Meshcentral.com
Meshcentral
Simple Server Installation
Installing a true web based
management system
Version 0.0.7
Thursday, November 21, 2014
Ylian Saint-Hilaire
© 2014 Intel Corporation. All Rights Reserved.
Meshcentral Server Installation Guide
MeshCentral.com
Legal Notices and Disclaimers
Disclaimers
INTEL CORPORATION MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. INTEL CORPORATION ASSUMES NO RESPONSIBILITY FOR ANY
ERRORS THAT MAY APPEAR IN THIS DOCUMENT. INTEL CORPORATION MAKES NO COMMITMENT
TO UPDATE NOR TO KEEP CURRENT THE INFORMATION CONTAINED IN THIS DOCUMENT.
THIS SPECIFICATION IS COPYRIGHTED BY AND SHALL REMAIN THE PROPERTY OF INTEL
CORPORATION. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE TO ANY
INTELLECTUAL PROPERTY RIGHTS IS GRANTED HEREIN.
INTEL DISCLAIMS ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY
PROPRIETARY RIGHTS, RELATING TO IMPLEMENTATION OF INFORMATION IN THIS
SPECIFICATION. INTEL DOES NOT WARRANT OR REPRESENT THAT SUCH IMPLEMENTATIONS WILL
NOT INFRINGE SUCH RIGHTS.
NO PART OF THIS DOCUMENT MAY BE COPIED OR REPRODUCED IN ANY FORM OR BY ANY MEANS
WITHOUT PRIOR WRITTEN CONSENT OF INTEL CORPORATION.
INTEL CORPORATION RETAINS THE RIGHT TO MAKE CHANGES TO THESE SPECIFICATIONS AT ANY
TIME, WITHOUT NOTICE.
Legal Notices
Intel software products are copyrighted by and shall remain the property of Intel Corporation. Use,
duplication or disclosure is subject to restrictions stated in Intel's Software License Agreement, or
in the case of software delivered to the government, in accordance with the software license
agreement as defined in FAR 52.227-7013.
The Intel logo is a registered trademark of Intel Corporation.
Other brands and names are the property of their respective owners.
i
Meshcentral Server Installation Guide
MeshCentral.com
Table of Contents
Legal Notices and Disclaimers .......................................................................................................... i
Disclaimers....................................................................................................................................... i
Legal Notices ................................................................................................................................... i
1.
Abstract ................................................................................................................................... 1
2.
Introduction ............................................................................................................................. 1
3.
Router setup ........................................................................................................................... 7
3.1
Getting a host name ........................................................................................................ 8
3.2
Mapping ports .................................................................................................................. 9
3.3
Checking hairpin routing .................................................................................................. 9
4.
WebRTC TURN server ......................................................................................................... 10
5.
Trouble Shooting ................................................................................................................... 11
6.
Conclusion ............................................................................................................................ 12
ii
Meshcentral Server Installation Guide
MeshCentral.com
Document Changes
February 13, 2014 – 0.0.1
First version.
April 17, 2014 – 0.0.4
Added STUN/TURN server installation and configuration
November 13, 2014 – 0.0.6
Removed STUN/TURN server installation since Meshcentral now comes with a built-in
WebRTC TURN server. Added TCP port 3478 as required open port.
November 21, 2014 – 0.0.7
Added the Mesh Relay Server UDP port range.
Added a section on uninstallation.
iii
Meshcentral Server Installation Guide
MeshCentral.com
1. Abstract
This document reviews how to install a Meshcentral server complete with all of the components
needed to handle mesh agents, web users and other management tools. This document is only
intended for someone that wants to setup the back-end mesh server, it’s not typically for endusers. This document makes use of the Mesh Server Installer which does most of the work of
installing the Mesh Server.
2. Introduction
This document provides a quick way to set up Mesh server on a single Windows computer. While
there are many ways to set up the Mesh Server including in load balancing mode, this document
focuses on the easy way to install the server on a single Windows machine. The complete prerequisites are:




A computer running one of the following operating systems:
o Windows 7
o Windows 8
o Windows Server 2008
o Windows Server 2012
SQL Server 2010 or SQL Server 2012 must be installed.
