Signiant Support

12.1 Agent Installation User's Guide Print


12.1 Agent Installation User's Guide

System Requirements

Before you install the Agent software, verify that the host machine meets all of the requirements described in this section. In addition, you should determine the agent configuration and installation options that are best for your data transfer system deployment. Depending on how your Manager is configured, you may need configuration information from your Signiant administrator before you can proceed with an agent installation. You must also first license the product for the number of agents you are allowed to install.

The following describes the system requirements for Signiant installation.

Signiant Manager and Media Exchange Web Server

Hardware

  • CPU: Xeon dual-core processor, 2 GHz or higher
  • Memory: 8 GB minimum, 16 GB recommended
  • Shared Memory Segment: On Linux, ensure the shared memory segment is set to a minimum of 1024 MB
  • Disk Space: 10 GB minimum (100 GB recommended). Additionally, 1 GB free for /tmp folder on UNIX/Linux, or for C: on Windows
  • Network Connection: 100 Mbps or faster

64-bit Operating Systems

  • CentOS 6.0+
  • Linux RedHat 6.0+
  • Windows 2008 Server R2
  • Windows 2012 Server R2
  • Windows 10
  • CentOS 7.0+
  • Linux RedHat 7.0+

VM Ware Supported

  • All Manager operating systems.

Note: High availability is supported on a Linux RedHat cluster only.

Signiant Agent and Media Exchange Server

Hardware

  • CPU: Xeon dual-core processor, 2 GHz or higher
  • Memory: 4 GB minimum
  • Disk Space: 2 GB (preferably 4 GB)
  • Network Connection: 100 Mbps or faster

Operating Systems

  • Linux RedHat/CentOS 6.0+ (64-bit)
  • Linux RedHat/CentOS 7.0+ (64-bit)
  • Macintosh OS X 10.9, 10.10, 10.11(64-bit)
  • Solaris 10 x86 (64-bit)
  • Windows Server 2008 R2 (64-bit)
  • Windows 7, 8, 8.1, 10
  • Windows 2012 Server R2 (64-bit)

VM Ware Supported

  • All Agent operating systems, except: Macintosh.

Additional Specifications

Cluster Set-up: You MUST set up and configure your clustered environment BEFORE installing the Signiant clustered Manager. Make sure your clustered environment is set up and working. A FULLY WORKING cluster is essential to having a reliable, working Signiant Manager. Details on how to set up a Linux cluster are available at http://www.redhat.com/cluster_suite.

Clustered Agents: Signiant software only provides support for active/passive style clusters (please consult Kb http://www.signiant.com/support/case-management---knowledge-base/ for more info.)

Agent/Media Exchange Server: Agents/Media Exchange Servers have to contact the Authentication Web Server on TCP 443 in order to perform SOAP authentication.

Time Synchronization: Date and time must be accurately set. Utilization of an NTP Server is recommended.

 

Signiant Manager Port Requirements

  • User to Web Server: TCP 443
  • Manager to and between Agents: TCP / UDP 49221
  • Agent to and between Agent: TCP 49221 / UDP 49221-49321
  • Relay to and between Agent: TCP / UDP 49221
  • Manager to and between Media Exchange Web Server: TCP 49221, 49226-49233*
  • Manager to SMTP mail server: TCP 25
  • Manager to Active Directory/LDAP server: TCP 389 or 636
  • User to Manager: TCP 443 (80 is optional)

 

Signiant Media Exchange Port Requirements

  • User to Media Exchange Relay / Media Exchange Server: TCP 8080, 49221 / UDP 49221-49321
  • Media Exchange Relay / Media Exchange Server to User: UDP 49221-49321
  • Media Exchange Relay to Media Exchange Server: TCP / UDP 49221
  • Media Exchange Enabled Agent to Media Exchange Web Server: TCP 443
  • Content Point to and between Content Point: TCP 49221 / UDP 49221-49321
  • Agent to Manager: TCP 443, TCP / UDP 49221**
  • Manager / Media Exchange Web Server to Internet: TCP 443***
  • Media Exchange Relay to and from Media Exchange Enabled Agent / Media Exchange Server: UDP 49222-49321

 

Notes on Port Requirements for Signiant Media Exchange

  • *Manager to and between Media Exchange Web Server: TCP 443: required during installation
  • **Agent to Manager: TCP 443: required for certificate renewals for relay-only agents and during agent installation. When not configured, offline certificate signing is required
  • ***Manager / Media Exchange Web Server to Internet: TCP 443: required when the Media Exchange desktop client is used

 

Web Browser Support

Signiant Manager and Media Exchange

Windows 7, Windows 8, Windows 8.1, Windows 10

  • Internet Explorer 10, 11
  • Microsoft Edge (HTML 12, 13)
  • Mozilla Firefox 30 - 46
Signiant App for Interactive Transfers
  • Google Chrome 30 - 50
  • Microsoft Edge (HTML 12, 13)

Macintosh OS X 10.9, 10.10, 10.11

  • Apple Safari 7, 8, 9.0.3, 9.1
  • Mozilla Firefox 30 - 46

Media Exchange Desktop Client

  • Windows 7, 8, 8.1, 10
  • Macintosh OS X 10.8.4, 10.9, 10.10, 10.11

Installing

Once you have verified that the host meets the pre-installation requirements and you have assembled the required agent configuration information, you are ready to install the Agent.

