1. Manuals
  2. Brands
  3. Celestix Manuals
  4. Server
  5. E6600
  6. Installation manual

Celestix E6600 Installation Manual

E series
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Celestix E Series Installation Guide
E6600 Security Appliance
Security, Simplified.

Advertisement

Table of Contents
loading

Summary of Contents for Celestix E6600

  • Page 1 Celestix E Series Installation Guide E6600 Security Appliance Security, Simplified.
  • Page 2 The information contained in this document represents the current view of Celestix Networks on the issues discussed as of the date of publication. Because Celestix Networks must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Celestix Networks, and Celestix Networks cannot guarantee the accuracy of any information presented after the date of publication.
  • Page 3 Table of Contents Table of Contents ..................2 Introduction ..................4 Guide Usage Notes ................... 4 Identifying the contents of the appliance shipping carton ......5 Appliance Hardware Features ..............5 E Series System Overview ..............10 Web User Interface.................. 14 Installation ..................
  • Page 4 Safety Precautions .................. 49 Product Reclamation and Recycling ............50 Glossary ....................51 Index ......................56 Resource Worksheet ................64...

  • Page 5: Introduction

    For the E Series, it also provides simplified installation and configuration for secure connectivity and supporting technologies. The Celestix E Series is a hardened and secure appliance platform that is optimized for secure Windows deployment out of the box.

  • Page 6: Identifying The Contents Of The Appliance Shipping Carton

    All the rack mounting hardware necessary for installing the server into the rack is included with the rack or the server. The contents of the server shipping carton include: • Celestix Appliance (HPE server) • Power cord x 2 (except 3600 model) • Rack rail hook-and-loop strap •...
  • Page 7 E Series Installation Guide...
  • Page 8 E Series Installation Guide...
  • Page 9 E Series Installation Guide...
  • Page 10 Illustration 2: Appliance Illustrations with Delineated Features E Series Installation Guide...

  • Page 11: E Series System Overview

    E Series System Overview The Celestix Edge appliance simplifies the process to set up and manage access to IT resources. The diagram below provides a reference for features that are available on the appliance. Illustration 3: E Series Connectivity Features Example Deployment Topologies The diagrams that follow are intended to provide reference for IT administrators or architects.
  • Page 12 Illustration 4: DirectAccess Role Access for external users that includes a wide range of systems, like PCs, Macs, tablets, and smart phones. Requirements: • Secure remote access for nonmanaged clients that include commonly used operating systems (Windows, Linux, OS X, Android, and iOS). •...
  • Page 13 Illustration 5: VPN Role With Web Application Proxy Gateway Cross-premises network connectivity for internally hosted and cloud resources. Requirement: Seamless connectivity between on-premises data center and virtual machines hosted in the public cloud. E Series Installation Guide...

  • Page 14: Configuration Overview

    Note: Some items are optional. Details for feature configuration are discussed in the topic Resource Worksheet. Network Policy Server • Celestix Edge appliance serves as the RADIUS server; it must be domain joined • Network Access Server (RADIUS Client) • IP Address • Shared secret •...

  • Page 15: Web User Interface

    • End users: Windows 8.1/RT 8.1 Web User Interface The web UI is a management tool to access the most common Celestix product features. Initially, use it to quickly set up the server. Subsequently, use the web UI to access administrative features for both Comet and Remote Access roles.

  • Page 16: Version Information

    Version Information Version information for appliance components are noted on the main web UI page. Click the E Series logo link from any page to access: E Series Installation Guide...

  • Page 17: Installation

    Rack the Appliance Celestix appliances are 1U and should be attached to a standard 19-inch equipment rack as follows. 1. Power down the appliance. 2. Disconnect all peripheral cables from the appliance.

  • Page 18: Connect The Appliance

    Connect the Appliance Celestix appliances have up to 6 (six) network adapters and up to 2 (two) power adapters. Connect to the Network Once the appliance is racked, it must be connected to the network. If an IP address will be assigned through DHCP, and then configuration for a static address is covered in...
  • Page 19 NIC link LED Green = Network link Off = No network link NIC activity LED Solid green = Link to network Flashing green = Network active Off = No network activity E Series Installation Guide...

  • Page 20: Connect The Power

    Connect the Power Connect the power cable to the appliance. To connect power 1. Connect the included power cable from a power source, typically a UPS, to the power inlet on the rear panel. E Series Installation Guide...

  • Page 21: Setup

    Setup Appliance management is through the web UI. The instructions in this section describe how to enable and confirm access to it. Assumptions Instructions are based on the following assumptions: • Static IP addresses are reserved for network adapters as needed. •...
  • Page 22 Important: A certificate warning may display because the site uses a self-signed certificate. Accept the certificate to access the web UI. E Series Installation Guide...

