Install Cloud Connector on Windows
Skyhigh Cloud Connector can be installed on a physical server or a virtual machine running on Windows.
NOTE: As of Skyhigh Cloud Connector 4.1.2, registering a Symbolic Server Name during installation is mandatory. The option to skip this step in the Cloud Connector wizard has been removed.
Important
- As of Skyhigh Cloud Connector 5.2.0, Cloud Connector cannot be installed without the Cloud Connector User role configured in your account. Make sure you have the Cloud Connector User role granted to your account before you install the latest Cloud Connector.
- TLS certificate validation happens at installation and when Cloud Connector is running. During install, if the server certificate validation is successful, no console messages are displayed. If you use a proxy server with SSL termination to connect Cloud Connector to the Skyhigh Security Skyhigh CASB backend, the proxy server’s certificate MUST be provided at install time using the parameter -Vcertificates=<server file path1>:<server file path2>.
- Only digitally signed certificates in CRT/Base64 format are supported.
- If you perform an upgrade for one release using the -Vcertificates=<server file path1>:<server file path2> option, you must use it again for all subsequent upgrades.
- As of Cloud Connector 3.5, the installer parameter -Venv=<environment_url> is no longer supported.
- Do not install Cloud Connector to a directory that uses spaces in the name, such as “c:\Program Files\shnlp”.
NOTES:
- If you want to change the Java KeyStore (JKS) password, contact Skyhigh Security Support for assistance.
- From Cloud Connector 5.4.1 onwards, endpoints are accessed using token-based authentication instead of basic authentication.
Prerequisites
Before you begin, review the required Skyhigh Cloud Connector Prerequisites.
Install Cloud Connector on Windows
To install the application, right-click the executable file, and select Run as administrator.
- On the Welcome to the Log Processor Setup Wizard screen, click Next.
- Select the destination directory to install Cloud Connector. Click Next.
- Activate the Create a Start Menu folder checkbox. Click Next.
- Select the connection status based on your internet connection. If you use a proxy to connect to the network, you are prompted for your proxy login information. Click Next.
- If a proxy server is required, you can enter the details of the proxy connection on the next page after selecting this option.
Proxy authentication type can be NTLM or basic auth over https.
- Enter your Skyhigh Security Skyhigh CASB account credentials, then click Next:
- Username and Password. The login credentials for access to the Skyhigh CASB dashboard and Cloud Connector might be different. The Cloud Connector role allows configuration, installation, and configuration changes to CC, and might not allow access to the Skyhigh CASB user interface. Contact your administrator to confirm that your credentials work for both interfaces.
- Environment. Skyhigh CASB gives you the name of the environment with your login credentials. Do not change this setting unless asked by Skyhigh Security Support.
- Salt. The unique Salt for tokenization.
- Custom Environment URL. Do not change this URL unless asked by Skyhigh Security Support.
- Select the Skyhigh CASB tenant you want to install Cloud Connector to.
NOTE: This screen is displayed only when your user ID exists on more than one tenant, so you can select the tenant you want to login to.
- Select an IP address from the list where Cloud Connector binds and listens to port 8443. Do not change any of the other settings unless instructed by Skyhigh CASB. Then click Next. (The Symbolic Server Name is registered in the Skyhigh CASB DNS servers, which are publicly accessible, so mapping to the de-tokenization server happens automatically.)
NOTE: As of Skyhigh Cloud Connector 4.1.2, registering a Symbolic Server Name during installation is mandatory. The option to skip this step in the Cloud Connector wizard has been removed.
- Select the configuration to be used by this Cloud Connector installation. Select the Skyhigh Security Default configuration to create a default (blank) configuration and proceed, or contact Skyhigh Security Support for information about which configuration is right for your deployment. Click Next.
- Configure the Windows service by entering your Windows login credentials. Accept the defaults and let the service bound to the built-in Windows account "Local Service". This account does not need a password to be configured. Only if the Skyhigh Cloud Connector needs access to a network share for log processing or if you install it into an active-active deployment, use a domain account that has access rights to the remote network share. Click Next.
- Installation is complete. Click Finish to complete the Setup Wizard.
- To make sure that the Cloud Connector is running, go to the Microsoft Management Console or services.msc and select Cloud Connector.
- Click Start to initiate the service. Then click OK.
- About one minute after starting the service, you can then connect to the Cloud Connector web interface on port 8443 by navigating to the URL
https://<Symbolic Server Name>:8443.
NOTE: Make sure that the CC service is running on Windows Task Manager by looking for a task with the Image Name shnlps.exe.
Cloud Connector Installer Errors on Windows
Skyhigh CASB checks for hardware and software requirements prior to CC installation. If the prerequisites are not met, then the CC installation is stopped with the installer errors. Once the prerequisites are met, you will have a successful CC installation.
Click the Skyhigh Cloud Connector Prerequisites link to avoid the following installation errors. This links redirects to Skyhigh Cloud Connector Prerequisites documentation.
Installer Error Messages
The following error messages can be seen when Cloud Connector Prerequisites are not met.
- Make sure you have an account that has administrator rights, before installing Cloud Connector.
- Cloud Connector supports Windows 64-bit operating system.
- Install the supported version of Visual C++ using the Skyhigh Cloud Connector Prerequisites link.
- If RocksDB is failed in Linux, you cannot access the if / temp folder.
- If RAM and CPU Capacity is lower than a recommended number, then it may impact your CC performance.
- Make sure to meet the recommended number of memory for RAM.
- Make sure to meet the recommended number of cores for CPU Capacity.
- Make sure at least 2 GB of free disk space is available in the selected folder.
- Cloud Connector cannot be installed without the Cloud Connector User role configured in your account. Make sure you have the Cloud Connector User role granted to your account before you install the Cloud Connector.