Install and Configure On-Premise Connector on a Windows Server/Machine

To start using the On-Premise Connector, the first step is to configure it. Configuring it requires the flow to be started from the Scalefusion Dashboard and continued on-premise with required information exchanged between the two, that is, the Scalefusion Dashboard and the On-Premise Connector instance.

Prerequisites

1. Scalefusion Account with Enterprise License (Legacy, Modern or Trial)
2. The administrator should have owner or co-account owner privileges to complete the setup.
3. Any other administrator (Group Admin, Device Admin or in a custom role) who has write access can also do the setup.

Overview of Setup

In a nutshell, the following is the process for OPC Setup:

1. Download the .msi file from Scalefusion Dashboard and install it to create an OPC Instance
2. Login to the OPC Instance and choose an appropriate Network Configuration scheme
3. Configure On-Premise Connector Details on Scalefusion Dashboard
4. Check Connection to validate the connection between Scalefusion Dashboard and OPC Instance
5. Set-Up On-Premise Connector Certificates. To do so:
   1. Generate CSR from the OPC Instance
   2. Upload .csr file on Scalefusion Dashboard to generate a signed identity certificate
   3. Download the signed identity certificate from the Scalefusion Dashboard
   4. Upload the signed identity certificate to the OPC Instance
   5. Download the trust certificate from Scalefusion Dashboard
   6. Upload the trust certificate to the OPC Instance
6. Directory (LDAP) Configuration on OPC Instance
7. Complete Setup on Scalefusion Dashboard

The steps are explained in detail below.

Setting up On-Premise Connector (OPC) on Scalefusion Dashboard

Step 1: Download and Install On-Premise Connector .msi file

Download

1. On the Scalefusion Dashboard, navigate to Integrations > On-Premise Connector
2. Click Configure
3. The On-Premise Connector configuration page opens. Click on the Download button to download the On-Premise Connector file
4. Once the download is complete, copy the opc-installer-<version>.msi file to a server within your premises that can access your on-premise resources like Microsoft Active Directory, Microsoft Exchange, etc.

Install On-Premise Connector file

1. On the target machine where you have copied the downloaded file, double-click on the opc-installer-<version>.msi file to begin installation.
2. Follow the on-screen instructions as shown in the installation wizard to complete the installation.
3. Once the installation is complete, click Finish to launch the On-Premise Connector Instance's Admin UI on the default browser. If the setup is successful, then the On-Premise Connector Instance's Admin UI will open with the URL http://localhost:28626/opc-ui
   
4. On the Scalefusion Dashboard, click Next

Step 2: Configure the On-Premise Connector Instance

The On-Premise Connector Instance can be configured once you have made the necessary network configurations to allow reachability of the On-Premise Connector Instance from Scalefusion Dashboard either via the Reverse Proxy scheme or directly. You may refer to this document for further details. Kindly ensure such network configuration is in place before proceeding ahead.

1. On the host machine where the OPC Instance is created, follow these steps:
   1. Login to the OPC instance using the credentials
      1. Username: admin@local
      2. Password: Aur0r@dm!n
         NOTE: You can change the password later in the Log-In Settings of the On-Premise Connector
   2. Under Network Configuration, Choose one connection method from the following:
      1. Web-Server or Reverse proxy (e.g.: IIS): Selected by default
      2. Static Public IP
   3. The next button will get enabled once you configure On-Premise Connector Details on the Scalefusion Dashboard
2. Switch to Scalefusion Dashboard and enter the following details:

   Field	Description
   Scheme	Choose one from among the following: HTTP (Selected by default) HTTPS
   Enter the IP Address / Domain Name where the On-Premise Connector can be reached	The public IP address of the server where the OPC Instance is created if the HTTP scheme is selected. The public DNS name if the HTTPS scheme is selected.
   Enter the Port number for inbound connections if the default has been changed	This is set to 28767 by default if the HTTP scheme is selected. Unless instructed specifically, you should not change this port. This is set to 443 by default if the HTTPS scheme is selected.

3. 
4. The check Connection button will be enabled after entering the required details. Click on Check Connection which would trigger a connectivity check with OPC Instance using the details provided
5. Once the connection between Scalefusion Dashboard and OPCInstance is validated, the following will reflect:
   1. On the Scalefusion Dashboard, the button changes from Check Connection to Next
   2. The next button on OPC Instance > Network Configuration (mentioned in Step #1.c above) will also be enabled.