  • Page 23: Configuration

    General Information provides necessary details to complete configuration. General Information The following topics cover requirements, assumptions, and terminology used in the Celestix Edge E Series Appliance Installation Guide. Terminology Disambiguation The following list explains how terms to describe components are used in documentation.

  • Page 24: Use The Setup Wizard

    The following items will be required to set up the E Series. Plan ahead so that items are available when needed to complete configuration. • Domain administrator credentials • PowerShell remoting is enabled Example Information To help make the instructions clear, these examples are used to identify components. Celestix Edge Appliance Celestix Edge01.example.com FQDN Celestix Edge01 Host Name example.com...

  • Page 25: Install Features

    Once general setup and configuration are complete the Features configuration tool installs the roles and services necessary for Celestix Edge E Series Appliance remote connectivity. Depending on the purpose for deployment, one or more roles can be installed. Instructions cover the steps common to most deployments, but again, an individual organization may require different or additional configuration.
  • Page 26 Work Folders devices (BYOD functionality). To install a feature 1. Navigate to Celestix Edge|Features. 2. Click the toggle button to On for a feature. 3. Click Apply to confirm. 4. The feature's status indicator will rotate while the system processes the request.
  • Page 27 6. When done, navigate to File|Exit in the remote desktop window to close and return to the DirectAccess screen in the web UI. Closing the application logs off the RDP session to the appliance and is recommended to release management resources. Note: If the File menu is not visible, use the quick close button (boxed x).
  • Page 28 Installs Role Service: DirectAccess and VPN (RAS) Feature: RSAT – Remote Access Management Tools (GUI and Command-Line Tools, module for Windows PowerShell) Feature: Group Policy Management Feature: RAS Connection Manager Administration Kit (CMAK) Affected Appliance Features Deployments with nonmanaged remote devices will require the VPN option to be enabled. Cannot be colocated with Web Application Proxy Required Configuration After Installation Configuration must be customized for an environment;...
  • Page 29 • Click the Wizard button to open the Web Application Proxy configuration tool. • Click the Web Application Proxy link to open the Remote Access console as an application. Remote Desktop Gateway Remote Desktop Gateway (RD Gateway) provides access to internal resources for remote users. Access is through the Remote Desktop Connect (RDC) client, and avoids the need for a VPN.

  • Page 30: Configure Remote Access

    ▪ Click the link to create a sync share to open the Windows configuration wizard. Configure Remote Access The wizard provides the steps to configure DirectAccess and VPN settings for the Celestix Edge E Series Appliance. Instructions cover the steps common to most deployments, but again, an individual organization may require different or additional configuration.

  • Page 31: General Information

    General Information The following deployment notes provide information that qualifies setup processes to understand Remote Access configuration. Deployment Assumptions Information presented in the E Series setup instructions is based on the following: • The Remote Access with VPN feature has been installed through the web UI. •...
  • Page 32 The setup wizard is a walk-through to configure components for Remote Access. While working through the wizard, the appliance may need to reboot. Access the screen through the web UI at Celestix Edge|Features|Remote Access with VPN|Wizard. Wizard Instructions Component Selection – select a Remote Access configuration option: •...
  • Page 33 Public address – enter the address that external clients will use to connect to the network. Note: While using an IP address is supported, the FQDN is a best practice. For example: da.example.com b. Advanced – define client parameters and assign the appliance network adapter that DirectAccess service will use.
  • Page 34 • The infrastructure connection remains active, so manage out capabilities are not affected. Enable for mobile computers only – allow only mobile computers in the specified security groups to connect through DirectAccess. Important: Remote Access will create a WMI filter that will only allow mobile computers to join DirectAccess security groups.
  • Page 35 • Behind an edge device (with two network adapters) – one adapter connects to the perimeter network, and the other connects to the internal network. • Behind an edge device (with one network adapter) – the adapter connects to the internal network. Public address –...
  • Page 36 Support Email – enter the email account that will receive diagnostic reports created by the DirectAccess Diagnostics tool. Allow local name resolution – select to allow users to temporarily disconnect the iii. intranet connection and use local DNS servers for Internet traffic. Notes: •...

  • Page 37: Configure Web Application Proxy

    Configure Web Application Proxy The wizard provides the steps to configure Web Application Proxy (WAP) settings for the Celestix Edge E Series Appliance. Instructions cover the steps common to most deployments, but again, an individual organization may require different or additional configuration.
  • Page 38 Domain Name Use the Setup Wizard The setup wizard is a walk-through to configure components for proxy services. Access the screen through the web UI at Celestix Edge|Features|Web Application Proxy|Wizard. Wizard Instructions 1. ADFS Services– complete the following: a. ADFS Service – enter the fully qualified domain name.

