Installation guide

The Pointsharp ID Server and IdP are both intended to be used together with Pointsharp Access Gateway, to ensure secure access to the internal systems from the internet.

Run the installation as administrator.

The prerequisites are no longer applied automatically by the installer. All additional software are included separately in the download. Please follow the installation instructions.

Requirements

Hardware requirements

Please note that the hardware requirements change depending on how many users there are in the system and how the system is being used. The amount of disk space needed for an installation depends mostly on requirements for log space in regards to retention and debugging. Virtual Servers are of course supported.

Component Minimum Recommended

CPU

4 Cores

8 Cores

Memory

8 GB RAM

16 GB RAM

Disk Space

5 GB

30 GB or more

System requirements

Requirements Notes

1x Windows 2016 server or newer

The server needs to be fully patched.

Internal DNS name

The server needs to have a proper DNS name set internally.

Server Certificate

Needs to have a valid Server Certificate.

Access to published resources

The PSGW needs to be able to reach each backend resource that is going to be published in the PSGW.

Access to AD, LDAP, or AD LDS

To be able to use Kerberos Delegation, the PSGW needs access to your Directory (Port: 88).

Not needed if using NTLM pass-through.

Reachable externally

The Access Gateway server needs to be reachable externally.

Webservices (Port: 443).

The server itself doesn’t need an external DNS name.

External DNS name for each listener in the Access Gateway – and certificate that contains all names (wildcard supported).
Certificate must have the private key.

Each listener in the Access Gateway needs to have an external DNS name pointing towards the PS Gateway servers IP.

Example: If publishing an OWA called: owa.contoso.com there must be an external DNS name for this, pointing towards the PS Gateway’s IP.

Antivirus

Pointsharp recommends that no antivirus is installed on the servers running PSID or PSGW. This is due to the risk that they may interfere with the services in an erroneous manner.

Pointsharp recognizes that company policies can enforce the use of antivirus on servers where Pointsharp software is installed. In this case, exclusions must be made to the exclusion list of the antivirus scheduled scans, live scans, on-access scans, etc. To make the exclusions, please follow the instructions in Antivirus Exclusions (Systems).

It is only possible to run an endpoint protection with these exclusions defined.

A warning will be displayed in the UI of the Gateway if an endpoint protection is used. To disable the warning, go to Tools in the upper right corner and click UI Preferences and uncheck the Warn on Antivirus box.

Run the Access Gateway installation

Run the Pointsharp ID Server installation, as described in ID Server > Installation > Installation guide before continuing with the Access Gateway installation steps below.

Obtain the software from https://support.pointsharp.com, click the link to the Download Center to find the latest release and downloads.

  1. Open folder Prerequisites and run the Install-WindowsFeatures.bat. This bat file simply sets the PowerShell Policy to allow script to be run, and executes the PowerShell script that applies all necessary Windows Features. Afterward, it resets the policy for PowerShell to restricted again.

    • Note that if the bat file is not allowed to be executed, you can also run this step manually. If this is the case, run this in PowerShell:

      $ Set-ExecutionPolicy unrestricted

      Then, execute the Install-WindowsFeatures.ps1 script manually.

      When the Windows Features are done, execute this in PowerShell to restore the policy:

      $ Set-ExecutionPolicy restricted

  2. Open folder Prerequisites > ID Server&Gateway and install the .Net Desktop Runtime and .Net Hosting Bundle.

  3. Open folder Prerequisites > Gateway and execute Disable-HTTP2 to update Registry Settings.

    Prerequisites are now completed.

  4. Run the Pointsharp Gateway 9.x.exe file and follow instructions to complete the installation.

During the setup CouchDB will be installed. When setting Cookie value, choose "Random Cookie".

Continue with configuring the connection between Access Gateway and Pointsharp ID Server.

Connection to Pointsharp ID Server

The first thing the wizard wants to do when you open the Access Gateway UI, is to connect to the PSID server.

The Pointsharp Access Gateway uses the Pointsharp ID to perform authentication and authorization when required by the configuration.The Pointsharp ID is providing its features through a Web API.The configuration provided here should correspond to where the Pointsharp ID is located, and its required authentication data (if any).

  1. Start Access Gateway Admin.

  2. Click Next on the initial setup.

  3. Fill in the information:
    URL: the FQDN of the PSID server.

  4. Fill in this information if the Web API has been secured by a certificate or user authentication. If not used or not yet created, skip this step for now.

    • User Domain: Domain for the service account used to gain access to the API.

    • Username: Service account to gain access to the API.

    • Password: Password of the service account to gain access to the API.

    • Select the correct Client certificate if certification authentication is needed.

  5. Click Test Connection to make sure the connection is established.

  6. Click Next.

  7. Click Apply to finish the initial setup.

A basic Gateway installation is now completed. Next step is to configure what is to be published in the Access Gateway.

When you have reached this point, please reach out to us in our Support Portal for further assistance.