Skip to main content
Matrix42 Self-Service Help Center

Cloud Connector Guide II: On-Premise Customers

Cloud Connector Configuration

This  sections describes the cloud connector configuration for On-Premise Scenarios. Usage of the cloud connector allows for Silverback to be located in a remote and network separated environment. In this the case Silverback establishes a direct communication only through the Cloud Connector to internal servers like: 

  • Active Directory
  • Certification Authority
  • Exchange 

Prerequisites

Accounts & Access

  • Administrative Access on the Server that will host the Cloud Connector. 
  • Administrative Access to Silverback Server
  • Administrative Access to Silverback Management Console
    • Administrator
    • Settings Administrator
  • Matrix42 Account to download the Cloud Connector installer

Server 

Ensure that your Cloud Connector Server has TLS 1.2 activated for communication and ensure that the following Features are installed on the hosting cloud connector server. Use Add Roles and Features inside the Server Manager to install the required features.

  Windows Server 2019 Windows Server 2016 Windows Server 2012 R2
Features
  • .NET Framework 3.5 Features
    • NET Framework 3.5 (includes .Net 2.0 and 3.0)
  • .NET Framework 4.7
    • .NET Framework 4.7
    • ASP.NET 4.7
    • WCF Services
      • TCP Port Sharing
  • .NET Framework 3.5 Features
    • NET Framework 3.5 (includes .Net 2.0 and 3.0)
  • .NET Framework 4.6 Features
    • .NET Framework 4.6
    • ASP.NET 4.6
    • WCF Services
      • TCP Port Sharing
  • .NET Framework 3.5 Features
    • NET Framework 3.5 (includes .Net 2.0 and 3.0)
  • .NET Framework 4.5 Features
    • .Net Framework 4.5
    • ASP.NET 4.5 
    • WCF Services
      • TCP Port Sharing

Firewall

Ensure that the following port are open to ensure the communication:

Source (from) Destination (to) Port/Protocol
General
Cloud Connector Silverback 443/tcp
Cloud Connector Domain Controller 389,636,3268,3269/tcp
Cloud Connector DNS Server 53/udp&tcp
Cloud Connector Certificate Revocation Lists 80/tcp
Certificate Distribution
Cloud Connector Domain Controller 464
Cloud Connector Certification Authority 443/tcp
Cloud Connector Certification Authority Random Port above 1023 /tcp
Exchange Protection Integration
Cloud Connector Silverback 443/tcp

Download and Install

Download Cloud Connector

  • Open Matrix42 Marketplace
  • Login with your Matrix42 Account 
  • Navigate to Unified Endpoint Management
  • Select Silverback
  • Download your current Cloud Connector Version

Install Cloud Connector

Perform the installation on the Cloud Connector Endpoint Server. 

  • Double Click the Cloud Connector executable
  • Process with Yes
  • Press Next
  • Select I accept the terms in the license agreement
  • Proceed with Next
  • Click Next
  • Select the number of Cloud Connector services you want to install
    • Choose 2 as our recommendation
    • Press Next
  • Click Install
  • Click Finish
  • Open Start Menu
  • Under recently added you should Cloud Connector Config Generation, we will need this tool later. 
  • Proceed with Certificate Generation

Certificate Generation

The cloud connector requires two public/private key-pairs, one for the Silverback server and one for the Cloud Connector Client

Cloud Connector 

  • Connect to your Cloud Connector Server via RDP

Download Tool

For certificate generation its important that the files are located under C:\M42Certs\ due to a hard coded file location within the script

  • Click Extract
  • Double Click M42Certs
  • Navigate to
    • OpenSSL
    • Archive

Generate Certificates

All certificates will generated by default with the Password 2secret4you. You can edit the batch file to change the password if needed.

  • Double Click CloudConnector-v1.1.bat
  • Enter the following information and proceed with Enter
    • Enter your country code, e.g DE
    • Enter your company state, e.g. Hessen
    • Enter your company city, e.g. Frankfurt
    • Enter your company name, e.g. Imagoverum
  • Review your information 
    • Proceed with 1 
    • If you want to make changes press 2 and proceed 
  • Wait until the process is finished

You can ignore WARNING: can't open config file: /usr/local/ssl/openssl.cnf

  • When the Certificate created successfully information is shown, press any key

Review Creation

In your folder you should see now a bunch of new files. The following ones will be needed:

  • Client.cer
  • Client.pfx
  • RootRSA.cer
  • RootRSA.pfx 
  • Server.cer
  • Server.pfx

Certificate Overview

Review the following files and to whom they are issued and where to import them. Proceed with Install Certificates afterwards.

File Name Issued to Install Location

Client.cer 

Cloud Connector Client 

Silverback server 

Client.pfx 

Cloud Connector Client 

Cloud Connector Server 

RootRSA.cer 

Silverback Root Authority 

Cloud Connector Server 

RootRSA.pfx 

Silverback Root Authority 

Silverback Server 

Server.cer 

Silverback Tunnel Certificate 

Cloud Connector Server 

Server.pfx 

Silverback Tunnel Certificate 

Silverback Server 

Install Certificates

Import Certificates

As mentioned above we need to import the pairs or certificates into the corresponding Certificate Stores on Cloud Connector and Silverback server. 