It is possible to automate installation of the Agent software by setting up the Rapid Basic Installation (RBI) options in the Manager Web interface. This chapter describes a non-RBI installation.

As a requirement of the installation of the Signiant software, Signiant asks for and collects the following information; Organization Name, Location, Contact Name, Contact Email, Contact Address, Contact Phone, Signiant Agent OS & Architecture, Signiant software version, Signiant Manager node name and Signiant Agent hostname This information is stored in a secure database and will only be used for internal purposes. If you do not wish to submit this information, you may turn off agent registration BEFORE running the agent software by choosing Administration>Agents>List and then click Default Configuration. Beside the Agent Registration field, click Disable.

Downloading Signiant Agent Software

To install the Agent, you must use the Manager Web interface web page to download the software as a compressed file to the specific agent. Note: the Windows 64-bit installer does run on a 32-bit system and will attempt, incorrectly, to install 64-bit code on a 32-bit system and display a warning. 

  1. In a web browser that supports 128-bit encryption, open the Manager Web interface login page. For example, Microsoft Internet Explorer 11.0 or higher, Firefox 27, or higher, Chrome 32 or higher, or Safari 7 or higher.

    https://<Manager_address> where <Manager_address> is the fully qualified host name of the Manager. Note that on Windows 2003, this URL must include /signiant in the path name (as in https://<Manager_address>/signiant).

  2. Login using the Manager Web interface username and password provided by your Signiant administrator.
  3. Click Administration>Agents>Install.

    The End User License Agreement appears.

  4. If you accept the license agreement, at the bottom of the agreement text, click ACCEPT.

    You must accept the End User License Agreement to continue.

  5. Click Download Inf Fileto download the installation information file (sigsetup.inf).
  6. Follow the instructions in the dialog box to save the information file to your agent software directory (for example: /tmp/sigclient for UNIX-based hosts or C:\temp\sigclient for Windows-based hosts).

    If your browser opens the information file instead of displaying the dialog box, navigate back to the Installation Downloads page, click Download Inf File to download the install file, and then save the file in your agent software directory.

    Note: Make certain that you download both the installation information file (.inf file) and the agent installation bundle (agent.exe) for your machine's platform.

    Click the name of your operating system.

  7. In the Platform Type List, select your platform and then click Download Agent Installation Bundle.

 

Installing the Agent on Windows-Based Systems

To start the agent software installation,do the following:

  1. In the folder where you downloaded the agent installation bundle and installation information file (for example: C:\temp\sigclient), double-click the downloaded executable file (for example: sig_client_x86-wnt.exe).

    If you have enabled Rapid Basic Installation (RBI), but are installing on a clustered or multi-homed agent, and do not want to disable RBI for the whole system, you must run the installer from the command line in interactive mode. To do so, type the following at the command prompt:

    sig_client_x86-wnt /z "-type=agent -mode=fullprompt"

    The Welcome to Signiant Setup screen appears. If you have configured your installation with RBI option, no prompts appear.

  2. Fill in the information on the screens, using Back and Next to move through the setup program screens. Enter the following information:

     

    Information Notes
    License Agreement You must accept the license agreement to complete the installation.
    Setup Type Standard installation uses the following default values:
    • Installation Directory - /usr/signiant/dds
    • Log Directory - /usr/signiant/dds/log
    • Signiant Agent Administrator User ID - root
    • Default User ID - transusr
    • Default Directory - /usr/signiant/dds/transfers
    • AgentPort - 49221

    Custom installation allows you to use your own parameters for the default values listed above. You must choose this option if you are installing in a clustered or multi-homed environment. Note that the default user you specify must exist on the agent. The installation process does not create the default user.

    Installation Directory The base directory for the installation.
    Organization Identifier The organization name provided by your Signiant administrator.
    Agent Installation Keys A screen appears, prompting whether the installation is keyless or not. Appears with custom installation.
    Installation Key The installation key provided by your Signiant administrator. Installation keys have a pre-set expiry date. If you require additional keys or have any other questions about your key, contact your Signiant administrator.
    Default User ID  The user ID as which the agent will normally run on the agent host.
    Default Directory The directory that will be used to receive/send data when no directory is specified in a transfer job.
    Signiant Administrators Allows users to specify up to 5 administrators associated with the Agent. Appears with custom installation.
    Port Number The port number on which the agent will run.
    Cluster Configuration Whether or not the agent is a member of a cluster. Appears with custom installation.
    Cluster Name If the agent is a member of a cluster, you must provide the fully qualified domain name of its cluster. Appears with custom installation.
    Multi-Homed/Aliased Configuration Whether or not the agent is multi-homed or aliased. Appears with custom installation.
    Hostname Aliases You must provide the interface alias if the agent is multi-homed. Appears with custom installation.

