Active Directory for Oxford (Project MADDOX): Final report
|
|
- Katrina Booth
- 8 years ago
- Views:
Transcription
1 Active Directory for Oxford (Project MADDOX): Final report Oxford University Computing Services Executive Summary Project MADDOX (July 2011 October 2011) has finished, having met all stated aims. The project's main goal was to deliver improvements to the support offered for ITSS wishing to integrate local Active Directory deployments with University Single Sign-On. Technical tests concluded that users experience the same level of SSO integration regardless of which technology (Microsoft AD Kerberos or MIT Kerberos) is used to authenticate users. Tests further confirmed that the extent of SSO integration that can be achieved within a federated IT organisation is primarily limited by the capabilities and configuration of the Microsoft Windows operating system on the client, and the application software used. A workshop for ITSS proved pivotal in deciding that a technology-only solution such as deployment of a top-level Active Directory domain would not satisfy the needs of any substantial ITSS group within the University. Instead, a strong case was made for clarifying, publicising, and enhancing the degree of central support offered to ITSS who are seeking to achieve SSO integration of their own AD installations. The implementation phase of the project focussed on the output of the ITSS workshops, making immediate and substantial improvements to both the catalogue of central support services and technical documentation. The project also identified a number of recommendations for follow-on initiatives, where implementation either falls within business-as-usual activities or requires recurrent funding. A full project archive is available at Project Overview Project MADDOX was an internally-funded OUCS project running from July to October Its aims and objectives were to offer an enhanced level of support for integration of Microsoft Active Directory (AD) based domains with central identity and access management services, allowing greater uptake of SSO across the University and corresponding improvements in user experience and overall security. The first of two project phases covered a detailed investigation of different technical architectures for supporting AD domains across the University, including a variety of end-user test cases. Investigation focused on integration of Windows workstations joined to an AD domain. The second phase built on the findings from phase one to select an approach and provide improved support for SSO integration of AD environments. Background OUCS provides an MIT Kerberos-based Kerberos realm, OX.AC.UK, at the core of its SSO authentication infrastructure. This provides direct support for Kerberos-supporting clients and servers, and forms the basis for the widely used WebAuth and Shibboleth web single sign on technologies. In addition, it is integrated with several other realms, including some AD domains operated by departments and colleges, allowing seamless access to local services with the Oxford SSO account. Whilst this integration has taken place successfully in a number of cases, two key factors in proposing MADDOX were: 1) to improve this integration point by offering more clearly defined
2 and understood local support for AD integration; 2) to investigate the extent to which Microsoft supports this configuration. Scenarios The project considered the deployment of AD at Oxford University. This is characterised by a large number of unconnected AD domains and forests, typically operated within a single department or college for the exclusive benefit of users associated with that unit. Three scenarios were considered for detailed investigation and analysis: 1. Native AD-AD : central AD in receipt of krb5-sync password synchronisation from MIT realm; unit AD with one-way trust to central AD 2. Indirect cross-realm trust : central AD with one-way direct realm trust to central MIT realm; unit AD with one-way trust to central AD 3. Direct cross-realm trust : one-way direct realm trust between unit AD and central MIT realm; this is the configuration currently offered to, and used by, ITSS Scenario 1: Native AD-AD Scenario 2: Indirect cross-realm trust
3 Scenario 3: Direct cross-realm trust Two further scenarios were not considered owing to clearly apparent technical issues: 1. A single central AD forest replacing the local installations, and containing all user accounts, servers, workstations, and other AD objects. (This would not be able to accommodate conflicts between differing local unit requirements, e.g. relating to schema extensions, user home directories, etc, nor would it be possible to encapsulate and devolve the necessary administrative rights to local ITSS). 2. Synchronisation of passwords to all local AD installations (password synchronisation to the large number of AD domains within Oxford would cause slow and inconsistent synchronisation, great confusion for users, and high call volumes to IT service desks). These scenarios are documented in more detail at