Cloud Connector Server

  • On your Cloud Connector Server, import the following certificates
  • Please mark the Private Key for the Client.pfx as exportable
File Name Issued to Issued By Certificate Store Exportable Key
Client.pfx Cloud Connector Client Silverback Root Authority Local Computer > Personal  Yes
Server.cer Silverback Tunnel Certificate Silverback Root Authority Local Computer > Personal  No
RootRSA.cer Silverback Root Authority Silverback Root Authority Local Computer > Trusted Root Certification Authorities No

Silverback Server

  • On your Silverback Server , import the following certificates
  • Please mark the Server.pfx and RootRSA.pfx private key as exportable
File Name Issued to Issued By Certificate Store  
Client.cer Cloud Connector Client Silverback Root Authority Local Computer > Personal  No
Server.pfx Silverback Tunnel Certificate Silverback Root Authority Local Computer > Personal  Yes
RootRSA.pfx Silverback Root Authority Silverback Root Authority Local Computer > Personal  Yes

Network Service

  • Navigate to your Cloud Connector Server
    • Right the click the Cloud Connector Client Certificate
      • Select All Tasks
      • Click Manage Private Keys
      • Click Add
      • Type Network Service
      • Click Check Names
      • Click OK
    • Uncheck Full Control
    • Click OK
  •  Navigate to your Silverback Server
    • Right the click the Silverback Tunnel Certificate Certificate
      • Select All Tasks
      • Click Manage Private Keys
      • Click Add
      • Type Network Service
      • Click Check Names
      • Click OK
    • Uncheck Full Control
    • Click OK
    • Right the click the Silverback Root Authority Certificate
      • Select All Tasks
      • Click Manage Private Keys
      • Click Add
      • Type Network Service
      • Click Check Names
      • Click OK
    • Uncheck Full Control
    • Click OK

Configure Silverback

  • Open your Silverback Management Console
  • Login as Settings Administrator
  • Navigate to Cloud Connector
  • Configure Cloud Connector
    • Enable Send LDAP Request through Tunnel
    • Enable Request Client Certificates through tunnel (optional)
    • Enable Exchange Protection (optional)
    • Add your Client Certificate Thumbprint public key  (Silverback Server > Client.cer > Cloud Connector Client)
    • Add your Silverback Server Tunnel Certificate private key (Silverback Server > Server.pfx > Silverback Tunnel Certificate) 

Ensure to remove spaces for thumbprints, e.g. 259ad790e3485931b489d6bc6d2ebd7401f597bb

  • Press Save

Restart Services 

  • Open PowerShell with Administrator Privileges
  • Type: restart-service w3svc,silv*,epic*,mat* 
  • Click Enter
  • Wait until services all services have been restarted

Create Configuration

  • Navigate to your Cloud Connector Server
  • Open Start Menu
  • Under recently added you should Cloud Connector Config Generation
  • Confirm with Yes
  • Paste your Silverback Tunnel URL

You find the Tunnel URL in your Silverback Management Console under Settings Admin > Cloud Connectors

  • Click the certificate button next to Client Certificate Thumbprint (private key)
    • Select your Cloud Connector Client Certificate
    • Click OK
  • Disable Certificate Pinning
  • Click the certificate button next to Silverback Server Tunnel Certificate (public key)
    • Select your Silverback Tunnel Certificate
    • Click OK
  • Disable Encrypt Config Files
  • Click Export
    • Create Make New Folder
    • Name it e.g. Configuration Files
    • Click OK
    • Confirm with OK
  • Open on your File Explorer the following path
    • Configuration Files\SilverbackConfigs\srv\Cloud Connector Client
    • Copy the following file SilverbackMDM.SilverBack.Service.CCClient.exe.config 
    • Paste the file into the following path C:\Program Files (x86)\Matrix42\Cloud Connector\Service

Start Service

  • Open Services MMC
  • Start Silverback Cloud Connector Service 1
  • Start Silverback Cloud Connector Service 2

Check Connection

Silverback

  • Open your Silverback Management Console 
  • Login as Administrator
  • Navigate to Admin
  • Select Cloud Connectors
  • You should see here now your running Cloud Connectors 

Monitoring 

  • Click Cloud Connectors Monitor

Or use the adjusted URL: https://silverback.imagoverum.com/tunnel/TunnelInfo for direct access

  • Enter your local administrative credentials
    • Username: admin
    • Password: S1lverb@ck
  • Click Login
  • Review your listed Clients, Traffic and Errors 

Configure Active Directory

  • Logout as Administrator
  • Login as Settings Administrator

Add Active Directory

  • Login as Settings Administrator
  • Navigate to LDAP
  • Configure your LDAP Connection
    • Enter your LDAP Server IP Address or FQDN (e.g. dc01.imagoverum.com)
    • Enter your LDAP Lookup Username
    • Enter your LDAP Lookup Password
  • Press Check LDAP Connection
    • You should see the confirmation the LDAP server is available
  • Click Save
  • Click OK

Restart Services

  • On your Silverback Server, restart services 
    • restart-service w3svc,silv*,epic*,mat*
  • Navigate back to your Cloud Connector Server instance
  • Restart Silverback Cloud Connector Services

Check Login

  • Was this article helpful?