UEM Agent I: Configure HTTPS communication
Overview
This guide will provide you a fast forward progress to enable the basic HTTPS communication for your client to server communication. There a two different reasons why you want to enable the UEM Communication over HTTPS. First and for security reasons, you want have an encrypted communication between the clients and the server and second is that your clients might be connected outside your corporate network and managed through the modern management layer with Matrix42 Silverback. If your clients are only in the internal network, you can also connect the clients via SMB and skip the setup for enabling the HTTPS communication.
Prerequisites
- A *.pfx bundle with a valid SSL certificate for encrypted communication
- A configured Agent Template
- Access to your Empirum Server via RDP
- Administrative credentials for your Empirum Management Console
- If the UEM Agent should use a certificate based authentication instead of user/password a PKI infrastructure and additional settings are required. Please see the know-how center article.
Empirum Server
- Connect via RDP to your Empirum Server
Import your SSL Certificate
- Right click your SSL Certificate PFX
- Press Install PFX
- Select Local Machine
- Press Next
- Click Yes to confirm to make changes to your device
- Press Next
- Enter your Password for the private key
- Proceed with Next
- Press Next
- Click Finish
- Confirm with OK
Record your Thumbprint
- Open certlm.msc
- Navigate to Local Computer
- Select Personal
- Select Certificates
- Double Click on your Certificate
- Select Details
- Scroll down to Thumbprint
- Copy the thumbprint into your clipboard or any Text Editor
Empirum Management Console
- Open Empirum Management Console
- e.g. Matrix42 Management Console (EMC)
- or Empirum Web Console (EWC)
- Login with your Administrative credentials
Configure Subdepot Variables
- In the middle pane, locate your Empirum Server Group
- Perform a right click on your Empirum Server Group
- Select Variables
- Double-click Subdepot
- Configure the following values:
You can review all variables configurations here: Variables
| Variable | Value | Description |
|---|---|---|
| ROOTPATH | e.g. C:\Empirum | Specifies the local Empirum directory on the destination server. |
| USER_1 | e.g. IV\agentuser | Specifies the user(s) used to launch Empirum Sync and/or the Empirum Advanced Agent. If the variable is changed, the Empirum Advanced Agent-Template must be saved again. After the change all values appear in the template |
| PASSWORD_1 | e.g. Pa$$w0rd | Specifies the password for users USER_1 to USER_3, which is entered into the database in an encoded form (Sync or AES-256 encryption |
| WEBSERVER | IIS | Specifies the webserver to be used |
| SERVICES | Webservice | Is used to specify which services from the "Empirum Subdepot" package shall be installed; default setting is rsync and iperf; optional settings are Webservice and FTPService. |
| WEBSERVER_PROTOCOLS | e.g. HTTPS or HTTP + HTTPS | Specifies which protocols are used for the webserver. We recommend to use only https in a production environment. |
| WEBSERVER_SSL_CERTIFICATE | e.g. 59e91173443a31bc2afdf2ebf03f32ee31cf7e58 |
Server certificates enable users to confirm the identity of a Web server. Here you specify the "thumbprint" of an existing server certificate that is installed on the IIS server. A thumbprint is a unique identifier for a certificate. Paste here your previously recorded SSL Certificate Thumbprint |
- Confirm with OK
Adjust Agent Template
- In the right pane, expand Agent Templates
- Select your desired Agent Template
- Perform a right click
- Select Properties
- Under Transport Protocol enable HTTPS
- Modify your Prioritized protocol (optional)
- Press Save
Assign Packages to your Server
- Navigate to Management
- Select Administration
- In the right pane expand Software Packages
- Expand Empirum
- Assign the Empirum Subdepot Software Package to your Empirum Server
- Assign the Empirum Webservices Configuration to your Empirum Server
- Right Click your Empirum Server
- Select Activate
- Click Yes
- Click Finish
Empirum Server
- On your Empirum Server
- Right click your Empirum Tray Icon
- Click Check for new approved Software
- When the Empirum Agent prompts the Installation, press Start Now
- Wait until packages will be installed on your Empirum Server
Check Connection
If you are utilizing e.g. a Reverse Proxy, ensure that your clients can reach remotely the URL over HTTPS
- Open on any external device the following adjusted URL:
- Login with your Webserver User
- You should have access now to the Webservices Configuration Test Page
- This IIS was successfully configured by the Empirum Subdepot Webservices Configuration package.
Next Steps
- Proceed with Agent Distribution II: Prepare Automatic Assignments