Synology Agent Connector Install

Overview

The Agilicus Agent Connector can install on an embedded NAS product such as Synology. The devices (usually) have either an Intel or an Arm processor. The instructions are the same for each, but the link is different. The instructions below are for a Synology NAS but will be similar on other devices.

No changes are needed to your firewall. No VPN is needed. You can administer users via their Active Directory or Apple, Google, Linkedin accounts.

The high level steps are:

  1. Enable SSH on your NAS
  2. Create a Connector (Agilicus admin interface)
  3. Download the Connector binary
  4. Copy Connector binary to NAS (either via SSH/SCP, or via the NAS shared drive/web interface)
  5. Register (with –noauth-local-webserver)

after this, the Agilicus Agent will be entirely automatic, and controlled via the Agilicus admin interface. You may uninstall it at any time with

agilicus-agent client --uninstall

Enable SSH

In order to install the Agilicus Secure Exposed Agent Connector on your Synology NAS, you will first need to enable SSH. We can do this from the Control Panel, select “Terminal & SNMP” under Applications.

Synology SSH Enable

Create Agent Connector

First we will create a Connector. This logical endpoint allows reverse inbound connectors to safely occur.

New Agent Connector

We give the connector a name. This is used for statistics and diagnostics purposes.

You will now be presented with some download instructions. If your NAS is running an Intel processor, use the “Install Agent (for Linux)”. If your NAS is running an ARM processor, use the “Install Agent (for Linux ARM/NAS/Embedded)”. To find out the type of processor, you can see the Synology FAQ.

Agent Connector Download

Once you have selected the type of device you are installing the connector on, you will be presented with a command as below.

First, copy the downloaded binary to your NAS. The example assumes you have copied it to the /tmp directory, e.g. by doing:

scp agilicus-agent-arm nas:/tmp/

You may also copy the binary to the nas by using its web interface or a mount. If you do, the directory might be somewhat different, e.g. if you have a share called ‘banana’, you might have to alter the command line below to be /volume/banana/agilicus-agent-arm.

You will be presented with an HTTP URL which you should open in your browser. This will then cause you to register this agent, locking its permissions. This will end by giving you a code to paste in. At this time you are done, no further configuration or maintenance is necessary.

Agent Connector Download

Once we have run the steps on our nas, we can check the agent is running:

root@ds120:/tmp# initctl status agilicus-agent     
agilicus-agent start/running, process 26992

Sample First Share

Let’s assume we have a Share existing on our Synology called ‘tmp’. On the filesystem this is in /volume1/tmp. Once we have completed the above steps, we can create a new Share in the Agilicus admin interface (https://admin.YOURDOMAIN).

Next we will be asked for two parameters (web uri path prefix, name). The first will appear in an http path, e.g. if you say “bobcat”, the URI your users will see is https://files.YOURDOMAIN/bobcat. The second is a name which will show up in the audit log. Normally these are the same (unless you have the same share name on multiple hosts).

Share Name

Now we will indicate the path on the Synology. In our example (The synology has a share called tmp, this will be in /volume1/tmp)

Share Path

At this stage you will be given the option to test this in the administrative interface, and, your users may navigate to https://profile.MYDOMAIN to get their own mount instructions for their desktops.