back up the install directory on the Vault app server. Be sure to include the encrypted files in a decrypted state. Move the backup to a secure location. Upload the License File When logging into Vault for the first time, you are asked to upload the license file received in your installation package. 1. Click Upload File. 2. Select the file from your computer. 3. Click Open. 4. Click Update License. Then you can begin configuring Vault users and credentials. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback