Prepare Your Environment for Installation
Use this guide to begin installation of Bomgar Vault. The Vault installation wizard verifies Vault access to the necessary system components. To ensure a trouble-free installation, have all the required components in place before you begin.
You must install Windows Server 2012 or later as specified in the system requirements. Note also that a domain is required to complete the Vault installation. While it is possible to install Vault on a domain controller, we highly recommend that the Vault server have no other critical roles.
Note: This information assumes you have a basic understanding of centralized network management and are installing Bomgar Vault in a standard configuration. If you have installation questions or need assistance, please contact Bomgar Technical Support at help.bomgar.com.
If the Windows server upon which Vault is operating has security settings configured to use FIPS-compliant algorithms for encryption, hashing, and signing, the installation of the Vault application will not be successful. For more information, please see Why We’re Not Recommending “FIPS Mode” Anymore .
SQL Server 2014 Prerequisites
To install Bomgar Vault, certain requirements must be met. Please verify that you have these major components before proceeding
Create a Bomgar Vault service account that is used for installing and running the Bomgar Vault application services and application pool. The Bomgar Vault Service Account needs to be a domain account with the following permissions:
- A member of the Domain Users group.
- A member of the local administrators groups on the host server of the Bomgar Vault application.
- Logon as a service permission (as of Vault version 16.1.6 the installer attempts to grant permission automatically).
- The following permission is needed in the SQL Server hosting the Vault databases:
DB_Creator - This role is needed during the installation in order to create the Bomgar Vault and Maintenance databases. The DB_Creator role can be unassigned from the service account after installation is complete. If the installation is not executed as the Bomgar Vault Service Account, it may be necessary to manually add the DB_Owner role to the Bomgar Vault Service Account within SQL Server.
- Read/Write access to the physical file path on the SQL Server where backup files are stored during Bomgar Vault software upgrades.
- .NET Framework
.NET.NET 4.7 is required for Vault.
IPv6 needs to be DISABLED on the host server for the Bomgar Vault application.
- SQL Server
Bomgar Vault uses Microsoft SQL as its database back-end. Please verify that the server on which you wish to install Vault is able to connect to your SQL Server. We recommend that you do not install SQL Server on the same server as the Bomgar Vault application, as a security best practice. However, Bomgar Vault is fully functional when deployed in this manner.
Windows operating system and database versions must be in English US.
- Set up a MS SQL server instance (already joined to the domain).
- Add a login to the SQL server for the vault_service account, with appropriate permissions.
SQL Server Express 2014 Prerequisites
Bomgar Vault can use Microsoft SQL Express 2014 for certain types of deployments. If you are installing Vault as part of a proof of concept (POC) or are leveraging Vault in a limited capacity that falls into the sizing guidelines below, then SQL Express can be used. Some important factors to consider when using SQL Express 2014 are:
- SQL Express is not capable of supporting native SQL High Availability
- SQL Express is limited to the following hardware restrictions that could hinder performance when scaling:
- Single CPU (4 cores allowed)
- 1 GB of RAM
- Max database size 10 GB
- The supported sizing guidelines of a Vault deployment using SQL Server Express 2014
- SQL Express 2014 on Windows 2012 R2
- 15 users
- 50 endpoints
- 500 passwords
The following database permissions are required:
- The user executing the Vault installer must be assigned the DB_Creator system privilege.
- The account running the application pool must possess the DB_Owner database privilege for the Vault database.
- The account running services must possess the DB_Owner database privileged for the Vault database.
- The user upgrading the Vault application via the installer must be assigned the Sysadmin privilege. This is required only if you wish to create a backup during installation.
Bomgar recommends executing installation and upgrades as the Vault services account user because the account naturally becomes the database owner. If not, it is essential that the DB_Owner privilege be added post-installation. This is also required post-installation for any of the following scenarios as well:
- Upgrading a Vault installation connected to integrated security.
- The user installing the application is not the account running the application pool and services.
- The user upgrading also needs permission on the ccurent Vault database.
Windows operating system and database versions must be in English US.
- Download SQL Express Server 2014 from Microsoft here: Microsoft Download Center.
- Run the executable file to begin installation. During the installation, choose all default settings.
- Depending on your needs, select to install a new SQL Express Server installation or to upgrade an existing installation.
- Check the box labeled I accept the license terms and click Next.
- Choose the default feature selection and directory settings and click Next.
- Ensure that the Instance Configuration is set to Named instance: SQLExpress and Instance ID: SQLEXPRESS.
- Accept the default settings for Server Configuration.
- Accept the default settings for Database Engine Configuration.
- Internet Information Services (IIS)
IIS is the web server used for Vault. Setting up IIS for Vault is detailed in Enable Internet Information Services for Vault Installation.
- Secure Sockets Layer (SSL)
Bomgar integrations require SSL to use Vault.
Note: During a proof of concept (POC), a self-signed certificate can be used. See Create a Self-Signed Server Certificate in IIS 7 for instructions on creating a self-signed certificate.
- Import your SSL certificate at the server level in IIS.
You must import both the certificate and the private key to the server. After Vault installation is complete, you are able to bind the certificate to the Vault instance in the IIS interface.
Note: SSL configuration is outside of the Bomgar Vault installation. We recommend that you test to ensure that the default website works with SSL communication before installing Vault.
- SQL Server Configuration
For proper operation, Bomgar Vault requires that the SQL instance uses a static port assignment. Additionally, ensure that network and host layer firewalls are appropriately configured to allow for TCP 1433. As of Vault version 16.1.6, the application only supports using the default named instance of a SQL deployment.