The Agilicus Agent Connector can install on an embedded NAS product such as Synology. The devices (usually) have either an Intel or an Arm processor. The instructions are the same for each, but the link is different. The instructions below are for a Synology NAS but will be similar on other devices.
No changes are needed to your firewall. No VPN is needed. You can administer users via their Active Directory or Apple, Google, Linkedin accounts.
The high level steps are:
- Enable SSH on your NAS
- Create a Connector (Agilicus admin interface)
- Download the Connector binary
- Copy Connector binary to NAS (either via SSH/SCP, or via the NAS shared drive/web interface)
- Register (with –noauth-local-webserver)
after this, the Agilicus Agent will be entirely automatic, and controlled via the Agilicus admin interface. You may uninstall it at any time with
agilicus-agent client --uninstall
In order to install the Agilicus Secure Exposed Agent Connector on your Synology NAS, you will first need to enable SSH. We can do this from the Control Panel, select “Terminal & SNMP” under Applications.
Create Agent Connector
First we will create a Connector. This logical endpoint allows reverse inbound connectors to safely occur.
We give the connector a name. This is used for statistics and diagnostics purposes.
You will now be presented with some download instructions. If your NAS is running an Intel processor, use the “Install Agent (for Linux)”. If your NAS is running an ARM processor, use the “Install Agent (for Linux ARM/NAS/Embedded)”. To find out the type of processor, you can see the Synology FAQ.
Once you have selected the type of device you are installing the connector on, you will be presented with a command as below.
First, copy the downloaded binary to your NAS. The example assumes you have copied it to the /tmp directory, e.g. by doing:
scp agilicus-agent-arm nas:/tmp/
You may also copy the binary to the nas by using its web interface or a mount. If you do, the directory might be somewhat different, e.g. if you have a share called ‘banana’, you might have to alter the command line below to be /volume/banana/agilicus-agent-arm.
You will be presented with an HTTP URL which you should open in your browser. This will then cause you to register this agent, locking its permissions. This will end by giving you a code to paste in. At this time you are done, no further configuration or maintenance is necessary.
Once we have run the steps on our nas, we can check the agent is running:
root@ds120:/tmp# initctl status agilicus-agent agilicus-agent start/running, process 26992
Sample First Share
Let’s assume we have a Share existing on our Synology called ‘tmp’. On the filesystem this is in /volume1/tmp. Once we have completed the above steps, we can create a new Share in the Agilicus admin interface (https://admin.YOURDOMAIN).
Next we will be asked for two parameters (web uri path prefix, name). The first will appear in an http path, e.g. if you say “bobcat”, the URI your users will see is https://files.YOURDOMAIN/bobcat. The second is a name which will show up in the audit log. Normally these are the same (unless you have the same share name on multiple hosts).
Now we will indicate the path on the Synology. In our example (The synology has a share called tmp, this will be in /volume1/tmp)
At this stage you will be given the option to test this in the administrative interface, and, your users may navigate to https://profile.MYDOMAIN to get their own mount instructions for their desktops.
Return to Product Configuration
- Geo-Location-Based Access Control
- Time Synchronisation
- Agent Connector Sign-In
- Resources – Overview, Concepts
- Connect to VTScada – Adding a Web Application
- Web Application Security
- Administrative Users
- Define Application: Proxy
- Authorisation rules
- Agent Connector Install: Raspberry Pi
- Linux, FreeBSD, Embedded Agent Connector Install
- Agent Connector Install: Ubiquity EdgeRouter X
- Audit Destinations
- Agent Connector Install: Netgate SG-1100 pfSense
- Identity Group Mapping
- Auto-Create Users From Specific Domain With Google Workplace
- Authentication Audit
- Authentication Issuer
- Microsoft ClickOnce
- Agilicus Agent Windows Cluster
- Usage Metrics
- Service Accounts
- Identity & Authentication Methods
- Content Security Policy
- Sign-In Theming
- Sign in With Apple
- Azure Active Directory
- Sign in With Microsoft
- Agilicus Agent (Desktop)
- Zero-Trust SSH Access
- Theory of Operation: CNAME + DOMAIN
- Zero-Trust Desktop Access
- Command Line API Access
- Multi-Factor Authentication
- Authentication Rules
- Application Request Access
- OpenWRT Agent Connector Install
- Synology Agent Connector Install
- Authentication Clients
- Authentication Rules
- Resource Permissions
- Resource Groups
- Legacy Active Directory