Downloading Installation Files
Instant Connect provides files for download on the Instant Connect Support Portal. Downloads are listed by version. Versioned components are not always compatible; therefore, you should never mix the versions of your components. You should always maintain identical versions between all ICE components.
Important: If you plan to install ICE OS offline, ensure you have completed this section to obtain the installation files before you go offline.
To download the ICE OS installation files
1. Navigate to: https://support.instantconnectnow.com/s/downloads
2. Click the Instant Connect Enterprise Software folder.
3. Open the ICE 3.6.6 Software folder, or the version of ICE you are supporting.
4. Download the ICE Server Installer.
The downloaded iceos-release-3.6.6-git-f2fe445-6426.zip file contains the ICE operating system and Kubernetes cluster.
The downloaded iceos-release-3.6.6-git-f2fe445-6426.zip file contains the ICE operating system and Kubernetes cluster.
5. For Air Gap:
Download the iceos-airgap-release-3-6-6-45203.45204.zip file and extract the iceos-airgap-release-3-6-6-45203.45204.iso file. Upload the .iso file to the appropriate datastore.
Download the iceos-airgap-release-3-6-6-45203.45204.zip file and extract the iceos-airgap-release-3-6-6-45203.45204.iso file. Upload the .iso file to the appropriate datastore.
Note: Air-gapped installation is advised for servers with slow internet connections.
GEOREDUNDANCY
Enabling air gap will require additional steps for Georedundancy (covered later in this document) to account for the configuration of two synchronized data centers, DC1 and DC2.
Enabling air gap will require additional steps for Georedundancy (covered later in this document) to account for the configuration of two synchronized data centers, DC1 and DC2.
6. For secure shell protocol (SSH):
Acquire a public/private key pair. You will require the public key during the installation process.
Acquire a public/private key pair. You will require the public key during the installation process.
X.509 Certificate ExpirationAll X.509 certificates used for Instant Connect must expire in 397 days (13 months) or less. This includes server certificates, intermediate CA, root CA, etc. Certificates whose expiration dates exceed this validity period will not be accepted by Instant Connect clients, resulting in ‘Cannot connect to server’ error messages. If this occurs, generate new certificates with the appropriate expiration dates. See ICE Private Certificate Stores in the ICE Admin Guide.
Blocking Port 80Per industry standard best practice, it is recommended to block port 80 when using certificates. This is done via the following command:
/sbin/iptables -A INPUT -p tcp --destination-port 80 -d X.X.X.X -j DROP
Note: If using the ICE Cisco IP Phone XML client though a firewall, a rule will need to be implemented allowing access to port 80.