Cloud Connector Guide I: Cloud Customers
Cloud Connector Configuration
This section describes the cloud connector configuration for a cloud customer scenario. The Cloud Connector ensures for the Silverback server to be located in a remote and network separated environment. With the Cloud Connector in place, Silverback can establish a direct communication only through the Cloud Connector to your internal servers and services like:
- Active Directory
- Certification Authority
- Exchange
Software
Ensure that your Cloud Connector Server must have installed at minimum Microsoft .NET Framework 4.7.2 and has TLS 1.2 activated for communication and ensure that the following Features are installed on the hosting cloud connector server. Use Add Roles and Features inside the Server Manager to install the required features.
| Windows Server 2022 | Windows Server 2019 | Windows Server 2016 | Windows Server 2012 R2 | |
|---|---|---|---|---|
| Features |
|
|
|
|
Firewall
Ensure that the following port are open to ensure the communication:
| Source (from) | Destination (to) | Port/Protocol |
|---|---|---|
| General | ||
| Cloud Connector | Silverback | 443/tcp |
| Cloud Connector | Domain Controller | 389,636,3268,3269/tcp |
| Cloud Connector | DNS Server | 53/udp,53/tcp |
| Cloud Connector | Certificate Revocation Lists | 80/tcp |
| Certificate Distribution | ||
| Cloud Connector | Domain Controller | 464/udp, 464/tcp |
| Cloud Connector | Certification Authority | 443/tcp |
| Cloud Connector | Certification Authority | Random Port above 1023 /tcp |
| Exchange Protection Integration | ||
| Cloud Connector | Silverback | 443/tcp |
Certificates
Before you start you should have received with your Your Matrix42 Silverback Cloud environment is ready welcome mail a *.zip file that contains the following certificates:
| File Name | Install to | Issued to |
|---|---|---|
|
Client.pfx |
Cloud Connector Server |
Cloud Connector Client |
|
RootRSA.cer |
Cloud Connector Server |
Silverback Root Authority |
|
Server.cer |
Cloud Connector Server |
Silverback Tunnel Certificate |
Extract the content of the *.zip file to a (temporary) folder on your Cloud Connector Server (e.g. under C:\Certificates) and proceed with the next chapter.
Download and Install
Download Cloud Connector
- Open Matrix42 Marketplace
- Login with your Matrix42 Account
- Navigate to Unified Endpoint Management
- Select Silverback
- Download your current Cloud Connector Version
Install Cloud Connector
Perform the installation on the Cloud Connector Endpoint Server.
- Double Click the Cloud Connector executable
- Process with Yes
- Press Next
- Select I accept the terms in the license agreement
- Proceed with Next
- Click Next
- Select the number of Cloud Connector services you want to install
- Choose 2 as our recommendation
- Press Next
- Click Install
- Click Finish
- Open Start Menu
- Under recently added you should Cloud Connector Config Generation, we will need this tool later.
- Proceed with Import Certificates
Import Certificates
For a secure communication between your Silverback Cloud Instance and your resources, the Cloud Connector Server needs to have all three certificates imported and the Network Service needs to have control over the Client Certificate Private Key.
| File Name | Issued to | Issued By | Certificate Store | Exportable Key |
|---|---|---|---|---|
| Client.pfx | Cloud Connector Client | Silverback Root Authority | Local Computer > Personal | Yes |
| Server.cer | Silverback Tunnel Certificate | Silverback Root Authority | Local Computer > Personal | No |
| RootRSA.cer | Silverback Root Authority | Silverback Root Authority | Local Computer > Trusted Root Certification Authorities | No |
Import Server Certificate
Perform these steps on the Cloud Connector Endpoint Server.
