Installing a Secure Node Agent on Windows

Christopher Dakin

Introduction

Secure Nodes can be used to access resources that are based in external networks that you are not able to route to by other means. The Secure Node agent maintains a tunnel between networks so that you can publish resources on your Hypersocket server as if they were local LAN services. For the purpose of LogonBox, the secure node agent is used to connect to your on-premise user directory. This article demonstrates how to use the secure node agent to connect an on-premise Active Directory to your LogonBox cloud tenant.

Pre-requisite

  • Outbound ports require opening are 4022
  • Installing the agent requires administrator rights.

Step 1 – Download the agent

To most convinient way is to download the agent from the machine you wish to install it on, if this is not possible, once downloaded, move the file over to the computer which will be running the secure node.

Note: In order for the secure node to detect the user directory it must be on the same network as your user directory, whether it is installed on the same domain controller or a neighbouring machine, the agent needs to be able to resolve the user directory hostname in order for it tunnel communication between your cloud tenant and your on-premise user directory/ Active Directory.

As an administrator of the tenant, login to the administratative interface and click on the Downloads button in the top navbar. In the Downloads page that appears, click on the link for the correct client operating system, in this article, it will be Windows.

 

Step 2 - Installing the Agent

With the agent downloaded and in the correct location, simply double-click and install it. By default, it will create a securenode folder located under 'Program Files' for Windows.

 

 

Once installed the automatic configuration will begin.

Step 3 - Connect to your Cloud Tenant

This is broken into two steps, the first, connecting to your cloud tenant and secondly, setting up access policies.

Note: If the automatic configuration does not start, navigate to your Secure Node folder, for Windows this is, 'C:/Program Files/Secure Node' and double-click the autoconfig.exe file.

Step 3a - Connecting to Your Cloud Tenant

The secure node makes an outbound connection to LogonBox server in the cloud, the agent requires authentication details to connect to your tenant to configure it for use with your on-premise directory. The configuration will guide you through a series of steps.

 You will need to provide the following:

  • Server hostname - this is the name of your cloud tenant, typically, <client name>.logonbox.com
  • Username - the name of the administrator or someone with permissions to administer the tenant
  • Password - the associated password for the user (note the password is not echoed to the screen as you type, but type the password and press enter and it will accept it).

If successfully, the configuration will be connected to your tenant.

Step 3b - Configuring Access

Now that a connection is established, the configuration requires a name for this node in addition to access policies.

The access policies are:

  • Would you like to lockdown this configuration to access from IP addess xxxx? - detects IP address as seen by logonbox and enables you to configure the secure node agent to require connection from this IP address, recommended, only if the IP address you are connecting from remains static. 
  • Would you like to access any host in the xxxx domain? - detects the local domain and allows you to use this secure node agent as a gateway to the network, useful for accessing other hosts within your domain.
  • Would you like to access any other hosts from this node? - allows you to specify further hosts that you can access through this secure node, useful if you want to connect a second directory to your tenant or internal resources for use with remote access features.

 Step 4 - Review Networking

With the secure node configured correctly you should see the required components under the Networking tab of your tenant automatically configured.

 The components automatically setup on your tenant are:

  • Service Keys - auto-generated key pair, to allow for secure, encrypted, communication between your secure node agent and your tenant. 
  • Secure Node - auto-generated secure node agent which is the same name as the name you provided when going through Step 3b Configuring Access.
  • Routes - auto-generated routes the secure agent is allowed to use and the destination range it can use to locate your user directory, again this has been determined in Step 3b Configuring Access.

Note: If you find that after a few minutes the secure node is shown as offline still, please check that the Hypersocket Secure Node service is running, this can be found on the computer you installed the secure node agent to, under Adminstartive Tools, Services. The secure node agent is an admin service that should run automatically. 

Conclusion

This article shows how to connect your on-premise Active Directory to your cloud tenant, it is the first step of enabling your AD users to manage their on-premise accounts, effortlessly from the cloud. From here on in, there is nothing more you need to do to establish communication, the secure node agent runs as a service on your networked computer periodically makes outbound calls to your tenant to synchronise data. Communication between parties is secured through a unique SSH key pair.

The next step is to configure your user directory on your tenant, this article shows you how, Connecting to Active-Directory. The system will use this secure agent to locate the on-premise directory.