Skip to main content
Matrix42 Self-Service Help Center

Installation Guide II: Installation

Overview

This article will guide you through a typical installation of Silverback by Matrix42 and offer guidance on configuring the system for a successful deployment. This guide will show a common setup, but every environment is different! For advanced configuration or special requirements, talk to your technical contact or raise a support ticket to cover your needs.

Before you Start

  • You should have already created a succesfully a Matrix42 account
  • You should have already a Matrix42 company account created during this registration
  • You should have already access to Matrix42 Marketplace

Installer Download and License Key

Before beginning the installation, ensure that you’ve confirmed all the items Prerequisites Guide and that you have the following available:

The guide is split into three topics. First we will create and configure the certificate handling, then we will install the application itself and configure then the basics. 

Certificates 

Create Self-Signed Certificate

As part of a standard configuration, Silverback will generate certificates for enrolled devices with it’s own Certificate Authority. To ensure that you Silverback creates unique certificates, we will create a Certificate Authority specifically for your Silverback instance with the IIS Manager. 

To create the Root Certificate Authority:

  • Login to your Silverback Server with the installed Web Server (IIS) Role
  • Launch Internet Information Services (IIS) Manager from the Start Menu or Server Manager
  • From the Connections Panel on the left, select the Default Server
  • From the Features Panel in the middle, double click on Server Certificates
  • From the Actions Panel on the right, click Create Self-Signed Certificate
  • Enter a friendly name for the certificate, for example Silverback Root CA
  • Click OK
  • In the Server Certificates panel, you will now see the new certificate, right click this and click Export
  • Specify a file location for the export
  • Enter a file name, e.g Silverback Root CA and check that *.pfx is set as file type
  • Click Open to confirm file name and location
  • Enter a password to protect the private key
  • Confirm the used password
  • Click OK

If you are configuring the Cloud Connector, an additional certificate is required, see Appendix A

Set Permission

To set permissions on the certificate:

  • Press Windows Key + R to launch the Run prompt
  • Enter “mmc” and press Ok
  • From the MMC Screen, Select File then Add/Remove Snap-In
  • From the Available span-ins panel, select Certificates and click Add
  • From the following prompt, select Computer account and click Next
  • Leave Local computer selected and click Next
  • Click OK
  • From the following screen, expand Certificates (Local Computer),
  • Expand then Personal and click Certificates
  • Right Click the Certificates folder
  • Right Click the newly created Self-Signed Certificate (Friendly Name: Silverback Root CA)
  • Select All Tasks
  • Select Manage Private Keys
  • Click Add
  • Enter “NETWORK SERVICE” and click Check Names
  • Click OK
  • Ensure NETWORK SERVICE has Full Control and Read Allowed
  • Click Apply
  • Click OK

Record Self-Signed Certificate Thumbprint

Now we need to record the Root Certificate Authority certificate thumbprint:

  • Double-Click again your Self-Signed Certificate (Friendly Name: Silverback Root CA)
  • Click Details
  • Scroll down until you see Thumbprint and select this
  • Copy the text for the thumbprint into any Text Editor. 
  • Go back to the Window where you recorded your thumbprint
  • Click OK

Import SSL Certificate

  • Right Click below any displayed certificates in the middle pane

We are still in the Local Computer Certificate Store MMC > Personal > Certificates, maybe you need first to organize your SSL Certificate and proceed here. 

  • Click All Tasks
  • Click Import
  • Click Next (Store Location: Local Machine) 
  • Click Browse
  • Navigate to your SSL Certificate location 

Maybe you need to change your search preferences and change file types to All Files (*.*) 

  • Select your Certificate 
  • Click Open
  • Click Next
  • Enter your Certificate's Password
  • Ensure that mark this key as exportable is enabled 
  • Click Next
  • Ensure Personal is set at the Certificate Store
  • Click Next
  • Click Finish
  • Click OK to confirm the Success Prompt

Set Permission

Now we will adjust again the permissions as we made it already for the Self Signed Certificate. 

  • Right Click the imported SSL Certificate

Maybe you need to refresh the view. Use a right-click to refresh.

  • Select All Tasks
  • Select Manage Private Keys
  • Click Add
  • Enter “NETWORK SERVICE” and click Check Names
  • Click OK
  • Ensure NETWORK SERVICE has Full Control and Read Allowed
  • Click Apply
  • Click OK

Record SSL Certificate Thumbprint

Now we need to record the SSL Certificate thumbprint:

  • Double-Click your imported SSL Certificate (e.g.  *.imagoverum.com  Issued by AlphaSSL)
  • Click Details
  • Scroll down until you see Thumbprint and select this
  • Copy the text for the thumbprint into any Text Editor. 
  • Go back to the Window where you recorded your thumbprint
  • Click OK

Certificate Thumbprint Clipboard

Now you should have two recorded thumbprints:

  • Silverback Root CA Certificate (e.g.  ‎a3 27 c1 99 ab 23 f8 7d 79 05 c6 d8 a8 6e 91 cc dd 1a a4 17)
  • SSL Certificate (e.g. ‎37 5f 61 61 70 cb e5 6b 3b 69 b4 3e 09 0f ee d3 63 de 82 45) 

clipboard_ef0c70da07bcdd9cce25666b2573d4cd6.png

Installation & Configuration

  • Launch the installer executable
  • Click Run if Security Warning appear
  • Click Next to begin
  • Ensure all prerequisites are installed and configured
  • Click Next
  • Read the license agreement

You can also print the agreement if needed for documentation.

