Install and configure CSA with IVANTI EPM

Published by david on

Network Ports

The CSA has 2 network cards. As is often the case, it is placed in a DMZ, so only one network card will be used.

Used Ports:

  • 80 outbound for patches and activation (license.landesk.com, patchec.landesk.com, patch.landesk.com)
  • 443 inbound from the internet to the CSA
  • 443 bidirectional between the core and the CSA
  • 443 between LANDESK consoles and the CSA

Additionally, you will need:

  • A public FQDN and a public IP
  • An internal IP address and an internal FQDN (optional)

CSA Installation

The installation will typically occur in a DMZ.

For version 4.6, installation will be done from an ISO. The procedure is available here.

Configuration

From VMware

  • Login with the account: admin (password: admin). Note that the gateway is in qwerty keyboard layout.
  • In System, configure the date and time
  • In System, configure the CSA’s internal IP address
    • Delete the existing 2 IP addresses
    • In eth0, configure the CSA’s internal IP address
  • In Security, disable the Firewall

From the Web Console

Once the IP address is configured, connect with a web browser to https://xx.xx.xx.xx/gsb (where xx.xx.xx.xx is the CSA’s internal IP address)

  • In System, provide
    • Your DNS IP address
    • The external hostname of the CSA. In the example below, csa.wuibaille.fr is the external name of the CSA
  • In System, you can add additional names (if DNS cannot resolve names)
    • Enter the name of your core server
    • You can also add the names of LANDESK servers

204.246.148.180 license.landesk.com

64.40.112.186 patch.landesk.com

200.112.122.52 patchec.landesk.com

84.51.239.169 patchemea.landesk.com

  • In System, perform an Appliance update test (this will validate internet connectivity)
  • In Activation, activate the Appliance with the same credentials used for the LANDESK core server activation
  • From an internet-connected workstation (without passing through the proxy), test that the Appliance is accessible with its public address and name

Particular Point

There are 2 possibilities:

  • Either the core server can directly connect with the CSA’s external IP address. In this case, skip this step.
  • Or the core server must connect with the internal IP address. In this case, in “Gateway service,” add the internal IP address and the internal name of the Appliance

Core Server

CSA Configuration

Must be done from the core server

  • Launch the LANDESK console, then in “Configure,” launch “Manage Cloud Services Appliances…”
  • Provide the name and public IP address of the CSA
  • If the core server cannot directly connect with the public IP address, add the internal name of the CSA. The Apply button generates the certificate between the CSA and the core server
  • To check the connection between the CSA and the Core server, check the CSA tables to ensure the core server name appears. If not, there is a connection problem.

Agent Configuration

In agent settings, activate the CSA in “Client Connectivity Settings.” Agent redeployment is not necessary; the configuration will be applied to workstations within 24 hours.

Test: Agent Certificates

To manually test the agent configuration, launch “C:\Program Files (x86)\LANDesk\LDClient\BrokerConfig.exe.”

Then click “send request.”

If it works, you can use the “Create Management Gateway Client Certificate” script by creating a scheduled task that you can then launch on all laptops.

Categories: EPM
Tags:

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

EPM

IVANTI Documentation

Official IVANTI documentation

EPM

IVANTI EPM Provisioning 2024 Agent (Error 1603)

Resolve the IVANTI agent installation issue by ensuring the correct installation sequence of .NET Framework, including reboot steps and provisioning integration.

EPM

Uninstall Agent EBA

Uninstall Ivanti EPM agent effectively with step-by-step PowerShell commands. Learn to remove both new and legacy agents with ease