Difference between revisions of "Setting up a new sub-provider"

Prerequisites and information

IMPORTANT: Before setting up a new subprovider, please read the generic article about subproviders: Subprovider

Network

1. You need a new public IPv4 IP address for a subprovider.
2. If the regify provider is directly connected to the internet
   • Enter the public IP to the regify provider appliance
3. If the regify provider is behind a firewall / NAT router / Loadbalancer
   • The public IP must be configured to route to your regify provider software appliance or load-balancer (depending on your configuration).
   • Internal routing IP address must be added into the provider appliance menu.
4. A new DNS A-record must be made to route your new domain (like subprovider.company.com) to the new public IP address.
5. If your provider appliance runs with its own MTA settings (one setting for all (sub)provider instances), you will also need a reverse DNS entry for email to make it work. Also, SPF records may be needed.

Certificate

How to buy a SSL certificate for the subprovider domain:

1. Whilst setting up the new subprovider in your appliance menu, a new certificate is generated.
2. You can display the signing request by choosing "Show Cert Request" in the appliance menu. Fill in the fields.
3. Copy and use the signing request to order your certificate.
4. If received, collect the certificate and all intermediate certificates in a text editor.
5. Import certificate using "Import Cert & Optionally Key" from appliance menu and past text editor content.
6. Check correct certificate chain here at digicert (maybe only possible after you finished setup).

Setting up the subprovider

Please ensure that all prerequisites are fulfilled. Now follow these steps:

Setting up in appliance menu

1. Enter appliance menu and chose "Network..." -> "Add IP" to add the public IP address (if not yet done).
2. Enter "Provider..." -> "Add subprovider" option.
3. Choose the IP address added (internal address if behind firewall, router or load-balancer).
4. Enter the server name of the new subprovider and answer all questions asked by the system.
5. Select "Edit Subprovider..." in the appliance menu and chose the added subprovider from the menu.
6. Import the SSL certificate using "Import Cert & Optionally key" from the appliance menu (not needed if the load balancer holds the certificates).
7. If the provider system is running a cross-master replication, ensure that you also configure the other system in the same manner.

Setting up in web administration

After setting up the system in the appliance menu (on all systems), you can continue with the setup by using the web administration

1. Login to the web administration of the main provider as a master admin and select "Manage subproviders". The new subprovider should appear in the list of subproviders.
2. Selecting the new subprovider in the list of subproviders allows you to edit the settings in the lower area "Edit provider settings".
3. Complete the settings of the new subprovider and finish it by clicking "Save changes".

Admin-Account and Customization

Once the subprovider has been successfully created, you need an administrator user for this subprovider to edit and do customization:

1. New admin signs up for a regify account on the new subprovider.
2. Activate from the email and note your password.
3. Login to main(!) provider administration -> "Manage subproviders" (with existing main(!) provider admin account).
4. Go to "Manage subproviders".
5. Select the subprovider in the list to add the admin user to.
6. Click on "Manage portal administration roles" in the "Common" tab below.
7. Enter the new user as "Subprovider Admin" (you can user the "..." button to search the user ID).
8. Log-out from administration screen.
9. The new admin now can log-in to https://subprovider-domain/ADMINISTRATION

ToDo's

When the new admin logs into the web administration function, he / she will see some ToDo's. Please follow these to make sure that everything is set up correctly. Do not click on "Done" if all tasks are not really done.

Delete a subprovider

In order to delete a subprovider, it must be emptied of all data. Thus, not a single user will be assigned to this subprovider anymore. The first step is usually to export/import all users to some other system or moved to another subprovider.

Finally, this leaves only admin accounts. Please follow these steps to get rid of the subprovider's admin users:

1. You first have to enter the main provider administration portal in the "master" admin role and remove any admin roles for the affected subprovider except the one for the last and final administrator of the subprovider.
2. Now, log-in with this last admin user name to the subprovider administration screen.
3. Enter "Manage user" and do a simple search. Only the single admin should come up now (you). You cannot delete this account, because it is still an admin!
4. Select "Action" - "Change the user data"
5. On the bottom of the dialogue box, please switch the "Subprovider" to the main provider domain and click on "Save changes".
6. Now, please close the window, go back to main page and log out.
7. Now, you have to enter the main provider administration portal in the "master" admin role and finally remove the admin role for the affected subprovider. The "Master" role of the main provider admin stays here and does not get deleted.

Finally, the subprovider can be deleted by the SSH appliance menu.