Menu

Prepare for installation

NOTE—SCC cannot be supported if there is a web proxy between the SCC client and the SCC server connection.

Before installing SCC, prepare the following:

License

Register the Knox Manage license in the Admin Portal.

SCC client server hardware

  • Microsoft Windows Server 2008 R2 (64-bit), 2012 (64-bit), 2016 (64-bit), or 2019 (64-bit) should be used to run the server software.

Java Development Kit (JDK)

  • Install Java Development Kit 1.7 (64-bit) or 1.8 (64-bit).
  • Patch the JCE module based on JDK version. For more information, see Installing Java patches.

Network environments

  • The firewall between the SCC Client and the LDAP server should be open.
  • The firewall between the SCC Client and the CA server should be open.
  • The firewall between the L4 switch for accessing the SCC Server and the SCC Client. Refer to the list below for the firewall information of L4 domains according to the service regions.
NOTE—If the regional code is between 02 and 07, then you must include the regional code after the area name (ap, us, eu) of the firewall domain. Your reigion code can be found on the Knox Manage admin portal url. However, if the area code is 01, the number is omitted.
Region Domain:Port

Asia (Singapore)

  1. [01]
    • scc-ap.manage.samsungknox.com:10000
    • scclts-ap.manage.samsungknox.com:8080
  2. [02]
    • scc-ap02.manage.samsungknox.com:10000
    • scclts-ap02.manage.samsungknox.com:8080

US (Oregon)

  1. [01]
    • scc-us.manage.samsungknox.com:10000
    • scclts-us.manage.samsungknox.com:8080
  2. [02]
    • scc-us02.manage.samsungknox.com:10000
    • scclts-us02.manage.samsungknox.com:8080

EU (Ireland)

  1. [01]
    • scc-eu.manage.samsungknox.com:10000
    • scclts-eu.manage.samsungknox.com:8080
  1. [02]
    • scc-eu02.manage.samsungknox.com:10000
    • scclts-eu02.manage.samsungknox.com:8080
  2. [03]
    • scc-eu03.manage.samsungknox.com:10000
    • scclts-eu03.manage.samsungknox.com:8080
  3. [04]
    1. scc-eu04.manage.samsungknox.com:10000
    2. scclts-eu04.manage.samsungknox.com:8080
  4. [05]
    • scc-eu05.manage.samsungknox.com:10000
    • scclts-eu05.manage.samsungknox.com:8080
  5. [06]
    • scc-eu06.manage.samsungknox.com:10000
    • scclts-eu06.manage.samsungknox.com:8080
  6. [07]
    • scc-eu07.manage.samsungknox.com:10000
    • scclts-eu07.manage.samsungknox.com:8080

TCP communication resources

The SCC Server and SCC Client are connected through TCP communication. To enhance the TCP performance of the SCC Client, you must change the registry value. For more information, see Setting up the TCP communication resource.

Checking the open source license

To check the open source license information used in SCC, refer to the following file on the folder where the SCC Client is installed.

{SCC installation location}\scc-client\resources\SCCClient-OpenSourceLicense.xml:

Installing Java patches

To operate Cloud Connector, the Java Development Kit (JDK) must be installed in advance, and then the JCE module must be patched based on the JDK version. For example, if you are using JDK 1.7, apply the Java patch for JDK 1.7, not the Java patch for JDK 1.8.

To install the Java Cryptography Extension (JCE) to support TLS v1.2 AES 256, complete the following steps:

  1. Download Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy files that match the JDK version. For more information, visit the Oracle website.

    NOTE—If you have a higher JDK version such as 1.8.0_151-b12, you don't need a JCE patch. Skip to step 5.

  2. Decompress the downloaded file.

    A sub-folder named UnlimitedJCEPolicy is created.

  3. Check if the following files are included in the folder.

    • README.txt
    • local_policy.jar: Unlimited strength local policy file
    • US_export_policy.jar: Unlimited strength US export policy file
  4. Copy two JAR files (local_policy.jar, US_export_ policy.jar) from the UnlimitedJCEPolicy folder to the %JAVA_HOME% \jre\lib\security folder.

  5. For JDK versions with the following targets, configure the security setting for the crypto policy:

    Target version

    • JRE 7: 1.7.0_161-b13 or higher

    • JRE 7: 1.8.0_151-b12 or higher

    Configuration

    Add (or remove annotation) crypto.policy=unlimited in the java.security file in the %JAVA_HOME%\jre\lib\security folder.

NOTE— If the Java patch is not installed successfully, the Cloud Connector will not operate normally.

Setting up the TCP communication resource

We recommend changing the registry value for the TCP resource in the SCC Client for enhanced TCP performance.

To change the registry value, complete the following steps:

  1. On your computer, open the Registry Editor.
  2. Navigate to HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters.
  3. Change the value each of the following items. If the value does not exist, right-click anywhere on the screen, and then select New > DWORD (32- bit) Value to create a new one.
Share it: