The Expel Assembler enables you to create a secure VPN connection so that we can access your security devices. We’ve packaged it as a virtual machine. If you install virtual machine images regularly, this should be pretty straightforward. If not, now’s your chance to phone a friend.
Here’s how you download it and get your applications connected:
- Do you need an Assembler?
- Download the Assembler image from Expel Workbench.
- Register the Assembler in Workbench.
- Deploy the Assembler virtual machine in your network.
- Activate the Assembler via the virtual machine console.
- Authorize the Assembler in Workbench.
Do you need an Assembler?
The Expel Assembler is only needed if a security device you want to connect to Expel is on an internal network to your company. If Expel can connect directly to the security device, you don’t need an Assembler at all! Just go right to adding the security device in Workbench.
Things you’ll need to get started
Before you get going, you need 2 things.
- A place to run the Expel Assembler virtual machine. We work with VMware or Hyper V for on-prem environments and AWS or Microsoft Azure for cloud environments. The Assembler needs the following resources available:
- 4 virtual CPUs
- 8 GB RAM
- 100 GB disk space
- The Assembler virtual machine must be able to connect to the following network resources:
- Our VPN servers:
Host Ports provisionvpn.opsv2.expel.io TCP 443 or TCP 8099 servicevpn.opsv2.expel.io
- The security devices you want to connect to the Expel Assembler. Search this knowledge base for documentation on each security device.
- Your DHCP server, unless you decide to assign a static IP to the Assembler.
- Your DNS server.
- Our VPN servers:
If your network is segmented, you may need to deploy multiple Assemblers. If you have any questions about how many Assemblers to install, let us know and we’ll recommend the best approach for your environment.
Download the Assembler image
Note: If you are deploying the assembler image in Amazon Web Services (AWS), then skip this section and go to Register the Assembler in the Expel Workbench.
- In the Expel Workbench, click Settings in the top navigation bar.
- Click Assemblers in the left navigation panel.
- Click the Download installer icon.
- Click the installer link for your preferred virtualization technology.
- Note the hash of the file downloaded for error checking in Step 7.
- Now’s a good time to grab a cup of coffee because it’ll take a few minutes to download.
- After the download completes, verify that a hash of the file downloaded matches the data shown in Expel Workbench. The table below shows how you can do this for the 3 main operating systems. Note: This is an important step because it confirms that your download is complete and that no one has tampered with the image.
- If the hash matches, continue to Register the Assembler in Expel Workbench.
- If the hash doesn't match, download it again and re-check the hash.
- If the hash still doesn’t match after the second time, something’s not right. In that case, contact your Expel Engagement Manager or customer success engineer in Slack or by email, or you can email email@example.com.
|Operating system||Hash to verify||Command|
Search for cmd, and select cmd.exe or “Command Prompt” from the results. Run these commands in the window that opens:
cd <your download folder>
|Mac OS||SHA256||In Spotlight Search, search for the Terminal program and run it. In the terminal window, run this command:
shasum -a 256 ~/Downloads/expel-assembler-vmware- <version>.ova
In a terminal program, run:
sha256sum ~/Downloads/expel-assembler-vmware- <version>.ova
Register the Assembler in the Expel Workbench
- In Workbench, click Settings in the top navigation bar, then Assemblers on the left navigation panel. You see a box with the Assembler Name and Location fields. If not, click the Add Assembler button.
- Type the Assembler Name and Location for the Assembler. It’s best to select names that are meaningful to both you and to Expel so you can easily identify the Assembler in the user interface. For example: ACME HQ.
- Click Save.
- Note the Install Code for the newly registered Assembler. You need this later to activate the Assembler.
- To add another Assembler, click the Add Assembler button and repeat these steps.
Deploy the Assembler virtual machine in your network
Click a link for instructions on deploying the Assembler virtual machine in your network:
- Deploying the Assembler on AWS.
- Deploying the Assembler on VMware.
- Deploying the Assembler on Hyper V.
- Deploying the Assembler on Microsoft Azure.
Activate the Assembler through the virtual machine console
- Select the newly deployed Virtual Machine for the Assembler.
- Open the console of the Assembler.
- Log in with username expel and password expel.
- Set a unique and secure password for the expel account. First type the existing password (expel), then type the new password 2 more times. Securely store the new password per your organization's policies. You need it to log in to the Assembler again.
Note: Your password must be at least 8 characters and not a word found in the dictionary.
You are required to change your password immediately (root enforced)
Changing password for expel.
(current) UNIX password: expel
New password: <enter new password>
Retype new password: <enter new password again>
- Azure users only: Delete the users you created during VM creation by running:
sudo userdel temp
- Determine the network interface to use by running:
sudo expelmanage --list-interfaces
- The Assembler uses DHCP by default. To use DHCP, skip to the next step. To use a static network configuration, run:
sudo expelmanage --net --interface <interface name> --type static --ip <IP address> --netmask <subnet mask> --gateway <gateway IP> --dns <nameserver IP><interface name> is determined in the previous step.
Note: Get the IP address, subnet mask, gateway IP, and nameserver IP to input the above command from your virtualization administrator.
- Activate the Assembler by supplying the 8-character install code created in Register the Assembler:
sudo expelmanage --activate <eight-character install code>You see output like this:
[expel@hostname ~]$ sudo expelmanage --activate abcd1234
Activation code set
Regenerating SSH keys
- Run exit to log out of the console.
Authorize the Assembler in the Expel Portal
Within 30 seconds of activating the Assembler with a matching install code, the Assembler you registered at https://workbench.expel.io/settings/assemblers changes status from Not Yet Connected to Connected, and an Authorize button appears for the Assembler. Click the Authorize button.
Expel now automatically configures the Assembler. This process takes about 10 minutes but can take longer if you have a slow network connection. After complete, the status changes to Active.
If any errors occur along the way, leave everything as it is and file a support case. We can often fix any issues without any further involvement from you after it's connected to our VPN.
You can now begin to turn on your security devices. Follow the instructions in the Getting started with Expel guide.