Configure and Set Up On-Premise Connector
- Overview of Setup
- Setting up On-Premise Connector (OPC) on Scalefusion Dashboard
- Step 1: Download and Install On-Premise Connector .msi file
- Step 2: Configure the On-Premise Connector Instance
- Step 3: Set Up On-Premise Connector Certificates
- Step 4: Directory Configuration on OPC instance
- Step 5: Complete Setup on SF Dashboard
- Actions on Configurations
To start using the On-Premise Connector the first step is to configure it. Configuring it requires the flow to be started from the Scalefusion Dashboard and continued on-premise with required information exchanged between the two, that is, the Scalefusion Dashboard and the On-Premise Connector instance.
- Scalefusion Account with Enterprise License (Legacy, Modern or Trial)
- The administrator should have owner or co-account owner privileges to complete the setup.
- Any other administrator (Group Admin, Device Admin or in custom role) who has write access can also do the setup.
Overview of Setup
In a nutshell, following is the process for OPC Setup:
- Download .msi file from Scalefusion Dashboard and install it to create an OPC Instance
- Login to OPC Instance and choose an appropriate Network Configuration scheme
- Configure On-Premise Connector Details on Scalefusion Dashboard
- Check Connection to validate connection between Scalefusion Dashboard and OPC Instance
- Set-Up On-Premise Connector certificates. To do so:
- Generate CSR from OPC Instance
- Upload .csr file on Scalefusion Dashboard to generate a signed identity certificate
- Download the signed identity certificate from Scalefusion Dashboard
- Upload the signed identity certificate to OPC Instance
- Download the trust certificate from Scalefusion Dashboard
- Upload the trust certificate to OPC Instance
- Directory (LDAP) Configuration on OPC Instance
- Complete Setup on Scalefusion Dashboard
The steps are explained in detail below.
Setting up On-Premise Connector (OPC) on Scalefusion Dashboard
Step 1: Download and Install On-Premise Connector .msi file
- On Scalefusion Dashboard, navigate to Integrations > On-Premise Connector
- Click Configure
- The On-Premise Connector configuration page opens. Click on Download button to download On-Premise Connector file
- Once download is complete, copy the opc-installer-<version>.msi file to a server within your premises that can access your on-premise resources like Microsoft Active Directory, Microsoft Exchange, etc.If you are already working on the host machine, it is not required to copy the .msi file
Install On-Premise Connector file
- On the target machine, where you have copied the downloaded file, double click on the opc-installer-<version>.msi file to begin installation.
- Follow the on-screen instructions as shown in the installation wizard to complete the installation.
- Once the installation is complete, click Finish to launch the On-Premise Connector Instance's Admin UI on the default browser. If the set up is successful then the On-Premise Connector Instance's Admin UI would open with URL http://localhost:28626/opc-uiAs we do NOT support IE browser, it is recommended that non-IE browser is set as default. Else the URL will need to be opened manually by admin on a non-IE browser.
- On Scalefusion Dashboard, click Next
Step 2: Configure the On-Premise Connector Instance
The On-Premise Connector Instance can be configured once you have made the necessary network configurations to allow reachability of the On-Premise Connector Instance from Scalefusion Dashboard either via the Reverse Proxy scheme or directly. You may refer to this document for further details. Kindly ensure such network configuration is in place before proceeding ahead.
- On the host machine where OPC Instance is created follow these steps:
- Login to the OPC instance using the credentials
- Username: admin@local
- Password: Aur0r@dm!n
NOTE: You can change the password later in the Log In Settings of On-Premise Connector
- Under Network Configuration, Choose one connection method from the following:
- Web-Server or Reverse proxy (e.g: IIS) : Selected by default
- Static Public IP
- Next button will get enabled once you configure On-Premise Connector Details on Scalefusion Dashboard
- Login to the OPC instance using the credentials
- Switch to Scalefusion Dashboard and enter the following details:
Choose one from among the following:
- Http (Selected by default)
Enter the IP Address / Domain Name where the On-Premise Connector can be reached
The public IP address of the server where OPC Instance is created if HTTP scheme is selected.
The public DNS name if HTTPS scheme is selected.
Enter the Port number for inbound connections if the default has been changed
This is set to 28767 by default if HTTP scheme is selected. Unless instructed specifically, you should not change this port.
This is set to 443 by default if HTTPS scheme is selected.
