Skip to content

Connecting an Edge Gateway using the pairing mechanism

Information

The pairing connection method works the same way for an Edge Gateway as it does for an HTML5 Gateway.

Prerequisites

SSH or console access with the root user to the Edge Gateway is required.

In order for the Edge Gateway pairing to be successful, the ipdiva-gateway-setup package must be installed on the machine. All cyberelements.io or cyberelements Cleanroom virtual appliances (version 4.6 or later) have the package.
If the Systancia repository is correctly configured, the following command will check for the presence of the package and attempt to install it if necessary:

1
if dpkg -s ipdiva-gateway-setup &>/dev/null 2>&1; then echo -e "\033[0;32mipdiva-gateway-setup package already installed\033[0m"; else apt update && apt install -y ipdiva-gateway-setup; fi

Connect to the Edge Gateway server via SSH or console mode with the root user and run a command equivalent to the following to start the pairing process for an Edge Gateway or HTML5 Gateway:

1
/usr/local/ipdiva/scripts/gateway-setup/pair_gateway.py -s <DNS_MEDIATION_CONTROLLER> -t <PAIRING_TOKEN> -k -n <INSTANCE_NAME> --no-care -v

Here are the details of the different options:

  • -s: defines the DNS name of the Mediation Controller or cyberelements.io tenant; an IP address can be used but will most likely require the use of unsecured mode.
  • -t: defines the pairing token to be used (generation of a pairing token).
  • -k: activation of unsecured mode, in which the validity check of the Mediation Controller's web certificate is disabled. This setting should not be used systematically, only in contexts where it is necessary and where the presence of a MITM attacker has been ruled out (validation of a web certificate to ensure the identity of the server contacted).
  • -n: definition of the suffix of the Edge Gateway instance name on the machine; if not defined, the main instance name, gateway or html5gateway, will be used. Only specify a name containing numbers, letters, or the special characters - or _. For the first connection of an Edge Gateway or HTML5 Gateway to the server, it is recommended not to set the -n parameter.
  • --no-care: the pairing will not attempt to install the recording service certificate.
  • -v: activation of verbose mode to obtain more information about the pairing process.

Examples

To install the first Edge Gateway instance on a machine, the following command would be sufficient:

1
/usr/local/ipdiva/scripts/gateway-setup/pair_gateway.py -s mediation-controller.domain.local -t TCGX-091U-AIBW-EWF7-T7XW-1VLK-LPS8-2DWS

However, if access to the Mediation Controller server is only possible with an IP address whose web certificate is not suitable, then unsecured mode must be enabled (preferably used when the connection does not pass through the public network):

1
/usr/local/ipdiva/scripts/gateway-setup/pair_gateway.py -s 10.0.10.10 -t TCGX-091U-AIBW-EWF7-T7XW-1VLK-LPS8-2DWS -k

If a first instance of Edge Gateway is already present on the machine, then it would be necessary to create a new instance without modifying the recording service certificate:

1
/usr/local/ipdiva/scripts/gateway-setup/pair_gateway.py -s 10.0.10.10 -t TCGX-091U-AIBW-EWF7-T7XW-1VLK-LPS8-2DWS -k --no-care -n instance-2

The previous command, by creating a new instance named gateway-instance-2 (Edge Gateways automatically take the prefix gateway- while HTML5 Gateways take the suffix html5gateway-), also creates new directories for:

  • Manage instance settings using the /etc/ipdiva/gateway-instance-2/ directory.
  • Start, stop, or restart the instance using the scripts in the /usr/local/ipdiva/gateway-instance-2/bin/ directory.