Windows

This guide applies to Windows 7, 8, 10, 11 and Windows Server 2012, 2016, 2019 and 2022 (all editions). Packages are available for the x64 architecture.

Note

On Windows 7 please ensure that Windows Management Framework 5.1 is installed before installing Enclave.

Installation

1. Download and run the latest Windows installer

   Download Enclave for Windows

   Package checksum (loading ...)

   ----------------------------------------------------------------

2. Run the installer. Administrator privileges are required, but the installer will prompt for privilege elevation if necessary.

3. You will need to provide a valid Enrolment Key from your Portal account to complete installation.

4. Once installed, Enclave will start and add a new tray icon to your system tray. If the Enclave tray icon is not visible, click the up arrow to find it in the hidden system tray overflow area.

   

5. Right click on the tray icon when you need to open Enclave.

6. Depending on the type of enrolment key you used to enrol your new system, it might be held waiting for an Administrator to provide enrolment approval in your account Portal. Log in to authorise the enrolment of your new system if you need to and configure additional options like DNS.

You're all set! You've successfully enrolled a new system to your Enclave account.

Starting and stopping Enclave

The Windows installer creates a lightweight supervisor service (named Enclave in the Services MMC snap-in) which automatically runs at system start and is responsible for starting the Enclave fabric. The supervisor service exists to start, stop and restart Enclave fabric in the background as child processes.

The supervisor service responds to the Enclave CLI verbs start and stop to control the Fabric.

Updating Enclave

The Windows Tray application will prompt users when an updated version of Enclave is available. Following the click here to upgrade link in the yellow bar will terminate any Enclave connections temporarily while the setup installs the latest version.

Enclave should be upgraded in-place and will automatically and re-establish connectivity to peers following an update. Updating Enclave to a new version should not interrupt connectivity for more than 1 minute in total, in most cases an upgrade takes less than 30 seconds before connectivity is restored.

Uninstalling Enclave

Enclave can be removed from a system using the Windows Control Panel. Open either Programs and Features or Apps and Features. Select Enclave to remove / uninstall. During uninstallation Enclave will ask if you want to Remove network fabric configuration and private keys? Answering yes will empty the following directory:

C:\Program Files\Enclave Networks\Enclave\Agent\profiles\

Users should remove configuration and private keys when uninstalling if they are not planning to use Enclave again on a that particular system, or want to forcibly deregister.

Warning

Enclave does not backup a system's private keys. Lost or deleted private keys are not recoverable. If a system's configuration and private keys are lost, to use that system with Enclave again it must be re-enrolled.

What to do if the install fails

If an install goes horribly wrong, remove Enclave using the uninstaller and try again. If you're still encountering problems, examine the log files in C:\Program Files\Enclave Networks\Enclave\Agent\logs. If an install is interrupted use the Enclave setup file to restart the process.

For troubleshooting and errors, use the site search or visit our troubleshooting section to look for information about common error messages.

If your installation fails and you are unable to resolve the problem, please contact support@enclave.io.

Unattended installation

Perform a silent installation of Enclave without a UI by using the unattended installer. The unattended installer is optimised for deployment via Group Policy, Configuration Manager and other automated tooling. We recommend using unattended installers for bulk distribution and silent installation.

Important

On Windows 7 the Windows Management Framework 5.1 update is required before installing Enclave.

For most unattended installation scenarios, you should use the 64-bit executable (.exe) installer.

x64 executablex86 executablex64 MSI packagex86 MSI packagearm64 MSI package

1. Download and run the latest Windows unattended installer.

   Download x64 Unattended EXE Installer

   Package checksum (loading ...)

   ----------------------------------------------------------------

2. Distribute as needed via Group Policy, Configuration Manager, or any other deployment method that allows installers to run with elevated permissions on the machine.

   To run the installer in silent mode (with no UI), you pass the -q command line argument, like so:

   ./enclave-setup-unattended-x64-<version>.exe -q
   

   You can also provide the Enclave enrolment key to the unattended installer to automatically enrol Enclave during installation, so no end-user interaction is required to get set up:

   ./enclave-setup-unattended-x64-<version>.exe -q ENROLMENT_KEY=XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
   

   Providing an invalid enrolment key will cause the installation to fail (and roll back).

   Note

   If your tooling provides an enrolment key to the installer, at the time of installation the target system will require an Internet connection to perform the enrolment.

   If you need to deploy Enclave to a system without an Internet connection, use the unattended installer without the ENROLMENT_KEY property, then use the enclave enrol CLI command to enrol the system when an Internet connection becomes available.

1. Download and run the latest Windows unattended installer.

   Download x86 Unattended EXE Installer

   Package checksum (loading ...)

