Install and Configure Standalone Quarantine Server in a BCC Cluster

Before joining a BCC cluster, every standalone remote quarantine server must have the necessary security certificates created and imported. Follow these steps for each standalone quarantine server that you want to add to the cluster.
  1. Installation
  2. Install the latest SMG (10.8.0 or later).
    1. During bootstrap configuration, select the new role,
      4. Quarantine Only
      .
    2. Follow the remaining steps in the setup process, providing the IP address of the BCC when instructed. 
  3. Registration on BCC
  4. On the BCC UI, register the standalone quarantine server.
    1. Go to
      Administration
      >
      Hosts
      >
      Configuration
      >
      Add
      .
    2. Select
      Add a new quarantine server
      and provide further details such as the hostname or IP address of the standalone quarantine server, the type of license used, and time settings.
      If a standalone quarantine server is not registered on the BCC, users won't be able to log in to the standalone quarantine UI.
  5. Create/Export Certificates on Stanadalone Quarantine Server
  6. Log in to the standalone quarantine UI as an administrator.
    1. Go to
      Administration
      >
      Settings
      >
      Certificates
      >
      TLS & HTTPS Certificates
      .
    2. Create one self-signed certificate, and give it an appropriate name like
      quarantine-only-cert
      .
    3. Browse to
      Administration
      >
      Settings
      >
      Control Center
      >
      Certificates
      , and assign the quarantine-only-cert to the standalone quarantine server.
    4. Browse to
      Administration
      >
      Certificates
      >
      TLS & HTTPS Certificates
      . Select the quarantine-only-cert and click
      Export
      . Your browser prompts you to save the certificate file with a .cert extension to your local system.
  7. Enable Control Center Remote Management
  8. Log in to the BCC UI as an administrator.
    1. Browse to
      Administration
      >
      Certificates
      and create two self-signed certificates - one for the BCC's the HTTPS web server (referred to here as
      bcc-cert
      ) and another for the BCC's active mail queue (referred to as
      bcc-activemq
      ).
    2. Browse to
      Administration
      >
      Settings
      >
      Control Center
      >
      Certificates
      and assign the bcc-cert to the Control Center by selecting it from the drop-down menu for
      User interface HTTPS certificate
      .  
    3. Browse to
      Administration
      >
      Settings
      >
      Certificates
      >
      Application
      and import the remote quarantine cert created earlier (quarantine-only-cert). 
    4. Browse to
      Admininstration
      >
      Settings
      >
      Control Center
      >
      Access
      .
    5. Enable remote management on the BCC by selecting the
      Enable Control Center
      remote management checkbox. Define user credentials and select the bcc-activemq certificate created in step 4a.
    6. Click
      Save
      to commit the change.
    7. At this point, the BCC creates two certificates under
      Administration
      >
      Settings
      >
      Certificates
      >
      Application
      : BCC_HTTPS_CERT and BCC_REMOTE_MANAGEMENT_CERT.
    8. Export the BCC_REMOTE_MANAGEMENT_CERT to a file on your local system.
  9. Enable Remote Management Connections on the Standalone Quarantine Server
  10. Log in to the standalone quarantine UI as an administrator.
    1. Browse to
      Administration
      >
      Settings
      >
      Certificates
      >
      Application
      and import the BCC_REMOTE_MANAGEMENT_CERT you saved in the previous step.
    2. Browse to
      Administration
      >
      Settings
      >
      Control Center
      >
      Access
      and select the
      Enable Control Center remote management
      check box. Provide the BCC IP address and credentials defined in step 4e, and click
      Save
      .
    3. Click
      Test
      to verify the configuration.