  • Page 39: Configure Work Folders

    Configure Work Folders The wizard provides the steps to configure Work Folders settings for the Celestix Edge E Series Appliance. Instructions cover the steps common to most deployments, but again, an individual organization may require different or additional configuration. For setup, the administrator needs access to the following resources: •...
  • Page 40 Use Setup Wizard The setup wizard is a walk-through to assign a certificate to encrypt remote access to work files. Access the screen through the web UI at Celestix Edge|Features|Work Folders|Wizard. Wizard Instructions Use the following instructions to import the SSL certificate for Work Folders.
  • Page 41 The base level setup that allows external access to work files is now complete. Supported clients can now be configured to access sync services. E Series Installation Guide...

  • Page 42: Create A System Image

    2. Connect a KVM to the appliance. 3. After the POST screen, you will see Celestix Boot Loader. 4. Select the Celestix Rescue Mode. This menu provides you an option to restore the factory image or restore any existing LGV.

  • Page 43: Backup

    Backup Celestix recommends running the Windows backup utility (System|Backup) once configuration is complete to provide a remediation option for issues that may result from future system updates or changes. E Series Installation Guide...

  • Page 44: Update Software

    Once applicable updates are installed, Celestix recommends checking for Windows updates (System|Windows Updates). Thank you for choosing the Celestix Edge E Series Appliance for your remote connectivity solution. This completes the setup and configuration steps for base-level deployment. Email questions to support@celestix.com...

  • Page 45: Appendix

    Appendix Use the links to jump to a topic: • Web User Interface Content Overview • Additional Features • Firewall Ports Reference • Safety Precautions • Product Reclamation and Recycling • Glossary • Index • Resource Worksheet E Series Installation Guide...

  • Page 46: Web User Interface Content Overview

    Web User Interface Content Overview The menu structure for the web UI is outlined below. Use it to quickly find features. E Series Installation Guide...

  • Page 47: Additional Features

    SecureAccess is a remote access client application that provides automatic, always-on access to network resources and manage out functionality for Windows Home/Professional and Mac computers. For information about configuring the feature, see the online help (Celestix Edge|Remote Access Dashboard|SecureAccess). E Series Installation Guide...

  • Page 48: Firewall Ports Reference

    Firewall Ports Reference Use the port reference information below to plan for deploying the appliance. Celestix Technology The ports in the section below are required for Comet or application functionality. SecureAccess TCP port 443 inbound to connect TCP port 8098 inbound and outbound for licensing and to download configuration files Microsoft Technology The following reference information is provided here for convenience.
  • Page 49 TCP 443 inbound for traffic from RD Clients UDP 3391 inbound for traffic from RD Clients TCP 88 inbound and outbound for Kerberos user authentication TCP 135 inbound and outbound for RPC Endpoint Mapper TCP|UDP 389 inbound and outbound for LDAP user authentication TCP|UDP 53 inbound and outbound for internal resource name resolution, DNS TCP|UDP 389 inbound and outbound for LDAP Certificate Revocation List (CRL) TCP 80 inbound and outbound for HTTP Certificate Revocation List (CRL)

  • Page 50: Safety Precautions

    60° C. Do not disassemble, crush, puncture, short external contact, or dispose of battery in fire or water. • Danger of explosion if battery is incorrectly replaced. Replace only with the same or equivalent type recommended by Celestix. Dispose of used batteries according to local regulations for hazardous waste. WARNING: ▪...

  • Page 51: Product Reclamation And Recycling

    Celestix Networks provides recycling support for our equipment to comply with the WEEE Directive. For recycling information, send email to recycling@celestix.com indicating the type of Celestix Networks equipment needing to be disposed of and the country where it is currently located, or contact a Celestix Networks account representative.

  • Page 52: Glossary

    Glossary Active Directory Microsoft's directory service for Windows domains. Active Directory Federation Services The Microsoft implementation of single sign-on (SSO). Acronym for Active Directory ADFS Acronym for Active Directory Federation Services Acronym for certificate authority Certificate The tool that TLS/SSL uses to encrypt communication. Certificate authority An entity that issues certificates to encrypt digital communication.
  • Page 53 Directory synchronization A Microsoft tool that synchronizes users, groups, and attributes (like distribution groups or user phone numbers) to an Office365 instance. DirSync Abbreviation for Directory Synchronization Acronym for Domain Name System Domain Name System A service that translates domain names into IP addresses. Acronym for Device Registration Service Failover A part of high availability where switching from failed to redundant components...
  • Page 54 Namespace A unique identifier for the authentication environment. Network access server A component of RADIUS authentication. Abbreviated NAS. Network Policy Server How Microsoft implements RADIUS. Acronym for NPS Office 365 The cloud implementation of the Microsoft Office productivity suite. Password Sync A component of the Microsoft Directory Synchronization tool that coordinates password hashes between internal Active Directory and Office365.
  • Page 55 Acronym for single sign-on UAG trunk A repository of published applications for user access; this term only applies to Celestix WSA environments or other UAG deployments. Virtual Private Network A secure Remote Access connection that provides access remote access to the internal network.
  • Page 56 Acronym for Windows Internal Database Windows Internal Database A version of SQL Server Express that is automatically included with Windows Server. It is the default data store option for ADFS. Workplace Join The function that allows users to register devices with the domain through DRS; devices can then access application resources based on trust.

