Skip to main content
Matrix42 Self-Service Help Center

Cloud Connector Guide I: Cloud Customers

Cloud Connector Configuration

This  sections describes the cloud connector configuration for a cloud customer scenario. Usage of the cloud connector allows for the Silverback to be located in a remote and network separated environment. In this the case Silverback establishes a direct communication only through the Cloud Connector to internal servers like: 

  • Active Directory
  • Certification Authority
  • Exchange 

Software

Ensure that your Cloud Connector Server has TLS 1.2 activated for communication and ensure that the following Features are installed on the hosting cloud connector server. Use Add Roles and Features inside the Server Manager to install the required features.

  Windows Server 2019 Windows Server 2016 Windows Server 2012 R2
Features
  • .NET Framework 3.5 Features
    • NET Framework 3.5 (includes .Net 2.0 and 3.0)
  • .NET Framework 4.7
    • .NET Framework 4.7
    • ASP.NET 4.7
    • WCF Services
      • TCP Port Sharing
  • .NET Framework 3.5 Features
    • NET Framework 3.5 (includes .Net 2.0 and 3.0)
  • .NET Framework 4.6 Features
    • .NET Framework 4.6
    • ASP.NET 4.6
    • WCF Services
      • TCP Port Sharing
  • .NET Framework 3.5 Features
    • NET Framework 3.5 (includes .Net 2.0 and 3.0)
  • .NET Framework 4.5 Features
    • .Net Framework 4.5
    • ASP.NET 4.5 
    • WCF Services
      • TCP Port Sharing

Firewall

Ensure that the following port are open to ensure the communication:

Source (from) Destination (to) Port/Protocol
General
Cloud Connector Silverback 443/tcp
Cloud Connector Domain Controller 389,636,3268,3269/tcp
Cloud Connector DNS Server 53/udp&tcp
Cloud Connector Certificate Revocation Lists 80/tcp
Certificate Distribution
Cloud Connector Domain Controller 464
Cloud Connector Certification Authority 443/tcp
Cloud Connector Certification Authority Random Port above 1023 /tcp
Exchange Protection Integration
Cloud Connector Silverback 443/tcp

Certificates

Before you start you should have received three certificates:

File Name Install to Issued to

Client.pfx 

Cloud Connector Server 

Cloud Connector Client 

RootRSA.cer 

Cloud Connector Server 

Silverback Root Authority 

Server.cer 

Cloud Connector Server 

Silverback Tunnel Certificate 

Download and Install

Download Cloud Connector 

  • Open Matrix42 Marketplace
  • Login with your Matrix42 Account 
  • Navigate to Unified Endpoint Management
  • Select Silverback
  • Download your current Cloud Connector Version

Install Cloud Connector 

Perform the installation on the Cloud Connector Endpoint Server. 

  • Double Click the Cloud Connector executable
  • Process with Yes
  • Press Next
  • Select I accept the terms in the license agreement
  • Proceed with Next
  • Click Next
  • Select the number of Cloud Connector services you want to install
    • Choose 2 as our recommendation
    • Press Next
  • Click Install
  • Click Finish
  • Open Start Menu
  • Under recently added you should Cloud Connector Config Generation, we will need this tool later. 
  • Proceed with Import Certificates

Import Certificates

For a secure communication between your Silverback Cloud Instance and your resources, the Cloud Connector Server needs to have all three certificates imported and the Network Service needs to have control over the Client Certificate Private Key. 

File Name Issued to Issued By Certificate Store Exportable Key
Client.pfx Cloud Connector Client Silverback Root Authority Local Computer > Personal  Yes
Server.cer Silverback Tunnel Certificate Silverback Root Authority Local Computer > Personal  No
RootRSA.cer Silverback Root Authority Silverback Root Authority Local Computer > Trusted Root Certification Authorities No

Import Server Certificate

Perform these steps on the Cloud Connector Endpoint Server. 

