The Advanced (Custom) method of installing the Workspace ONE Assist server for on-premises environments is a multiple phase process. The Advanced (Custom) installation features advanced options such as multiple servers to accommodate high availability and horizontal scaling. This installation allows for individual Assist components to be installed on separate servers which allow achieving the horizontal scaling.

Take the following steps and install Workspace ONE Assist with its advanced (custom) configuration.

Procedure

  1. Download, extract, and save the Workspace ONE Assist installer into a temporary directory on the Core, Application, and Portal (CAP) server. You can download the installer from the repository at https://my.workspaceone.com.
  2. Right-click the installer file, and select Run as administrator.
  3. At the Welcome screen, select Next.
  4. Enter the directory where you want to install the Workspace ONE Assist application and select Install.
    The default installation directory can be customized to any location on the server.
  5. Select Advanced Installation (Custom) and then select Next.
  6. Select all components for installation on the server.
    • Database
    • Core Services
    • Portal Services
    • Application Services
  7. Select Next.
  8. Configure the Database settings. Select Connect to existing SQL Server and complete the following settings.
    Setting Description
    SQL Server Name Enter the database server hostname.
    Authentication Select the database account authentication. The authentication can be either Windows Authentication or SQL Authentication.
    User name Enter the user name of the database account. This user name is used by the installer to create all the databases required to install Workspace ONE Assist.
    Password Enter the password of the database account.
    Note: When making user names and passwords, do not use the following special characters:
    • Ampersand - &
    • Less Than - <
    • Greater Than - >
    • Single Quote - '
    • Double Quotes - "
    • Semicolon - ;
  9. Select the ...More button and complete the Database Advanced Settings.
    Important: If you are upgrading an existing installation, you must reenter your user name passwords. You must also reenter the paths of your MDF, LDF, and NDF file locations.
    Note: When making user names and passwords, do not use the following special characters:
    • Ampersand - &
    • Less Than - <
    • Greater Than - >
    • Single Quote - '
    • Double Quotes - "
    • Semicolon - ;
    Setting Description
    DB Owner User name/ Password

    Set the user name and password for the Workspace ONE Assist database owner SQL account. This account does not have system-wide permissions. The account only has permissions within the Workspace ONE Assist databases.

    This user name is apadminuser.

    DB Application User name/ Password

    Set the user name and password for the Workspace ONE Assist database application account.

    This user name is apdbuser.

    MDF Path Enter the path of the primary data file (MDF).
    LDF Path Enter the path of the transaction log file (LDF).
    NDF Path Enter the path of the secondary data file (NDF).
  10. Select Save followed by Next.
  11. Configure the Portal settings.
    Setting Description
    Tenant FQDN Enter the server fully qualified domain name. For example, "rmstage01.awmdm.com"
    SSL Certificate

    Select the folder icon and browse for the SSL Certificate already installed. For details, see Install an SSL Certificate.

    SQL Server Name Enter the database server hostname from the previous step.
    Apply Default Settings. Enable this check box to pre-populate the additional settings Enrollment Certificate, T10 Certificate, and License.
    Apply Default Enrollment Certificate If required, select a different Enrollment Certificate provided by the Assist support team.
    Apply Default T10 Certificate Deselect this check box and select the folder button to browse for and load the T10 certificate.
  12. Select the ...More button and complete the Custom Portal Advanced Settings.
    Important: If you are using port numbers other than the defaults referenced in Network and Security Requirements, you must enter these non-default port numbers here.
    Setting Description
    DB Application User name/ Password

    Enter the user name and password for the Workspace ONE Assist database application account.

    This user name is apdbuser.

    HTTP Port Enter the internal HTTP port used by portal services. The default is 80 but you can enter an alternate port number, such as 8080.
    IIS Site Binding IP Address Defines from which interfaces/IP addresses portal services can be reached. By default, the setting is ‘All Unassigned’ to enable all interfaces/IPs.
    HTTPS Port Enter the HTTPS port number. The default is 443 but you can enter your preferred port number.
    SSL Enable Enables SSL/TLS protocol for portal services. By default, this check box is enabled so that the portal services use SSL/TLS. Leave this check box enabled.

