Install the Management Portal
The first step is to install the Ivanti Automation Management Portal. You need to install the Management Portal on a web server. We do not recommend installing it on a domain controller.
- The installation will create the following branch in the IIS Manager: Ivanti > Automation.
- For evaluation purposes, you can also install the Management Portal on a workstation.
- Because users can access the Management Portal from any location, it is best practice to secure access to it with administrative roles. If you do not, ALL users with an Active Directory account will be able to access it.
Procedure
- Run the Ivanti Automation Installer and choose Select and install components > Ivanti Automation Management Portal, or run the Ivanti Automation Management Portal Installer separately. Launch it on the computer on which you want to install the Management Portal, for example your web server. This opens the Ivanti Automation Management Portal Setup Wizard window.
- Follow the steps of the Setup Wizard.
- By default, the Management Portal will be installed at C:\Program Files\Ivanti\Automation. If you install the Management Portal at a custom location, the installation path can contain a maximum of 120 characters.
- In the Configure Secure Binding step, specify the settings and select a server certificate to create an SSL binding for the Management Portal.
- The hostname must be known on your internal and external DNS servers.
- The Management Portal is secured with SSL by default. It uses the HTTPS protocol and port 443 (or another port that you specified).
- With the option Select installed certificate, you can select a server certificate from a list that is populated with computer certificates from the Personal and Web Hosting Certificate Stores.
- For testing purposes, the option Generate Self-Signed Certificate is offered on Microsoft Windows 8 and higher / Microsoft Windows Server 2012 and higher. RES recommends not using self-signed certificates in a production environment. The self-signed certificates require PowerShell 4.0 or higher.
- In IIS, the installation creates the node Ivantiand deploys the Management Portal as the web application Ivanti > Automation. If you, for instance, install the Management Portal with a host name (alias) ivantiproducts, the web application will be available at https://ivantiproducts.mydomain.com/automation.
- If the node RES already exists in IIS, this step is skipped and the actual installation begins.
- At the end of the Setup Wizard, click Finish.
After the installation is finished, the Ivanti Automation Management Portal is installed and a shortcut to the URL is placed on your desktop to start the Management Portal. Alternatively, you can open the Management Portal via a browser and specify the web address including the path "/automation".
When launching the Management Portal, it opens the Setup > Environment page to create a Datastore connection.
- Ivanti installation files are signed with certificates. Microsoft Windows tries to verify a certificate’s validity before installing software products. This process (Certificate Revocation List (CRL)) is run to check to see if a certificate was revoked because it was expired or compromised. This process is not unique to Ivanti and is something that happens for any product that contains a certificate and is run on Microsoft Windows (unless CRL is turned off which is not recommended by Microsoft). It is also possible under specific cases that a CRL check is done during process startup. A sign-in could potentially be delayed if the environment does not use a Corporate/Enterprise license and the user attempts to sign in immediately after the restart of the computer or the service, before the CRL check has been done.
On computers without Internet access, the CRL validation may cause a delay of, for example, 20-30 seconds before an installation starts. This is by design of Microsoft Windows. To avoid this delay to occur, make sure machines can connect to the Internet. If this is not possible, implement a (manual/automatic) distribution system to keep the publisher's certificate revocation lists up to date. - If you want to use single sign-on, the IIS server must be located in the same domain as the people that use the Ivanti Automation Management Portal, or a trust must exist between multiple domains. Single sign-on requires the Windows feature Windows Authentication to be installed.