Install and Configure Standalone Quarantine Server in a BCC Cluster
Before joining a BCC cluster, every standalone remote quarantine server must have the necessary security certificates created and imported. Follow these steps for each standalone quarantine server that you want to add to the cluster.
- Installation
- Install the latest SMG (10.8.0 or later).
- During bootstrap configuration, select the new role,4. Quarantine Only.
- Follow the remaining steps in the setup process, providing the IP address of the BCC when instructed.
- Registration on BCC
- On the BCC UI, register the standalone quarantine server.
- Go toAdministration>Hosts>Configuration>Add.
- SelectAdd a new quarantine serverand provide further details such as the hostname or IP address of the standalone quarantine server, the type of license used, and time settings.If a standalone quarantine server is not registered on the BCC, users won't be able to log in to the standalone quarantine UI.
- Create/Export Certificates on Stanadalone Quarantine Server
- Log in to the standalone quarantine UI as an administrator.
- Go toAdministration>Settings>Certificates>TLS & HTTPS Certificates.
- Create one self-signed certificate, and give it an appropriate name likequarantine-only-cert.
- Browse toAdministration>Settings>Control Center>Certificates, and assign the quarantine-only-cert to the standalone quarantine server.
- Browse toAdministration>Certificates>TLS & HTTPS Certificates. Select the quarantine-only-cert and clickExport. Your browser prompts you to save the certificate file with a .cert extension to your local system.
- Enable Control Center Remote Management
- Log in to the BCC UI as an administrator.
- Browse toAdministration>Certificatesand create two self-signed certificates - one for the BCC's the HTTPS web server (referred to here asbcc-cert) and another for the BCC's active mail queue (referred to asbcc-activemq).
- Browse toAdministration>Settings>Control Center>Certificatesand assign the bcc-cert to the Control Center by selecting it from the drop-down menu forUser interface HTTPS certificate.
- Browse toAdministration>Settings>Certificates>Applicationand import the remote quarantine cert created earlier (quarantine-only-cert).
- Browse toAdmininstration>Settings>Control Center>Access.
- Enable remote management on the BCC by selecting theEnable Control Centerremote management checkbox. Define user credentials and select the bcc-activemq certificate created in step 4a.
- ClickSaveto commit the change.
- At this point, the BCC creates two certificates underAdministration>Settings>Certificates>Application: BCC_HTTPS_CERT and BCC_REMOTE_MANAGEMENT_CERT.
- Export the BCC_REMOTE_MANAGEMENT_CERT to a file on your local system.
- Enable Remote Management Connections on the Standalone Quarantine Server
- Log in to the standalone quarantine UI as an administrator.
- Browse toAdministration>Settings>Certificates>Applicationand import the BCC_REMOTE_MANAGEMENT_CERT you saved in the previous step.
- Browse toAdministration>Settings>Control Center>Accessand select theEnable Control Center remote managementcheck box. Provide the BCC IP address and credentials defined in step 4e, and clickSave.
- ClickTestto verify the configuration.