Secure Backup Portal

Backup
Skrivet av Christian Petersson

Self-service is a key feature if you are a service provider, many of you are probably using IBM Spectrum Suite or Rubrik as their backup vendor. The problem with many backup applications is that they are not end-user facing and are not self-service minded. There for does 3rd part vendor applications like Auwau Cloutility exist and do a great complementary job for your backup solutions.

ABOUT CLOUTILITY

Cloutility is an on-premise web-based software solution for delivering backup-as-a-service (BaaS). It seamlessly plugs into your backup/data protection infrastructure and among other features the solution provides role-based self-service, custom reporting and alerting, recurring billing automation and show-back. Cloutility organizes business units in a secure multi-tenant environment reflecting the user’s real world of business units, customers and departments.

Cloutility Show Screen

Because Cloutility is a self-service web portal you should configure it to use SSL encryption by default, especially if you expose it externally on the internet, and Let’s Encrypt that is a non-profit certificate authority provides free SSL certificates.
One issue with Let’s Encrypt is that it has short validation period, there for do you need to renew that manually every 90 days.

In this blog will we learn how we can generate and use Let’s Encrypt certificate on Cloutility installation on a Windows Server 2019 and automatic renew that.

Prerequisites

Make sure you have installed Auwau Cloutility on a Windows Server 2019 using their installation guide. If you need help to install Cloutility, you will find more information here

The Cloutility server do also need to be exposed on the internet, to understand better how Let’s Encrypt are working, can you find more information here.

Verify Installation

First step even before we start, verify that the existing installation are working using the non-secure http protocol. This will be used later in the installation.

unsecure connection

Download and install win-acme

There is many tools out there that can do the same but in this blogg are we using win-acme that is a open-source project to create and maintain your certificate automatically.

Want to read more about win-acme

You can download the latest version from following github repository and extract that on your Windows Server.

Windows Explorer for win-acme

Now let’s start a command line window in Administrator mode, if you don’t do that you will get Windows Defender popping up and say “Windows protected your PC” and you need to manually approve that to execute.

Run the binary wacs.exe and follow the guide as showing bellow.
You want to identify both sites to make sure you have ssl encryption between Web Browser <-> Front-End but also between Front-End <-> back-end API.
Use the Default Installation for the easiest installation including installing the scheduler to renew your certificate, press “N” to use default settings.

win-acme installation

In step 2 of the installation you need to select what URLs you want to get the certificate to verify, in my case do we want to use 5 & 6 that is our Front-End URL and Back-End URL.

select url

Now will the win-acme automatically run a test, to see if Let’s Encrypt can verify your host using the URL externally and win-acme will automatically then create all nessecary data to your IIS Server and modify your installation of Cloutility.

successful installation of win-acme

Use the old insecure URL to login to your Cloutility host as main instance administrator owner, go to the gear icon in the right corner and go to API Access

Cloutility Settings

Click on the add button and type in a name, public URL <https://your-url.com> and make that website as Default Application and then Add application

Cloutility generate new API Key

Cloutility will now automatically generate a access key for the front-end and the back-end to be able to communicate over SSL encryption.

Ues the old Administrator Command Line window or open a new one, go to C:\inetpub\wwwroot\Cloud Portal App directory and open Web.config with notepad or any other basic text editor.

Loacting Cloutility Web.config file

Located the <add key=”app:ClientId” …/> and under the value=”….” you need to copy the generated key to that text file.

Samething in the value <add key=”app:ApiUrl” … /> do you need to insert the new SSL encrypted Front-End URL <https://your-url.com>

Copy API and URl to Web.config

Now, let’s test our new encrypted Cloutility Portal.

Encrypted Cloutility with Let's Encrypt

Wow it works perfect, I hope this was useful for you and please feel free to reuse this for your next installation.

Christian Petersson
Föregående

Reflection on SSUG Nov 2022
Nästa

Spectrum Scale on Ubuntu