Step 3: Set Up On-Premise Connector Certificates

You need to set up On-Premise Connector certificates to enable encrypted communications for secure data exchange between Scalefusion Dashboard and OPC Instance. Follow these steps:

1. In the On-Premise Connector Instance, click Next at the Network Configuration step, which takes you to Step 2, that is, Set Up On-Premise Connector Certificates
   1. Here click on the Generate CSR button to generate a Certificate Signing Request (CSR) file
   2. This opens up a dialog where you need to enter server/host information where the OPC Instance is hosted.
      1. Hostname: The IP address or hostname of the server where the OPC Instance is created
      2. Department: The department "OU" that is managing the OPC Instance
      3. Organization: Name of the Organization "O" licensed to host OPC Instance
      4. City: City "L" where the OPC Instance is hosted
      5. State/Province: Name of the State "ST" where the OPC Instance is hosted
      6. Country: Name of the Country where the OPC Instance is hosted
   3. Click Submit
   4. This will generate and download the CSR file on your local machine (with extension .csr).
2. On the Scalefusion Dashboard, upload the same CSR file (downloaded on your local machine) either by dropping the CSR file here or by Selecting Browse Files. This will generate a signed certificate.
3. Notice that the Download button will get activated under both sub-sections viz. On-Premise Connector Certificate and Trust Store Certificate.
4. Click on the Download button under the On-Premise Connector Certificate sub-section to download the Identity Certificate.
5. Click on the Download button under the Download Trust Store Certificates sub-section to download the Trust Certificate
6. On the OPC Instance, first, upload the Identity Certificate.
7. Next, upload the Trust Certificate.

Step 4: Directory Configuration on OPC instance

After uploading the certificates, the next step is to configure directory settings in OPC Instance. This enables Scalefusion Dashboard to read the users' and groups' information.

1. Enter the following under Directory Configuration
   Some fields are pre-filled as hints for understanding. These should be replaced with actual data.

   Field	Description
   LDAP Hostname	The hostname/IP address where the Active Directory service is hosted
   LDAP Port	Port number of Active Directory service listening for LDAP connections
   Domain	Active Directory Domain Name Prefix (the one that is provided when logging on to Windows workstations.)
   LDAP Admin Username	Active Directory Admin's username for LDAP binding
   LDAP Admin Password	Active Directory Admin's password for LDAP binding
   LDAP Directory search base	Define the scope of users and groups i.e. the Organization Units (OU's) that Scalefusion will be able to read.
   User Login search base	Specify a Security Group that contains users who can access to OPC Instance's Admin UI. The access can be controlled via the User Management section from the 3 dots menu in the OPC Profile.

2. Click Submit
   If LDAP information is not available during setup, the admin can click on the Later button and come back later to complete the setup.
   
3. You will land on the Basic Configuration page, which indicates that the integration with OPC is complete. The Basic Configuration page displays basic details like primary email, setup date, certificate details etc.

Step 5: Complete Setup on SF Dashboard

On Scalefusion Dashboard, click Complete Setup.

This completes the setup and displays the OPC configuration details in a single view:

• Connector IP, Port, Version
• Configuration Date
• Configured by
• Status
• Configuration Info: The directory configuration that has been set in OPC Instance.

Clicking on View Details to show the Organizational Units and Security Groups

Actions on Configurations

The following actions can be performed over configuration:

1. Sync: If you want to do a manual sync with OPC Instance, click on Sync
2. Edit Config: Allows you to edit the scheme, port or IP
3. Renew Certificate: There will be an option to renew certificates if they have expired. Click on Renew and follow the same Steps to update the certificates.
4. Delete: Deletes the complete OPC configuration. When you click Delete, a confirmation box will appear. Click Confirm.

Management of On-Premise Connector Instance

OPC Instance consists of the following sections when you log in after the initial setup is complete

1. Setup Configuration: This consists of two sections
   1. Basic Configuration - Displays all basic configurations that have been done in sync with Scalefusion Dashboard
   2. Network Configuration - View the network configuration options to establish the connection between the Scalefusion Dashboard and OPC Instance.
2. Directory Configuration
   1. Directory Visibility Info - Shows the list of OU's and Security Groups that would be visible to the On-Premise Connector, based on Directory Configuration. The users from these groups can be searched and synced with Scalefusion Dashboard.
   2. Directory Configuration - The directory settings that have been configured. These can be edited.
3. Manage Users - Manage the users who are allowed to access OPC UI. Users can be Read+Write (Admin) or Read-Only (User). The User Login Search Base in the Directory Configuration must be defined.