    The Agent connects to the Manager Web interface web server to request a digitally-signed certificate. The Manager Web interface contacts the Certificate Authority on the agent's behalf and requests the agent's digital certificate.

    If your installation host cannot communicate with the Certificate Authority at installation time, an error message is generated and you must request an offline certificate to complete the installation.

    You can view the output from the certificate signing request and view any installation errors in the Agent installer log file (sigsetup.log), which is located in the following directory: <SYSTEMDISK>:\TMP (e.g., C:\TMP\sigsetup.log).

  3. To exit the setup program, click Finish.

    You can optionally view the README file or the Setup Log File or both and click Finish. The README file and Setup Log file are displayed in two separate screens. Click OK on those screens to continue and exit the setup program.

Verify the Agent is Properly Configured

To verify that the agent is properly configured using the Manager Web interface, do the following:

  1. In the Manager, select Administration>Agents>Configure.
  2. In the list, click the agent whose status you want to verify.
  3. Click Status to view the status information.

To verify that the agent is properly configured using the command line, do the following:

  1. Open the Windows control panel, and select Services.

    The services Signiant Process Control and Signiant UDP Relay should be started.

  2. Open a command prompt.
  3. Change directories to the agent binary directory (Windows default is c:\program files\<install_dir>\bin).
  4. Run the 'dds_admin' program as one of the DDS administrators (dds_admin.exe on Windows).

    You should be prompted to login to the local Agent Administration program, similar to the following:

    >

    The channel to <hostname> is mutually authenticated

    Cipher=" AES256", Keysize=256/256 bits).

    Enter password for <username> on <hostname>:

    [or]

    No grant is configured

    Note: The user must be listed as an administrator of the agent or access is denied.
  5. Prompts for a password or seeing a message that no grant is configured indicates that the agent is running and correctly configured for the machine. Press CTRL-BREAK or CTRL-C to exit this prompt.

Installing the Agent on Unix-Based Systems

Note that if you do not have access to a Manager, an administrator must provide you with the files you need to complete a Unix installation.

The setup program installs the agent software using native packaging systems such as pkgadd on Solaris systems, and Red Hat Package Manager on Linux systems.

To start the agent software installation, do the following:
  1. Login to your host system as a user with root privileges (for example: root).
  2. Change directories to the location where the agent installation bundle was downloaded. For example:

    % cd /tmp/sigclient

  3. Untar the downloaded file. For example:

    tar -xzvf sig_client_i686-linux_RH6.tar.gz

  4. Run the program using the following command syntax (if you are in the directory where sigsetup is located): ./sigsetup.

    If you have configured your installation with the Rapid Basic Installation (RBI) option, no prompts appear. If you have enabled RBI, but are installing on a clustered or multi-homed agent, you must run the installer from the command line in interactive mode. To do so, the following at the command prompt: sigsetup -type=agent -mode=fullprompt.

    Follow the instructions in the setup program screens to select installation options, and navigate through the program screens by typing n (next). If the setup program does not find the sigsetup.inf file in the installation directory, you are prompted to specify its location.

    The following table lists the information you need to enter during the installation:

    Information Notes
    License Agreement You must accept the license agreement to complete the installation.
    Setup Type Standard installation uses the following default values:
    • Installation Directory - /usr/signiant/dds
    • Log Directory - /usr/signiant/dds/log
    • Signiant Agent Administrator User ID - root
    • Default User ID - transusr
    • Default Directory - /usr/signiant/dds/transfers
    • AgentPort - 49221

    Custom installation allows you to use your own parameters for the default values listed above. You must choose this option if you are installing in a clustered or multi-homed environment. Note that the default user you specify must exist on the agent. The installation process does not create the default user.

    Installation Directory The base directory for the installation.
    Organization Identifier The organization name provided by your Signiant administrator.
    Agent Installation Keys A screen appears, prompting whether the installation is keyless or not. Appears with custom installation.
    Installation Key The installation key provided by your Signiant administrator. Installation keys have a pre-set expiry date. If you require additional keys or have any other questions about your key, contact your Signiant administrator.
    Default User ID  The user ID as which the agent will normally run on the agent host.
    Default Directory The directory that will be used to receive/send data when no directory is specified in a transfer job.
    Signiant Administrators Allows users to specify up to 5 administrators associated with the Agent. Appears with custom installation.
    Port Number The port number on which the agent will run.
    Cluster Configuration Whether or not the agent is a member of a cluster. Appears with custom installation.
    Cluster Name If the agent is a member of a cluster, you must provide the fully qualified domain name of its cluster. Appears with custom installation.
    Multi-Homed/Aliased Configuration Whether or not the agent is multi-homed or aliased. Appears with custom installation.
    Hostname Aliases You must provide the interface alias if the agent is multi-homed. Appears with custom installation.