- Check Connection button will get enabled after entering the required details. Click on Check Connection which would trigger a connectivity check with OPC Instance using the details provided
- Once the connection between Scalefusion Dashboard and OPC Instance are validated, following will reflect:
- On Scalefusion Dashboard, the button changes from Check Connection to Next
- Next button on OPC Instance > Network Configuration (mentioned on Step #1.c above) will also get enabled.
Step 3: Set Up On-Premise Connector Certificates
You need to setup On-Premise Connector certificates to enable encrypted communications for a secure data exchange between Scalefusion Dashboard and OPC Instance. Follow these steps:
- In the On-Premise Connector Instance click Next at the Network Configuration step which takes you to Step 2, that is, Set Up On-Premise Connector Certificates
- Here click on Generate CSR button to generate a Certificate Signing Request (CSR) file
- This opens up a dialog where you need to enter server/host information where the OPC Instance is hosted.
- Hostname: The IP address or hostname of the server where OPC Instance is created
- Department: The department "OU" that is managing the OPC Instance
- Organization: Name of the Organization "O" licensed to host OPC Instance
- City: City "L" where OPC Instance is hosted
- State/Province: Name of the State "ST" where OPC Instance is hosted
- Country: Name of the Country where OPC Instance is hosted
- Click Submit
- This will generate and download the CSR file on your local machine (with extension .csr).
- On the Scalefusion Dashboard, upload the same CSR file (downloaded on your local machine) either by dropping the CSR file here or by Selecting Browse Files. This will generate a signed certificate.
- Notice that Download button will get activated under both sub-sections viz. On-Premise Connector Certificate and Trust Store Certificate.
- Click on Download button under On-Premise Connector Certificate sub-section to download the Identity Certificate.
- Click on Download button under Download Trust Store Certificates sub-section to download the Trust Certificate
- On the OPC Instance, first upload the Identity Certificate.
- Next upload the Trust Certificate.
Step 4: Directory Configuration on OPC instance
After uploading the certificates, the next step is to configure directory settings in OPC Instance. This enables Scalefusion Dashboard to read the users' and groups information.
- Enter following under Directory Configuration
Some fields are pre-filled as hints for understanding. These should be replaced with actual data.
The hostname/IP address where Active Directory service is hosted
Port number of Active Directory service listening for LDAP connections
Active Directory Domain Name Prefix (the one that is provided when logging-on to Windows workstations.)
LDAP Admin Username
Active Directory Admin's username for LDAP binding
LDAP Admin Password
Active Directory Admin's password for LDAP binding
LDAP Directory search base
Define the scope of users and groups i.e. the Organization Units (OU's) which Scalefusion will be able to read.
User Login search base
Specify a Security Group which contains users who can access to OPC Instance's Admin UI. The access can be controlled via User Management section from 3dots menu in OPC Profile.
- Click Submit
- You will land on Basic Configuration page which indicates that the integration with OPC is complete. The Basic Configuration page displays basic details like primary email, setup date, certificate details etc.
Step 5: Complete Setup on SF Dashboard
On Scalefusion Dashboard, click Complete Setup.
This completes the setup and displays the OPC configuration details in a single view:
- Connector IP, Port, Version
- Configuration Date
- Configured by
- Configuration Info: The directory configuration that has been set in OPC Instance.
Clicking on View Details to shows the Organizational Units and Security Groups
Actions on Configurations
Following actions can be performed over configuration:
- Sync: If you want to do a manual sync with OPC Instance, click on Sync
- Edit Config: Allows you to edit the scheme, port or IPSync and Edit are available on clicking three dots under Actions menu
- Renew Certificate: There will be an option to renew certificates if they have expired. Click on Renew and follow the same Steps to update the certificates.
- Delete: Deletes the complete OPC configuration. When you click Delete, a confirmation box will appear. Click Confirm.
Management of On-Premise Connector Instance
OPC Instance consists of following sections when you login to it after initial setup is complete
- Setup Configuration: This consists of two sections
- Basic Configuration - Displays all basic configurations that have been done in sync with Scalefusion Dashboard
- Network Configuration - View the network configuration options to establish connection between Scalefusion Dashboard and OPC Instance.
- Directory Configuration
- Directory Visibility Info - Shows the list of OU's and Security Groups that would be visible to the On-Premise Connector, based on Directory Configuration. The users from these groups can be searched and synced with Scalefusion Dashboard.
- Directory Configuration - The directory settings that have been configured. These can be edited.
- Manage Users - Manage the users who are allowed to access OPC UI. Users can be Read+Write (Admin) or Read-Only (User). The User Login Search Base in Directory Configuration must be defined.