Install the Management Portal and connect to existing Datastore

The Management Portal is the web-based application for scheduling Jobs in your Ivanti Automation environment. The Management Portal can be installed alongside the Console.

Install the Management Portal

The first step is to install the Ivanti Automation Management Portal. You need to install the Management Portal on a web server. We do not recommend installing it on a domain controller.

  • The installation will create the following branch in the IIS Manager: Ivanti > Automation.
  • For evaluation purposes, you can also install the Management Portal on a workstation.
  • Because users can access the Management Portal from any location, it is best practice to secure access to it with administrative roles. If you do not, ALL users with an Active Directory account will be able to access it.

Procedure

  1. Run the Ivanti Automation Installer and choose Select and install components > Ivanti Automation Management Portal, or run the Ivanti Automation Management Portal Installer separately. Launch it on the computer on which you want to install the Management Portal, for example your web server. This opens the Ivanti Automation Management Portal Setup Wizard window.
  2. Follow the steps of the Setup Wizard.
  3. By default, the Management Portal will be installed at C:\Program Files\Ivanti\Automation. If you install the Management Portal at a custom location, the installation path can contain a maximum of 120 characters.
  4. In the Configure Secure Binding step, specify the settings and select a server certificate to create an SSL binding for the Management Portal.
    • The hostname must be known on your internal and external DNS servers.
    • The Management Portal is secured with SSL by default. It uses the HTTPS protocol and port 443 (or another port that you specified).
    • With the option Select installed certificate, you can select a server certificate from a list that is populated with computer certificates from the Personal and Web Hosting Certificate Stores.
    • For testing purposes, the option Generate Self-Signed Certificate is offered on Microsoft Windows 8 and higher / Microsoft Windows Server 2012 and higher. RES recommends not using self-signed certificates in a production environment. The self-signed certificates require PowerShell 4.0 or higher.
  5. In IIS, the installation creates the node Ivantiand deploys the Management Portal as the web application Ivanti > Automation. If you, for instance, install the Management Portal with a host name (alias) ivantiproducts, the web application will be available at https://ivantiproducts.mydomain.com/automation.
    • If the node Ivanti already exists in IIS, this step is skipped and the actual installation begins.
  6. At the end of the Setup Wizard, click Finish.

After the installation is finished, the Ivanti Automation Management Portal is installed and a shortcut to the URL is placed on your desktop to start the Management Portal. Alternatively, you can open the Management Portal via a browser and specify the web address including the path "/automation".

When launching the Management Portal, it opens the Setup > Environment page to create a Datastore connection.

  • Ivanti installation files are signed with certificates. Microsoft Windows tries to verify a certificate’s validity before installing software products. This process (Certificate Revocation List (CRL)) is run to check to see if a certificate was revoked because it was expired or compromised. This process is not unique to Ivanti and is something that happens for any product that contains a certificate and is run on Microsoft Windows (unless CRL is turned off which is not recommended by Microsoft). It is also possible under specific cases that a CRL check is done during process startup. A sign-in could potentially be delayed if the environment does not use a Corporate/Enterprise license and the user attempts to sign in immediately after the restart of the computer or the service, before the CRL check has been done.

    On computers without Internet access, the CRL validation may cause a delay of, for example, 20-30 seconds before an installation starts. This is by design of Microsoft Windows. To avoid this delay to occur, make sure machines can connect to the Internet. If this is not possible, implement a (manual/automatic) distribution system to keep the publisher's certificate revocation lists up to date.
  • If you want to use single sign-on, the IIS server must be located in the same domain as the people that use the Ivanti Automation Management Portal, or a trust must exist between multiple domains. Single sign-on requires the Windows feature Windows Authentication to be installed.

Connect the Management Portal to an existing Datastore

The next step is to connect to an existing Datastore. This Datastore stores all information related to Ivanti Automation. After a fresh installation of the Ivanti Automation Management Portal (no Datastore connection is available yet), the Setup > Environment page is automatically opened.

  1. In the Management Portal at Setup > Environment, specify the following information:
    • Database type: the type of database server to which you want to connect.
    • Database server: the name of the relevant database server.
    • Login/password: the user name and password of the DBA account that has access to the database. When using Microsoft SQL Server, it is possible to use a password containing special characters. The following special characters are escaped in the connection string: " ' ; { }
    • Database name: the name for the Datastore.
  2. In the Authentication section, specify which authentication type should be used.
    • Windows: Authentication happens via the accounts configured in the Ivanti Automation Console. Only valid login accounts using Microsoft Windows Authentication or Ivanti Automation Authentication are able to access the Management Portal. Users with a domain (domain\user or user@domain) and local account are allowed to log in.
    • Identity Broker: Authentication is centralized via the Identity Broker. This component is aimed to 'broker' the authentication between the RES web application and the configured identity provider. See also Getting Started with RES Identity Broker for further information on installation and configuration.
  3. Click Test connection. If the database connection is established, a message will be shown.
  4. Click Save to connect to the Datastore using the specified configuration.

After the Datastore connection is set up, the Management Portal restarts automatically and connects to the Datastore.