4 Use cases and supported platforms The following use cases were identified as important for any solution and support for these use cases was the primary focus for the investigation: Workstation login Workstation login with access to file server Workstation login receiving group policy from local domain Workstation login with access to print server Browser authentication to IIS (Internet Explorer 6, 7, 8; Firefox 5.0; Chrome 13.0; Safari 5.1; Opera 11.5) Sharepoint 2010 authentication MS SQL Server authentication These use cases are documented in more detail at In all cases, Windows XP, Windows Vista and Windows 7 workstations bound to a local AD domain were in scope. Workstations not bound to a local AD domain were out of scope. Additionally, Windows 'Home' OS editions do not support AD integration, and so were also out of scope. Test methodology A virtual test environment was built to include AD servers and member workstations to model the above scenarios (no krb5-sync arrangement was put in place, since the operation of krb5-sync is already understood from the work undertaken to support SSO passwords in Nexus; this was used as a base-line test with native AD accounts). Each use case was set up and performed for the three test scenarios listed. The test infrastructure was set up in order to provide a repeatable set of tests, depending on a minimum of external systems; VM snapshots and cloning using the NSMS virtual 'vm4rent' service were used where required in order to assist with this. The existing TEST.OX.AC.UK realm, which matches the configuration of the main OX.AC.UK realm, was also used. Tests were carried out manually in accordance with test scripts, to ensure a high degree of repeatability without the need for the development of automated test infrastructure. More details about the test methodology may be found at Test results A full matrix of test results is available at only a summary of important findings is presented here. Native AD to AD The native AD to AD scenario (excluding password synchronisation) is the Microsoft recommended configuration and was therefore taken as a baseline test. All tests carried out using this set-up succeeded as expected, except for Opera, which does not support Kerberos-based HTTP authentication (SPNEGO). It should be noted that previous experience with the krb5-sync setup at OUCS has identified a number of specific and recurrent problems including frequent failure to synchronise during system maintenance and at other times, and the inability to reflect accurately password expiry attributes.
5 One additional challenge with this setup is the fact that some Microsoft clients prompt users to set or change their password directly in the AD domain; the one-way nature of synchronisation in this setup means that this cannot be supported. Indirect Cross-realm Trust The indirect cross-realm trust (scenario 2 above) failed to support the initial workstation login. The problem was unexpected, and traced back to a STATUS_DOMAIN_TRUST_INCONSISTENT error reported by the trusting AD domain controller. Having failed the initial login, this scenario was consequently unable to be tested for the other use cases. A support call was placed to Microsoft, via their broker ESCuk, on 19 th September The call was placed to establish the reason for a "STATUS_DOMAIN_TRUST_INCONSISTENT" Kerberos error message received from the domain controller in the trusting AD (maddox-trust-unit.ox.ac.uk in our scenarios), when attempting to log on to a client Windows XP workstation under the indirect cross-realm trust approach. Various logs, traces and other information were supplied to ESCuk on request over the following few days. Initial triage was performed by ESCuk and they officially passed the call onto Microsoft for resolution on 6th October Some initial suggestions from Microsoft were off the mark and the call was further escalated on 2 nd November. As of 9th November, no resolution had been received, nor a satisfactory explanation for why the error message was displayed. Direct Cross-realm Trust The direct cross-realm trust tests (scenario 3 above) all succeeded as expected, again with the exception of Opera. Summary of results Scenario Summary of results Native AD-AD All tests successful, with the exception of Opera 11.5 Kerberos/SPNEGO test Indirect cross-realm trust All tests failed Direct cross-realm trust All tests successful, with the exception of Opera 11.5 Kerberos/SPNEGO test Additional Observations For those tests that included setting up groups to authorise authenticated users' access to particular unit-level services, some access is required to view users in the central AD. A cross-forest trust as set up in the defined scenarios is not sufficient to grant the level of access required to browse the central AD domain. A production implementation based on this scenario would have to consider the establishment and management of specific ITSS users with limited privileges to view users in the central directory. It may be sufficient/acceptable to grant these privileges to the Oxford usernames of specific ITSS. The unit-level domain controllers need access to certain ports of the central DC prior to establishment of a cross-forest trust. Client machines within a unit-level domain would also need access to certain ports (e.g. Kerberos ports) of the central DC. A production deployment at Oxford would be likely to grant client access to a central DC from all University subnets to avoid having to configure access to specific client workstations and unit-level DCs on the establishment of each new cross-forest trust. The specific ports required are identified at
