Celestix E6600 User manual
Security, Simplified.
Celestix E Series Installation Guide
E6600 Security Appliance
i
The information contained in this document represents the current view of Celestix Networks on the issues discussed as of the date
of publication. Because Celestix Networks must respond to changing market conditions, it should not be interpreted to be a
commitment on the part of Celestix Networks, and Celestix Networks cannot guarantee the accuracy of any information presented
after the date of publication.
These instructions are for informational purposes only. CELESTIX MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS
DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of
this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means
(electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Celestix Networks.
Celestix Networks may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering
subject matter in this document. Except as expressly provided in any written license agreement from Celestix Networks, the
furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
Celestix Edge E Series Appliance Installation Guide
Document Number: EDG2200-120-001
Updated: January 18, 2017
Part Number: (CCD) 2122-30000001
Product version: E Series 2.2.0.0
© 2017 Celestix Networks, Inc. All rights reserved.
The example companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted
herein are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, place,
or event is intended or should be inferred.
HOTPin, Celestix and Celestix logo are either trademarks or registered trademarks of Celestix Networks, Inc.
Microsoft, Microsoft logo, Microsoft Windows Server, Microsoft Forefront, Threat Management Gateway, Unified Access Gateway,
Active Directory, Windows, Windows NT, Office 365, Azure, ActiveX, Internet Explorer, Windows Phone, and Zune are either
registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Table of Contents
Table of Contents .......................................................................................2
1 Introduction........................................................................................4
Guide Usage Notes...................................................................................4
Identifying the contents of the appliance shipping carton........................5
Appliance Hardware Features ..................................................................5
E Series System Overview......................................................................10
Web User Interface..................................................................................14
2 Installation........................................................................................16
Notes........................................................................................................16
Rack the Appliance .................................................................................16
Connect the Appliance............................................................................17
3 Setup.................................................................................................20
Power the Appliance ...............................................................................20
Log in to the Web UI................................................................................20
4 Configuration...................................................................................22
General Information.................................................................................22
Use the Setup Wizard .............................................................................23
Install Features........................................................................................24
Configure Remote Access ......................................................................29
Configure Web Application Proxy...........................................................36
Configure Work Folders ..........................................................................38
5 Create a System Image...................................................................41
LGV..........................................................................................................41
6 Backup..............................................................................................42
7 Update Software..............................................................................43
Appendix....................................................................................................44
Web User Interface Content Overview...................................................45
Additional Features .................................................................................46
Firewall Ports Reference.........................................................................47
Safety Precautions ..................................................................................49
Product Reclamation and Recycling.......................................................50
Glossary...................................................................................................51
Index ........................................................................................................56
Resource Worksheet...............................................................................64
4
E Series Installation Guide
1 Introduction
Celestix Networks delivers an exceptional combination of secure connectivity features, scalability, and
simplicity in cost-efficient virtual and hardware appliances. Ready-to-deploy appliances offer easier
management that reduces the risk and cost of security solutions. Celestix® solutions offer flexibility to
protect access to IT resources.
The Celestix® Celestix Edge E Series Appliance provides simplified configuration for Microsoft®
Windows Server® 2012 R2 remote connectivity solutions. The E Series facilitates access management,
bring your own device (BYOD) programs, and anywhere access to work files.
A well-planned cloud blueprint can help users to work how and when they are most productive. Through
the E Series, organizations can choose the connectivity options best suited to organizational goals.
•Always-on remote connection for both end user access and client management.
•RADIUS and multifactor authentication.
•Encrypted access to internal resources without a VPN.
•Streaming access to hosted applications from any device.
•Synced work files access by supported devices from wherever, even without network connectivity.
The foundation of your Celestix appliance is the award-winning Comet engine. Comet provides a web
user interface (web UI) for convenient access to administration functions like setup, network
configuration, and server task management. For the E Series, it also provides simplified installation and
configuration for secure connectivity and supporting technologies.
The Celestix E Series is a hardened and secure appliance platform that is optimized for secure Windows
deployment out of the box.
The 2.2.0.0 E Series offers the following functionality:
•SecureAccess client
•Read-only access to the web UI
•SSO portal update
Guide Usage Notes
This guide will help system administrators to efficiently install and configure a new appliance with a base
level setup. The guide does not provide extensive reference information. The instructions cover steps for
some common deployment scenarios. They usually offer one option to accomplish a task, though there
may be other ways to achieve the same thing.
