Using a single Secure Node with multiple tenants

admin

Introduction

Sometimes you may wish to point a single secure node at multiple different LogonBox tenants.

For example, you might want to have different OUs in a single AD to be split across different tenant realms, or you may want to connect to multiple user directories in your network.

A single Secure Node can handle multiple connections in this way.

 

Step 1: Existing Secure Node

First, ensure you have configured Secure Node with its first connection, as per this article.

 

Step 2: Adding further connections to the Node

To add further connections, we simply just run the autoconfig application that was used in the original install.

On a Windows system, this can be found at C:\Program Files\Secure Node\autoconfig.exe

 

Step 2a - Connecting to Your Cloud Tenant

When you run autoconfig, after pressing any key to start it will detect you already have a valid configuration and asks if you want to keep these settings.

Press Enter to accept the default Yes setting.

 

Enter the hostname of the new tenant you want to connect to, then enter the username and password of the realm administrator.

 

Step 2b - Configuring Access

Now that a connection is established, the configuration requires a unique name for this node in addition to access policies, so make sure you choose a different name than in the original configuration.

 

The access policies are:

  • Would you like to lockdown this configuration to access from IP addess xxxx? - detects IP address as seen by logonbox and enables you to configure the secure node agent to require connection from this IP address, recommended, only if the IP address you are connecting from remains static. 
  • Would you like to access any host in the xxxx domain? - detects the local domain and allows you to use this secure node agent as a gateway to the network, useful for accessing other hosts within your domain.
  • Would you like to access any other hosts from this node? - allows you to specify further hosts that you can access through this secure node, useful if you want to connect a second directory to your tenant or internal resources for use with remote access features.

 

Your configuration should now be ready to be created. Press Enter to apply this new configuration, then any key to exit.

Your new Secure Node should now be visible and running in your tenant.

 

Conclusion

Now you have your Secure Node client connecting to multiple tenants.

If you need to review or edit the existing configurations, you can directly access the configs by looking at C:\Program Files\Secure Node\conf.

Each client configuration will be contained within a directory the same as the client name you chose earlier.

 

Inside the config directory for a connection, you will see the public key file (in case you ever wanted to update that), as well as agent.properties.

The agent.properties file contains the hostname that this configuration will connect to.