    The Agent connects to the Manager Web interface web server to request a digitally-signed certificate. The Manager Web interface contacts the Certificate Authority on the agent's behalf and requests the agent's digital certificate.

  5. In the Organization ID and Installation Key screen, complete the fields using the information provided by your Signiant administrator, and type n. Authorization keys have a pre-set expiry date. If you require additional keys or have any other questions about your key, contact your Signiant administrator.
  6. In the Transfer Agent Setup Summary screen, review your installation information. To make any changes to the installation options, navigate to the appropriate screen and make the changes.
  7. To accept the installation information, type n.
  8. Type y to begin the software package installation.
  9. When the software package installation is complete, press ENTER to continue with the setup program. The setup program completes the certificate generation process.

    During a Solaris installation, warnings may appear that indicate there is a file conflict. This is a known issue with pkgadd on Solaris. Indicate that you wish to proceed with the installation, and the Signiant agent will install correctly.

    If your installation host cannot communicate with the Certificate Authority at installation time, an error message is generated and you must request an offline certificate to complete the installation.

  10. You can view the output from the certificate signing request and view any installation errors in the Agent installer log file (sigsetup.log), which is located in the following directory: /tmp/sigsetup.log.
  11. Type y to see the Read Me file, or type n to exit the setup program.

Verify the Agent is Properly Configured

To verify that the agent is configured correctly from the command line,do the following:

  1. From a console prompt, type: ps -ef|grep dds_pc.
  2. The processes 'dds_pc' and 'dds_udp_relay' should be seen in the list of processes. Example:

    root      7767     1  0 09:22 ?        00:00:04 dds_pc

    root      7773     1  0 09:22 ?        00:00:00 dds_udp_relay

  3. Change directories to the agent binary directory (UNIX default is /usr/signiant/dds/bin).
  4. Execute the 'dds_admin' program, type, /dds_admin. You are prompted to login to the local Agent Administration program (similar to the following):

    The channel to {hostname} is mutually authenticated

    Enter password for administrator in domain <>

    The user must be listed as an administrator of the agent for dds_admin to work. 

    Being prompted for this information indicates that the agent is running and correctly configured for the machine. Press CTRL-BREAK or CTRL-C to exit this prompt.

Installing the Agent on MAC-Based Systems

A Java runtime environment (JRE) must be installed on Mac OS X 10.9 (and above) in order for the Signiant Agent functionality to work. When the Agent installer is run, the operating system prompts to install Java if it is not present (note: after Java is installed, the Signiant Installer may need to be started again). Java can also be installed manually by launching Java for OS X Lion Update 1.

DNS

IMPORTANT:  If DNS is not configured on your system, the installation uses the agent's “bonjour" name rather than its hostname or fully-qualified domain name. (The “bonjour" name is configured under System Preferences>Sharing.) The installation completes, but the host may be unreachable by other Signiant agents. To ensure that the correct name is identified during installation in a non-DNS environment, issue the following call from a terminal window:

scutil --set Hostname <name>

Once you have set the hostname, you must add the name and IP address to the /etc/hosts file, in the existing format. For example:

10.0.0.1 <name>.

The name should exactly match that set via scutil.

Installation Procedure

To start the agent software installation, do the following:

  1. In the folder where you downloaded the agent installation bundle and installation information file (for example, the Mac desktop), double-click sig_client_MACOSX-10.9.dmg.

    A new volume (SigAgentVol) appears on the desktop.

  2. Double-click the volume and double-click setup. A password prompt appears.
  3. Enter your password and click OK. The Welcome to Signiant Setup screen appears.

    If you have configured your installation with the Rapid Basic Installation (RBI) option, no prompts appear.

  4. Fill in the information on the screens, using Back and Next to move through the setup program screens. During the installation you will input the following information:
    Information Notes
    License Agreement You must accept the license agreement to complete the installation.
    Setup Type Standard installation uses the following default values:
    • Installation Directory - /usr/signiant/dds
    • Log Directory - /usr/signiant/dds/log
    • Signiant Agent Administrator User ID - root
    • Default User ID - transusr
    • Default Directory - /usr/signiant/dds/transfers
    • AgentPort - 49221

    Custom installation allows you to use your own parameters for the default values listed above. You must choose this option if you are installing in a clustered or multi-homed environment. Note that the default user you specify must exist on the agent. The installation process does not create the default user.

