Set up connectors

This topic describes the connector installation process using automation and hardening scripts. This process combines steps in the Remote Access portal with CLI commands.

Before you begin

To access the Remote Access connector, you need to scan a QR code using the CyberArk Mobile app. To make sure that the QR code is correctly displayed, check the following:

  • The terminal used to access the connector machine supports Unicode encoding, and uses a monospaced font.

    From PuTTY version 0.72, Unicode encoding and monospaced font are set by default.

  • When you are using Mac terminals, some themes might use non-monospaced fonts. You can use the Andale Mono font to make sure that the QR code is correctly displayed.

Select the operating system

  1. Log in to the Remote Access portal and display the page of the site where you want to add a connector.

  2. Click Add connector to display the Install connector page.

  3. Set a unique name for the Remote Access connector and a description. Then, click the operating system on which the connector will be installed.

  4. Click Next to proceed to the Prerequisites page, where a list of prerequisites for the selected operating system is displayed.

  5. Make sure your system meets the relevant prerequisites. Click any of the links to get more information and instructions.

    As you install the prerequisites or check that they are installed/configured, click the relevant checkbox.

  6. Click Next to proceed to the connector installation page.

Install the connector CLI

  1. Log in to the connector hosting machine as a user with sudo rights.

  2. Install the remote-access-cli agent with the following command:

      
    sudo snap install remote-access-cli

    This command is also displayed in the Remote Access portal.

Install the connector

Launch the connector installation script using the command that matches the location of your tenant.

Step 1: Configure the SSH traffic port

By default, the connector initiates and maintains a secure tunnel with the Remote Access SaaS service via SSH protocol over port 443.

  • To configure the connector to use SSH protocol over port 22, add the --service_port parameter.

      
    sudo /snap/remote-access-cli/current/installation/install.sh --environment_domain [domain] --service_port [22/443]

  • To change the port for an existing connector, run the script without changing the environment_domain parameter and add the --service_port parameter, as shown in the following example.

     

    sudo /snap/remote-access-cli/current/installation/install.sh --environment_domain alero.io --service_port 22

  • To update the port used by an existing connector for SSH traffic, run the script without changing the environment_domain parameter and add the --service_port parameter, as shown in the following example.

     

    sudo /snap/remote-access-cli/current/installation/install.sh --service_port 22

Step 2: Run the installation script

  
sudo /snap/remote-access-cli/current/installation/install.sh --environment_domain alero.io
  
sudo /snap/remote-access-cli/current/installation/install.sh --environment_domain alero.eu
  
sudo /snap/remote-access-cli/current/installation/install.sh --environment_domain ca.alero.io
  
sudo /snap/remote-access-cli/current/installation/install.sh --environment_domain au.alero.io
  
sudo /snap/remote-access-cli/current/installation/install.sh --environment_domain uk.alero.io
  
sudo /snap/remote-access-cli/current/installation/install.sh --environment_domain in.alero.io
  
sudo /snap/remote-access-cli/current/installation/install.sh --environment_domain sg.alero.io

If required, you can add the --DNS <DNS server IP> flag in the installation script.

Step 3: Add the Remote Access user password

  1. When you are prompted for the Remote Access user's password, go back to the Remote Access portal to get the password.

  2. In the Install connector wizard, go to step 3 of 4. Under Run connector installation, copy the password.

    • Under Install from Snap, you can see the command that you used to install the connector CLI, and verify that the CLI has been installed successfully.

    • Under Run connector installation, you can see the command that you used to launch the connector installation script.

  3. Return to the connector hosting machine and paste the password that you copied from the Remote Access portal into the waiting prompt on the connector host machine.

    After the Remote Access connector has been installed successfully, the connector CLI prompt appears.

Step 4: Initialize and register the Remote Access connector

  1. In the Remote Access portal, go to the Install connector wizard. Click Next to proceed to the Connector status and initiation page (step 4 of 4).

  2. Copy the token.

  3. Go to the connector hosting machine, and run the following command:

      
    init <token>

  4. When the token is accepted, scan the QR code from the CyberArk Mobile app.

    The CLI displays confirmation that the connector has been registered successfully, and then it initializes the connector, which might take a few minutes.

    When the connector is initialized successfully, the CLI displays a confirmation message.

    You can follow the connector initialization progress in the Remote Access portal in the Site page.

    Connector icon

    Initialization stage

    Pending or initialization in process

    Initializing connection (step 1 of 2)

    Initializing services (step 2 of 2)

    Connected and active

    Initialization timeout with error (after approximately 5 minutes)

  5. In the Remote Access portal, go to the Install connector wizard, and click Finish.