Generally, you set up a single Centrify for Mobile installation for one Centrify account, that is, you may have multiple proxy servers, but they are all installed through a single Centrify account and registered through the same customer ID.
However, for a large, multi-forest environment, you may want to install and configure multiple, standalone Centrify for Mobile installations. In this case, you create a new customer ID for each installation. You can then install additional cloud proxy servers under each customer ID for redundancy. Each installation has its own customer ID and associated proxy server configuration. If you reconfigure one proxy server in an installation, all other proxy servers in the installation are configured the same way. And if you install a new proxy server in an installation, it’s automatically configured the same way as the rest of the servers in the installation.
When you run the Cloud Management Suite installer for the first time, it creates a customer ID for you and associates the ID with your Centrify account. When you run the installer again to create a new proxy server, after you provide your Centrify account information, you are prompted to register the new proxy with your existing customer ID or with a new one. At this point, you can choose the option to register to a new ID.
Note Do not install multiple proxy servers in the same forest using different customer IDs.
Each customer ID has its own associated encryption key that encrypts group policy
information sent between an installation and its enrolled mobile devices. If you install proxy servers in the same forest using different customer IDs each server will use a different encryption key, causing problems in sending group policy data to enrolled devices.
Be very careful about changing a proxy server’s customer ID, which moves the server from one installation to another. If the proxy server is the only server in an installation, removing
Installing and configuring multiple installations for one account
Centrify Cloud Management Suite Installation and Configuration Guide 50
the server from the installation will cause any device enrollment to the installation to fail, and enrolled devices will no longer receive policy changes.
To run the installer for additional proxy servers in a single forest
1 On a host computer, run the Centrify Cloud Management Suite installer appropriate for your system: Cloud-Mgmt-Suite-<version>-win32.exe for 32-bit Windows,
Cloud-Mgmt-Suite-<version>-win64.exe for 64-bit Windows.
2 Click through the welcome screen (Next) and end-user license agreement (check box and Next).
3 In the Custom Setup dialog box, keep the default component settings, set file location to a different location if desired, then click Next.
4 Click Install to begin the installation and Finish when the wizard completion appears.
A connection test runs to verify that your server is connected properly for the proxy server to run.
If any errors are returned, you must fix them before continuing. Click on the link next to any test to see information about the success or failure of a test. For example, if you click the Success, Warning, or Error link for Outbound TCP Port Check, you see each port that was contacted and whether connection was successful for each.
5 Click Close to close the window. The Cloud Proxy Server Configuration Wizard launches automatically. This wizard enables you to perform the initial configuration of the Cloud Proxy Server.
6 Click through the welcome dialog box (Next), then in the Cloud Proxy Configuration dialog box enter your Centrify account name and password in the account and password text boxes.
7 Click Next.
The Web Proxy Configuration dialog box appears.
8 Specify whether you want to use a a web proxy server for a connection to the Centrify cloud service.
If you do, select Use a web proxy server and go to the next step.
If you don’t, click Next and go to Step 10.
9 If you selected the web proxy option, enter the following information:
Address The URL of the web proxy server.
Port The port number to use to connect to the web proxy server.
User name The user name of a user with access permission for the web proxy server.
Password The password for the account.
10 Click Next.
Installing and configuring multiple installations for one account
Appendix A • Multiple proxy installation scenario 51
The Set Customer ID dialog box appears. It allows you to register the newly created cloud proxy server to an existing customer ID or new customer ID.
11 Select Register a new Customer ID.
Note Be certain that you are installing the proxy server on a host that is in a different forest from other proxy servers linked to your customer ID. If you register multiple proxy servers to different IDs in the same forest you will destabilize your Centrify for Mobile environment.
12 Click Next.
The Configuring Mobile Use dialog box appears. It allows you to specify the Active Directory groups whose users can enroll devices and the organizational units in which records for these users’ devices are stored.
The user group and organizational unit are specified as a pair. By default, the specified user group is “Domain Users” (which means all Active Directory users can enroll devices) and the organizational unit is “Computers” (which means mobile devices are stored in the same organizational unit as computers).
You can specify multiple pairs if you wish. However, if you use a group, such as the default, “Domain Users”, which includes all domain users, a single entry will allow anyone in your domain to enroll a device.
Do one of the following:
Click Next to accept the default pair.
Click the group “Domain Users” in the list, then click Edit to open the Modify Enrollment Group dialog box and change either the group or the organizational unit to use.
Click Add to add a new group and organizational unit pair.
13 If you selected Edit or Add, do one or both of the following:
Installing and configuring multiple installations for one account
Centrify Cloud Management Suite Installation and Configuration Guide 52
On the Group line, Click Create or Browse to create a new group or browse to an existing group to select. If you create a new group, you can later add users to it in Active Directory Users and Computers.
On the Container line, click Browse to browse to an existing container to use, or browse to an Active Directory container, then click Create to create a new container.
14 Click OK when finished.
15 Click Next.
A second Configuring Mobile User dialog box appears. It specifies the user group whose members are allowed to manage enrolled mobile devices — set to “Domain Admins” by default. Centrify for Mobile Active Directory extensions don’t appear in ADUC for users who are not members of the specified group, and they do not have permission to log into the Centrify Cloud Manager application to manage users.
You may specify one group only. Do one of the following:
Click Next to accept the default, Domain Admins, group.
Click Create or Browse to create or select a different group, then click Next.
16 Click Finish to exit the wizard.
17 Click Next then Finish to complete installation of the new proxy server.
The cloud proxy server is now installed and running, and the ADUC and mobile group policy extensions are installed. The Centrify cloud proxy server configuration application starts automatically.
For fault tolerance, you can install multiple proxy servers, each on a different host computer. If one proxy server fails, the Centrify cloud service will automatically switch to another proxy server to continue service. Before installing any additional proxy servers, be certain to read through “Installing and configuring additional proxy servers”
on page 24 for important details about how to set up additional proxy servers.
53
Appendix B