Re: Intel EMA Server and Azure WAF

Endpoint_Engineer · ‎02-22-2024

Hello, I'm trying to setup Intel EMA Server and I was asked by the Azure team for the recommended settings when putting it behind Azure Web Application Firewall. Can you provide some guidelines for this?

MIGUEL_C_Intel · ‎02-22-2024

Hi,

We are glad to know you are interested in Intel® EMA. The complete installation guideline is available in our document Intel® Endpoint Management Assistant (Intel® EMA) Server Installation Guide v 1.12.1 https://www.intel.com/content/dam/support/us/en/documents/software/manageability-products/intel-ema-server-installation-and-maintenance-guide.pdf

In production environments, we suggest creating a virtual machine in Azure and installing Intel® EMA on it. The Database can be in the same machine or any other physical or virtual machine.

Please carefully read the sections:

1.3.4 Pre-installation Instructions for Microsoft Azure AD Environments

https://www.intel.com/content/dam/support/us/en/documents/software/manageability-products/intel-ema-server-installation-and-maintenance-guide.pdf#page=10

Network ports required in sections 1.3.9 Network and 1.3.10 Network Ports

https://www.intel.com/content/dam/support/us/en/documents/software/manageability-products/intel-ema-server-installation-and-maintenance-guide.pdf#page=11

As a general recommendation, Intel recommends provisioning the endpoints in Client Control Mode, testing the connection then, jump to the Admin Control Mode if your company requires it.

The latest software version is 1.12.2.0.

Intel® Endpoint Management Assistant (Intel® EMA); the zip file contains all the PDF guides.

https://www.intel.com/content/www/us/en/download/19449/intel-endpoint-management-assistant-intel-ema.html

I will gladly provide further assistance if necessary.

Regards,

Miguel C.

Intel Customer Support Technician

MIGUEL_C_Intel · ‎02-27-2024

Hi,

Do not hesitate to reply, I will gladly provide further assistance if necessary.

Regards,

Miguel C.

Intel Customer Support Technician

Endpoint_Engineer · ‎02-29-2024

Hi again, I've installed EMA for testing using the recommended option, it's a one server install with an Azure SQL DB. I can login to the web interface but I cannot connect via Platform Manager, I get this:

What should I check?

MIGUEL_C_Intel · ‎02-29-2024

Hi Endpoint_Engineer,

Intel® EMA requires a full SQL 2017 or higher version, the Azure SQL DB is not supported yet.

Please review the supported SQL versions and Azure AD instructions.

Sections: 1.3.3 Database and 1.3.4 Pre-installation Instructions for Microsoft Azure AD Environments.

https://www.intel.com/content/dam/support/us/en/documents/software/manageability-products/intel-ema-server-installation-and-maintenance-guide.pdf#page=9

Regards,

Miguel C.

Intel Customer Support Technician

Endpoint_Engineer · ‎03-01-2024

But this is in you Azure deployment guide (Intel EMA web deployment guide for Azure):

MIGUEL_C_Intel · ‎03-01-2024

Hi Endpoint_Engineer,

Excuse me for the misunderstanding. You are installing the Intel® Endpoint Management Assistant (Intel® EMA) Cloud Start Tool for Azure. Before giving you further details, please answer the questions below:

You are evaluating Intel® EMA. Please let me know which template you are going to install:

1- Simplified template

2- Advanced Template

3- Enterprise Template

Intel® Endpoint Management Assistant (Intel® EMA) Cloud Start Tool for Azure

https://www.intel.com/content/www/us/en/download/19738/intel-endpoint-management-assistant-intel-ema-cloud-start-tool-for-azure.html

How many endpoints are you planning to provision in this evaluation?
Please let me know the Server OS version.
And the SQL version as well.

The on-premises Intel® EMA software and installation manual is below:

Intel® Endpoint Management Assistant (Intel® EMA)

https://www.intel.com/content/www/us/en/download/19449/intel-endpoint-management-assistant-intel-ema.html

Intel® Endpoint Management Assistant (Intel® EMA) Server Installation and Maintenance Guide

https://www.intel.com/content/www/us/en/support/articles/000055629/software/manageability-products.html

Look forward to hearing back from you.

Regards,

Miguel C.

Intel Customer Support Technician

Endpoint_Engineer · ‎03-04-2024

Hi Miguel,

answering your questions: it's the advanced template with Azure SQL DTU. It's a single server install just for testing with the database hosted with Azure SQL. The server OS is Windows Server 2019 Standard.

MIGUEL_C_Intel · ‎03-04-2024

Hi Endpoint_Engineer,

Thank you for sharing your configuration, please allow me to do a lab with a similar environment.

Regards,

Miguel C.

Intel Customer Support Technician

MIGUEL_C_Intel · ‎03-04-2024

Hi Endpoint_Engineer,

Do you mind confirming if you tried accessing the Platform Manager with the Global Admin account? Also, let us know if accessing the EMA Web console works with the Global Admin account. Please try from the server (localhost) and remotely if that use case is required.

Please confirm if you are using Windows Active Directory or Azure AD.

Regards,

Miguel C.

Intel Customer Support Technician

Endpoint_Engineer · ‎03-05-2024

Yes, I tried accessing the Platform Manager with the Global Admin account via localhost:8000 on the same server. Yes, the web console works with Global Admin account either locally or remotely. I'm using local accounts.

MIGUEL_C_Intel · ‎03-05-2024

Hi Endpoint_Engineer,

Thank you for your reply.

Please tell us about the port 8000. Is it open in the Server and Azure?

Regards,

Miguel C.

Intel Customer Support Technician

MIGUEL_C_Intel · ‎03-05-2024

Hi Endpoint_Engineer,

You are using the Local Authentication for EMA. Are you using the same authentication method to access the machines (endpoints and Server), or you are Windows AD or Azure AD?

Regards,

Miguel C.

Intel Customer Support Technician

Endpoint_Engineer · ‎03-06-2024

I'm in an Active Directory environment. The server is domain joined.

MIGUEL_C_Intel · ‎03-06-2024

Hi Endpoint_Engineer,

You are using AD authentication.

Please review the following on your configuration and perform the tests.

1- Switch the user of the endpoint and use the Global Admin credentials, then open Platform Manager and try again localhost:8000 / localhost.

2- For remote accessing, review the host firewall, Azure NIC, and Azure Segment firewall, all need to be open to the IP you are requesting 8000 from.

Regards,

Miguel C.

Intel Customer Support Technician

Endpoint_Engineer · ‎03-07-2024

I'm not sure if I understood correctly but during install I selected local accounts:

MIGUEL_C_Intel · ‎03-07-2024

Hello, Endpoint_Engineer,

I am going to send you an email; we need some private information about your configuration.

Regards,

Miguel C.

Intel Customer Support Technician

MIGUEL_C_Intel · ‎04-01-2024

Hello, Endpoint_Engineer,

If further assistance is necessary, do not hesitate to reply using the forum or to my emails.

Regards,

Miguel C.

Intel Customer Support Technician