  • Click I accept the terms in the license agreement
  • Click Next
  • Enter a User Name (e.g Vincent Valentine)
  • Enter a Organization  (e.g. Imagoverum) Name
  • Click Next
  • Proceed with Next or
    • Change the installation folder for the Silverback Website Directory Location (optional & not recommended)
    • Change the installation folder for the Silverback Services Directory Location (optional & not recommended)

As best practice use the recommended standard folders. All websites will be hosted on your IIS, so please ensure that the folder you may choose is accessible by the IIS. 

  • Select I understand and choose to proceed with the installation
  • Confirm with Next

The warning is designed only for updates

  • On Installation Type Page keep Standard 
  • Click Next
  • Proceed with Install
  • When Installation Wizard Completed screen appears, stop here and proceed with the IIS Binding configuration. 

Configure IIS Bindings

To have the system running securely, you need to ensure that Silverback will only listen for traffic on HTTPS/TCP, and not plain text HTTP traffic.

  • Launch Internet Information Services (IIS) Manager from the Start Menu or Server Manager
  • Expand your Server
  • Expand Sites
  • Right click on the Default Website item
  • Select Edit Bindings
  • Ensure that there are no https entries for port 443.
  • If there are, select and remove them
  • Click Close
  • Open the HTTP Redirect Feature
    • Enable Redirect requests to this destination
    • Enter your server address, but ensure you use https and your domain.
    • Ensure that both checkboxes beneath are unchecked.
    • Click Apply
  • Right click Silverback, and select Edit Bindings

You may need to refresh your current view of IIS Manager to see the Silverback Website. Right-Click > Refresh 

  • Ensure that there is only an entry for https and not http.
  • Select the https entry and click Edit…
  • Select the SSL Certificate you wish to use to present to your devices. This SSL Certificate must be issued by a trusted certificate authority and installed on your server before it will show in this list. Host name should be left empty, as you will need to access the server on https://localhost to complete the installation. If a hostname needs to be specified, ensure that localhost is entered as well.
  • Click OK
  • Click Close

Start Silverback Management Console and Restart IIS

  • Select Silverback with a left click
  • In the Action Pane right click Start 
  • Perform a left click on your Server in the left pane
  • In the Actions Pane right click Restart

Now we have ensured that we address the Silverback Management Console in the right way. Create now your SQL permissions, so that the installation wizard is able to deploy the SQL Database. 

Prepare SQL Permissions

Before we deploy your new Silverback's database, you need to adjust your SQL Permissions based on the desired SQL setup and preferred authentication type:

  1. For a deployment where SQL is located on the same server as Silverback do the following: 
  • For SQL Authentication: Add a new Login with SQL Server Authentication on SQL with db_creator role 
  • For Windows Authentication: Create new Login with Windows Authentication on SQL for NT AUTHORITY\NETWORK SERVICE and assign db_creator role

This is only recommended for small deployments with under 20 users or test environments, because SQL will compete with IIS for system resources

  1. For a deployment where SQL is located on a separate, dedicated SQL Server you can either:
  • For SQL Authentication: Add a new Login with SQL Server Authentication on SQL with db_creator role. It is possible to decrease the rights later to db_owner
  • For Windows Authentication:If the servers are in a domain, permission can be delegated to the Silverback server (Computername$) by adding the Silverback server as a user or by adding the Silverback Enterprise Device Management group in SQL, then assigning the server the db_creator role

Database Creation

  • Navigate back to the Silverback Installation Wizard Completed screen , click Finish

Keep the checkbox "Launch the Silverback Admin Console“ enabled

  • Internet Explorer will open the Database Setup for Silverback
  • Proceed with Continue to this website
  • Wait until the Database Setup for Silverback appears (can take a moment)
  • Enter now your SQL Database settings:
Setting Description Mandatory
Data Server Address Network location of the SQL Server. Enter an IP-Address, FQDN or localhost Yes
Failover Database Server Address If using, an optional SQL server that will be used if the primary is not available No
Database Name Database name that Silverback will use. As best practice enter Silverback as Database name Yes
Use SQL Authentication By default, Use SQL Authentication is enabled. Enter a Username and Password for SQL Authentication. By disabling the Windows permissions will be used to access the SQL Server. No
Web Settings Certificate Thumbprint

Silverback encrypts settings using this certificate. The installer will automatically generate this for you. It is stored under Certificates (Local Computer) > Personal > Certificates > Silverback Web Settings Certificate

Note that if this field is empty after a fresh install, this means that an encryption certificate already exists, so the installer didn’t create one. Most likely from a previous installation. You can choose an existing certificate by clicking “Pick” and then choosing the certificate.
Yes
  • Perform a cross-check. 
  • Click Save
  • Wait until the next screen appear and click OK
    • Keep Database data and log file locations (best practice)
    • or change the file location (optional)
  • Click Start Installation
  • Wait until the database will be deployed.
  • After a successful database deployment you will see an Error Message. Proceed with Change Login Parameters. 

