Enrolling a Server


To manage access to a server with ScaleFT, you’ll need to install the ScaleFT Server Agent on the server, and enroll your server into a project.

If you are using the default configurations, the agent will begin managing user accounts on your server, and enable client certificate authentication for SSH or RDP.

Installation

Enrollment

Enrollment is the process where the ScaleFT agent configures a server to be managed by a specific project.

With an Enrollment Token

An enrollment token is a base64 encoded object with metadata that the ScaleFT Agent can configure itself from.

To create an enrollment token in the ScaleFT Dashboard, browse to the desired project, then select “Server Enrollment Tokens”. Either use an existing token, or generate a new Enrollment Token with a description of what the token is used for, such as “First Production Buildout”, or “Testing ScaleFT”.

Once you have a token, ensure it exists on the server in question either via your configuration management system, or by just writing the token to a file yourself.

On Linux, the enrollment token path is /var/lib/sftd/enrollment.token.

On Windows, the enrollment token path is C:\windows\system32\config\systemprofile\AppData\Local\ScaleFT\enrollment.token.

To validate that the server is enrolled, run sft list-servers on a client machine. You should see the enrolled server listed.

Associating an AWS Account with a ScaleFT Project

ScaleFT supports optionally associating an AWS account with a ScaleFT project.

The ScaleFT Server Agent uses AWS’s signed instance metadata to identify itself, and can automatically enroll into a project in your team.

This method is best when all your AWS servers from a specific AWS account will belong to only one project. You can use this method to enroll servers into that project instead of using an Enrollment Token. For bare metal or on-premise servers, or when cloud metadata-based enrollment is not available, enroll servers using per-project Enrollment Tokens.

To associate an AWS account with a ScaleFT project:

  1. Locate your AWS account number by logging into the AWS web console, opening the “Support” dropdown in the top right corner, then selecting “Support Center”.
  2. In the ScaleFT Dashboard browse to the desired project, click “Add AWS Account”, then enter the account number you located in step #1 under Associated AWS accounts.

From this point forward, when the agent starts on a server that belongs to this AWS account, if that server has not been previously enrolled in ScaleFT, the agent will submit the server’s signed AWS metadata as proof of its identity, and enroll it in your ScaleFT project.