Luminate is a Software as a Service platform that allows corporate IT organizations to provide secure connectivity to corporate applications and services for designated audiences. Luminate allows doing the above without exposing internal networks/datacenters to risks associated with network access and provides unparalleled visibility and governance into activities that are performed by the accessing parties.

In order to get start with Luminate, one needs to configure the system to provide access as described in the below diagram:

Basic_Luminate_Deployment.PNG

In the diagram above, users can access published applications via the Luminate cloud service, as these applications have a Luminate Connector component deployed in their datacenter. A separate guide explains the steps that need to be taken in order to configure applications for access via Luminate.

This guide explains how to deploy Luminate Connector on a Linux machine located in the organizational datacenter (on-premises, or cloud-based).

The deployment of Luminate Connector as Docker container consists of the following steps:

  1. Make sure that the host machine has sufficient connectivity
  2. Make sure that the host machine is running an up-to-date Docker Engine
  3. Installation of Luminate Connector

Making sure that the host machine has sufficient connectivity

Below schema describes the communications that need to be allowed:

connectivity_for_connector.PNG

For those looking to restrict the allowed outbound TCP:443 communications only to the Luminate infrastructure, please reach out to the Luminate support for assistance. The exact addresses depend on the geographical location of your datacenter.

Making sure that the host machine has an up-to-date Docker Engine

In addition to allowing the connectivity mentioned above, in order to deploy Luminate Connector as a Docker container on Linux, the Docker Engine should be installed on the host.

Docker provides detailed instructions on installing the Docker Engine on any type of server, desktop or cloud platform. Please make sure that these steps are taken before attempting to deploy Luminate Connector.

Installation of the Luminate Connector

n the Luminate Administration Portal, please open the Sites view. In the Sites view, please either create a new site or open an existing site.

Please note, that when creating a new Site, a new Connector is created automatically:

When editing an existing site, clicking New Connector will create an additional connector.

All new connectors are created with a status "New".

Upon saving the changes made to the site, for every new connector the following window will pop up:

Opening Kerberos settings is required if the connector is providing connectivity to applications using Single Sign On with Kerberos Constrained Delegation.

 

 

Please copy the content of the text box and run it on the Linux server, making sure that the session user has permissions to manage Docker containers. The execution of the above command will pull the relevant version of the Luminate Connector from Docker Hub and initialize it, allowing it to reach out to the Luminate Cloud.

The configuration presented above makes sure that the container is restarted in any case it stops running, for example, if the host is rebooted.

6. The connectivity status indicator of the connector in the Luminate Security Administration Console should change from or  to .

If this change does not occur, and the connector remains  ,it usually indicates that the Luminate Connector is unable to open an outbound HTTPS connection to the Luminate Cloud. In order to troubleshoot this situation, please run the following command on the host: docker logs <name of your container> and follow the instructions that are shown.