Skip to main content

Who is this article for?

Incydr Professional and Enterprise
Incydr Basic and Advanced
Other product plans

Incydr Professional and Enterprise, yes.

Incydr Basic and Advanced, yes.

CrashPlan Cloud, yes.

Other product plans, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Deploy Code42 apps

Overview

This article describes multiple strategies for deploying Code42 apps to user devices. You can integrate your apps with SSO, for example, without user intervention. The article is intended for administrators using device management tools like SCCM for Windows or Jamf Pro for Mac. This article provides:

  • Introduction to Code42 app deployment and description of how it works in general.
  • Recommendations and links to help you with specific environments and specific deployment strategies.

Considerations

  • These instructions apply to the Code42 cloud. If you work in an on-premises Code42 environment, see Manage app installations in your Code42 environment.
  • To use these deployment tools, you need to sign in to your Code42 console as a user with the Customer Cloud Admin role.
  • In the Code42 federal environment, app installations must be deployed with a deployment policy to ensure the use of FIPS encryption in the Code42 app. Users cannot download the installation package from the Code42 console or an email message.
  • Creating and using Code42 deployment policies requires familiarity with:
    • Creation and configuration of organizations in your Code42 environment.
    • The authentication methods that your organizations use to manage users.
    • The process you use to distribute and install applications to user devices (typically a device management tool like SCCM for Windows or Jamf for Mac).

How deployment works

Before selecting a deployment option, it helps to understand how deployment works from end-to-end:

  1. You define a deployment policy in the Code42 console.
  2. From the policy view in the console, you copy the arguments for a Code42 app installer command.
  3. You paste or import those install arguments into your device management software and push them to devices, along with Code42 app executables.
  4. When install commands run on user devices, Code42 apps retrieve your policy from the Code42 cloud.
    If the Code42 app fails to connect to the Code42 cloud and find the policy, it will retry every 5 minutes until it succeeds or a user explicitly stops the process.
  5. Code42 apps run your policy's detection script in order to determine usernames, home directories, and optionally, organizations.
  6. When a policy is configured to automatically register users, Code42 apps start security monitoring and backing up data without user intervention. Otherwise, users manually authenticate and register.
    If automatic registration fails for any reason, the Code42 app retries every hour. It retrieves the policy again and tries to register again, until it succeeds or a user explicitly stops the process. 

Select a deployment option

The deployment options available vary with your Code42 environment's configuration:

  • Whether you authenticate users with SSO or local authentication.
  • Whether and how the deployment's username detection script matches usernames at devices with usernames in your authentication data.

Following are the most common deployment options:

Silent registration with SSO

New Code42 apps register automatically and start security monitoring and backups without user intervention. Use this option with SSO authentication and local directory services set in the organization's Security tab.

  • In the deployment's username detection script, SSO usernames are email addresses.
    You must customize the installer's detection script to adjust for that.
    The Code42 cloud requires a custom script
    Because user names in the Code42 cloud must be email addresses, deployments for connection to the Code42 cloud always require a customized user detection script. 
  • The deployment's username detection script matches usernames at devices with usernames in SSO data.
    Usernames on endpoint devices need to match usernames in SSO data, and usernames for the Code42 cloud must be email addresses. So you will need to modify the default user detection script to provide Code42 apps with usernames that match SSO usernames. See Step 2, below.
    Mismatched usernames cause serious errors
    If the detection script cannot provide a precise match with SSO data, Code42 creates a user that matches the device username. That user has no password, however, and cannot restore backup data or access the Code42 console. If you cannot create a reliable script, do not attempt silent deployment. See Manual registration instead.

Silent registration with local authentication

New Code42 apps register automatically and start backups without user intervention. Use this option with local authentication (authentication by the Code42 cloud) set in the organization's Security tab.

  • Code42 passwords are hidden. The process described here generates Code42 passwords automatically. Those passwords are not available to users or administrators. To grant a user access to the Code42 app or the Code42 console, an administrator needs to sign in to the Code42 console and edit the user data to set a new password.
  • You must customize your deployment's detection script to specify the user's email address.
    Usernames must be email addresses. In your Code42 deployment policy, you need to modify the default user detection script. The script needs to take in device usernames and output email addresses. See Step 2, below.
    The Code42 cloud requires a custom script
    Because user names in the Code42 cloud must be email addresses, deployments for connection to the Code42 cloud always require a customized user detection script. 

Manual registration

Require users to manually sign in to the Code42 app. Use this option with:

  • Local authentication set in the organization's Security tab, and user-defined names and passwords.
  • SSO.

