Lab 7: Keyfactor Universal Orchestrator

Keyfactor Universal Orchestrators Lab Activity

Certificate stores and Orchestrators go hand in hand within the Keyfactor platform.  You can't have a certificate store to manage without the appropriate orchestrator to interact with that store. In this lab, we are going to install the Keyfactor Universal Orchestrator and ensure it is approved for use within the Keyfactor platform.

Keyfactor Universal Orchestrator

The Keyfactor Universal Orchestrator is the latest release of our orchestration solution. The Universal Orchestrator can be deployed on Windows or Linux as it uses .Net Core. The core of the orchestrator manages the sessions and jobs with Keyfactor. New capabilities are able to be developed using the AnyAgent framework to add new functionality to the orchestrator should the standard plug-ins not meet the needs of the business. New capabilities are also published to the Keyfactor GitHub. Let's get the orchestrator installed.

Install Orchestrator Bits

When installing the orchestrator, the first step is to get the bits onto the server. This is done by unzipping the Orchestrator files downloaded from the Software portal. We've placed the files at:

C:\Software\Keyfactor\Orchestrator

We have two options for the installation and configuration of the Orchestrator. We can choose to do an In Place install. This will leave the files in the current directory and create the service. When doing the in-place install, you must also install all capabilities. We will use the default install which will copy all files to C:\Program Files\Keyfactor\Keyfactor Orchestrator and we will set all capabilities to be installed.

1. Click Start > Windows PowerShell > Windows PowerShell

2. Change directories by entering the following command
   

   CODE

   cd C:\Software\Keyfactor\Orchestrator\InstallationScripts

3. Execute the .\install.ps1 install script with the following parameters to start the install. You will get prompted for the following values:
   

   CODE

   .\install.ps1 -Capabilities all -ServiceCredential (Get-Credential)

   This command will ensure all Capabilities are installed. The script will also prompt for additional values:

Add IIS Orchestrator Extension

After installing the orchestrator, we will need to add the IIS Extension. We can accomplish this by following the steps below.

1. Copy the IIS Folder from the C:\Software\Keyfactor directory.

2. Paste the IIS Folder into the C:\Program Files\Keyfactor\Keyfactor Orchestrator\extensions directory.

3. Open up the Services.msc and Restart the Keyfactor Orchestrator Service.

Now that we've installed the orchestrator and placed the IIS extension in the correct directory, it will reach out to Keyfactor, register as an available orchestrator, and await work to be done. However, until we approve the orchestrator, it will not pick up any work. Let's jump into the portal to make sure our orchestrator is installed correctly. Navigate to Orchestrators > Management and approve our newly added orchestrator.

Bonus Lab: Install a second Keyfactor Universal Orchestrator on the same machine. This orchestrator should only have the SSL capability and should be named as such. Take a moment to read through the next lesson about the details of the Keyfactor Universal Orchestrator for some helpful tips on installation. Also, since we've deployed the SSL capability, can you go back to your network definition and enable scanning using our newly deployed orchestrators?