Document Conventions
•Instructions are generally intended for administrators to manage the server installation through
Comet’s web user interface administration tool, referred to as the web UI.
•Instructions are presented in the best order to follow for setup.
•The following text formats are used for clarification:
▪Web UI on-screen items are noted in this style.
▪Features on the appliance front and rear panels are noted in this style.
▪File names are delineated as filename.xxx.
▪Titles are delineated as documentname.
▪Examples and code are delineated in this style.
•When referring to subsections in this document, the hierarchy is delineated by the symbol for a
colon (:).
For example, the location of the section To find updates would be delineated as:
5
E Series Installation Guide
Update Software : To find updates.
•Instructions assume the reader will navigate from the web UI main menu bar to access features.
For example, to access Software Updates, the navigation path from the menu bar would be
delineated as:
System|Software Updates.
•Though network interface connections are commonly referred to as NICs, ports, and adapters,
documentation uses the term network adapters.
•Documentation generally refers to the appliance when discussing the E Series Appliance.
Identifying the contents of the appliance shipping carton
Unpack the server shipping carton and locate the materials and documentation necessary for installing
the server. All the rack mounting hardware necessary for installing the server into the rack is included with
the rack or the server.
The contents of the server shipping carton include:
• Celestix Appliance (HPE server)
• Power cord x 2 (except 3600 model)
• Rack rail hook-and-loop strap
• CD contains manuals.
In addition to the supplied items, you might need:
• T-25 Torx screwdriver (to loosen the shipping screws located inside the server quick-release latch
rack ears)
• T-10/T-15 Torx screwdriver
Appliance Hardware Features
Each of the feature lists below include a legend to help identify components on the appliance.
6
E Series Installation Guide
7
E Series Installation Guide
8
E Series Installation Guide
9
E Series Installation Guide
Illustration 2: Appliance Illustrations with Delineated Features
10
E Series Installation Guide
E Series System Overview
The Celestix Edge appliance simplifies the process to set up and manage access to IT resources. The
diagram below provides a reference for features that are available on the appliance.
Illustration 3: E Series Connectivity Features
Example Deployment Topologies
The diagrams that follow are intended to provide reference for IT administrators or architects. The
examples provide a few scenarios for common aspects of Celestix Edge appliance deployment, while the
potential options are certainly numerous.
DirectAccess Deployment with Manage-Out
Access for external users with strong authentication that allows system administrators to support and
manage remote clients.
Requirements:
•Secure remote access for managed Windows 7 and Windows 8 clients.
•Anytime, anywhere access to applications and data on the organization network.
•Compliance mandate for One-Time Password (OTP) authentication.
•System administrators inside the organization network need connectivity to initiate remote desktop
sessions and push software updates to remote clients.
11
E Series Installation Guide
Illustration 4: DirectAccess Role
VPN
Access for external users that includes a wide range of systems, like PCs, Macs, tablets, and smart
phones.
Requirements:
•Secure remote access for nonmanaged clients that include commonly used operating systems
(Windows, Linux, OS X, Android, and iOS).
•Remote access to applications and data on the organization network.
•Web-based applications need users to be pre-authenticated at the edge.
•Applications individually provisioned based on user roles.
12
E Series Installation Guide
Illustration 5: VPN Role With Web Application Proxy
Gateway
Cross-premises network connectivity for internally hosted and cloud resources.
Requirement: Seamless connectivity between on-premises data center and virtual machines hosted in the
public cloud.
13
E Series Installation Guide
Illustration 6: Remote Desktop Services Role
Configuration Overview
The following lists network components that most commonly require configuration to support feature
deployments.
Note: Some items are optional. Details for feature configuration are discussed in the topic Resource
Worksheet.