    T10 user name

    And

    Auto Generated

    Defines T10 API user for connectivity between AirWatch portal and Workspace ONE Assist system. By default, if ‘Auto Generated’ check box is enabled, the installer assigns a random user name to be created locally on the server. Leave this text box defaulted and the check box enabled for the Installer to create the T10 API user. If you want to define the user, disable the check box and type in the T10 user name you want to use.
  13. Select Save followed by Next.
  14. Review your selections at the Selected Components screen, then select Install and wait for the installer to complete. Once the installer has finished, select Next.
  15. Ensure that the check box Execute Resource Pack is selected and select the Finish button.
  16. Download, extract, and save the Workspace ONE Assist installer into a temporary directory on the Connection Proctor (CP) server, right-click the installer file, and select Run as administrator.
  17. At the Welcome screen, select Next.
  18. Enter the directory where you want to install the Workspace ONE Assist application and select Install.
    The default installation directory can be customized to any location on the server.
  19. Select Advanced Installation (Custom) and then select Next.
  20. Select the 'Connection Proctor' component for installation on the server.
  21. Configure the Connection Proctor settings.
    Important: If you are using port numbers other than the defaults referenced in Network and Security Requirements, you must enter these non-default port numbers here.
    Setting Description
    Connection Proctor FQDN Defines the Fully Qualified Domain Name (FQDN) on which CP services can be reached. Enter in the FQDN, which must be the same as the FQDN assigned for portal services.
    Port

    Enter the port number for CP services. The default is 443 in multiple server environments but you can enter your preferred port number.

    Whatever port you select, ensure that network/security teams use this port when assigning translation rules from the firewall/router to the Workspace ONE Assist Server for CP services.

    SSL Certificate

    Select the folder icon and browse for the SSL Certificate already installed. For details, see Install an SSL Certificate.

    SAN (subject alternative name) certificates are supported. The implementation of SAN certificates depends upon your server arrangement.

    • The SAN certificate must have an FQDN defined for each connection proctor server and Workspace ONE Assist server.
      • For example, presume you have 2 connection proctor servers and 2 Workspace ONE Assist servers. The 2 Workspace ONE Assist servers host portal services, which require TLS/SSL traffic terminated at the load balancer. The FQDN for the SAN certificate must reflect the fully qualified domain name, for instance, "rmstage01.awmdm.com".
      • Meanwhile, for each of the 2 CP servers, TLS/SSL traffic terminates at the connection proctor, and therefore, you must have 2 FQDNs defined in the SAN certificate, for instance, "rmstage01.awmdm.com' and "rmstage02.awmdm.com'.
    SQL Server Name Enter the database server hostname from the previous step.
    Apply Default Settings. Enable this check box to pre-populate the additional setting Enrollment Certificate.
    Apply Default Enrollment Certificate If required, select a different Enrollment Certificate provided by the Assist support team.
  22. Select the ...More button and complete the Custom Connection Proctor Advanced Settings.
    Important: If you are using port numbers other than the defaults referenced in Network and Security Requirements, you must enter the non-default port numbers here.
    Setting Description
    DB Application User name / Password

    Enter the user name and password for the Workspace ONE Assist database application account.

    This user name is apdbuser.

    CP Internal IP Address/Port

    Defines from which internal IP addresses the connection proctor can be reached. By default, the setting is ‘All Unassigned’ to enable all addresses.

    Enter the port number for the Connection Proctor component. The default is 8443 but you can enter your preferred port number.

    Forward Lookup Zone

    Under the CP Internal IP Address/Port drop-down menu, enable this check box and enter your forward lookup zone here. You can also enter a custom lookup zone.

    The Forward Lookup Zone setting is optional in a multi-server environment.

  23. Select Save followed by Next.
  24. At the Selected Components screen, review your selections. Once you have verified your configuration, select Install.

What to do next

Proceed to Configure Workspace ONE UEM Console with Assist On-Premises.