6 ITSS workshops Testing in phase one demonstrated that the native AD-AD and direct cross-realm trust scenarios both supported all use cases. In order to identify which of these would provide the best central support for AD installations around the University, it was decided to organise a workshop to present the findings from phase one and solicit from ITSS the differentiating factors that would enable a clear decision on how to proceed with the second phase of the project. Two workshops were held; they set out to find out from ITSS across the University: how AD was currently used how a central authentication-only AD service might help ITSS the potential benefits and costs, and potential funding models for such a service In addition, the workshops sought to improve the general understanding of issues relating to AD integration across the University. A detailed report of the workshops is available at The key perceived benefits of a central service were suggested to include: easier (e.g. automated) support for processes such as account provisioning and deprovisioning, improving the responsiveness of IT to arrivals and departures, and also reducing operational demands on ITSS an improvement in the user experience (primarily through the conveniences of having fewer passwords to remember and needing to login less frequently) and consequent positive impact on customer satisfaction and reputation of IT services / ITSS provision of centrally-maintained groups to support access control potential for cross-unit resource sharing and support for centrally provided AD-based shared services (e.g. Microsoft Dynamics CRM) A disadvantage to some of the scenarios was identified as negative impact on local autonomy, arising from two issues. One issue is the real-time dependence on the availability of central services, where access to local IT services could be severely disrupted by failure of the central service or network connection. Another issue is the limitation of the level of control that local ITSS would have over central user accounts and related objects (e.g. Group Policy) in AD. Key factors relating to costs and savings were: Some ITSS recognised that time savings were possible, from the point of view of reduced calls to the Help Desk, a reduction in duplicated effort, and more automated processes Others asserted that the value of the service compared to the local cost of integrating it would be negligible Where ITSS had already invested in their own account provisioning and de-provisioning, the benefits were not seen to be significant. For those that did not have account management processes in place there were increased benefits in centrally-provided or centrally-supported account management Many of the benefits were seen as difficult to equate with a monetary value.
7 Phase Two Approach The technical investigations demonstrated that two deployment scenarios (native AD-AD and direct cross-realm trust) could provide a means of integrating local AD installations with University SSO, and that there is very little in the user experience to differentiate them. The ITSS workshops identified a number of specific benefits, to both users and ITSS, that could be realised through improved central support for integration of local AD installations with University SSO. The feedback received during the ITSS workshops demonstrated that requirements from different sectors of the ITSS community are hugely diverse, and any single technical solution would only meet the needs of a minority. The workshops also revealed that low take-up and minimal cost savings (if any) anticipated by ITSS would make it impossible to justify the costs of development and ongoing support for a new central AD service. However, the workshops did find consensus among ITSS that work to formalise and better support the existing direct cross-realm trust scenario would be highly desirable. This work included both technical and non-technical aspects. As a result, it was decided by the project team that the second phase of the project would deliver: a. a number of immediate improvements to the existing service and associated support, and b. make recommendations for further work through a combination of future projects and business-as-usual activity It was agreed that the project would not deliver a new central AD authentication-only service. Improvements to existing services The main activity in the remaining project time was to formalise our support offering for integration of local AD domains with SSO and establish an initial set of support documents. A new page has been created within the Kerberos service documents to list the elements of support that are provided: Creation of Kerberos principals required to establish cross-realm trust Testing of integration for new releases of Microsoft Windows Server operating systems Provision and maintenance of technical documentation on AD configuration and integration with University SSO Provision of advice on specific AD configuration and integration scenarios Assisting in diagnosis of integration and authentication problems associated with crossrealm trusts Acting as a broker to refer enquiries / faults to Microsoft (via our appointed Microsoft partner) The poorly maintained AD-SSO integration documentation on the wiki has been reviewed, restructured, updated, and moved onto the OUCS web site where it can be properly maintained. The wiki page has been pruned of the migrated configuration instructions, but remains in place as a location for community contributions and discussion. The officially maintained documentation can be found on the OUCS web site at: In addition, an announcement was sent to ITSS confirming the enhanced service offering now available.