.NET 4.5 must be installed.
Internet connectivity to Meshcentral.com.
To get started, you will need to download and de-compress the Mesh Server Installer ZIP file
from the download page on https://meshcentral.com/info. The full link for downloading the
installer is:
https://meshcentral.com/info/downloads/packages/MeshServerInstaller.zip
You then run “MeshServerInstaller.exe” as administrator. You will then see the installer
application:
1
Meshcentral Server Installation Guide
MeshCentral.com
The installer has only two buttons, the top one to launch the installer and the second to start
Platform Manager, the server management tool built to remotely manage Mesh Servers. In the
file menu, you can select “Advanced Mode” to get many more installation options. For this
document, we will focus on the simple installation. Click on the top button to launch the install
wizard.
On the welcome page you are reminded that the content of the folder C:\inetpub\wwwroot will be
replaced and so, it’s important to move or backup this folder now.
2
Meshcentral Server Installation Guide
MeshCentral.com
On the next page, you enter SQL database settings and credentials if needed. You need to have
administrator access to the database for the installation to work. If you are using Microsoft SQL
Server Express, you may need to enter “.\SQLExpress” as the server name.
Next is the external identity of the server. This is the external hostname and IP address used to
access this server. These values will be used to configure certificates and set up all the settings
needed for Mesh Agents to connect to the server. These values are very important. If these
values are not correctly setup, you will have to uninstall and reinstall the server.
3
Meshcentral Server Installation Guide
MeshCentral.com
This screen above will only be shown if your computer is part of a Windows Domain. If it’s the
case, you can setup the server so that users will login using domain authentication. This is useful
if you are on a comporate network. Normally the user “admin” is the default mesh server
administrator, but if domain authentication is selected, enter the domain\username of the user
that will be the administrator of the site.
4
Meshcentral Server Installation Guide
MeshCentral.com
Next we have settings for the Platform Manager. This is a tool used to manage the Mesh server.
You need to set an external port and an administrator password. If this password is blank, a
randomized password will be selected.
Finally, review the settings and hit install. The installer will start by creating the database, set up
account access, certificates and much more. At some point, the installer will download and Install
the Platform Manager. After installing this tool, the installer will be done and the Platform
Manager will take over for the rest of the package setup.
5
Meshcentral Server Installation Guide
MeshCentral.com
Once the installation completes, the Platform Manager Server that runs in the background will
take over and start downloading and installing all of the web pages in IIS and other background
services. You can now press the second button to launch the Platform Manager and connect to
the server.
6
Meshcentral Server Installation Guide
MeshCentral.com
Accept the remote certificate and then, click on “Localhost” and the “Events” tab. You can follow
the rest of the setup there. You should see 4 green circles in the tree view along with many web
packages in two different web sites on the left.
When it’s done, open a browser to https://localhost, accept the certificate and create a web
account. You should always create the “admin” account first because it has special privileges on
the server.
3. Router setup
Some may want to set up a Meshcentral server instance within a home or small office network
and make the site available externally on the internet. In this case, there are a few things to
consider when configuring the router for external access.
7
Meshcentral Server Installation Guide
MeshCentral.com
3.1 Getting a host name
Your network router will have the externally routable IP address for your network. If you don’t
have a static IP address and hostname already, the best option is to configure a dynamic DNS
name (DDNS). Many more advanced routers will have this feature built-into the router. Setup an
account with DynDNS.org or some other dynamic DNS provider so that a hostname points to the
router at all times, even if the IP address assigned by the ISP changes.
Once you know your DNS name, run the mesh server installer and enter the hostname in the
installer along with “Hostname only” in the selection box.
