Luminate is a Software as a Service platform that allows corporate IT organizations to provide secure connectivity to corporate applications and services for designated audiences. Luminate allows doing the above without exposing internal networks/datacenters to risks associated with network access and provides unparalleled visibility and governance into activities that are performed by the accessing parties.

In order to get start with Luminate, one needs to configure the system to provide access as described in the below diagram:

Basic_Luminate_Deployment.PNG

In the diagram above, users can access published applications via the Luminate cloud service, as these applications have a Luminate Connector component deployed in their datacenter. A separate guideexplains the steps that need to be taken in order to configure applications for access via Luminate.

 

download.png

Prior to proceeding further, please consider running the connector on Linux servers or in Container Orchestrator environments. While Docker for Windows supports running Linux-based containers, there are deployment on Windows platform is much more complex and prone to advanced technical issues.

Docker Community Edition is only supported on Windows 10 (https://docs.docker.com/install/) and not on Windows Servers, that support only Docker Enterprise Edition (https://success.docker.com/article/compatibility-matrix). Additional challenges may arise with nested virtualization, when running Windows Servers on Hypervisors.

 

This guide explains how to deploy Luminate Connector on a Windows Server or Windows 10 machine located in the organizational datacenter (on-premises, or cloud-based).

The deployment of Luminate Connector as Docker container consists of the following steps:

  1. Make sure that the host meets the requirements for Docker for Windows
  2. Make sure that the host machine has sufficient connectivity
  3. Make sure that the host machine is running an up-to-date Docker Engine
  4. Installation of Luminate Connector

 

Making sure that the host machine meets the requirements for Docker for Windows

In order to be able to install Docker for Window on a Windows Server or Windows 10 machine, according to the Docker for Windows Installation Manual, the machine needs to meet the following requirements:

System Requirements:

  • Windows 10 64bit: Pro, Enterprise or Education (1607 Anniversary Update, Build 14393 or later).
  • Virtualization is enabled in BIOS. Typically, virtualization is enabled by default. This is different from having Hyper-V enabled. For more detail see Virtualization must be enabled in Troubleshooting.
  • CPU SLAT-capable feature.
  • At least 4GB of RAM.

If the machine doesn't meet the above requirements, it is still possible to install Docker Toolbox and deploy Luminate Connector. This configuration is not recommended for production grade deployment.

 

Making sure that the host machine has sufficient connectivity

Below schema describes the communications that need to be allowed:

connectivity_for_connector.PNG

For those looking to restrict the allowed outbound TCP:443 communications only to the Luminate infrastructure, please reach out to the Luminate support for assistance. The exact addresses depend on the geographical location of your datacenter.

 

Making sure that the host machine is running an up-to-date Docker Engine

Please follow the instructions provided by Docker. When installing the Docker Engine please make sure that you choose "Linux Containers" mode. If using pre-installed Docker Engine, please switch to Linux Containers mode:

 

 

Please note that when deploying on Microsoft Azure, special images marked "with Containers" come pre-installed with all the relevant capabilities:

 

Installation of Luminate Connector

In the Luminate Administration Portal, please open the Sites view. In the Sites view, please either create a new site or open an existing site.

Please note, that when creating a new Site, a new Connector is created automatically:

When editing an existing site, clicking New Connector will create an additional connector.

All new connectors are created with a status "New".

Upon saving the changes made to the site, for every new connector the following window will pop up:

Opening Kerberos settings is required if the connector is providing connectivity to applications using Single Sign On with Kerberos Constrained Delegation.

Please copy the content of the text box and run it on the Windows Server, making sure that the session user has permissions to manage Docker containers. The execution of the above command will pull the relevant version of the Luminate Connector from Docker Hub and initialize it, allowing it to reach out to the Luminate Cloud.

The configuration presented above makes sure that the container is restarted in any case it stops running, for example, if the host is rebooted.

The connectivity status indicator of the connector in the Luminate Security Administration Console should change from or  to .

If this change does not occur, and the connector remains  ,it usually indicates that the Luminate Connector is unable to open an outbound HTTPS connection to the Luminate Cloud. In order to troubleshoot this situation, please run the following command on the host: docker logs <name of your container> and follow the instructions that are shown.