- Press Windows Key + R to launch the Run prompt
- Enter mmc and press Ok
- Select File
- Select Add/Remove Snap-In
- Select Certificates Click Add
- Select Computer Account
- Click Next
- Click Finish
- Click OK
- Expand Certificates (Local Computer)
- Expand Personal
- Expand Certificates
- Right Click in the middle pane
- Click All Tasks
- Click Import
- Click Next
- Click Browse
- Select your Server.cer file
- Click Open
- Click Next
- Click Next
- Click Finish
Import Client Certificate
- Right Click in the middle pane
- Click All Tasks
- Click Import
- Click Next
- Click Browse
- Change Search Filter to All Files (*.*)
- Select your Client.pfx file
- Click Open
- Click Next
- Enter your received password
- Enable Mark this key as exportable
- Click Next
- Click Next
- Click Finish
Set Permission
- In the MMC Screen, right click the newly imported Cloud Connector Client certificate
- Select All Tasks
- Select Manage Private Keys
- Click Add
- Enter “NETWORK SERVICE” and Click Check Names to Confirm
- Click OK
- Ensure NETWORK SERVICE has Full Control and Read Allowed
- Click OK
Import Silverback Root Authority Certificate
- Navigate to Trusted Root Certification Authorities
- Expand Certificates
- Perform a right click
- Click All Tasks
- Click Import
- Click Next
- Select the RootRSA.cer certificate
- Click Next
- Click Next
- Click Finish
Create Configuration
- Open Start Menu
- Under recently added you should Cloud Connector Config Generation
- Confirm with Yes
- Paste your Silverback Tunnel URL
You find the Tunnel URL in your Silverback Management Console under Settings Admin > Cloud Connectors
- Click the certificate button next to Client Certificate Thumbprint (private key)
- Select your Cloud Connector Client Certificate
- Click OK
- Disable Certificate Pinning
- Click the certificate button next to Silverback Server Tunnel Certificate (public key)
- Select your Cloud Connector Server Certificate
- Click OK
- Disable Encrypt Config Files
- Click Export
- Create Make New Folder
- Name it e.g. Configuration Files
- Click OK
- Confirm with OK
- Open on your File Explorer the following path
- Configuration Files\SilverbackConfigs\srv\Cloud Connector Client
- Copy the following file SilverbackMDM.SilverBack.Service.CCClient.exe.config
- Paste the file into the following path C:\Program Files (x86)\Matrix42\Cloud Connector\Service
Start Services
- Open Services MMC
- Search for Silverback Cloud Connector Service 1 and 2
- Start both services
Check Connection
Silverback
- Open your Silverback Management Console
- Login as Administrator
- Navigate to Admin
- Select Cloud Connectors
- You should see here now your running Cloud Connectors
Monitoring
- Open the Log section by clicking the Log icon next to your account name
- Now press Cloud Connector
- Select Connectors to review your connected clients
- Select Traffic to review Traffic Logs and Errors
Configure Silverback
- Logout as Administrator
- Login as Settings Administrator
Configure Cloud Connector
- Navigate to Cloud Connector
- Enable Send LDAP Request through Tunnel
- Enable Request Client Certificates through tunnel (optional, requires additional configurations)
- Enable Exchange Protection (optional, requires additional configurations)
- Click Save
- Click OK
- Wait at minimum 5 Minutes until settings will be applied
Configure Active Directory
- Login as Settings Administrator
- Navigate to LDAP
- Configure your LDAP Connection
- Enter your LDAP Server IP Address or FQDN (e.g. dc01.imagoverum.com)
- Enter your LDAP Lookup Username
- Enter your LDAP Lookup Password
- Press Check LDAP Connection
- You should see the confirmation the LDAP server is available
- Click Save
- Click OK
- Wait at minimum 5 Minutes until settings will be applied
Restart Services
- Navigate back to your Cloud Connector Server instance
- Restart Silverback Cloud Connector Services
Check Login
- Open a second browser or incognito window
- Open Self Service Portal (e.g https://silverback000.m42cloud.com/ssp)
- Try to Login with your Active Directory Credentials
Next Steps
- Check our Getting Started Guide
- Check our Administrator Guide
- Check our Certification Authority Integration
- Check our Exchange Protection Integration