Configuration to use the CLOUD Advanced Satellite service is very simple. It requires one firewall port opening for the secure communication channel between the CLOUD Satellite service and your local mkryptor SERVER(s). has a built-in HTTP listener for communicating with the Satellite service. All communication over this channel is secured by mkryptor.
For the CLOUD Satellite servers to be able to communicate with your local mkryptor SERVER, you need to provide an endpoint URL. The endpoint URL includes the DNS name and TCP port that the local mkryptor SERVER can be reached at. E.g., http://mkryptor.yourcompany.com:8751. You'll first need to make sure that this URL is accessible through your firewall.
Firewall portYou can choose to have mkryptor listen on any TCP port number in the range 8730-8760 or 9970-9980. In this example we will use the port 8751.
Before you begin configuring mkryptor SERVER, you will first need to make sure that the chosen TCP port (e.g., 8751) is open for inbound traffic in your firewall(s).
Optional: Some customers prefer to lock-down their firewall so that only the CLOUD Satellite servers can access this port. If you wish to do this, the CLOUD Satellite servers have a (reverse) DNS mapping of "cloudout.mkryptor.com". If you need the IP addresses, run a DNS lookup on cloudout.mkryptor.com - note that these IPs may change from time-to-time.
DNS Host or IP addressFor the CLOUD Satellite servers to be able to communicate with your mkryptor SERVER, it needs to know how to reach it. You can either use an IP address (e.g., http://18.104.22.168:8751), or use a DNS hostname to map to the IP (e.g., HTTP://mkryptor.yourdomain.com:8751). Any host name is fine, so long as it maps to your IP address(es). If you are going to add an address specifically for mkryptor, then we recommend mkryptor.yourdomain.com (where yourdomain.dom is your regular company domain)
HINT: If you have installed mkryptor SERVER onto a Microsoft Exchange server, then you probably already have a suitable host record configured for your Outlook Web Access.
mkryptor SERVER configurationNow that you have opened the required firewall port, we need to configure mkryptor SERVER to talk to the CLOUD Satellite servers:
- On your mkryptor SERVER, open the mkryptor configuration manager
- Go to the Security tab
- At the bottom of the window is a section titled Satellite Services.
- Change the following settings in this section:
- Enable Secure Replies - Ensure this box is checked
- Satellite External URL - set this as https://www.mkryptor.com/satellite
- HTTP Listener URL - This will be the endpoint URL mentioned in the previous section (Firewall port and DNS host). It should be in the format HTTP://<hostname>:<port>. For example: HTTP://mkryptor.yourcompany.com:8751
- Enable Password Changes - Check this box to enable the Recipient password/fact management feature
- Leave the Encryption Key box blank
- Click Save and restart the mkryptor service