Bulk site installation

Private Sites or Service Watch Desktop can be packaged and deployed with installation tools like Microsoft System Center Configuration Manager (SCCM) or others. This is referred to as bulk deployment.

Why choose this method?

Package and deploy sites with the same public-private key pair for moving synthetic sensors around that depend on MFA or encrypted credentials.
If a machine needs to be re-imaged, the site can be re-deployed, and it will "re-attach" to sensors.
Enables centralized control of the cryptography keys.

What are the steps?

To create keys for the bulk installation, navigate to https://secure.exoprise.com/locations/bulk_deploy and click Create new keys.
Choose an existing public key to generate a batch of bulk deployment keys. You need to choose a public key that you have the corresponding private key for. You can either create a new public-private key pair or copy one from an existing installation. You'll need to copy the private key and distribute it with your deployment. By default, existing private key files can be found in, C:\Program Files (x86)\Exoprise\Service\generated_key.pem.
Once you have the private key file for a public key, choose the public key and click Generate Keys to generate a batch of them.
From the Bulk Deployment Keys page, you can download the CSV file of bulk deployment keys. Each installation will need to be passed a join key on the command line. Also, from this page, you can download the following for packaging: Exoprise Secure Service Installer. This is the main service installer that is required.

Bulk installation now allows the reuse of individual join keys. Using unique bulk keys for each installation is no longer required, and you can just use one or the first of the bulk keys that is downloaded with a CSV file.

Launching the installation

To run the installer during a package and deployment, use the following command line and parameters:

Copy

exosvc_service_setup.exe /S /JOINKEY=0e76aa74e1fb35cb01b9fe3115abb201 /PEM="C:\users\bob\documents\token test key.pem" /PEMPASSWD="s3cr3tpasswd" /LOCATION="secure bunker #3"

Confirm that .NET 4.5 is installed and running on each target machine before installing the Secure Service.

Command line parameters	Description
/USER=, /PASSWORD=	To support installing the Secure Service Shell to run the service as a different user (other than Local System), pass the /USER and /PASSWORD arguments to the installer. The installer will install the Secure Service Shell to run as the user account with the supplied password. You can specify a domain user (domain\user) or a local user.
/JOINKEY=	To properly initialize a Secure Service Shell instance and join it with CloudReady, you must provide a unique join key that is supplied by the CloudReady system. The join key uniquely identifies the incoming instance of the Secure Service Shell during initialization. Unique join keys supplied by CloudReady last a finite period of time and the service installer must be run before the join key expires.
/PEM=	To support public key encryption, the Secure Service Shell installer can copy a PEM file to its local execution directory. This PEM file will be used to encrypt the credentials needed for automation and monitoring. Pass the PEM file path as an argument to the installer.
/PEMPASSWD=	Password to decrypt the private key. The password is encrypted and stored locally. The password is not required if the key was created without a password.
/LOCATION=	If a location string is supplied to the installer, this location string will be passed on during initialization to the CloudReady servers for identification. If a location string is not supplied, then the name of the machine will be used during initialization.