/
Install the Cloud Gateway Application

Install the Cloud Gateway Application

The EmpowerID Cloud Gateway is a critical component that facilitates secure communication between on-premises systems and cloud services. This guide provides a step-by-step approach to installing the EmpowerID Cloud Gateway, covering prerequisites, hardware requirements, installation procedures, server role configuration, and post-installation verification. Follow the outlined steps to ensure a successful installation of the Cloud Gateway.

Prerequisites:

Before proceeding with the installation, ensure the following prerequisites are completed:

  • Azure Tenant and Subscription:

    • An Azure tenant and a valid subscription must be in place.

  • Azure Resource Group:

    • Ensure that a resource group is created and identified, or that you have sufficient privileges to create one.

  • Azure Relay and Hybrid Connection Setup:

    • Sufficient privileges to create and configure an Azure Relay in a new or existing resource group.

    • Follow the instructions to create a namespace in the Azure portal as documented here.

    • Set up a Hybrid Connection in Azure Relay as per Microsoft documentation: Hybrid Connections - HTTP requests in .NET - Azure Relay.

  • App Registration and Service Principal Configuration:

    • Sufficient privileges to create an App Registration and a client secret for use by EmpowerID.

    • Assign the App Registration Service Principal the "Contributor" role to the Hybrid Connection.

Hardware Requirements:

The EmpowerID Cloud Gateway requires the following hardware specifications:

  • Processor: 4 processor cores required; more recommended based on usage scenario.

  • Memory: 16 GB required; more recommended based on usage scenario.

  • Disk Subsystem: Fast SSD-based disks are recommended for optimal performance.

Additional Requirements:

NET Framework 4.8 must be installed on any Cloud Gateway Client server.

Procedure

Step 1: Install the Cloud Gateway

  1. On a designated on-premise machine, double-click the EmpowerIDCloudGateway.msi installer file to run it.

  2. In the EmpowerID Cloud Gateway Setup wizard, enter the Host URL to connect with and click Next. Provide the Azure tenant URL for the tenant to connect.

     

  3. On the Ready to install page, click the Install button. 

     

  4. When the agent finishes installing, click the Finish button to close the wizard.

     

  5. You should see the EmpowerID Cloud Gateway Setup window appear.

     

    Optionally, if you use a proxy to connect to the internet, select Use Proxy and enter the address in the Proxy Address field.

     

  6. Click on the Connect button.

  7. Enter the EmpowerID username and password for the remote cloud gateway account you previously created and click Login.

  8. Click OK to close the Registration Complete message box.

  9. Open Services.msc and start the EmpowerID Remote Agent Windows service.

     

Step 2: Configure Server Roles For Cloud Gateway

After you have installed the Cloud Gateway Client, you must set the Server Role to Cloud Gateway for the server hosting the client. Please see Configuring Server Roles for more information.

Verify Cloud Gateway is working

After installing the Cloud Gateway and enabling the appropriate server roles, perform the following to verify the client gateway is working and configured correctly.

Whichever server the cloud gateway is installed on needs to be able to resolve the directory name and its directory server's names and be able to communicate with those servers via LDAP

  1. Check that the Cloud Gateway added the following values to the registry under HKEY_LOCAL_MACHINE > SOFTWARE > TheDotNetFactory > EmpowerID > RemoteAgent

    • ApiKey

    • ApiPath

    • ClientID

    • ServerGUID

    • Thumbprint

    • RecycleOnIdle (Value to be in minutes, Recycles the process when there is no incoming call received in a specified time window)

    • RecycleMaxMemory (Value is in GBytes, the process is terminated automatically if the memory usage reaches this value)

  2. On the connected EmpowerID Server, do the following:

    1. Open a browser and navigate to your EmpowerID portal.

    2. Authenticate and ping the cloud gateway by pointing your browser to HTTPS://<FQDN_Of_Your_EmpowerID_Server>/ui/#w/PingEmpowerIDServerViaRemoteAgent. You should see a lookup for searching and selecting your Cloud Gateway machine.

       

  3. Search for and select your Cloud Gateway machine, and then click Submit.

     

  4. You should see a message stating the server was pinged.

  5. Click Submit to exit the process.