    Installation Directory The base directory for the installation.
    Organization Identifier The organization name provided by your Signiant administrator.
    Agent Installation Keys A screen appears, prompting whether the installation is keyless or not. Appears with custom installation.
    Installation Key The installation key provided by your Signiant administrator. Installation keys have a pre-set expiry date. If you require additional keys or have any other questions about your key, contact your Signiant administrator.
    Default User ID  The user ID as which the agent will normally run on the agent host.
    Default Directory The directory that will be used to receive/send data when no directory is specified in a transfer job.
    Signiant Administrators Allows users to specify up to 5 administrators associated with the Agent. Appears with custom installation.
    Port Number The port number on which the agent will run.
    Cluster Configuration Whether or not the agent is a member of a cluster. Appears with custom installation.
    Cluster Name If the agent is a member of a cluster, you must provide the fully qualified domain name of its cluster. Appears with custom installation.
    Multi-Homed/Aliased Configuration Whether or not the agent is multi-homed or aliased. Appears with custom installation.
    Hostname Aliases You must provide the interface alias if the agent is multi-homed. Appears with custom installation.

    The Agent connects to the Manager Web interface web server to request a digitally-signed certificate. The Manager Web interface contacts the Certificate Authority on the agent's behalf and requests the agent's digital certificate.

    If your installation host cannot communicate with the Certificate Authority at installation time, an error message is generated and you must request an offline certificate to complete the installation.

    You can view the output from the certificate signing request and view any installation errors in the Agent installer log file (sigsetup.log), which is located in /tmp/sigsetup.log.

  5. To exit the setup program, click Finish.

    You can click in the checkboxes to view the README file or the Setup Log File or both and click Finish. The README file and Setup Log file are displayed in two separate screens. Click OK on those screens to continue and exit the setup program.

Installing an Agent Without a Web Browser

If you do not have access to a Web browser, do the following:

  1. Copy the agent installation bundle for your particular agent platform and the sigsetup.inf file to a local directory (for example, /tmp or C:\tmp). The following is a list of available installation bundles:
    • sig_client_MACOSX-10.7.dmg

    • sig_client_x86_64-solaris-5.10.tar.gz

    • sig_client_x86-w64.exe

    • sig_client_x86_64-Linux-RH6.tar.gz

    The following are the default directories where the files are located (on the machine on which you installed the Signiant Manager:

    Windows:

    C:\Program Files\Signiant\Mobilize\3rdparty\jboss\server\default\deploy\signiant.war\secure\hosts\

    Unix:

    /usr/signiant/dds/3rdparty/jboss/server/default/deploy/signiant.war/secure/hosts/

  2. Run the installation bundle.
  3. Follow the procedures as outlined for the specific platforms indicated in this section.

    If the agent installation bundle and the sigsetup.inf file are not located in the same directory, you are prompted to specify the directory where the sigsetup.inf file is located. For convenience, you should place both files in the same location on the intended agent.

Signiant Agent Configuration

Agent hosts require the following configuration to participate in automated data transfers:

  • At least one user ID that is available to the host and can be used for data transfers (can be a new or existing user ID)

  • Access grants that enable other data transfer system hosts to access and connect to the local host
  • If required, relays that enable the agent to communicate with other data Agents

Your Signiant administrator can configure some of these parameters in advance and include them in the installation information file (sigsetup.inf) that is downloaded as part of the Agent installation. If default grants and relays are not included in the Agent installation information file, or if you require additional configuration, you can complete the host configuration using the Manager Web interface, or the local configuration interface.

Default User ID

Data transfer jobs are configured to execute on an agent using either a specific user ID or the agent's default user ID. When a job specifies a user ID, the user account must be available on the Agent host. When the job is configured to use a default user ID, the user ID mapping is performed at the agent. If a single user ID with sufficient permission to run most data transfer jobs is available to a host, using a default user ID can be a very convenient way to simplify job creation.

The user ID that is used as the default user ID is specified during Agent software installation (you can change it after installation using the Manager Web interface). You can choose an existing user ID or create a new user ID.

Creating a Signiant Agent User ID

The Agent user ID is a user account used for data transfer activity. If the installation host does not have access to an existing user account that has appropriate privileges, you can create a new one for use as the Agent user ID.

The default grants listed in this file should reference the Agent user ID where appropriate. If you are unsure of how to create a user ID, or if a specific user ID should be used, contact your system administrator for assistance.

In some organizations, the installation information file (sigsetup.inf) that is downloaded as part of the Agent installation is customized to provide a default agent configuration.

Installing Agent on Clustered/Multi-Homed Hosts

The Signiant Manager supports clustered and multi-homed agents. A single node of the cluster is considered the active Signiant node and is the only node that responds to communications from the Manager or other agents (the other nodes are considered to be passive). 

