Enterprise administrators will be provided with a link to download the Management Console virtual appliance to be installed locally on the organization's hypervisor. This is normally distributed as a .OVF image. Most hypervisors are compatible with the Open Virtualization Format. However, if your organization has unique virtual machine format requirements, please let us know by emailing enterprise[at]spideroak.com.
The current version of the appliance is running Ubuntu 16.04 LTS. Performing regular operating system security updates is not required, but it is recommended. To retrieve automatic updates to the OS, you will either have to enable outbound HTTP access to archive.ubuntu.com and security.ubuntu.com, or configure the Management Console’s apt to use a local mirror or proxy.
Minimum System Requirements:
- 1 CPU core
- 384 MB RAM
- 1 Network Adapter
- Default virtual storage interface
The Management Console requires port 443 available, both in and out, to SpiderOak’s cloud services. SpiderOak needs to connect to the appliance for authentication services, and the appliance needs to contact SpiderOak to be able to push new user assignments up to the storage backend.
From the perspective of the Management Console, the following connections are needed for proper performance:
Outbound on port 443 to:
Inbound on port 443 to:
NOTE: MOST CUSTOMERS ELECT TO GIVE THE MANAGEMENT CONSOLE A DEDICATED EXTERNAL IP ADDRESS. HOWEVER, IF THIS IS NOT THE PREFERRED SETUP FOR YOUR ORGANIZATION AND PORT 443 (INBOUND) IS UNAVAILABLE, ONE OF TWO ALTERNATE PORTS (1443 OR 4443) CAN BE USED INSTEAD AND ROUTED TO PORT 443 ON THE APPLIANCE.
In addition, the following ports are necessary for local management and should not be available over the Internet:
- HTTPS (port 443) IN (Web management console)
- SSH (port 22) IN (Command-line management)
The Management Console is configured to use DHCP for its network configuration. You will need a stable IP address or hostname available to SpiderOak’s servers. To ensure a stable address:
- Assign an address to the MAC address of the Management Console through your DHCP server, or
- Manually assign static networking configuration through the Management Console’s OS.
The best option is dependent on your local configuration. The former ought to be completed on or before deployment of the appliance. The latter can be accomplished during initial setup and configuration of the service.
If not using DHCP, please take note of the following essential networking settings and continue to the Static Network Configuration section below:
- IP address for the appliance itself
- Subnet Mask
- IP address for the gateway
- IP address for at least one DNS server
STATIC NETWORK CONFIGURATION
The Management VM is an Ubuntu 16.04 Server based system. This guide should cover the necessary configuration with additional information available in the Ubuntu documentation.
From the system console, please log in with the user openmanage and the password provided by SpiderOak staff. Then run:
sudo nano /etc/network/interfaces
It will prompt you for your password and it will not display any indication of typing.
nano is a simple, easy-to-use Unix text editor. The shortcut display at the bottom indicates shortcuts with the Control key; for example, X means to press
Please edit the file to resemble the following, replacing the brackets and text with appropriate fields from the network configuration gathered above:
iface eth0 inet static address <management VM IP address> netmask <network netmask> gateway <network gateway> dns-search <DNS search domain> dns-nameservers <space-separated list of DNS server IP addresses>
A completed example file would look similar to the following:
iface eth0 inet static address 192.168.0.45 netmask 255.255.255.0 gateway 192.168.0.1 dns-search example.com dns-nameservers 192.168.0.100 192.168.0.101
O, then Enter to save the file and
X to exit. Once that is done, run the following at the command line:
sudo ifdown eth0
sudo ifup eth0
If anything seems unclear or you would like our assistance, please do not hesitate to ask so that one of our support engineers can walk you through the process.
Some organizations may take an extra step to ease configuration within network layouts. At your option, you may configure a DNS hostname to point to your Management Console from outside your network, so you may change the network address of the appliance without having to reconfigure SpiderOak’s callback location. For example, you can create
https://spideroak.your-business.com that will point to the address you have configured for the Management Console.
Additionally, the Management Console comes with an SSL certificate pre-installed. This certificate is pinned on the SpiderOak side and will work as-is. However, we recommend that all Enterprise customers follow best security practice and purchase a certificate that matches the domain assigned to the Management Console. If you choose to do so, simply replace the
server.keyfiles located in
/opt/openmange/etc/keys with the purchased certificate.
Once networking has been configured, you can verify functionality by pointing your web browser to
https://<management-console-ip-address>/. You will have to accept a certificate warning to continue, and then you should be presented with a login to the Management Console. Use the account login information given to you by our staff and log into the console.