Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.



Advanced Panelboxes for Confluence
namegrey
titleExercise Overview:

Table of Contents
maxLevel3
minLevel2
indent20px
excludeSummary|On this page|In this section...
separatornewline

Installing and Configuring Tachyon Prerequisites


Tachyon has a few prerequisites which need to be installed before the server components can be installed. The installer will install the server roles and features via PowerShell scripts, however there are a few other prereqs we need to account for.
In this lab, you will learn how to install and configure the server upon which we will install all the Tachyon components.


1ehot tip

In a production environment, Tachyon can scale to 250,000 connections on a single server. It is possible to have a split installation with different Tachyon components being installed on separate servers.

Create a DNS Alias

1ebest practice

Each server that has Tachyon Stack components installed requires its own DNS Alias (with the exception of a remote SQL Server). Just one DNS Alias is required when using a single-Switch installation. This is used by Tachyon users, approvers and administrators to connect to the Explorer and Admin portals, and by Tachyon Agents to connect to the Switch and Background Channel. Therefore, it should have a convenient name such as Tachyon.<domainname>.com.


1evirtualmachine

1ETRNDC


1eolstart


1eli

On 1ETRNDC logon as 1ETRN\administrator. Search for DNS from the Start page


1eli

Open DNS manager, expand 1ETRNDC> Forward Lookup Zones and select 1ETRN.LOCAL


1eli

Select the Action menu and select New Alias (CNAME)…


1eli

In the Alias name field, type TACHYON




1ehot tip

DNS aliases are not case sensitive, so you can use lower case, upper case or any combination.


1eolstart
startat5


1eli

In the Fully qualified domain name (FQDN) for target host, type 1ETRNAP.1ETRN.local


1eli

Click OK




1ediscussion point
Your windows should look like this



1eolstart
startat7


1eli
Open a CMD prompt and run Ping tachyon. Validate that it resolves to 1etrnap.1etrn.local (10.0.0.4)


Create a web certificate for the Tachyon website

Each server that has Tachyon Server components installed requires its own Web Server certificate (except for a remote SQL Server). This certificate must be enrolled prior to installation of Tachyon on the server. In this task, we will create a web server template for use with Tachyon, and then enroll the Tachyon server with the certificate.


1evirtualmachine

1ETRNCM


1ehot tip

In our lab, a CA has been installed and configured on 1ETRNCM. PKI is a complex subject, and different enterprises will have different configurations, or even use external certificates. Thus, PKI training is out of scope for this course.


1eolstart
startat8


1eli
Log onto 1ETRNCM as 1ETRN\administrator


1ewarning

Make sure to type in 1ETRN\administrator. Just inputting administrator will cause you to log in as the local administrator on the server and you will not be able to create the certificate template.


1eli
From the start menu, launch Certification Authority


1eli
Expand 1ETRN-1ETRNCM-CA. navigate to Certificate Templates


1eli
Right-click on Certificate Templates and click Manage


1eli
Within the Certificate Templates Console, locate the Web Server template


1eli
Right-click on the Web Server template and select Duplicate Template


1eli
On the General tab, enter Tachyon Web Server as the Template display name


1ehot tip

The display name of the template is not relevant, however in an environment where many different certificates are being used for different things, it is always prudent to name the templates in an easily identifiable manner.


1eli
On the Request Handling tab, check Allow private key to be exported


1eli
On the Security tab, click the Add button


1eli
Click the Object Types button, and check Computers


1eli
Type 1ETRNAP in the Enter the object names to select box and click the Check Names button


1eli
Ensure 1ETRNAP has resolved. Click Ok


1eli
Ensure 1ETRNAP has Read access. Check the Allow box for Enroll


1eli
Click OK to save the template. Validate that the Tachyon Web Server template now exists in the Certificate Templates Console


1eli
Close the Certificate Templates console and return to the Certificate Authority console


1eli
Right-click on Certificate Templates, and select New > Certificate Template to Issue


1eli
Select the Tachyon Web Server template and click OK


1eli
Validate that the Tachyon Web Server template is now visible in the Certificate Templates space


1eli
Close the CA console


1eli
Restart the server


1ehot tip

Rebooting the server is not something required specifically for certificates and would not be a required step in a production environment. However, due to the boot sequence in Skytap, there is a chance when attempting to enrol the certificate on 1ETRNAP the process will fail due to the CA server being unavailable. We are going to reboot the server to avoid that possible error.


Requesting the Web Certificate on the Tachyon server

1evirtualmachine

1ETRNAP


1eolstart
startat28


1eli
Restart 1ETRNAP


1eli
Log into 1ETRNAP as 1ETRN\AppInstaller


1eli
From the start menu, type Cer, and click on Manage computer certificates


1eli
In the Computer Certificates console, right-click on Personal and select All Tasks > Request New Certificate


1eli
In the Certificate Enrollment wizard, on the Before You Begin page, click Next


1eli
On the Select Certificate Enrollment Policy page, click Next


1eli
On the Request Certificates page, note that two certificates are available


1ehot tip

You will see a warning under the Tachyon Web Server certificate. This certificate needs to be configured before it can be enrolled onto the personal certificate store.


1eli
Under the Tachyon Web Server certificate, click on the link in blue next to the warning symbol. This will open Certificate Properties


1eli
In the Subject name field, change the Type to Common name


1eli
Enter tachyon.1etrn.local in the Value box. Click the Add button


1eli
In the Alternate name field, change Type to DNS


1eli
In the Value field, enter Enter tachyon.1etrn.local in the Value field. Click the Add button


1eli
In the Value field, enter Enter 1ETRNAP.1etrn.locallocal in the Value field. Click the Add button




1ediscussion point
Double check the values inputted in the fields here. If they are not accurate, the certificate will not work properly, and the Tachyon installation will fail.



1eolstart
startat41


1eli
On the General tab of the Certificate Properties, input Tachyon Web Certificate in the Friendly Name space


1eli
On the Private Key tab, expand Key options and ensure Make private key exportable is checked


1eli
Click OK to close the Certificate Properties


1ehot tip

Note that the warning under the Tachyon Web Certificate is no more.


1eli
Select the Tachyon Web Server certificate and click Enroll. Once enrolled, click Finish


1eli

In the Certificates console, expand Personal > Certificates, and validate that the certificate has been added


Lab Summary

In this lab, we managed the manual prerequisites required to install Tachyon. We set up a DNS alias to be used by Tachyon internally and externally, and we created a copy of the web certificate template and enrolled it on our Tachyon server. In the next lab, we will see the installer manage the remaining prerequisites.


Next Page
Ex 2 - TCN Opr v5.0 - Installing Tachyon