jessikitty/Disco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e1f1973520e8788af61721e74ea1297870b23884
Disco/Disco.Web/Areas/Config/Views/Enrolment/Index.cshtml
T
Gary Sharp e1f1973520 feature: Bootstrapper secure server discovery
2026-01-22 15:26:23 +11:00

319 lines
15 KiB
Plaintext
Raw Blame History

@model Disco.Web.Areas.Config.Models.Enrolment.IndexModel
@{
Authorization.Require(Claims.Config.Enrolment.Show);
var canConfig = Authorization.Has(Claims.Config.Enrolment.Configure);
var canShowStatus = Authorization.Has(Claims.Config.Enrolment.ShowStatus);
ViewBag.Title = Html.ToBreadcrumb("Configuration", MVC.Config.Config.Index(), "Device Enrolment");
Html.BundleDeferred("~/ClientScripts/Modules/Disco-PropertyChangeHelpers");
}
<div class="form" style="width: 530px;">
<table>
<tr>
<th width="130">
Pending Timeout:
</th>
<td>
@if (canConfig)
{
@Html.TextBoxFor(model => model.PendingTimeoutMinutes, new { type = "number", min = "1" })
@AjaxHelpers.AjaxSave()
@AjaxHelpers.AjaxLoader()
<span> minutes <span class="smallText">(default: 30)</span></span>
<script type="text/javascript">
$(function () {
document.DiscoFunctions.PropertyChangeHelper(
$('#PendingTimeoutMinutes'),
'Pending Timeout',
'@(Url.Action(MVC.API.Enrolment.PendingTimeoutMinutes()))',
'PendingTimeoutMinutes'
);
});
</script>
}
else
{
@TimeSpan.FromMinutes(Model.PendingTimeoutMinutes)
}
</td>
</tr>
<tr>
<td colspan="2">
<span class="smallText">
If a device enrolment is not automatically approved it will remain pending until the timeout is reached.
Pending enrolments can be approved manually from the Enrolment Status page.
</span>
</td>
</tr>
</table>
</div>
<div class="form" style="width: 530px; margin-top: 15px">
<h2>Apple Mac Secure Enroll</h2>
<table>
<tr>
<th width="130">
Username:
</th>
<td>
@if (canConfig)
{
@Html.TextBoxFor(model => model.MacSshUsername)
@AjaxHelpers.AjaxSave()
@AjaxHelpers.AjaxLoader()
<script type="text/javascript">
$(function () {
document.DiscoFunctions.PropertyChangeHelper(
$('#MacSshUsername'),
'Username',
'@(Url.Action(MVC.API.Enrolment.MacSshUsername()))',
'MacSshUsername'
);
});
</script>
}
else
{
if (string.IsNullOrEmpty(Model.MacSshUsername))
{
<span class="smallMessage">&lt;None Specified&gt;</span>
}
else
{
@Model.MacSshUsername
}
}
</td>
</tr>
<tr>
<th width="130">
Password:
</th>
<td>
@if (canConfig)
{
<input id="MacSshPassword" type="password" />
@AjaxHelpers.AjaxSave()
@AjaxHelpers.AjaxLoader()
<script type="text/javascript">
$(function () {
document.DiscoFunctions.PropertyChangeHelper(
$('#MacSshPassword'),
'Password',
'@(Url.Action(MVC.API.Enrolment.MacSshPassword()))',
'MacSshPassword'
);
});
</script>
}
else
{
<text>********</text>
}
</td>
</tr>
<tr>
<td colspan="2">
<span class="smallText">
<strong>Instructions:</strong> The above credentials must be
able to connect to the requesting Apple Mac client via <a target="_blank" href="http://en.wikipedia.org/wiki/Secure_Shell">SSH</a>. Enter/Script the following command:
</span>
<div class="code">
curl&nbsp;<a target="_blank" href="@Model.MacEnrolUrl">@Model.MacEnrolUrl</a>
</div>
<span class="smallText">This url will return a <a target="_blank" href="http://json.org/">JSON</a> response containing basic information about the enrolment.</span><br />
<span class="smallMessage">
This command makes use of <a target="_blank" href="http://curl.haxx.se/">cURL</a> (bundled with OSX). Other methods can also trigger a Mac Secure Enroll,
such as an anchor (<span class="code">&lt;a&gt;</span>) or <span class="code">&lt;script&gt;</span>
tag embedded on the organisation's intranet.
</span>
</td>
</tr>
</table>
</div>
<div class="form" style="width: 530px; margin-top: 15px">
<h2>Bootstrapper Server Discovery</h2>
<table>
<tr>
<td>
<div>
The Disco ICT
@if (Authorization.Has(Claims.Config.Enrolment.DownloadBootstrapper))
{
@Html.ActionLink("Bootstrapper", MVC.Services.Client.Bootstrapper())
}
else
{
<text>Bootstrapper</text>
}
is used to enrol devices. It is strongly recommended that HTTPS be used for all communication.
the
The @Html.ActionLink("Hosting", Model.HostingPluginInstalled ? MVC.Config.Plugins.Configure("Hosting") : MVC.Config.Plugins.Install())
plugin can be used to automate deployment of HTTPS certificates.