Step 1: Identify the deployment organization

A deployment policy belongs to an organization. When you select or create that organization:

  • The organization's authentication method is the policy's authentication method.
  • When deployed Code42 apps install, users and devices become members of that organization. 
  • An organization has one deployment policy only. Child organizations do not inherit their parents' policies.
  • Custom images and texts for Code42 apps also belong to organizations. You can define customizations before or after deployment.
Changing the organization can break the policy
Once an organization has a deployment policy, changing the organization's authentication method can easily break the policy. See Deployment policies reference.

Check configuration of the organization: 

  1. Sign in to the Code42 console.
  2. Select Administration > Environment > Organizations, and select an organization.
    Note the organization name; you will need it later.
  3. Verify settings on the Security tab:
    1. Click the action menu and select Edit.
    2. Select the Security tab and verify that the settings are correct for your selected deployment option:
      • Silent registration with SSO: 
        • The Authentication must be SSO.
        • The Directory service must be Local.
      • Silent registration with local authentication:
        • The Authentication must be Local.
        • The Directory service must be blank.
      • Manual registration: 
        • The Authentication must be Local.
        • The Directory service must be blank.
    3. Click Cancel (or Save, if you made changes).
  4. Verify the device backup defaults settings:
    1. Click the action menu and select Device Backup Defaults.
    2. Select the Backup tab and verify that DESTINATIONS lists at least one destination name and is set to Use.
      The other possible value, DESTINATIONS ... Auto-start, is not acceptable. It means silent deployment is not possible. To configure destinations, go to the organization's action menu, select Device Backup Defaults > Backup > Destinations.
    3. Select the Network tab and note whether PROXY is enabled; you will need that information later.
    4. Click Cancel (or Save, if you made changes).

Step 2: Create the deployment policy

Define the deployment policy for the organization you identified in Step 1.

  1. In the Code42 console, select Administration > Client Management > Deployment.
  2. Select Create New Deployment Policy or Create New Policy.
    The prompt differs depending on whether you see the initial welcome screen or your list of existing policies.
  3. Enter a Policy Name to describe this policy.
  4. At How should new users register? select the organization you identified at Step 1, above.
    If your organization's name is grayed out in the menu, that organization already has a policy.
    You may edit or delete that existing policy.
  5. At Do you want to automatically register users?, verify that the settings are correct for your selected deployment option:
    1. Silent registration with SSO: Yes
    2. Silent registration with local authentication: Yes
    3. Manual registration: No
  6. At Which operating systems, select the systems you will deploy Code42 apps to.
  7. For each operating system you select, select Add a custom batch/bash script
    Provide a script that identifies the username and home directory that the Code42 app will provide when it registers with your Code42 environment. For details, see the script reference.
    The script must end by echoing the username and user home directory in accordance with your selected deployment option:
    • Silent registration with SSO: 
      echo C42_USERNAME=<value>
      echo C42_USER_HOME=<value>
    • Silent registration with local authentication:
      echo C42_USERNAME=<email@address.tld>
      echo C42_USER_HOME=<value>
    • Manual registration
      echo C42_USERNAME=<value>
      echo C42_USER_HOME=<value>
  8. At Do your clients need a proxy URL, select No or Yes, depending on what you determined at Step 1, above.
  9. At Launch desktop app after initial install, select the correct value for your selected deployment option:
    • Silent registration with SSO: No
    • Silent registration with local authentication: No
    • Manual registration: Yes
  10. Click Save.
    The Policy Saved dialog appears.
  11. Click Done.
    You can return to the policy and copy the installation properties at any time.
To disable a deployment policy, generate a new deployment token
As a security measure, you can disable a deployment policy at any time by generating a new deployment token. The policy definition remains intact, but Code42 apps actively making requests for this policy can no longer use the policy. You must uninstall and reinstall the Code42 app with the new deployment token to enable devices to register with this policy.

Example username detection scripts for the Code42 cloud

For example username detection scripts, see the Deployment script and command reference.

Step 3: Deploy Code42 apps to user devices

Before you deploy to production

Test your deployment plans

Before deploying Code42 apps to production devices, always test your entire process and all its scripts and files.

  1. At your Code42 console, create at least one test organization.
  2. Add several test users to that organization.
  3. Connect test devices for those users to the network that includes your Code42 environment.
  4. Deploy Code42 apps to the test devices and make sure they work as intended. 

Verify that apps can connect by HTTPS

User devices must be able to reach your Code42 console by the HTTPS protocol. Check your protocol and port configuration:

  • The URL must begin with https://
  • Your firewalls must allow client requests to reach the Code42 console. 

