07 Nov 2016

Install CloudPanel

System Requirements

Below are the system requirements in order for CloudPanel to operate correctly:

CloudPanel places all reseller and company objects inside a “Hosting” organizational unit that you create. This organizational unit can be located wherever you would like and be named whatever you want.

  • Create a new organizational unit (or use existing one) in any location that you want to store all reseller and company objects which include users, contacts, groups, and more. This will be referred to as the “hosting organizational unit”.
  • Create a new organizational unit called Applications inside your hosting organizational unit.
  • Inside the Hosting organizational unit create two security groups named exactly: AllTSUsers@Hosting and GPOAccess@Hosting

Prepare Microsoft Exchange

CloudPanel uses Address Book Policies to keep your customers information separate from each other. Address Book Policies were created in Exchange 2010 SP2 and is Microsoft’s new way of providing a multi-tenant environment for Exchange server. There are some things that they left out that could still expose information between tenants.

Secure the Offline Address Book

The following two commands should be run once per Exchange installation to remove the MS-Exch-Download-OAB extended right from the root OAB container. This prevents all subsequently created OABs from inheriting this extended right.

Each of the following examples assumes the domain being used by the hoster is called fabrikam.com, you need to change the examples shown below to refer to your own deployment.

Hide the “Groups” section in OWA (Exchange 2010/2013)

Note: This is not needed for Exchange 2016, however you will need to modify the Role Assignment in CloudPanel under the Advanced section on the Exchange tab in the CloudPanel settings.

 

By default users will be able to see other company’s distribution groups when they are logging into the web interface. To resolve this we either need create an alternate role or modify what features are in this role. To begin open the Exchange Management Shell and enter the follow commands (make sure you Exchange environment is fully patched):

Mailtips

Mailtips are included with Exchange but can expose information between customers. We can’t simply disable Mailtips because the users will see an error in Outlook saying something about mailtips are disabled. Most likely you will get called about this. To resolve it we simple tell Exchange not to trigger Mailtips unless they are emailing a mass amount of people (which you set this number higher than what you would allow a user to email):

Enable Basic Authentication on Powershell Virtual Directory

If you are planning on setting CloudPanel to use Basic Authentication (recommended) instead of Kerberos when calling powershell commands on Exchange then you must enable Basic Authentication on the powershell virtual directory. You only need to do this on the Exchange server you are configuring CloudPanel to communicate with.

Also make sure you are enabling basic authentication using ECP / EAC and not directly on IIS.

Sometimes new updates to Exchange can cause this setting to reset.

Install CloudPanel

Installing CloudPanel is easy! Just simply run the installer on Windows Server 2008 R2 or later and provide the information the installer requests.

CloudPanel uses Microsoft SQL to store the environment configuration and information. The full version of SQL is not required and you can use SQL Express 2008 R2 or later.

When you install CloudPanel it will create a new database for you based on the information you provide the installer if the database does not exist. Prior to CloudPanel 3.1 the installer handled updating the database but with version 3.1 or later the application will automatically update the database schema when it first loads.

Note:

The CloudPanel installer should make an IIS AppPool called CloudPanel. The name of the AppPool is not hard coded but whatever AppPool you assign to the CloudPanel virtual directory needs to be running ASP.NET 4.0 and have the IDENTITY set to a domain user that has rights to Exchange (Organization Management)

Configure CloudPanel

The first thing you need to do after installing CloudPanel is update the database and configure the settings. To do this you need to open a browser that is installed on the SAME server that CloudPanel is and browse to: http://localhost/CloudPanel/admin/settings. If you are using host headers then you may need to temporarily remove the host headers to access this page without having to login (because you can’t login during the first install or after each update).

Once you access the settings page you need to go to the Database Updates tab and select “Update Database”:

update-database

After updating the database you should receive a success notification and can proceed to configuring the settings to match you environment.