Install Bomgar Vault
After the Bomgar Vault system prerequisites are in place, you are ready to start the Vault installer. You must be running Windows Server 2012 or later.
The Vault installation wizard verifies that all system components are in place before performing the installation.
Obtain Bomgar Vault Installation Files
Use the files provided by Bomgar Support to begin installation. Place the license file where you can access it later during installation. Among the files included in your installer package are these files:
- license.lic (license file needed after logging into Vault for the first time)
- Installation binaries (Vault Installation Wizard)
Set Up the Vault Application Server
Windows operating system and database versions must be in English US.
- Ensure that the IIS and MS Report Viewer prerequisites are met on the application server.
Note: Ensure that IIS is configured to use SSL.
- Set the Vault service account as allowed to log on as a service on the application server, and ensure that IPV6 is disabled on the host server.
- Test the connection to the SQL Server on the application server. Note that you may need to sign into the application server as the Vault service account to test using the .udl file method. Alternatively, use SQL Management Studio with the "run as different user" functionality.
Note: When installing Bomgar Vault, run the installer as an administrator in a console session or, optionally, with the admin switch via Remote Desktop Protocol (RDP). Ensure that no other applications are running during installation.
View Installer Instructions and EULA
- On the initial installer page, choose what components you would like to install. Then click Next.
- Accept the End User License Agreement on the next page. Click Accept and Continue.
When you start the installation wizard, Bomgar Vault automatically verifies that all required system components are installed and accessible.
- Once the installer detects the required system components, click Next.
Note: You are not allowed to proceed with installation if even one required component is missing. Resolve any items marked Not Detected and proceed with installation.
Identify the Vault Application
- Complete the fields on the Bomgar Vault Settings page, as described in the table below. Enter a name for your Vault application in the IIS Application name field. The name can be your choice. However, the value you enter in this field affects your URL: https://example/ApplicationName/. Click Next when all fields are complete.
|IIS Application Name||The application name as it appears in IIS. Enter the name you chose, which becomes part of the application URL.|
|Installation Directory||The location in which you intend to install the Bomgar Vault application. The path should not already exist. Note that the application name you selected is appended to this path. The recommended value is C:\Program Files\Bomgar\.|
Specify Which Application Pool Vault Should Use
- Specify the application pool for Vault. We recommend creating a new application pool or selecting one that is not used by other websites.
For Application Pool Identity, select the Custom account, specifying the service account username and password.
|Application Pool||Application pools are groups of one or more URLs served by one or more worker processes. Click the dropdown menu to select either a new or existing application pool to assign to Vault.|
|Application Pool Name||When you select Existing in the first field, this field populates with a listing of your existing pool names. Then select the pool assigned to Vault.|
|Application Pool Identity||The name of the service account under which the application pool's worker process runs. This may be the local system or the service account corresponding to your existing pool.|
Create Your Private Encryption Key
- Complete the encryption key page to make Vault recoverable. Sensitivee data in the Bomgar Vault database is encrypted using this key. The key typically is needed only in case of disaster recovery, and you are free to use whatever strings you like for the key. It is not used for routine administration of Vault.
Note: As a best practice for disaster recovery, after you have successfully installed Vault, you should back up the install directory on the Vault app server. Be sure to include the encrypted files in a decrypted state. Move the backup to a secure location.
- Click Re-Generate to repopulate the field automatically.
- Click Next when you are ready to proceed.
Note: We recommend that you do not store your encryption keys digitally. Rather, best practice is to make a hard copy of the keys and store it safely in more than one physically secure location. You cannot recover access without your encryption key.
Configure the Primary Database
- On the Database configuration page, enter the information in the required fields, described in the table. The section refers to your main Vault database.
Click Next to continue.
|Server Name||Enter the name of your Vault database server. This connection information must match what you used to test your database connection using the test.udl file.|
Input the name of your SQL instance. Default SQL instances should have no name. This field can be left blank.
Note: If using Microsoft SQL Express, specify localhost as the server name and SQLExpress as the instance name.
|Database Name||Enter the name of the main database where all of your Vault information is stored.|
|Use Integrated Security?||When connecting to the database server to create the database, checking Use Integrated Security uses the credentials under which the IIS application pool runs.|
Set the Default Service Configuration
- Select the radio button Use a Specific Account and specify the service account username and password. If the Vault service runs as a named account, that account must have rights to manage services, log in as a service, access the Vault installation files, and write to the database.
Note: If using SQL Server Express, you can choose Use Local System as the service account.
Select the Initial Vault User
- On the initial Vault user page, enter the Active Directory username of the account that first logs into Vault.
- Enter the AD account you created earlier to be the first administrative account in Vault. It should be entered in the following format: domain\username.
- Next, click Check.
- The information is pulled in from Active Directory and displayed on the page for your verification.
Monitor the Installation Process
- The installer displays the status of your installation, and a dialog advises you of the installation status. Click OK to finish.
- Click Go to Application to log into Vault or Finish to quit the installer.
- After completing the installer, there are four Vault Windows Services running under the service account specified during installation. These three services are:
- Vault - Scheduler Service This service manages automatic and periodic tasks.
- Vault - Dispatcher Service: This service is responsible for sending emails generated by the Vault application.
- Vault - Rotation Service: This service manages the credential rotation and validation processes.
Begin Configuring Vault
Access Bomgar Vault using the URL and the initial Vault user automatically configured by the installer.
Note: Remember to set up SSL on your site before using it in production.
Note: As a best practice for disaster recovery, after successfully installing Vault, back up the install directory on the Vault app server. Be sure to include the encrypted files in a decrypted state. Move the backup to a secure location.
Upload the License File
When logging into Vault for the first time, you are asked to upload the license file received in your installation package.
- Click Upload File.
- Select the file from your computer.
- Click Open.
- Click Update License. Then you can begin configuring Vault users and credentials.