  • Press Windows Key + R to launch the Run prompt
  • Enter mmc and press Ok
  • Select File
  • Select Add/Remove Snap-In
  • Select Certificates Click Add
  • Select Computer Account
  • Click Next
  • Click Finish
  • Click OK
  • Expand Certificates (Local Computer)
  • Expand Personal
  • Expand Certificates
  • Right Click in the middle pane
  • Click All Tasks
  • Click Import
  • Click Next
  • Click Browse
  • Select your server.cer file
  • Click Open
  • Click Next
  • Click Next
  • Click Finish

Import Client Certificate

  • Right Click in the middle pane
  • Click All Tasks
  • Click Import
  • Click Next
  • Click Browse
  • Change Search Filter to All Files (*.*)
  • Select your client.pfx file
  • Click Open
  • Click Next
  • Enter your received password
  • Enable Mark this key as exportable
  • Click Next
  • Click Next
  • Click Finish

Set Permission 

  • In the MMC Screen, right click the newly imported Cloud Connector Client certificate
  • Select All Tasks
  • Select Manage Private Keys
  • Click Add
  • Enter “NETWORK SERVICE” and Click Check Names to Confirm
  • Click OK
  • Ensure NETWORK SERVICE has Full Control and Read Allowed
  • Click OK

Import Silverback Root Authority Certificate

  • Navigate to Trusted Root Certification Authorities
  • Expand Certificates
  • Perform a right click
  • Click All Tasks
  • Click Import
  • Click Next
  • Select the RootRSA certificate
  • Click Next
  • Click Next
  • Click Finish

Create Configuration

You find the Tunnel URL in your Silverback Management Console under Settings Admin > Cloud Connectors

  • Click the certificate button next to Client Certificate Thumbprint (private key)
    • Select your Cloud Connector Client Certificate
    • Click OK
  • Disable Certificate Pinning
  • Click the certificate button next to Silverback Server Tunnel Certificate (public key)
    • Select your Silverback Tunnel Certificate
    • Click OK
  • Disable Encrypt Config Files
  • Click Export
    • Create Make New Folder
    • Name it e.g. Configuration Files
    • Click OK
    • Confirm with OK
  • Open on your File Explorer the following path
    • Configuration Files\SilverbackConfigs\srv\Cloud Connector Client
    • Copy the following file SilverbackMDM.SilverBack.Service.CCClient.exe.config 
    • Paste the file into the following path C:\Program Files (x86)\Matrix42\Cloud Connector\Service

Start Services

  • Open Services MMC
  • Search for Silverback Cloud Connector Service 1 and 2
  • Start both services

Check Connection

Silverback

  • Open your Silverback Management Console 
  • Login as Administrator
  • Navigate to Admin
  • Select Cloud Connectors
  • You should see here now your running Cloud Connectors 

Monitoring 

  • Click Cloud Connectors Monitor

Or use the adjusted URL: https://silverback000.m42cloud.com/tunnel/TunnelInfo for direct access

  • Enter your local administrative credentials
    • Username: admin
    • Password: S1lverb@ck
  • Click Login
  • Review your listed Clients, Traffic and Errors 

Configure Silverback

  • Logout as Administrator
  • Login as Settings Administrator

Configure Cloud Connector

  • Navigate to Cloud Connector
    • Enable Send LDAP Request through Tunnel
    • Enable Request Client Certificates through tunnel (optional, requires additional configurations)
    • Enable Exchange Protection (optional, requires additional configurations)
  • Click Save
  • Click OK
  • Wait at minimum 5 Minutes until settings will be applied

Configure Active Directory

  • Login as Settings Administrator
  • Navigate to LDAP
  • Configure your LDAP Connection
    • Enter your LDAP Server IP Address or FQDN (e.g. dc01.imagoverum.com)
    • Enter your LDAP Lookup Username
    • Enter your LDAP Lookup Password
  • Press Check LDAP Connection
    • You should see the confirmation the LDAP server is available
  • Click Save
  • Click OK
  • Wait at minimum 5 Minutes until settings will be applied

Restart Services

  • Navigate back to your Cloud Connector Server instance
  • Restart Silverback Cloud Connector Services

Check Login

  • Was this article helpful?