When you add a deployment policy to your Code42 cloud-based deployment, the URL auto-populates with the address. For example:

  • United States:
  • Ireland: 
    • https://console.ie.code42.com

Deploy to devices

Retrieve installation properties from your deployment policy as follows:

  1. Sign in to the Code42 console.
  2. Select Administration > Client Management > Deployment.
  3. In the list of policies, click on the name of the policy you want to use.
  4. Copy deployment properties from the policy:
    • Windows or Linux: Copy the properties and paste them into your deployment software.
    • Mac: Download the deploy.properties file and provide it to your deployment process.

Distribute installation properties and Code42 app installers to your target devices. Then run the installers.
Details for those two tasks depend on your device management tool and endpoint operating systems:

Step 4: Users sign in to the Code42 app

With the "silent registration" deployment options, users are automatically signed in to the Code42 app.

With the "manual registration" deployment option, users manually sign in to the Code42 app:

  • On Windows and Mac devices, the Code42 app opens on the desktop automatically.
  • On Linux, users should run this command:/usr/local/crashplan/bin/CrashPlanDesktop

Instruct users to provide names and passwords as prompted by the Code42 app. For details, direct users to Sign up with newly deployed Code42 app.

Step 5: Verify success

For silent registration deployment options

Perform the following verification steps if you use the following silent deployment options:

  • Silent registration with SSO
  • Silent registration with local authentication

Review device data in Code42 console 

Check that deployments succeed by reviewing the number of devices signed in to your organization and backing up data.

  1. Sign in to the Code42 console.
  2. Select Administration > Environment > Organizations.
  3. Select the organization you deployed to.
  4. At the top of the window, click the value under Devices.
    The number of devices listed for your org should match the number of devices you deployed Code42 apps to. The quantity of data stored for each device should be greater than zero.

Review client logs 

At your test devices, or a selection of your production devices, check the Code42 app service.log.0

  1. Find service.log.0 in one of these locations:
    • Windows: C:\ProgramData\CrashPlan\log
      To view this hidden folder, open a file browser and paste the path in the address bar. If you installed per user, see the file and folder hierarchy.
    • Mac: /Library/Logs/CrashPlan
      If you installed per user, see the file and folder hierarchy.
    • Linux: /usr/local/crashplan/log
  2. Open service.log.0 with a text editor.
  3. Search for CP_ARGS=DEPLOYMENT
    Find a line like the following and verify that the installer arguments are correct.
    CP_ARGS=DEPLOYMENT_URL=https://authority.example.com:4285&DEPLOYMENT_POLICY_TOKEN=e675f3e1-ebb3-496e-9cef-c669db6ffac6&SSL_WHITELIST=7746278a857f64717094c44eeb2bbc32357ece44
    
  4. Search for Results of running user script.
    Find lines like the following that verify the Code42 app retrieved the deployment policy and ran the detection script without error.
    Deploy:: Successfully retrieved deployment package
    Results of running user script: UserScriptExecutionResults [username=exampleUser, userHomeDirectory=/home/exampleUser]
    
  5. Search for LoginRequest
    Find lines like the following that verify that the Code42 app logged in and is authorized to backup data.
    UserActionRequest: LoginRequestMessage[809641607873065038] LOGIN: username=exampleUser, password=****, serverAddress=authority.example.com:4287
    AUTH:: CPC session is LOGGED_IN
    

Troubleshooting

If a user opens the desktop UI for a newly deployed Code42 app, but the UI never progresses beyond the message Connecting... , then the deployment has probably failed.

connecting error

Confirm the error as follows:

  1. Find service.log.0 in one of these locations:
    • Windows: C:\ProgramData\CrashPlan\log
      To view this hidden folder, open a file browser and paste the path in the address bar. If you installed per user, see the file and folder hierarchy.
    • Mac: /Library/Logs/CrashPlan
      If you installed per user, see the file and folder hierarchy.
    • Linux: /usr/local/crashplan/log
  2. Open service.log.0 with a text editor.
  3. Find deployment errors by searching for Deploy::, for example:
    deploy:: Unable to make request
    
    Deploy:: Unable to process deployment package, USERNAME_NOT_IN_OUTPUT
    

For the manual registration deployment option

If you use the manual registration deployment option, after users sign in, check that deployments succeed by reviewing the number of devices signed in to your organization and backing up data.

  1. Sign in to the Code42 console.
  2. Select Administration > Environment > Organizations.
  3. Select the organization you deployed to.
  4. At the top of the window, click the value under Devices.
    The number of devices listed for your org should match the number of devices you deployed Code42 apps to.
    The quantity of data stored for each device should be greater than zero.
  • Was this article helpful?