To manage access to a server with ScaleFT, you’ll need to install the ScaleFT Server Agent on the server, and enroll your server into a project.
If you are using the default configurations, the agent will begin managing user accounts on your server, and enable client certificate authentication for SSH or RDP.
Enrollment is the process where the ScaleFT agent configures a server to be managed by a specific project.
An enrollment token is a base64 encoded object with metadata that the ScaleFT Agent can configure itself from.
To create an enrollment token in the ScaleFT Dashboard, browse to the desired project, then select “Server Enrollment Tokens”. Either use an existing token, or generate a new Enrollment Token with a description of what the token is used for, such as “First Production Buildout”, or “Testing ScaleFT”.
Once you have a token, ensure it exists on the server in question either via your configuration management system, or by just writing the token to a file yourself.
On Linux, the enrollment token path is
On Windows, the enrollment token path is
To validate that the server is enrolled, run
sft list-servers on
a client machine. You should see the enrolled server listed.
ScaleFT supports optionally associating an AWS account with a ScaleFT project.
The ScaleFT Server Agent uses AWS’s signed instance metadata to identify itself, and can automatically enroll into a project in your team.
This method is best when all your AWS servers from a specific AWS account will belong to only one project. You can use this method to enroll servers into that project instead of using an Enrollment Token. For bare metal or on-premise servers, or when cloud metadata-based enrollment is not available, enroll servers using per-project Enrollment Tokens.
To associate an AWS account with a ScaleFT project:
From this point forward, when the agent starts on a server that belongs to this AWS account, if that server has not been previously enrolled in ScaleFT, the agent will submit the server’s signed AWS metadata as proof of its identity, and enroll it in your ScaleFT project.
Instead of going through the process of creating a new enrollment token for the target project, re-enrolling the target server to the target project, and waiting for the server to expire from its original project, a team administrator can reassign a server to a new project from the dashboard. Navigate to the target server, click the reassign action, and choose a new project for the server. Users of the previous project will be unable to connect to the server following a reassignment.