How to activate Domum's license

Prev Next

This document provides information on how to activate the Domum Remote Access license and perform the initial gateway configuration.

Requirement

  • Segura virtual appliances version 3.18 or higher.
  • Static IP address.
  • The Domum Remote Access service must be a service in the Segura cloud.
  • Allow outbound communication between the Segura platform and the Domum Remote Access service (internet).
  • To establish a connection between Segura and the Domum Remote Access service, direct TCP/UDP communication between the two endpoints must be enabled. Redirects, proxies, or similar technologies do not meet the requirement.
  • A root or mt4adm user.
  • Make sure port 51445 (TCP) is open for WebSocket communication with the Domum Gateway.
Info

Domum Remote Access does not change the sizing calculation of the Segura instance. For Segura, the origin of access via Domum Remote Access or directly via PAM is transparent.

Activate Domum Remote Access

From version 3.2 of Segura, you can use the command line tool orbit that centralizes the platform's main maintenance and configuration operations. Consult the Requisites regarding the permission needed to run the commands.

Step 1: Adjust initial gateway settings

  1. Access the Orbit CLI terminal using SSH on port 59022.
  2. Run the following command to view the Domum Gateway configuration options:
sudo orbit domum-gateway -h
  1. You will see output similar to the example below:
Usage: orbit domum-gateway <action>

Domum Gateway settings tools

Arguments:
  <action>    Domum gateway action: [challenge|setup|rotate|status]

Flags:
  -h, --help                 Show context-sensitive help.

  -a, --activation=STRING    Activation string
  -c, --challenge=STRING     Challenge string
      --force                Force the command execution, never prompt
      --show

Step 2: Check the current settings status

To verify the current status of the Domum Gateway connection, use the –show or status parameter:

sudo orbit domum-gateway status

If the gateway is configured and active, the command will return a result similar to the following:

Connection with Domum Gateway is UP!

PING 16.202.217.165 (16.202.217.165) 56(84) bytes of data.
64 bytes from 16.202.217.165: icmp_seq=1 ttl=64 time=48.5 ms
64 bytes from 16.202.217.165: icmp_seq=2 ttl=64 time=48.5 ms
64 bytes from 16.202.217.165: icmp_seq=3 ttl=64 time=48.7 ms
64 bytes from 16.202.217.165: icmp_seq=4 ttl=64 time=48.4 ms
64 bytes from 16.202.217.165: icmp_seq=5 ttl=64 time=53.4 ms

--- 169.254.251.125 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 9ms
rtt min/avg/max/mdev = 48.403/49.489/53.356/1.950 ms

interface: Domum
  public key: 3pnqyBznY9Jxise6PneZRALBJwUfgASTpkUVtHOV6VU=
  private key: (hidden)
  listening port: 46008

peer: Z+yzMY4Z9kcA1FfaCEu5dXk+qR4ke73jhspDKjAuswg=
  endpoint: 52.27.111.109:51820
  allowed ips: 16.202.217.165/32
  latest handshake: 15 seconds ago
  transfer: 2.23 KiB received, 2.29 KiB sent
  persistent keepalive: every 25 seconds

This output confirms that the connection is active and provides technical details such as latency, public keys, endpoint information, and data transfer metrics.

Info

The status parameter can also be used to check the gateway setup status.

If no configuration has been performed, the command will return an error message indicating that setup is required:

sudo orbit domum-gateway status
This instance is not connected to any Domum Gateway  
Setup needed

Step 3: Generate a unique certificate for the instance

  1. To generate the certificate, run the following command to obtain the challenge code:
sudo orbit domum-gateway challenge
  1. During execution, the following prompt will be displayed:
Are you sure you want to proceed: y

Type y to continue.

  1. Next, the challenge code will be displayed, similar to the example below:
Your Domum gateway challenge

LS0tLS1CRUdJTiBDRVUSUZJQ0FURS0tLS0tCk1JSUZRekNDQXl1Z0F3SUJBZ0lVZktUSHpIWGFPeWNx...
[output truncated for clarity]
  1. Copy the challenge code and the outgoing public IP (Segura's application server).

