Configuration and Sizing
Requirements
Windows Server 2012
Starting in Secret Server version 8.9.000000, DEs require that one of following two server features be installed when the Secret Server website is running on a Windows Server 2012. This depends on which protocol is selected in the engine's callback settings. If HTTPS is selected, the HTTP activation is required. If TCP is selected, then TCP activation is required. This accomplished by going to one of the following in Windows Server 2012:
- .NET Framework 4.5 Features > WCF Services > HTTP Activation
- .NET Framework 4.5 Features > WCF Services > TCP Activation
If the feature is not installed, there will be an error message in the DE logs:
(405) Method Not Allowed. ---> System.Net.WebException: The remote server returned an error: (405) Method Not Allowed.
Distributed Engine Installation
All interaction between the SSC tenant and your on premises network uses our distributed engine service to communicate. The work tasks that distributed engine completes includes Active Directory authentication, password changing, and heartbeat. The machine where the engine is installed must be able to communicate outbound on port 443.
To install the Distributed Engine:
-
Navigate to Admin > Distributed Engine
-
Click the Add Engine button, and in the Download Engine window select the related Processor Architecture for either 64-bit or 32-bit, and select the related Preconfigured Site. Click Download now.
You can install distributed engine on your workstation or laptop for testing purposes, but for production installs, the distributed engine server should be installed on a server. Secret Server uses the distributed engine to communicate with your domain, so if your machine is turned off, users cannot log on with their domain accounts, and heartbeat and remote password changing will fail. -
Run setup.exe as an administrator to install the engine service. This will install into
Thycotic Software Ltd\Distributed Engine
. -
Go to Admin > Distributed Engine.
-
Under the Sites and Engenes tab, expand the Pending Engenes section. After you have installed an engine, it should appear here.
-
Select the engine by checking the box next to it, and select the related option - Assign and Activate Selected Engines, or Assign Engines. The Activate window will appear.
-
In the Site drop-down list select New Site to add a new site, Default - to add your default site, or select the related site from the list. Click Activate. The site with assigned engine will appear in the list of all the sites below. Expand it to view the details.
-
Validate the engine's connectivity:
-
Under the Sites and Engines tab, click directly on the related site.
-
On the Site page under the Site tab, click Validate Connectivity, then in the Validate Connectivity window set the related Timeout in seconds (how long in seconds to wait for a successful roundtrip from site to bus to engine back to site), and click Validate. It may take several minutes for the engine to register. If it does not immediately validate wait a few minutes and try again.
-