OPC Pre-Deployment Guide
IT admins may have certain queries before embarking to set up the On-Prem Connector (OPC). These queries could be in terms of security, configurations and the like... This guide will attempt to provide answers to all such questions and also explain the utilities OPC offers to any enterprise once the setup is complete.
Question 1: How does OPC Work?
Answer: OPC works as a broker between Scalefusion Dashboard and the on-premise resources/services. It accepts incoming requests from Scalefusion Dashboard, collects the necessary information from the on-premise resources/services and relays back such information to Scalefusion Dashboard for further action. The data (request as well as response) are encrypted using a session key which to ensure that no other component on the network path can read/sniff the data being exchanged. The guide to Setup and Configure OPC explains the configurations in detail.
Question 2: Who all can set up OPC?
Answer: Following are the prerequisites:
- Scalefusion Account with Enterprise License (Legacy, Modern or Trial)
- The Scalefusion Account should be a non-GSuite and non-O365 account
- The administrator should have owner or co-account owner privileges to complete the setup.
- Any other administrator (Group Admin, Device Admin or in custom role) who has write access can also do the setup.
Question 3: How does communication between Scalefusion and On-Premise Connector take place?
Answer: There are two ways:
a. Communication via On-Premise Web Server / Reverse Proxy: Under this scheme the Web Server / Reverse Proxy must have a valid public DNS name with a valid TLS/SSL certificate issued by a publicly trusted Certificate Authority. The diagram below explains this scheme.
b. Direct Communication with On-Prem Connector: Under this scheme the machine hosting On-Prem Connector must have a static public IP address or public DNS name. The diagram below explains this scheme.
Question 4: How is data security ensured when we are opening up communication with servers?
Answer: The request originating from Scalefusion Dashboard is encrypted using a session key and can only be decrypted by the On-Prem Connector. Similarly the response originating from On-Prem Connector is encrypted using a session key and can only be decrypted by the Scalefusion Dashboard. This mechanism ensures no component on the entire communication path can read the request or response.
The flow charts below explain how encryption / decryption takes place
Question 5: Which resources can be accessed On-Premise?
Answer: Currently we only access Microsoft Active Directory
Question 6: What utilities are offered after OPC setup?
Answer: Following purposes can be achieved:
- Import Users and User Groups over Scalefusion by accessing customer's Active Directory
- Set up AD based access to Scalefusion Dashboard - Migrate Admins to AD based account with which they can sign in with their AD credentials as AD SSO
- Enroll AD Users on Scalefusion
- Configure Conditional Email Access for On-Prem Exchange users
Question 7: Once AD users are migrated to Scalefusion, on what all platforms can they enroll the devices as BYOD?
Answer: They can enroll on all platforms, viz. Android, Windows, iOS and Mac.
Please feel free to reach out to our support team at firstname.lastname@example.org for any questions.