Network Policy Server
•Celestix Edge appliance serves as the RADIUS server; it must be domain joined
•Network Access Server (RADIUS Client)
•IP Address
•Shared secret
•Network policies
•Authentication protocol options
Remote Access
•DirectAccess
▪An Active Directory® Domain Services (AD DS) domain
14
E Series Installation Guide
▪At least one domain-joined DirectAccess server (E Series)
▪A public key infrastructure (PKI) [recommended]
▪Network location server (optional)
▪DirectAccess clients running Windows 7 Enterprise or Ultimate, or Windows 8.x Enterprise
•VPN
▪SSL certificate (if using SSTP)
▪External firewall exceptions for configured ports
•Web Application Proxy
▪Celestix Edge appliance serves as the reverse proxy
▪ADFS installed on separate Windows 2012 R2 server
▪SSL certificate
▪Firewall rules for traffic between Web Application Proxy server (E Series) and ADFS server
Remote Desktop Services Components
•Remote Desktop Gateway
▪Celestix Edge appliance must be domain joined
▪RD Connection Broker and RD Web Access Server
▪RD Session Host server
▪RD Gateway server
▪SSL certificate
▪AD DS Group Managed Service Account
▪Firewall exceptions maybe required
▪End Users: RDP client that supports RD Gateway (like Windows Remote Desktop Client)
•Remote Desktop Web Access
▪Celestix Edge appliance must be domain joined
▪Remote Desktop Connection Broker
▪RD Session Host server with RemoteApp programs configured
▪SSL certificate
▪Firewall exceptions will be required for the WMI Service
▪Option –virtual desktop: Remote Desktop Virtualization Host server
Work Folders
•Celestix Edge appliance serves as the sync server; it must be domain joined
•Domain-joined Windows Server 2012 R2 as the sync share; share volume formatted as NTFS
•Sync share DNS entry (recommended)
•SSL certificate
•User group (recommended)
•End users: Windows 8.1/RT 8.1
Web User Interface
The web UI is a management tool to access the most common Celestix product features. Initially, use it to
quickly set up the server. Subsequently, use the web UI to access administrative features for both Comet
and Remote Access roles.
See the Appendix topic Web User Interface Content Overview for features included in the web UI. See
the online help topic Web User Interface Overview for more information about using the web UI
(Help|Web UI Overview).
15
E Series Installation Guide
Version Information
Version information for appliance components are noted on the main web UI page. Click the E Series
logo link from any page to access:
16
E Series Installation Guide
2 Installation
The guide provides a system administrator with concise instructions for a base deployment. The
document covers common installation requirements and is not intended to be comprehensive. Every
network environment is different, and installation for an individual organization may require either
additional or other configuration not discussed herein.
Notes
Celestix Edge administrators should have the following skills, knowledge, and consequent access
privileges:
•Server room management
•Server administration
•Networking technology
Caution:
To reduce the risk of personal injury or equipment damage, be sure that the rack
is adequately stabilized before extending a component from the rack.
Rack the Appliance
Celestix appliances are 1U and should be attached to a standard 19-inch equipment rack as follows.
1. Power down the appliance.
2. Disconnect all peripheral cables from the appliance.
3. Disconnect each power cord from the appliance.
4. In a server that uses thumbscrew rack ears, loosen the captive thumbscrews that secure the server
faceplate to the front of the rack, and then slide the server out of the rack.
5. In a server that uses quick-release latch rack ears:
a. Open the latches on both sides of the server.
b. If necessary, use a T-25 Torx screwdriver to loosen the shipping screws. The diagram below
provides a reference.
Illustration 7: Appliance Mounting
17
E Series Installation Guide
Connect the Appliance
Celestix appliances have up to 6 (six) network adapters and up to 2 (two) power adapters.
Connect to the Network
Once the appliance is racked, it must be connected to the network.
If an IP address will be assigned through DHCP, and then configuration for a static address is covered in
the setup wizard interfaces instructions. If DHCP is not deployed, the section Configure IP Address
Manually explains how to add the IP address to the network adapter.
To connect the appliance
1. Connect an Ethernet cable from the Primary Port (LAN1) network adapter on the Celestix
appliance to the internal network hub or switch.
2. For additional network connections, use the Secondary Port (LAN2) or 4 Network ports adapter
(LAN3 –6) on the appliance.
The diagram below provides a reference.
Illustration 8: Ethernet Connections
Note: Hardware models vary and may look somewhat different from the example, but network
connections will be similar.
Network Interface LED indicators
When the appliance is powered on, each of the network adapters displays a pair of lights to help identify
connection speed and usage.
18
E Series Installation Guide
1
NIC link LED Green = Network link
Off = No network link
2
NIC activity LED Solid green = Link
to network
Flashing green = Network active
Off = No network activity
19
E Series Installation Guide
Connect the Power
Connect the power cable to the appliance.
To connect power
1. Connect the included power cable from a power source, typically a UPS, to the power inlet on the
rear panel.
Table of contents