Installation_Guide_02.png

Change Login Parameters

Restart IIS & Login into Management Console

  • Navigate to your Internet Information Services (IIS) Manager and restart the IIS
  • Navigate back to your Internet Explorer
  • Open now https://localhost/admin
  • Click Continue to this website
  • Enter the following credentials
    • Username: admin
    • Password: S1lverb@ck
    • Click SIGN IN

Silverback Basic Setup

Enter License

After logging in you will be prompted to enter the Silverback license to activate the system.

  • Click Import Key
  • Paste the key into the text box
  • Click Save
  • You should now be successfully logged in into Silverback Management Console

Change the default admin preferences

  • Click on the settings icon on the upper right
  • Enter an Email address (e.g. admin@imagoverum.com)
  • Enter the current password in the Old Password field (S1lverb@ck)
  • Enter your new password in the New Password field
  • Confirm your New Password
  • Enable Receive Email Alerts (optional)
  • Change Date Format (optional)
  • Change Time Zone (optional)
  • Change Language (not recommended)
  • Click Save 
  • Click OK

It’s very important this new password is remembered, as this is the default admin account for the system. Unless you make further admin accounts, this is the only admin account.

Create Settings Admin Account

  • Navigate to the Admin
  • Navigate to the User Management
  • Click New System User
  • Populate the Username, Email, Password and Confirm Password fields
  • Change Date Format (optional)
  • Change Time Zone (optional)
  • Select Settings Administrator for the Role field
  • Change Language (optional)
  • Click Save

Configure the System Settings

There are several critical things that must be configured before the Silverback Server can be fully operational.

  • Log out from Management Console (upper right)
  • Login as Settings Administrator

General

In the General Tab of the settings page, the following settings should be configured:

Do not Save! 

App Portal and SMS

Do not Save!

Setting Name Description
App Portal URL This should be edited to match the Silverback Server address. It’s important to retain the trailing extension, e.g. /apps
SMS Provider For Australian customers, this should be RedCoal, for the rest of the world, select MessageBird

Certificates

  • Navigate to Certificates
  • Change the Certificate Thumbprint to your Self-Signed Certificate (Silverback Root CA) Thumbprint

Thumbprint Spaces will be removed automatically

  • Change Country Code 
  • Change Organisation Name
  • Change the Location Name
  • Change the Expiry Length 
Setting Name Description
Certificate Thumbprint This should match the thumbprint that you configured in Step 1 of Installation and Configuration. This certificate is used to create the client certificates for Silverback clients to use for enrolment and other services.
Country, Organisation and Location These are used in the certificates that are generated for devices as information only to identify the issuer of the certificates
Expiry Length The certificates issued to clients will expire after this time period. Ideally this should be as long as possible to prevent the need for certificates to be renewed.
Email Domain  This should match the domain your company uses for primary email addresses.

Do not Save! 

MDM Payload

clipboard_ef0c70da07bcdd9cce25666b2573d4cd6.png

Setting Name Description
Checkin and MDM URL These should be edited to match the Silverback Server address. It’s important to retain the trailing extension, e.g. /mdm
Signing Certificate Thumbprint This certificate is used to sign profiles being sent to iOS devices. It’s recommended to use the SSL Certificate for the Silverback website, as this will be trusted by the devices.

Save Settings

  • Click Save
  • Log Out as Settings Administrator

Restart Services

  • Open PowerShell with Administrator Priviliges
  • Type: restart-service w3svc,silv*,epic*,mat* 
  • Click Enter
  • Wait until services all services have been restarted

Modify SQL Permissions (optional)

For security concerns, the dbcreator role can be replaced by db_owner.  

  • Open SQL Management Studio
  • Navigate to the Security
  • Navigate to Login
  • Right click the user that has been chosen for the database creation
  • Click Properties
  • Navigate to Server Roles
  • Uncheck dbcreator role 
  • Navigate to User Mapping
  • Enable Silverback Database
  • Enable db_owner at Database role membership for: Silverback 
  • Click OK 

For a deployment where SQL is located on the same server as Silverback perform the following additional task: 

  • Assign NT AUTHORITY\SYSTEM the db_owner role  for the created Silverback database 

 

  • Was this article helpful?