Setting up a Remote Environment

Overview

The Remote Environment feature has undergone substantial improvements in Atria v15 to simplify communication between environments and network infrastructure implementation. You can create a new customer environment by simply copying a script and pasting it into your customer's directory to establish a connection between Atria and their private environment. This document shows you how to prepare your environment for running remote environment setup scripts.

Location Types

Before following this guide, you will need to decide which location type you are setting up. A "Location" is a placeholder for customers to exist. Below is a description of the available location types:

Private Location

A Private Location is a dedicated, isolated environment configured specifically for a single customer. It provides exclusive infrastructure, ensuring that no resources are shared with other customers. This setup allows for tailored configurations, enhanced security, and complete control over the environment. It is ideal for organizations with strict compliance requirements or those requiring custom implementations.

Shared Location

A Shared Location is a multi-tenant environment where resources such as servers and services are shared among multiple customers. This setup allows for efficient use of infrastructure and reduced operational costs while maintaining data segregation and security through separate Active Directory Organizational Units. Shared locations are suitable for customers with standard configuration needs and less stringent customization requirements.

Prerequisites

• Extend Active Directory Schema with Exchange Atrributes:

The commands referenced below are from the following Microsoft article - Extend Active Directory Schema with Exchange Attributes.

To extend the schema, use the schema prep tool from the Microsoft Exchange Installation Media and run the following commands from a Windows Command Prompt (example):

> <Virtual DVD drive letter>\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema
> <Virtual DVD drive letter>\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD /OrganizationName:”A101”

• DNS Entry for AtriaWeb and AtriaMessaging:

You will need to configure your DNS so that the AtriaWeb domain resolves to the IP address of your Web Server and the AtriaMessaging domain resolves to the IP address of your Provisioning Server. You can confirm this is working by accessing the Web UI and RabbitMQ Management interface through a browser.

info

If setup as default, you should be able to access your Web UI at https://atriaweb/ and RabbitMQ Management at https://atriamessaging.(YourDomain):15671/. This may vary depending on your DNS setup, and which ports you are using.

• Certificates Transferred:

You need to ensure that your Root CA Certificate and RabbitMQ Certificate (If applicable) are copied over and installed on your remote domain. There are specific configuration requirements to be met during this process. It follows the same steps as transferring the Atria Root CA to the Web Server during installation so you can using this guide as a reference point: Tranfer Atria Root CA Certification.

Network Diagram

Environment Setup Configuration Page

Before installing components in Remote Locations, installer packages need pre-setup configurations. This configuration page outlines how installer packages will communicate with Atria during component installation.

• Locate this page by navigating to Configuration > Sytem Manager > Environment Setup Configuration:

The screen has 3 sections:

Feed Configuration

• Feed URL: The URL used to download installer packages
  • Notes: Provided by Atria Support
• Feed User: The user account used in Feed URL authentication
  • Field Description: An email address showcasing your domain
• Feed Token: Token providing access to the Feed URL
  • Notes: Provided by Atria Support

External URLs

• External API URL: Atria Portal URL
  • Notes: This should be routable from your remote environment
• Messaging URL: URL to the Provisioning Server hosting RabbitMQ service
  • Notes: This should be routable from your remote environment

RabbitMQ Configuration

• Management URL: URL to the Provisioning Server hosting RabbitMQ Management service
  • Notes: This should be routable from your remote environment

Enter the desired values in the fields and click Save to store them, making your environment ready to handle remote environment setup scripts.

Remote Location Configuration

1. Navigate to Configuration > System Manager > Location and click Add:

2. Fill out the fields and specify the appropriate Location type that best describes the Remote Environment, then click Save:

Location Specific Configuration

The rest of this guide is split into 2 sections. Follow whichever one lines up with your location type:

Shared

Install the Atria Components in the Remote Environment

Using the generated installation script, run the script in the Remote Environment where you want the components installed.

Verify Atria Components Installation

After installation, verify the status of the components in the Atria Portal under Configuration > System Manager > Environments.

You can view:

• The number of components installed on the Location.
• Any issues with the components.

Select the customer environment you created to see detailed information:

v15.23 or before

Create the Directory Server Connection

1. Add the server:

• Navigate to Configuration > Servers.
• Select the appropriate Location Filter where the server will be added.
• Click Add Server, enter the Server name, and click Add Server.
• Ensure the Server Alias name is resolvable from the Atria Web and Provisioning Server, then click Save.

2. Assign the Directory Role:

• Navigate to Configuration > Server Roles.
• Select the Server.
• Check the Directory role and click Save.

3. Retrieve credentials:

• On the Remote Environment, open an elevated PowerShell window and run:

  cd C:\Windows\System32\inetsrv
  .\appcmd.exe list apppool "Atria DirectoryWS AppPool" /text:
• Take note of the username and password:

4. Add credentials:

• Navigate to Configuration > System Manager > Credentials.
• Set the Location Filter to the new location you created.
• Enter the credentials retrieved from PowerShell and set the Domain to the FQDN of your remote environment.

5. Create the server connection:
   • Navigate to Configuration > System Manager > Server Connections.
   • Select Directory as the Server Role.
   • Choose the appropriate Server and credentials.
   • Specify the Protocol and Port (default: HTTP and port 8095), then click Save.

6. Validate the connection:
   • Click the Icon under Test Connection and Verify the connection status.

v15.24 onwards

Due to the use of Group Managed Service Accounts (GMSAs) in Atria v15.24, the server connection is created automatically so your environment configuration is now complete. For more information about GMSAs, visit Use Group Managed Service Accounts for Atria Components.

Private

Creating a Dedicated Customer

• First, Create the Customer in Atria by navigating to Customers > New Dedicated Customer:

• Fill in the required details for the Customer.

• When you click on "Create Customer" you will be presented with an Installation script:

Install Atria Agent on the Clients Active Directory

• Log on to a server in the customers Active Directory as a domain adminstrator.

• Start an administrative PowerShell window, and copy and paste the script into the window:

• This will prompt you 2-3 times regarding permissions. Please provide the answer “Y” to each of these values.

• Now the agent install process will run, it will look something like this:

• Once completed, the script will end. Now, head back to the Atria Portal.

Check Agent Status

• Locate the Customer, and click on Environments to view the status of the Atria agent:

• Once the agent has successfully completed, all of the components should have a green health status. At this point the remote Active Directory is connected to Atria.

Finishing Customer Provisioning

• Go back to the Customer, and select Provision:

• When provisioning has completed, you can now progress to import the users.

Importing Users from Active Directory

• Ensure you have the customer selected, and navigate to User Directory Import on the left menu:

• Select the Users you wish to import from their OU, then select Import:

• Now, if you refresh the users page, depending on the customer size, users will start appearing in the user list.

The following features are now available for the customer and their users:

• Update/Change user details
• Add new users
• Reset passwords
• Delete Users
• Group management features are also available to use.

Summary

In this document, we configured a remote environment to connect with Atria. To learn how to create customers in a remote shared environment, and manage customers in both scenarios, navigate to Remote Customer Management.

If you have questions or encounter issues, contact us at support@getatria.com.