In this article:
This article describes how to connect a Site Manager to Macruim MultiSite. Although MultiSite does not include any deployment-specific features, it can be used to remote view a Site Manager, meaning that centrally-initiated deployments can be started by an administrator using MultiSite.
Macrium MultiSite allows multiple Site Manager installations to be monitored and managed from a single online portal. To find out more, visit our website at https://www.macrium.com/multisite
Although MultiSite itself does not have any deployment features, MultiSite can be used to remote view a Site Manager over the SSH connection between the Site Manager and MultiSite. This can be used to start a centrally initiated deployment of computers that have been booted using the deployment media and perform configuration tasks in SiteDeploy®. This enables an administrator to perform the deployment from anywhere geographically, as long as they have internet access and someone on site can boot the computer with the deployment media.
Security Configuration
To ensure that no security issues can arise as a result of enabling MultiSite integration, the following security options must be set in the 'Settings' page under 'Security':
Name | Required Setting |
---|---|
Access Restriction - Allow Access to Site Manager without login | Off-user login must be enabled |
Access Restriction - Network Access | Any computer with network access to the server can access Site Manager |
Connection Settings | HTTPS communication must be enabled |
Connection Settings - Port | Any port may be used |
Connecting the Site Manager server to MultiSite
MultiSite integration of Site Manager must be enabled in the 'MultiSite' section of 'Settings'.
The options available are:
Option | Description |
---|---|
Enable | Toggles Remote Management access on and off. |
API Key | Security key required by MultiSite to access Site Manager remotely. If this key is changed, MultiSite access will fail until MultiSite is updated with the new key. |
Copy | Copies the API key to the clipboard. |
Generate New Key | Generates a new random key. The key is not in effect until 'Save' is pressed. |
Refresh | Refreshes the outgoing connection from the Site Manager server to MultiSite. |
All communications between MultiSite and Site Manager use RSA 2048 encryption, no unencrypted data is transferred
Once the MultiSite connection has been enabled, the Site Manager server will start pinging the MultiSite endpoints with information. The connection is not made, however, until the API key shown in Site Manager has also been added to the MultiSite console. Until the API has been added, the MultiSite connection will show as 'No MultiSite configured':
The API key can be added in MultiSite on the 'Sites' page:
Once the API key has been added, select 'Refresh' under the MultiSite connection status. The Site Manager server will then connect to MultiSite. The status of the connection will change to 'Connected to MultiSite':
Remote Accessing SiteDeploy®
Once the Site Manager is managed by MultiSite. It can be remotely viewed using the MultiSite console. This is done by expanding the relevant site on the 'Sites' page of MultiSite, and then using the 'Remote View' button:
SiteDeploy® on the Site Manager server will then be fully accessible using the MultiSite remote view:
Communications Ports and IP Addresses
The MultiSite connection is based on outgoing traffic from the Site Manager installation.
Server | Protocol | Port | IP Addresses | Purpose |
---|---|---|---|---|
tunnel.msadmin.macrium.com | HTTPS | 443 | 40.84.156.200 13.84.162.176 13.65.241.157 | To establish an initial connection to MultiSite, Site Manager makes an outgoing HTTPS connection to the Macrium servers. |
tunnel.msadmin.macrium.com | SSH | 1004 | 40.84.156.200 13.84.162.176 13.65.241.157 | Site Manager uses an outgoing SSH connection to transfer information to MultiSite. Please note that the port used may change in future releases |
The IP addresses provided may be changed or added to in future releases. We recommend adding any necessary firewall rules by DNS name if possible.