Menu

Prerequisites for installing SCC

Before installing Samsung Cloud Connector (SCC), you must satisfy the following prerequisites in your network, server, and Knox Manage tenant.

NOTE — If there is a web proxy between the SCC client and the SCC server connection, the connector won't function.

Prepare your services, server, and network

License

Set up your Knox Manage tenant and register your Knox Manage license.

OS requirements

SCC is compatible with the following operating systems:

  • Microsoft Windows Server 2008 R2 (64-bit)
  • Microsoft Windows Server 2012 (64-bit)
  • Microsoft Windows Server 2016 (64-bit)
  • Microsoft Windows Server 2019 (64-bit)

JDK requirements

Your SCC client server requires the Java Development Kit (JDK) in the following configuration:

  • JDK 1.8.0 (64-bit)
  • Patch the JCE module based on the JDK version. For more information, see Install Java patches.

The JDK must be installed in advance, and the JCE module must be patched based on the JDK version. For example, if you are using JDK 1.7, apply the Java patch for JDK 1.7.0, not the Java patch for JDK 1.8.0.

Supported JDK distributions

The SCC client has been tested to work with the following JDK versions. These aren't officially supported. Higher versions aren't tested.

OpenJDK distribution Test versions
Oracle OpenJDK

1.8.0_181

1.8.0_251

1.8.0_291

1.8.0_311

1.8.0_341

Azul Zulu Prime

1.8.0_181

1.8.0_252

1.8.0_292

1.8.0_312

1.8.0_345

Install JDK patches

NOTE

  • If the Java patch isn't installed successfully, SCC won't operate normally.
  • In compliance with Payment Card Industry Data Security Standards, the Knox Manage servers encrypt network traffic using the Transport Layer Security (TLS) 1.2 protocol. TLS 1.0 and 1.1 aren't supported.

To install the Java Cryptography Extension (JCE) and support TLS v1.2 AES 256:

  1. Download Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy files that match the JDK version. For more information, visit the Oracle website.

    NOTE — If you have a higher JDK version such as 1.8.0_151-b12, you don't need a JCE patch. Skip to step 5.
  2. Decompress the downloaded file. A sub-folder named UnlimitedJCEPolicy is created.
  3. Check if the following files are included in the folder:

    • README.txt
    • local_policy.jar — Unlimited strength local policy file
    • US_export_policy.jar — Unlimited strength US export policy file
  4. Copy the two JAR files (local_policy.jar and US_export_ policy.jar) to the %JAVA_HOME%\jre\lib\security folder.
  5. For JDK versions with the following targets, configure the security setting for the crypto policy:

    Target version

    • Oracle OpenJDK — 1.8.0_181, 1.8.0_251, 1.8.0_291, 1.8.0_311, 1.8.0_341
    • Azul Zulu Prime — 1.8.0_181, 1.8.0_252, 1.8.0_292, 1.8.0_312, 1.8.0_345

    Configuration

    Add (or remove annotation) crypto.policy=unlimited in the java.security file in the %JAVA_HOME%\jre\lib\security folder.

Firewall exceptions

  • The firewall between the SCC client and the LDAP server should be open.
  • The firewall between the SCC client and the CA server should be open.
  • The firewall between the L4 switch for accessing the SCC server and the SCC client. Refer to the list below for the firewall information of L4 domains according to the service regions.

Aside from region code 01, if the region code is between 02 and 07, then you must include the region code after the area name (ap, us, eu) of the firewall domain. Your region code can be found in the URL of your Knox Manage console session.

Region Domain and port
Asia (Singapore)

[01]

  • scc-ap.manage.samsungknox.com:10000
  • scclts-ap.manage.samsungknox.com:8080

[02]

  • scc-ap02.manage.samsungknox.com:10000
  • scclts-ap02.manage.samsungknox.com:8080

[03]

  • scc-ap03.manage.samsungknox.com:10000
  • scclts-ap03.manage.samsungknox.com:8080

[04]

  • scc-ap04.manage.samsungknox.com:10000
  • scclts-ap04.manage.samsungknox.com:8080

[05]

  • scc-ap05.manage.samsungknox.com:10000
  • scclts-ap05.manage.samsungknox.com:8080
US (Oregon)

[01]

  • scc-us.manage.samsungknox.com:10000
  • scclts-us.manage.samsungknox.com:8080

[02]

  • scc-us02.manage.samsungknox.com:10000
  • scclts-us02.manage.samsungknox.com:8080

[03]

  • scc-us03.manage.samsungknox.com:10000
  • scclts-us03.manage.samsungknox.com:8080
EU (Ireland)

[01]

  • scc-eu.manage.samsungknox.com:10000
  • scclts-eu.manage.samsungknox.com:8080

[02]

  • scc-eu02.manage.samsungknox.com:10000
  • scclts-eu02.manage.samsungknox.com:8080

[03]

  • scc-eu03.manage.samsungknox.com:10000
  • scclts-eu03.manage.samsungknox.com:8080

[04]

  • scc-eu04.manage.samsungknox.com:10000
  • scclts-eu04.manage.samsungknox.com:8080

[05]

  • scc-eu05.manage.samsungknox.com:10000
  • scclts-eu05.manage.samsungknox.com:8080

[06]

  • scc-eu06.manage.samsungknox.com:10000
  • scclts-eu06.manage.samsungknox.com:8080

[07]

  • scc-eu07.manage.samsungknox.com:10000
  • scclts-eu07.manage.samsungknox.com:8080

[08]

  • scc-eu08.manage.samsungknox.com:10000
  • scclts-eu08.manage.samsungknox.com:8080

TCP communication resources

The SCC server and SCC client are connected through TCP communication. To enhance the TCP performance of the SCC client, you must change the registry value.

Set up the TCP communication resource

We recommend changing the registry value for the TCP resource in the SCC client for enhanced TCP performance.

To change the registry value, complete the following steps:

  1. On your computer, open the Registry Editor.
  2. Navigate to HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters.
  3. Change the value each of the following items. If the value does not exist, right-click anywhere on the screen, and then select New > DWORD (32- bit) Value to create a new one.

    • TcpTimedWaitDelay — Change the default value of 240 (4 minutes) into 30 (30 seconds) to convert the disconnected TCP resource rapidly. For more information, see https://technet.microsoft.com/enus/library/cc938217.aspx.
    • MaxUserPort — Change the default value from 5000 to the maximum value of 65534 to increase the number of concurrent requests delivered to SCC from the application. For more information, see MaxUserPort in the Microsoft docs.

Check the open source license

To check the open source license information used in SCC, refer to the following file on the folder where the SCC client is installed:

{SCC installation location}\scc-client\resources\SCCClient-OpenSourceLicense.xml