The following is an overview of the installation procedures

  • Cluster agents require custom installation (a non-RBI installation, using the mode=fullprompt flag from the command line). During the installation, you are prompted to enter alias names and the cluster names that are supported within the cluster up to a maximum of five names.
    • Multi-homed agents are automatically configured by the installer, as long as each alias host name can be found in DNS,  by performing a reverse lookup function.
    • Alias names that are either not in DNS or cannot be resolved by a reverse lookup function must be entered manually during the installation.
  • Special steps may be needed on your cluster to install Signiant resources, it is recommended that you refer to support.signiant.com for additional information..

Disabling Rapid Basic Installation (RBI)

If you have enabled Rapid Basic Installation (RBI), you must disable it to run a custom installation. If you do not want to disable RBI for the entire system, run the installation from the command line in interactive mode, allowing you to install in a clustered or multi-homed environment.

Instead of disabling RBI, use the following command line syntax -mode=fullprompt.

To disable RBI to allow a custom agent installation, do the following:

  1. From the Manager, select Administration>Agents>List and click Default Configuration.
  2. Select the Remote Access tab, and choose Advanced.
  3. Specify that jobs run as nt authority\system (Windows) /root (UNIX), or specify a username and password in the appropriate fields, and click OK.
  4. Proceed with the installation.
  5. After installation, follow the steps in this procedure to re-enable RBI by selecting the Remote Access tab and choosing Simple.

Wildcard Certificates

In addition to the hostname and alias names, agents can also have wildcard names in their certificates.  Wildcard names allow an authenticated connection between two agents when the agent initiating the connection uses any hostname matching a wildcard name pattern.  Wildcard certificates are useful when the Domain Name Server (DNS) is being used to direct connections to a collection of agents and, as a result, the connecting agent may use any one of a number of names to initiate a connection.  An alternative to using a wildcard name is to list all of the potential names used to connect to the agent in the certificate, but this is cumbersome when a large number of names can be used to initiate the connection.

You specify a wildcard name like an alias name during a custom installation.  Wildcard names contain a leading asterisk that must be immediately followed by a dot.  For example,  "*.acme.com" and "*.sales.acme.com" are both valid wildcard names, whereas, "sales.*.acme.com", "acme.*", and "*sales.acme.com" are not valid wildcard names. When an agent has a wildcard name in its certificate, the connecting agent allows the connection as long as the name specified when initiating the connection matches the wildcard name pattern. Invalid wildcard names are ignored in this matching process. A name matches the pattern when any text excluding dots is substituted for the asterisk in the wildcard name. For example, "host.acme.com" matches the wildcard "*.acme.com" but "host.sales.acme.com." does not.

Setting the Windows Domain Name

When the Agent software is installed on a Windows-based host, you should create the fully qualified domain name by setting the domain name suffix. The reason for creating qualified domain names is to reduce/eliminate the possibility of name conflicts (since certificates are tied to hostnames. For example, there should be only one server1.acme.com). To create the domain name on a host running Windows 2008, follow the instructions detailed in To join computers running Windows Server 2008 and Windows Vista to the domain.


Upgrading

This chapter details how to upgrade from a previous version of the Agent, locally, on a particular host. For information on upgrading agents remotely via the Manager (which allows you to do bulk Agent upgrades), refer to Chapter 3 in the Manager's Users Guide. Before upgrading the agents, you need to license the product for the number of agents you have purchased.

To start an upgrade, first download the agent installation bundle (see Downloading Signiant Agent Software).

Upgrading on Windows

A Windows agent upgrade requires 25 MB of disk space.

To upgrade on Windows, do the following:
  1. In the folder where you downloaded the agent installation bundle and installation information file (for example: C:\temp\sigclient), double-click the downloaded executable file (for example: sig_client_x86-w64.exe).
  2. Read the license agreement and click Accept and Next.
  3. In the Software Detected screen, click the Modify Installation radio button and click Next.

    You must accept the license agreement to complete the installation.

  4. In the Setup Complete screen, click Finish.         

Upgrading on Unix/Linux

A Unix/Linux agent upgrade requires 50 MB of disk space.

To upgrade on Unix/Linux, follow these steps:

  1. Change directories to the location where the agent software was downloaded. For example,

    % cd /tmp/sigclient

  2. Untar the downloaded file. For example,

    tar -xzvf sig_client_x86-Linux-RH6.tar.gz

  3. Run the program using the following command syntax (assuming you are in the directory where sigsetup is located):

    ./sigsetup

  4. Follow the instructions in the setup program screens to select installation options and navigate through the program screens.

Upgrading on Mac

A Mac agent upgrade requires 50 MB of disk space.

Native Upgrade

To complete a native upgrade, do the following:

  1. Log in to your Signiant Manager
  2. Navigate to Administration>Agents>Install.
  3. Read the End User License Agreement and select ACCEPT.
  4. Download the installation information file to the Mac.
  5. Download the agent installation bundle to the same folder on the Mac.
  6. Log in to your Mac Agent system and launch the Signiant Agent installer.

Do the following to complete the installation:

  1. In the folder where you downloaded the agent software and installation configuration file (for example, the Mac desktop), a new volume (SigAgentVol) appears on the desktop.
  2. Double-click the volume and double-click setup. A password prompt appears.
  3. Enter your password and click OK.

    The Welcome to Signiant Setup Wizard screen appears.

  4. Click Next.
  5. Accept the license agreement.
  6. Click Yes to continue (clicking No exits from the upgrade).
  7. When the upgrade is complete, click Finish.

Upgrading an Agent Without Using a Web Browser

If you do not have access to a Web browser, do the following:

  1. Copy the agent installation bundle for your particular agent platform and the sigsetup.inf file to a local directory (for example, /tmp or C:\tmp). The following is a list of available installation bundles:
    • sig_client_MACOSX-10.7.dmg

    • sig_client_x86_64-solaris-5.10.tar.gz

    • sig_client_x86-w64.exe

    • sig_client_x86_64-Linux-RH6.tar.gz

    The following are the default directories where the files are located (on the machine on which you installed the Signiant Manager:

    Windows:

    C:\Program Files\Signiant\Mobilize\3rdparty\jboss\server\default\deploy\signiant.war\secure\hosts\

    Unix:

    /usr/signiant/dds/3rdparty/jboss/server/default/deploy/signiant.war/secure/hosts/

  2. Run the upgrade bundle.
  3. Follow the procedures as outlined for the specific platforms indicated in this section.

    If the agent installation bundle and the sigsetup.inf file are not located in the same directory, you are prompted to specify the directory where the sigsetup.inf file is located. For convenience, you should place both files in the same location on the intended agent.


Uninstalling

This chapter describes how to remove an agent from Windows, Unix and Mac systems.

Uninstalling on Windows

To uninstall the Agent from Windows, do the following:

  1. In the folder where you downloaded the agent installation bundle and installation information file (for example: C:\temp\sigclient), double-click the downloaded executable file (for example: sig_client_x86-w64.exe).
  2. In the Welcome Screen, click Next.
  3. Click Uninstall.
  4. Click Finish when the uninstall is complete.
Note: You can also remove the Agent software from Windows Control Panel, Add or Remove Programs.

Uninstalling on UNIX

To uninstall the Agent from a UNIX system, do the following:

  1. From the directory where the Agent software is installed type ./siguninstall.

    The uninstall opening screen appears.

    You must run this command from /<signiant_install_directory>/bin.

  2. Type n (for next).

    The Uninstall program searches for installed packages.

  3. Select the packages you want to uninstall (in this case, the Agent) and type n.
  4. Verify the directories associated with the Agent software and type n.

    The summary screen appears.

  5. Confirm the information and type n.

    A prompt appears to confirm that you want to uninstall.

  6. Type y (for yes).

    Eventually a message appears that the uninstall is complete.

  7. Press Enter.

    A message appears that the uninstall is running a cleanup.

  8. Press any key to finish the uninstall and return to the shell.

Uninstalling on Mac

To uninstall the Agent from a Mac, do the following:

  1. In Applications, open the Signiant folder.
  2. Double-click the uninstall icon.

    A password prompt appears.

  3. Enter the password and click OK.
  4. In the Welcome Screen, click Next, and click Next again.

    You are prompted if you are ready to begin the uninstall.

  5. Click Yes.
  6. Click Finish when the uninstall is complete.

Agent Installation For Business Partners

Introduction

This chapter provides an example of best practice case of client agent installation steps for business partners.

  1. Ensure that Partner X has named his agent with a fully qualified name before starting. (Eg. Sigagent01.sbb.serbia.com)
  2. Ensure Partner X has connected their agent to the Internet.
  3. Ensure Partner X has given the target agent a static IP address which never changes.
  4. Ensure Partner X has opened the firewall to let:
    • TCP IN/OUT  on PORT 49221 from your 2 Relay Computers
    • UDP IN/OUT  on PORT 49221 from your 2 Relay Computers
  5. When you provide Partner X with the Installation Software and the Install Instructions. Tell them the install will fail to perform an Online Certificate Signature since your Manager is hidden inside your network. So Partner X needs to send you their private key certificate for you to sign manually. You then send that new signed certificate back to Partner X. They will run Setup Again. This time they will choose IMPORT Cert within the setup program options and choose to Import your signed certificate.
  6. At this point, you are now ready to test if their agent can be reached from your agent manually.

    Continue with the test case steps below.

