Xiid Docs

Appearance

SealedTunnel Setup

IM Agent Required by SealedTunnel

Even if you do not have an Xiid IM License, installation of the IM Agent is still required to manage SealedTunnel.

Whether you're using Standalone SealedTunnel or SSO SealedTunnel with Xiid IM, these instructions will help you activate, provision, and perform basic configuration of your SealedTunnel deployment.

SealedTunnel Activation

TIP

Activation is only required once, at the enterprise level, to enable SealedTunnel functionality across your organization.

  • Access the Agent Configuration Portal via the shortcut added to your desktop during installation or at https://127.0.0.1:10458/ and navigate to the Tunnels tab on the left side.
  • When prompted for an Activation Code, enter the one provided to you by Xiid.

Exitpoint Provisioning

Exitpoints are, generally, the server-side end of a SealedTunnel connection.

  • Navigate to the Exitpoints tab under Tunnels in the Agent Configuration Portal.
  • On the Exitpoints screen, click the + Add Exitpoint button in the top right.
  • Provide a Description for the Exitpoint.
  • Select any Units from the Units dropdown.
  • Click the SAVE button.
  • Find the Exitpoint you just created, click the Green Clipboard icon and record the Exitpoint Activation Code that was just copied to your clipboard. You'll need this during STLink installation for the Exitpoint!

Exitpoint Configuration

WARNING

You must install the STLink using the Exitpoint Activation Code before proceeding to configuration.

After creating the Exitpoint, we need to add Mappings to enable clients to access to applications via the Exit Point.

  • From the Exitpoints screen, click the purple Pencil button on the row of your new Exitpoint to edit the Exitpoint.

  • In the Edit Exitpoint screen, click the Add Mapping button located under the red "Back" button.

  • In the Add Mapping screen, enter a Description for the mapping that describes what the mapping will be used for (e.g., RDP Access, SSH Access, Web Portal Access).

  • In the Map To field, provide a loopback address and port in the format 127.X.X.X:X, such as 127.0.0.1:3389.

    • The Map To field determines the loopback address that SealedTunnel traffic will be sent to. For instance, if the Map To field is set to 127.0.0.1:3389, then the traffic on the Exitpoint will loop through port 3389 on the machine.
    • If you are integrating a web portal through the SealedTunnel, you can use 127.0.0.1:443 to pick up on the web server's existing listening port without needing to change any configurations on the web server.

  • In the Application dropdown, leave the None option unless this Exitpoint mapping will be used for RDP specifically, in which case choose the RDP option.

  • After reviewing the configurations, click SAVE.

  • Back in the Edit screen for the Exitpoint, check the Unattended mode checkbox and then click SAVE.

Entrypoint Provisioning

TIP

Whether accessed in conjunction with Xiid IM or Standalone, all clients (Entrypoints) using SealedTunnel must install the STLink software.

Entrypoints are, generally, the client-side end of a SealedTunnel connection.

Unlike with Exitpoint provisioning, Entrypoints have different configuration procedures depending on whether you are using SSO SealedTunnel (i.e., in conjunction with Xiid IM) or Standalone SealedTunnel without Xiid IM.

  • Navigating to the Entrypoints tab under Tunnels in the Agent Configuration Portal.
  • On the Entrypoints screen, start by clicking the + Add Entrypoint button in the top right.
  • Provide a Description for the Entrypoint with a description identifying the device or user's machine and click Save.
  • Select any Units from the Units dropdown.
  • Find the Entrypoint you just created, click the Green Clipboard icon and record the Entrypoint Activation Code that was just copied to your clipboard. You'll need this during STLink installation for the Entrypoint!

Entrypoint Configuration

WARNING

You cannot configure access to the Entrypoint until you have finished STLink installation.

To configure access through your Entrypoint to Exitpoint resources, refer to the access guides under Application Setup.

TIP

The STLink runs as a background service that automatically starts on system boot.

The STLink software must be installed on both Entrypoints and Exitpoints in order to use the SealedTunnel.

macOS and Linux

WARNING

For fresh macOS installations, it is likely that Apple's Gatekeeper feature may block execution of the STLink installer.

To use the installer normally, open System Settings, navigate to the Privacy and Security tab, scroll to the bottom, and click Allow Anyway next to the prompt for stlink-setup only as shown: Gatekeeper Bypass

Start by untarring the SealedTunnel installer archive obtained from the Xiid Management Portal under the Downloads tab.

For fresh STLink installations, run the following command, substituting ACTIVATION_CODE with your Entrypoint Activation Code or Exitpoint Activation Code:

bash
sudo ./stlink-setup install -i ACTIVATION_CODE
bash
sudo ./stlink-setup install -i ACTIVATION_CODE

For updates, no ACTIVATION_CODE is necessary:

bash
sudo ./stlink-setup install
bash
sudo ./stlink-setup install

Windows

  • Sign in to the machine you'd like to install the STLink on and download or transfer the STLink software.
  • After downloading the STLink installer executable from the Xiid Management Portal under the Downloads tab, double-click the executable to start the installer.
  • Navigate through the license agreement and the prompts until you get to the Finish button.
  • After clicking Finish, on fresh installs, a command prompt will pop up and ask for an Activation Code, which is your Entrypoint Activation Code or Exitpoint Activation Code.

For troubleshooting, log aggregation, or analysis, you can locate STLink logs here:

Operating SystemPath
WindowsC:\ProgramData\Xiid\XIID-stlinkagent\logs
macOS/var/log/Xiid/XIID-stlinkagent/logs
Linux/var/logs/Xiid/

Application Setup

Now that Xiid ST is set up, it's time to make it possible to securely access your applications and resources through Xiid ST!

Follow these example deployment guides for SealedTunnel:

Copyright © 2024 Xiid Corporation