   ----------------------------------------------------------------

2. Distribute as needed via Group Policy, Configuration Manager, or any other deployment method that allows installers to run with elevated permissions on the machine.

   To run the installer in silent mode (with no UI), you pass the -q command line argument, like so:

   ./enclave-setup-unattended-x86-<version>.exe -q
   

   You can also provide the Enclave enrolment key to the unattended installer to automatically enrol Enclave during installation, so no end-user interaction is required to get set up:

   ./enclave-setup-unattended-x86-<version>.exe -q ENROLMENT_KEY=XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
   

   Providing an invalid enrolment key will cause the installation to fail (and roll back).

   Note

   If your tooling provides an enrolment key to the installer, at the time of installation the target system will require an Internet connection to perform the enrolment.

   If you need to deploy Enclave to a system without an Internet connection, use the unattended installer without the ENROLMENT_KEY property, then use the enclave enrol CLI command to enrol the system when an Internet connection becomes available.

Use this MSI package if your tooling requires, or if you need to embed the Enclave installer into an existing package.

1. Download the latest Windows MSI installer.

   Download x64 unattended MSI Installer

   Package checksum (loading ...)

   ----------------------------------------------------------------

   Note

   The MSI package does not bundle the Visual C++ Redistributable, so you will need to ensure that your packaging and deployment steps include the VC++ redistributable library as well; See this Microsoft document for further details, and links to download the redistributable.

2. Install the MSI using msiexec:

   msiexec /i enclave-setup-unattended-x64-<version>.msi /quiet ENROLMENT_KEY=XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
   

   Note

   If your tooling provides an enrolment key to the installer, at the time of installation the target system will require an Internet connection to perform the enrolment.

   If you need to deploy Enclave to a system without an Internet connection, use the unattended installer without the ENROLMENT_KEY property, then use the enclave enrol CLI command to enrol the system when an Internet connection becomes available.

Use this MSI package if your tooling requires, or if you need to embed the Enclave installer into an existing package.

1. Download the latest Windows MSI installer.

   Download x86 unattended MSI Installer

   Package checksum (loading ...)

   ----------------------------------------------------------------

   Note

   The MSI package does not bundle the Visual C++ Redistributable, so you will need to ensure that your packaging and deployment steps include the VC++ redistributable library as well; See this Microsoft document for further details, and links to download the redistributable.

2. Install the MSI using msiexec:

   msiexec /i enclave-setup-unattended-x86-<version>.msi /quiet ENROLMENT_KEY=XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
   

   Note

   If your tooling provides an enrolment key to the installer, at the time of installation the target system will require an Internet connection to perform the enrolment.

   If you need to deploy Enclave to a system without an Internet connection, use the unattended installer without the ENROLMENT_KEY property, then use the enclave enrol CLI command to enrol the system when an Internet connection becomes available.

Use this MSI package if your tooling requires, or if you need to embed the Enclave installer into an existing package.

1. Download the latest Windows MSI installer.

   Download arm64 unattended MSI Installer

   Package checksum (loading ...)

   ----------------------------------------------------------------

   Note

   The MSI package does not bundle the Visual C++ Redistributable, so you will need to ensure that your packaging and deployment steps include the VC++ redistributable library as well; See this Microsoft document for further details, and links to download the redistributable.

2. Install the MSI using msiexec:

   msiexec /i enclave-setup-unattended-arm64-<version>.msi /quiet ENROLMENT_KEY=XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
   

   Note

   If your tooling provides an enrolment key to the installer, at the time of installation the target system will require an Internet connection to perform the enrolment.

   If you need to deploy Enclave to a system without an Internet connection, use the unattended installer without the ENROLMENT_KEY property, then use the enclave enrol CLI command to enrol the system when an Internet connection becomes available.

Updating

To update an unattended installation, distribute the new version of the unattended installer via the same method as you used when deploying originally; existing enrolled systems will have their configuration and identity preserved during the upgrade. Enclave will stop and then restart with the new version automatically during the update.

Uninstalling

Removing Enclave from a system (when Enclave was installed via unattended mode) can either be done by normal Windows uninstall mechanisms (i.e. via Apps and Features), or by running the unattended installer with the -uninstall argument.

Troubleshooting install issues

If an installation doesn't work as expected, examine the log files at C:\Program Files\Enclave Networks\Enclave\Agent\logs. If an install is interrupted, use the Enclave setup file to restart the process.

For troubleshooting and errors, use the site search or visit our troubleshooting section to look for information about common error messages.

If your installation fails and you are unable to resolve the problem, please contact support@enclave.io.