Test 1

  1. From you DMZ Relay Computer telnet <IP> 49221  - this should connect and bring up a blank  window.  Type Version to verify the agent name. If that fails to connect, you are blocked on their router firewall or on a firewall on the computer itself.
  2. Now configure your Signiant System.
  3. Create a Relay Rule on DMZ Relay 1 and DMZ Relay 2 to route to the Partner X Agent. This does two things: it tells the DMZ Relays where to find your Partner AND it forces all the data traffic over a single Port (Port 49221).
  4. Create a Relay Rule on the two LAN Agents. The RELAY will be to the Partner X Agent and it will ROUTE via the DMZ Relays. Al traffic routes from the LAN via the Relay Agents before going to the Partner X agent.

Test 2

  1. MAKE a Dropbox Job to PUSH a file from your DMZ Agent to Partner X.  Send a small TXT file from your /TMP  folder to their /TMP folder or C:\temp folder:
    • Job 1 should be a TCP based Job
    • Job 2 Should be a UDP based Job

    This is because people often open the TCP PORT BUT do not open the UDP PORT. Assuming the jobs work from the DMZ, proceed to TEST from the LAN. If your TELNET Test worked, then so should your TCP job here. If it does not, this would be a time to ask for help

Test 3

  1. Make a Dropbox Job to PUSH a file from your LAN Agent to Partner X. Send a small TXT file from your /TMP folder to their /TMP folder or C:\temp folder
    • Job 1 should be a TCP based Job
    • Job 2 Should be a UDP based Job
  2. Now try to push a larger file through with no throttle to take note of the bandwidth available when running UDP. Then decide what bandwidth allocation to use on a daily basis with Partner X.
  3. At this point you are ready to create a Production Job or Set of Jobs. Go to the Admin Menu, click MENU and make a new Menu Item called PARTNER X.
  4. Now create a Job Group called PARTNER X ( if you want business users to be able to login and view these reports you have the additional option of clicking Permissions and granting non-admin users access to this job group).
  5. Click Add in the PARTNER X Job Group and choose the appropriate Job Template and Job and Make a Job.
  6. Create a Job View where Job Group=PARTNER X and then Publish that to the PARTNER X MENU.
  7. Now create a custom widget on the dashboard. Go to Dashboard>Add Widget., choose Job Summary and then in the Job View dropdown menu, choose PARTNER .
  8. (Optionally) You can create a report to send an Excel report every Friday with a summary of the PARTNER X Jobs. Go to Jobs>Reports and Add a Report, Choose the criteria for the report WHERE JOB GROUP = PARTNER X and then choose to set a schedule at the bottom to automatically send an email every day or week with the report attached to it.

Off-Line Certificate Signing

Note: If you are unable to connect to the Manager host via HTTP or HTTPS, or resolve the IP address of the Manager web server during agent installation, you must perform an offline certificate signing to complete the agent software installation.

To perform the offline certificate signing process, do the following (this procedure assumes that the agent is installed in the default location. If it is not, make sure you specify the correct paths where applicable):

  1. In the Manger, select Administration>Agents>Install.
  2. Click Sign Certificate.
  3. In the Sign Certificate screen, enter the installation key provided by your Signiant administrator in the Installation Key field, or click This agent's organization is keyless.
  4. Locate the agent certificate request file that was generated at agent installation time and open it in a text editor (for example: Wordpad). For example:

    /usr/signiant/dds/security/<host_name>_req.pem for Unix/Linux/Mac- based systems

    or

    C:\ProgramFiles\Signiant\Signiant\security\<host_name>_req.pem for Windows-based systems

    ) .

    Do not open the file in Notepad, which does not support the character set used by the file.

  5. If you are a Mac user, do the following:
    1. Open a Terminal window and locate the file through the command line.
    2. In the command line, change permissions on the file and open it by typing the following:

      su -

      cd <install_directory> (for example: /usr/signiant/dds/security/)

      ls <host_name>_req.pem

      chmod 777 <host_name>_req.pem

      vi <host_name>_req.pem 

    3. Copy the text from the file.
    4. Press [esc] :q (to quit the file)

  6. Copy the entire contents of the certificate request file, and paste it in the large text field on the Sign Certificate screen.
  7. Click Submit Request.
  8. After the Certificate Authority signs the request, a download dialog box appears.
  9. Save the file, and note its location.
  10. Rename the downloaded file (<host name>_cert.pem) using the actual host name (for example: test.acme.com_cert.pem).
  11. To enable the certificate do the following:

    For Windows-based hosts:

    1. Double-click the downloaded agent installation bundle ( sig_client_x86-w64.exe).  The Signiant Maintenance Wizard screen appears:
    2. Choose Import Certificate and click Next.
    3. Follow the directions on the screens to open the <hostname>_cert.pem file.

    For Unix/Mac hosts:

    1. Change to the folder where the Agent is installed.
    2. Run the command to install the signed certificate. For example (on a single line), type the path to dds_cert, as the following:

      dds_cert update -newcert <directory_where_you_saved_signed certificate><hostname>_cert.pem

    3. Restart the DDS Process control service. For example,

      /usr/signiant/dds/init/siginit start sigagent