Install PRA Engines

Remote Access Service (RAS) is now Privileged Remote Access (PRA)

Engine Rules

  • You must first set up a Site before you can install a PRA engine. See Set Up a PRA Site for options with detailed instructions.

  • Only one PRA engine may be installed on any given on-premise PRA server.

  • We strongly recommend installing at least two PRA engines per site.

  • Engine names must be unique per site.

  • Engine names can contain only letters, numbers, hyphens, and underscores.

  • While an engine is in the process of updating, existing PRA sessions will continue uninterrupted. However, new sessions will be unable to launch on the engine until the upgrade is complete.

    Please review the PRA Requirements for servers hosting a PRA engine.

    The SSH/RDP ports are set in the secret. Please review the Secret Server documentation for additional information. The PRA engine will use these ports to connect with the downstream targets.

Installing the Remote Access Engine

  1. Log into the platform with administrative privileges.

  2. From the left navigation menu, click Settings, then click Remote access.

  3. On the Remote Access page, click the Sites & Engines tab.

  4. Hover your cursor in the site row, at the right side of the Site Name column.

  5. Click the ellipses ... that appears

    alt

  6. From the pop-up click Install Engine.

    alt

  7. On the Install Engine page, you can copy the entire installer script to your system clipboard either of two ways:

    • Select the entire installer script using your cursor and hit Ctrl-C.
    • Click the copy icon to the right.

    alt

Installer Script Rules

  • If you quit the installation process before it finishes, you will need to start again from the beginning.

  • The installer script is for one-time use only, and it expires after ten minutes.

Run the Installation Script

  1. SSH into the server you where you would like to install the PRA engine.

  2. Log in with administrative privileges.

  3. Paste the installer script from your clipboard and run it.

  4. Provide your inputs when prompted.

  5. When the script completes, a success message will appear.

  6. You can validate the installation using the command below, but the software won't be functional until you activate it through the web interface.

    alt

Configuring the PRA Engine to Use a Proxy Server (Optional)

You can configure the PRA engine to work with a proxy server by following these steps:

  1. Create an environment file by running the following command:
Copy 
sudo vi /opt/delinea/environment
  1. Add the following line to the file you just created:
Copy 
HTTPS_PROXY=https://proxy.url.here:portHere

  1. Save and close the file.

  2. You need to add the following EnvironmentFile attribute to the Service section of the PRA engine systemd unit file:

Copy 
EnvironmentFile=/opt/delinea/environment
  1. Open the unit file for editing
Copy 
sudo vi /etc/systemd/system/clientmgr.service
  1. Add the EnvironmentFile attribute to the Service section
Copy 
[Unit]
Description=On-prem engines client manager.
After=network.target
After=network.target

[Service]
EnvironmentFile=/opt/delinea/environment 
ExecStart=/usr/local/bin/clientmgr
ExecReload=/bin/kill -s HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=30
ConfigurationDirectory=clientmgr
StateDirectory=clientmgr

[Install]
WantedBy=multi-user.target

  1. Save and close the file.

  2. Restart the clientmgr

Copy 
sudo systemctl stop clientmgr.service
sudo systemctl daemon-reload
sudo systemctl start clientmgr.service

clientmgr

  1. The system administrator may edit the environment file when necessary. After editing this file the system administrator will need to follow the steps above in step 6: Restart clientmgr.