8
Meshcentral Server Installation Guide
MeshCentral.com
3.2 Mapping ports
After you get an external hostname that resolves to your router, you need to map certain external
ports to the ports on the Meshcentral server. Here are the ports you will need to map:
TCP 80
TCP 443
TCP 843
TCP 3478 &
UDP 3478
TCP 8000
TCP 8080
TCP 8084
TCP 8085
TCP 9971
UDP 8081
UDP 55500
to 55900
HTTP web server port
HTTPS web server port
Flash policy port, used for IE9
Mesh Relay Server, WebRTC TURN server
The Platform Manager default port
Mesh agent, console and Intel AMT CIRA port
Web redirection port
Web socket port (IIS7 only)
Intel AMT Hello setup port
UDP direct traffic coordination port
Port Range assigned to the Mesh Relay Server
The best approach is to map the same external port to the internal one, mapping external port 80
to the mesh server’s port 80, etc. Do this for the 7 TCP and 1 UDP port. Ports 843, 9971 and
8081 are rarely used and will only cause some rare usages to not work. Port 8000 is optional- it’s
used for Platform Manager. Port 8080 is critical. Port 8085 is only needed if IIS7 is used. For IIS8
and above, this port is not used and should not be mapped.
3.3 Checking hairpin routing
After getting the router configured with dynamic DNS and ports mapped, you will need to check if
your router support “hairpin routing”.
That is, when traffic within your private network is trying to access the external hostname, the
router must take outbound traffic and “hairpin” back into the private network. Try accessing
9
Meshcentral Server Installation Guide
MeshCentral.com
https://externalhostname:8080 from within your private network. If it works, your router is working
well. If not, you may encounter problems with mesh agents in your private network connecting to
the server since they will be using the external hostname and not be able to reach the server.
4. WebRTC TURN server
Meshcentral comes with a built-in TURN server called Mesh Relay Server. This component is
needed in some cases with WebRTC UDP traffic is being blocked by proxies or symmetric NAT
routers. As long as port 3478 is open on the Mesh server, the Mesh Relay server should
automatically perform relay operations when needed.
5. Uninstalling the server
If you need to uninstall the server, the Mesh Server installer can do that.
If you want to uninstall and reinstall the mesh server, it’s important to note that any Mesh Agent
connection to the existing server will no longer be able to connect to the new server. Even if the
agent is still trying to connect to the right server name and port, the new server’s installed
certificates will be different and connections will be rejected. Reinstalling a mesh server will result
in the need to re-install all Mesh Agents with a new mesh policy file.
To uninstall, run the Mesh Server Installer and in the first menu and check the “Advanced mode”.
This will show many more options, many are used for debugging the installer or to handle
advanced situations not covered here.
10
Meshcentral Server Installation Guide
MeshCentral.com
To uninstall, go in the actions menu, select “Selective Uninstall…”
You can now select what you need and hit “OK”. Generally, if you need to uninstall in order to reinstall the Mesh server again with different options, select everything except the two first options
and hit OK.
6. Trouble Shooting
If any problem occurs during the installation, enter advanced mode in the Mesh Server Installer
and take a screen shot of the log and send it to: ylian.saint-hilaire@intel.com. Many thanks.
11
Meshcentral Server Installation Guide

MeshCentral.com
Remote desktop, terminal, files fails to connect. Everything is working but when trying
to press the “Connect” button the web site for the “Desktop” or other tabs, it fails to
connect. If this happens, try holding the “Shift” key in the browser and press connect
again. If it works, you are likely using IIS7 on the server and web sockets is not working
right. Point your browser to “https://server:8085”, accept the security certificate and go
back and try to connect again. It should work. Using IIS8 or loading the trusted root
certificate for this mesh server in your browser are two ways to fix this for all browsers.
Holding “shift” will also work, but it uses HTTP pooling instead of web sockets which can
be a little slower.
7. Conclusion
Installing a new instance of a mesh server should be relatively easy and provide a rich set of
features for remote cloud management. In this installation, the Platform Manager background
service will keep the software up-to-date when new Meshcentral.com packages are available.
12