Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2834 Discussions

Intel EMA Server and Azure WAF

Endpoint_Engineer
1,374 Views

Hello, I'm trying to setup Intel EMA Server and I was asked by the Azure team for the recommended settings when putting it behind Azure Web Application Firewall. Can you provide some guidelines for this?

0 Kudos
17 Replies
MIGUEL_C_Intel
Employee
1,354 Views

Hi,


We are glad to know you are interested in Intel® EMA.  The complete installation guideline is available in our document Intel® Endpoint Management Assistant (Intel® EMA) Server Installation Guide v 1.12.1 https://www.intel.com/content/dam/support/us/en/documents/software/manageability-products/intel-ema-server-installation-and-maintenance-guide.pdf


In production environments, we suggest creating a virtual machine in Azure and installing Intel® EMA on it.  The Database can be in the same machine or any other physical or virtual machine.


Please carefully read the sections: 

1.3.4 Pre-installation Instructions for Microsoft Azure AD Environments

https://www.intel.com/content/dam/support/us/en/documents/software/manageability-products/intel-ema-server-installation-and-maintenance-guide.pdf#page=10


Network ports required in sections 1.3.9 Network and 1.3.10 Network Ports

https://www.intel.com/content/dam/support/us/en/documents/software/manageability-products/intel-ema-server-installation-and-maintenance-guide.pdf#page=11


As a general recommendation, Intel recommends provisioning the endpoints in Client Control Mode, testing the connection then, jump to the Admin Control Mode if your company requires it. 


The latest software version is 1.12.2.0.


Intel® Endpoint Management Assistant (Intel® EMA); the zip file contains all the PDF guides.

https://www.intel.com/content/www/us/en/download/19449/intel-endpoint-management-assistant-intel-ema.html


I will gladly provide further assistance if necessary.


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
MIGUEL_C_Intel
Employee
1,278 Views

Hi,


Do not hesitate to reply, I will gladly provide further assistance if necessary.


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
Endpoint_Engineer
1,245 Views

Hi again, I've installed EMA for testing using the recommended option, it's a one server install with an Azure SQL DB. I can login to the web interface but I cannot connect via Platform Manager, I get this: 
2024-02-29 15_39_25-MultisessionDesktop2.png

What should I check?

0 Kudos
MIGUEL_C_Intel
Employee
1,233 Views

Hi Endpoint_Engineer,


Intel® EMA requires a full SQL 2017 or higher version, the Azure SQL DB is not supported yet.


Please review the supported SQL versions and Azure AD instructions.

Sections: 1.3.3 Database and 1.3.4 Pre-installation Instructions for Microsoft Azure AD Environments.

https://www.intel.com/content/dam/support/us/en/documents/software/manageability-products/intel-ema-server-installation-and-maintenance-guide.pdf#page=9


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
Endpoint_Engineer
1,219 Views

But this is in you Azure deployment guide (Intel EMA web deployment guide for Azure):

Endpoint_Engineer_0-1709282642716.png

 

0 Kudos
MIGUEL_C_Intel
Employee
1,196 Views

Hi Endpoint_Engineer,


Excuse me for the misunderstanding.  You are installing the Intel® Endpoint Management Assistant (Intel® EMA) Cloud Start Tool for Azure.  Before giving you further details, please answer the questions below:


You are evaluating Intel® EMA.  Please let me know which template you are going to install: 

1- Simplified template

2- Advanced Template

3- Enterprise Template


Intel® Endpoint Management Assistant (Intel® EMA) Cloud Start Tool for Azure

https://www.intel.com/content/www/us/en/download/19738/intel-endpoint-management-assistant-intel-ema-cloud-start-tool-for-azure.html


  • How many endpoints are you planning to provision in this evaluation?
  • Please let me know the Server OS version.
  • And the SQL version as well.


The on-premises Intel® EMA software and installation manual is below:

Intel® Endpoint Management Assistant (Intel® EMA)

https://www.intel.com/content/www/us/en/download/19449/intel-endpoint-management-assistant-intel-ema.html


Intel® Endpoint Management Assistant (Intel® EMA) Server Installation and Maintenance Guide

https://www.intel.com/content/www/us/en/support/articles/000055629/software/manageability-products.html


Look forward to hearing back from you.


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
Endpoint_Engineer
1,129 Views

Hi Miguel,

answering your questions: it's the advanced template with Azure SQL DTU. It's a single server install just for testing with the database hosted with Azure SQL. The server OS is Windows Server 2019 Standard.

0 Kudos
MIGUEL_C_Intel
Employee
1,113 Views

Hi Endpoint_Engineer,


Thank you for sharing your configuration, please allow me to do a lab with a similar environment.


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
MIGUEL_C_Intel
Employee
1,097 Views

Hi Endpoint_Engineer,


Do you mind confirming if you tried accessing the Platform Manager with the Global Admin account? Also, let us know if accessing the EMA Web console works with the Global Admin account. Please try from the server (localhost) and remotely if that use case is required.


Please confirm if you are using Windows Active Directory or Azure AD. 


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
Endpoint_Engineer
1,081 Views

Yes, I tried accessing the Platform Manager with the Global Admin account via localhost:8000 on the same server. Yes, the web console works with Global Admin account either locally or remotely. I'm using local accounts.

0 Kudos
MIGUEL_C_Intel
Employee
1,069 Views

Hi Endpoint_Engineer,


Thank you for your reply.


Please tell us about the port 8000. Is it open in the Server and Azure?


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
MIGUEL_C_Intel
Employee
1,068 Views

Hi Endpoint_Engineer,


You are using the Local Authentication for EMA.  Are you using the same authentication method to access the machines (endpoints and Server), or you are Windows AD or Azure AD?


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
Endpoint_Engineer
1,021 Views

I'm in an Active Directory environment. The server is domain joined.

0 Kudos
MIGUEL_C_Intel
Employee
1,010 Views

Hi Endpoint_Engineer,


You are using AD authentication.


Please review the following on your configuration and perform the tests.


1- Switch the user of the endpoint and use the Global Admin credentials, then open Platform Manager and try again localhost:8000 / localhost.

2- For remote accessing, review the host firewall, Azure NIC, and Azure Segment firewall, all need to be open to the IP you are requesting 8000 from.


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
Endpoint_Engineer
971 Views

I'm not sure if I understood correctly but during install I selected local accounts:

Endpoint_Engineer_0-1709811476356.png

 

0 Kudos
MIGUEL_C_Intel
Employee
947 Views

Hello, Endpoint_Engineer,


I am going to send you an email; we need some private information about your configuration.


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
MIGUEL_C_Intel
Employee
343 Views

Hello, Endpoint_Engineer,


If further assistance is necessary, do not hesitate to reply using the forum or to my emails.


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
Reply