  • Page 57: Index

    Index configuration CelestixEdge, 22 federation, 22 add Remote Access features, 25 connect to network Appendix network adapter, 17 links, 46 conventions reclamation/recycling, 52 document usage, 4 Resource Worksheet, 66 Resource Worksheet Example, Safety Precautions, 51 Deployment Assumptions for Remote Access, 30 web UI navigation, 47 Deployment Assumptions for WAP, appliance accessory list, 5...
  • Page 58 configuration, 22 firewall ports, 49 rack the appliance, 16 RD Gateway install feature, 28 Glossary, 53 read-only access, 48 Remote Access Deployment Assumptions, 30 install Remote Access features, 25 Requirement Checklist, 31 Installation Remote Access/VPN rack the appliance, 16 install feature, 27 Remote Desktop Web Access install feature, 29 Last Good Version, 42...
  • Page 59 update, 45 Deployment Assumptions, 38 system image, 42 install feature, 28 Last Good Version, 42 Requirement Checklist, 38 setup, 38 web UI, 15 Update software, 45 navigation, 47 web UI login, 20 Work Folders version information, 15 Deployment Assumptions, 39 VPN setup, 32 install feature, 29 Requirement Checklist, 40...
  • Page 60 Resource Worksheet Example It will expedite the process to gather and verify resource information in the Resource Worksheet below before starting appliance installation and setup. An example of the worksheet is provided below with descriptions for the information it includes. A blank copy of the worksheet, which can be printed, is included in the Appendix.
  • Page 61 Property Network Information Explanation (example) Network address Gateway address May be needed in – Configuration : Use the Setup DMZ (LAN 2 +) Include the IP information address/subnet mask for Wizard : Wizard Instructions : Network Interfaces each adapter to be used. Additional The DMZ adapters are optional configuration.
  • Page 62 Property Network Information Explanation (example) using Windows authentication) PKI (if applicable) IP address May be needed in post-configuration for DirectAccess. PKI is recommended but no longer required for DirectAccess deployment, with a few exceptions, like OTP authentication. Note: Root certificate required. Web Application Proxy ADFS FQDN Used in –...
  • Page 63 Property Network Information Explanation (example) RD Web Access (domain joined) IP Address Hostname Firewall rules Remote Desktop Web Used in – Configuration : Install Features : Feature RD Web Access Server Access (domain joined) Details : Remote Desktop Web Access : Required Configuration After Installation IP address...
  • Page 64 Property Network Information Explanation (example) Public domain registrar Credentials In SSO portal deployments, the portal FQDN should be added as a record to the public DNS host service for the federated domain. SMTP server May be needed in – Configuration : Use the Setup IP address Wizard : Wizard Instructions...

  • Page 65: Resource Worksheet

    Resource Worksheet Table: Worksheet Form Example Property Detail Your Information Computer name Administrator password [Celest1x] (default; to be changed during setup) Workgroup or domain name LAN information (LAN1) IP address Private or internal network Subnet mask interface Default gateway Primary/secondary DNS server(s) Static routes: Network address Gateway address...
  • Page 66 Property Detail Your Information Static IP address(es) Public address for client connections GPOs (if using customized policies) NLS certificate (if using external server) Infrastructure server(s) DA client Public address Subnet mask Default gateway VPN server Client IP address pool (if not using DHCP) RADIUS server information (if not using Windows authentication) PKI (if applicable)
  • Page 67 Property Detail Your Information IP address Hostname RD Web Access (domain joined) IP Address Hostname Firewall rules Remote Desktop Web Access RD Web Access Server (domain joined) IP address Hostname AD DS IP address Subnet mask Default gateway RD Session Host (domain joined) IP address Hostname RD Connection Broker (domain joined)
  • Page 68 Property Detail Your Information SMTP server IP address SMTP gateway name Workplace Join AD DS FQDN AD DS service account ADFS IP address ADFS FQDN DRS DNS entry Application server IP address Hostname Bold items are required E Series Installation Guide...

Table of Contents