Install the Endpoint Security Manager Server Software

To install the Endpoint Security Manager (ESM) Server software:
  1. Before you begin:
  2. Initiate the ESM Server software installation. You can also install the ESM Server using Msiexec (see Install Traps Components Using Windows Msiexec).
    1. Double click the
      ESMCore
      installation file.
    2. Click
      Next
      to begin the setup process.
    3. On the End User License Agreement dialog, select the
      I accept the terms in the License Agreement
      check box and then click
      Next
      .
    4. Keep the default installation folder or click
      Change
      to specify a different installation folder and then click
      Next
      .
  3. Specify the security level for communication between the ESM Server and the Traps agents.
    To encrypt communication over SSL, use a server-client certificate file (PFX format) and supply the password for decrypting the private key.
    1. Specify the
      ESM Server port
      to use for access to the server or keep the default setting (2125).
    2. Select the certificate configuration method:
      • External Certificate (SSL)
        —Encrypt communication between the server and the agents over SSL (default). Then
        Browse
        to the server-client certificate and enter the password required to decrypt the private key.
      • No Certificate (no SSL)
        —Do not encrypt communication between the server and the agents (
        not recommended
        ).
    3. Click
      Next
      .
  4. Configure the settings that enable communication between the ESM Server and the database.
    To set up access to the database, you must specify the authentication method and a user that has administrative privileges to administer the database. The username (and password) that you enter depend on the type of authentication method that you select: either Windows authentication (
    recommended
    ) or SQL server authentication.
    1. Enter the fully qualified domain name or IP address of the database
      Server Name
      . If your SQL Server uses an instance other than the default, you must also include the instance name in the format
      <servername>\<instance>
      .
    2. Enter the name of the
      Database Name
      .
    3. Select the method of authentication and enter the account credentials. This account must also be added as a database owner on the database server (for more information, see Configure the MS-SQL Server Database).
      • Use Windows Authentication
        to authenticate using a Windows domain user account that has privileges to administer the database server and enter the
        Domain\User
        (for example,
        mydomain\administrator
        ) and
        Password
        .
      • Use SQL Server Authentication
        to authenticate using a local user that has privileges to administer the database and enter the
        Login
        and
        Password
        .
    4. To enable secure communication between the ESM Server and the database using TLS/SSL 1.2:
      1. Select
        Secure DB Connection (SSL)
        . This option enables the ESM Server to encrypt communication between the ESM Server and the database.
      2. For even stricter security, select the option to
        Validate SQL Server Certificate Signer
        . This enables the ESM Server to validate that the certificate the database presents matches a specific certificate. For validation to succeed, you must import the database certificate into
        Trusted Root Certification Authorities
        .
      Secure communication between the ESM Server and the database is supported with only SQL Server Enterprise or SQL Server Standard.
    5. Click
      Next
      .
      If one or more ESM Servers already connect to the database, the installer prompts you to join the database cluster of ESM Servers. If you select
      Yes
      , the installer obtains the remaining installation settings from the database. Skip to step 7 to complete the installation.
  5. Set the password to uninstall the Traps software.
    1. Enter and then confirm an uninstall password, which must be eight characters or more. You will be prompted for this password any time you or a user tries to uninstall Traps software.
      After installing the ESM Server software, you can Change the Uninstall Password at a later date by creating an agent settings rule using the ESM Console.
    2. Click
      Next
      .
  6. Import the Traps license. If you choose not provide a Traps license during installation, you will have read-only access to the ESM Console until you add a valid Traps license.
    1. Browse
      to the license file and then click
      Open
      . If you do not have a license, contact your Account Manager, reseller, or go to https://support.paloaltonetworks.com.
      The installer displays license details for the license file.
    2. Click
      Next
      .
  7. Complete the installation.
    1. Click
      Install
      .
    2. When the installation is complete, click
      Finish
      .

Recommended For You