</div>
<div>
The Bootstrapper discovers the server using the first successful method (in order):
</div>
<ol>
<li>
<h5>Manually Specified</h5>
<div>
The server url can be specified at the command line. The url must use HTTPS. For example:
</div>
<div class="code">Disco.ClientBootstrapper.exe https://@Request.Url.Authority</div>
</li>
<li>
<h5>DNS Service Location (SRV) Record</h5>
Expected Record Name: <strong><code>@Model.DnsSrvRecordName</code></strong>
@if (Model.IsServicesEducationVicGovAuDomain)
{
<div class="smallText">
This mechanism is not supported in the shared education.vic.gov.au domain and can be ignored.
</div>
}
else
{
if (Model.DnsSrvRecordValue == null)
{
<div class="info-box">
<span class="error">
No Service Location (SRV) record found.
</span>
@if (Request.IsSecureConnection)
{
<span>
Please create a DNS Service Location (SRV) record:
</span>
<table class="none">
<tr>
<th>Service:</th>
<td><code>_discoict</code></td>
</tr>
<tr>
<th>Protocol:</th>
<td><code>_tcp</code></td>
</tr>
<tr>
<th>Priority:</th>
<td><code>0</code></td>
</tr>
<tr>
<th>Weight:</th>
<td><code>0</code></td>
</tr>
<tr>
<th>Port:</th>
<td><code>@Request.Url.Port</code></td>
</tr>
<tr>
<th>Host offering this service:</th>
<td><code>@Request.Url.Host</code></td>
</tr>
</table>
}
else
{
<div>
Please configure and connect with HTTPS.
<span>
You can enable HTTPS automation using the
@Html.ActionLink("Hosting", Model.HostingPluginInstalled ? MVC.Config.Plugins.Configure("Hosting") : MVC.Config.Plugins.Install())
plugin.
</span>
</div>
}
</div>
}
else
{
<div>
Value: <strong><code>https://@Model.DnsSrvRecordValue</code></strong>
@if (Request.IsSecureConnection && !string.Equals(Model.DnsSrvRecordValue, Request.Url.Authority, StringComparison.OrdinalIgnoreCase))
{
<div class="info-box error">
<i class="fa fa-exclamation"></i> The Service Location (SRV) record does not match the way you are currently accessing the server: <code>@Request.Url.Authority</code>.
</div>
}
</div>
}
}
</li>
@if (Model.IsVicSmartDeployment)
{
<li>
<h5>Victorian Government Schools VicSmart Discovery</h5>
If the Bootstrapper detects it is running inside the VicSmart network, it will query Online Services for the Disco ICT server address based on the subnets assigned to each school.
This is configured in the @Html.ActionLink("Hosting", Model.HostingPluginInstalled ? MVC.Config.Plugins.Configure("Hosting") : MVC.Config.Plugins.Install())
plugin.
</li>
}
<li>
<h5>Legacy Discovery</h5>
<div>
The Bootstrapper will attempt to send an ICMP ping to &quot;<code>disco</code>&quot;. If the ping is successful, it will attempt to connect to <code>http://disco:9292/</code>.
</div>
<div>
@if (canConfig)
{
<input id="Enrolment_LegacyDiscovery" type="checkbox" @(Model.LegacyDiscoveryEnabled ? "checked" : null) />
<script type="text/javascript">
$(function () {
document.DiscoFunctions.PropertyChangeHelper(
$('#Enrolment_LegacyDiscovery'),
null,
'@Url.Action(MVC.API.Enrolment.LegacyDiscovery())',
'enabled'
);
});
</script>
}
else
{
<input id="Enrolment_LegacyDiscovery" type="checkbox" @(Model.LegacyDiscoveryEnabled ? "checked" : null) disabled="disabled" />
}
<label for="Enrolment_LegacyDiscovery">
Legacy Discovery Enabled
</label>
@AjaxHelpers.AjaxLoader()
</div>
@if ((Model.IsServicesEducationVicGovAuDomain || Model.DnsSrvRecordValue != null) && Model.LegacyDiscoveryEnabled)
{
<div class="info-box error">
<i class="fa fa-exclamation-triangle"></i>
It is not recommended to have Legacy Discovery enabled. Please use the latest Bootstrapper and disable this option.
</div>
}
<div>
This method is not secure and is only provided for backwards compatibility. In time this method will be removed.
</div>
</li>
</ol>
</td>
</tr>
</table>
</div>
@if (canShowStatus && Authorization.Has(Claims.Config.Logging.Show))
{
<h2>Live Enrolment Logging</h2>
@Html.Partial(MVC.Config.Shared.Views.LogEvents, new Disco.Web.Areas.Config.Models.Shared.LogEventsModel()
{
IsLive = true,
TakeFilter = 100,
StartFilter = DateTime.Today.AddDays(-1),
ModuleFilter = Disco.Services.Devices.Enrolment.EnrolmentLog.Current,
ViewPortHeight = 250
})
}
<div class="actionBar">
@if (Authorization.Has(Claims.Config.Enrolment.DownloadBootstrapper))
{
@Html.ActionLinkButton("Download Bootstrapper", MVC.Services.Client.Bootstrapper())
}
@if (canShowStatus)
{
@Html.ActionLinkButton("Enrolment Status", MVC.Config.Enrolment.Status())
}
</div>
Reference in New Issue View Git Blame Copy Permalink