Step 4: Contact Segura support

  1. Send the challenge code and outgoing public IP to the Segura team.
  2. Segura will generate the license key and release the rule for the specified IP.

Step 5: Enter the received trust code

  1. With the license key sent by Segura, access the terminal and run the following command to activate the instance:
sudo orbit domum-gateway setup --activation=MIIFgQYJKoZIhvcNAQcDoIIFcjCCBW4CAQAxggJlMIICYQIBADBJMDExDjAMBgNVBAoMBURvbXVtMR8wHQYDVQQLDBZDaGFsbGVuZ2UgY2VydGlmaWNhdGVzAhR8pMfMddo7JyqTVkYAdst58YhHkTANBgkqhkiG9w0BAQEFAASCAgAGt7dmmcGLjrX1rFcu+znkpsPo0ucsKvbe3DeIt5RSsxW5yL6WEPvSeurYZ6wuenfI8p2U+LBATZOQ1bTygWx8V+4+bcrYdoIuF7RtMKycZwv7oIpceDvWP+XoSfQqHJrXALoY+w1IfeB1KhealdQvr46YpIxZrwE3q5mc4ZLbjU4pC8awGoJB3TO2dbSjY5PwIvE2Mo7Umu8r8yw1085Rohy8MDz6/eaRjyCdBvysijgqtVAOf+yi4uUn6At6UkCFDL1Kny6RVlnAhIkuGVA4IJqgh64H9SaG4UtFfhIiSBa9urbj44pLgjumiZB/rZN+
  1. During execution, the following prompt will appear:
Are you sure you want to proceed: y

Type y to continue.

  1. Upon successful activation, the following message will be displayed:
Your Domum Gateway is ready!
  1. Once the instance is configured with the gateway, it will be possible to Rotate the keys.

Step 6 (optional): Perform cluster activation

  1. Access the Orbit CLI terminal.
  2. If your environment is configured as a cluster, run the following command on the secondary node to activate it:
sudo orbit domum-gateway setup --secondary
  1. During execution, you will be prompted with:
Are you sure you want to proceed: y

Type y to confirm.

  1. Once the process is complete, the following message will confirm the activation:
Your Domum Gateway is ready!

Step 7 (optional): Rotate the keys

  1. Access the Orbit CLI terminal.
  2. Run the following command to rotate the keys:
sudo orbit domum-gateway rotate
  1. During execution, you will be prompted with:
Are you sure you want to proceed: y

Type y to confirm.

  1. Then, the connection with the Domum Gateway will be established, and you will see output similar to the following:
Connection with Domum Gateway is UP!

PING 16.202.217.165 (16.202.217.165) 56(84) bytes of data.
64 bytes from 16.202.217.165: icmp_seq=1 ttl=64 time=48.0 ms
64 bytes from 16.202.217.165: icmp_seq=2 ttl=64 time=48.0 ms
64 bytes from 16.202.217.165: icmp_seq=3 ttl=64 time=48.1 ms
64 bytes from 16.202.217.165: icmp_seq=4 ttl=64 time=48.2 ms
64 bytes from 16.202.217.165: icmp_seq=5 ttl=64 time=47.6 ms

--- 16.202.217.165 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 8ms
rtt min/avg/max/mdev = 47.581/47.977/48.220/0.352 ms

interface: Domum
 public key: KTucX7gwxCCGKzuU63DccQ/J5eQtGkSEoCnQ+K+s4C8=
 private key: (hidden)
 listening port: 49538

peer: 7CqAnT/YsFnqCBQRbwybeIB4C6XMh6BcIQGBjDhfxgo=
 endpoint: 52.27.111.109:51820
 allowed ips: 16.202.217.165/32
 latest handshake: 5 seconds ago
 transfer: 828 B received, 1.42 KiB sent
 persistent keepalive: every 25 seconds
Attention

When using this command, all active connections will be restarted.


Do you still have questions? Reach out to the Segura Community.