Configuring SOTI Cloud Link Broker

Before you begin

Ensure you have access to the SOTI Connect web console.
Verify that you have Administrator rights on the VM.
Make sure PowerShell execution policies allow running scripts.

About this task

This procedure describes how to configure the SOTI Cloud Link Broker for integration with SOTI Connect.

Procedure

From the SOTI Connect web console, navigate to Global Settings > Services > Cloud Link.
On to the Broker tab, select Download Certificate to download the Token Signature certificate file (connect-token-validation-cert.pem).
Move the certificate file to C:\IOT\certs.
For Azure environments:
- Set GRPC_DNS_RESOLVER to native in the System Environment.
- Change Idle Timeout to 30 minutes (default is 4 minutes).
Open Manage Computer Certificates and navigate to Personal > Certificates Store and make sure the certificate is valid.
Note:
- Ensure there is at least one certificate issued to either the FQDN of the VM, or the wildcard domain otherwise broker may select the wrong certificate.
- This certificate is used as the SSL certificate for SOTI Cloud Link Broker and must be trusted on the SOTI Cloud Link Agent and SOTI Connect VM (if they are on different machines).
- Certificates issued by GoDaddy are already trusted on other VMs.
Download the Soti.CloudLink.Broker installer file (.nupkg) here.
Extract the *.nupkg file, then rename it to *.zip, and extract again.
Open PowerShell as Administrator and navigate to the extracted folder.
Run the following command:
```
Import-Module '.\Soti.CloudLink.Broker.Installer.psm1'
```
This script checks for required dependencies. Install any missing dependencies if prompted.
Troubleshooting: If a 'File is not digitally signed' error occurs, run the following command and try again: Set-ExecutionPolicy -ExecutionPolicy bypass -Scope process.
Run Install-ConnectCloudLinkBroker to install the broker.
- For initial installation, enter No to configure from scratch.
- For subsequent installations, enter Yes to reuse existing configuration.

Provide configuration details when prompted:


Broker Hostname	Enter the FQDN of the VM.
Discovery Service	Enter `0`.
Authority URL	Enter `https://+:5596`.
Audience	Leave blank.
Token Signature Certificate	Enter `C:\IOT\certs\connect-token-validation-cert.pem`.
Token Signature Certificate Password	Enter `123` (required but not used elsewhere).
Kestrel Endpoint Certificate Subject	If certificate is issued to the wildcard domain, use that. If certificate is issued to the FQDN, enter the FQDN.

Verify installation is successful. The message Cloud Link Broker successfully installed and running. confirms success.

For SOTI Connect integration, run the following PowerShell command:

Non-Azure environment:

Import-Module ".\Binaries\Soti.CloudLink.Broker.Administration\Soti.CloudLink.Broker.Administration.dll" &&
Set-CloudLinkConfiguration "C:\Program Files\SOTI\Soti.CloudLink.Broker\appsettings.json" 'DiscoveryServiceConfiguration:Enabled' $false &&
Set-CloudLinkConfiguration "C:\Program Files\SOTI\Soti.CloudLink.Broker\appsettings.json" &&
Restart-Service -Name "SOTI Cloud Link Broker"

Azure environment:

Import-Module ".\Binaries\Soti.CloudLink.Broker.Administration\Soti.CloudLink.Broker.Administration.dll" &&
Set-CloudLinkConfiguration "C:\Program Files\SOTI\Soti.CloudLink.Broker\appsettings.json" 'DiscoveryServiceConfiguration:Enabled' $false &&
Set-CloudLinkConfiguration "C:\Program Files\SOTI\Soti.CloudLink.Broker\appsettings.json" 'ProxyConfiguration:ConnectionBlockingDisabled' $true &&
Restart-Service -Name "SOTI Cloud Link Broker"

From the SOTI Connect web console, navigate to Global Settings > Services > Cloud Link > Broker Tab, then select Add.
Enter the SOTI Cloud Link Broker URL.

Results

The SOTI Cloud Link Broker is successfully configured and ready for use with SOTI Connect.

What to do next

Configure the SOTI Cloud Link Agent to establish full integration. See Configuring SOTI Cloud Link Agent for details.