8 Recommendations for further work In addition, several opportunities for further development on existing IAM services were identified, including: Addition of RC4, 128-bit AES, and 256-bit AES encryption types to the MIT realm TGT, bringing improved support for Windows 7 clients Support for seamless web SSO with WebAuth, via HTTP Negotiate-Auth Making the case for increased funding to provide dedicated staff time to develop and support integration of local AD deployments with University SSO Undertaking the ongoing testing of new versions of Microsoft Windows and AD technologies with the direct cross-realm integration, including updates and validation of the online support documentation Dominic Hargreaves, John Ireland, Nigel Brown, Adrian Parks, 11 November 2011
Active Directory and Oxford Single Sign-On
Active Directory and Oxford Single Sign-On Bridget Lewis ICTST Adrian Parks OUCS 21 st June 2007 1 Aim How to link Active Directory to the Oxford Kerberos Single sign-on (SSO) infrastructure What is Kerberos?
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationSingle Sign-on (SSO) technologies for the Domino Web Server
Single Sign-on (SSO) technologies for the Domino Web Server Jane Marcus December 7, 2011 2011 IBM Corporation Welcome Participant Passcode: 4297643 2011 IBM Corporation 2 Agenda USA Toll Free (866) 803-2145
More informationLeverage Active Directory with Kerberos to Eliminate HTTP Password
Leverage Active Directory with Kerberos to Eliminate HTTP Password PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website: www.pistolstar.com
More informationPassword Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos
Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website:
More informationHow to Configure Outlook 2010 E-mail Client for Exchange
LAUSD IT Help Desk How to Configure Outlook 2010 E-mail Client for Exchange (03/04/2012) LAUSD IT Help Desk 333 S. Beaudry Ave. 9 th Floor Phone 213.241.5200 Table of Contents Configure Outlook 2010 for
More informationInteract Intranet Version 7. Technical Requirements. August 2014. 2014 Interact
Interact Intranet Version 7 Technical Requirements August 2014 2014 Interact Definitions... 3 Licenses... 3 On-Premise... 3 Cloud... 3 Pulic Cloud... 3 Private Cloud... 3 Perpetual... 3 Self-Hosted...
More informationUse of The Information Services Active Directory Service (AD) Code of Practice
Use of The Information Services Active Directory Service (AD) Code of Practice Introduction This code of practice is intended to support the Information Security Policy of the University and should be
More informationEnabling single sign-on for Cognos 8/10 with Active Directory
Enabling single sign-on for Cognos 8/10 with Active Directory Overview QueryVision Note: Overview This document pulls together information from a number of QueryVision and IBM/Cognos material that are
More informationLeveraging SAML for Federated Single Sign-on:
Leveraging SAML for Federated Single Sign-on: Seamless Integration with Web-based Applications whether cloudbased, private, on-premise, or behind a firewall Single Sign-on Layer v.3.2-006 PistolStar, Inc.
More informationE-Notebook SQL 12.0 Desktop Database Migration and Upgrade Guide. E-Notebook SQL 12.0 Desktop Database Migration and Upgrade Guide
E-Notebook SQL 12.0 Desktop Database Migration and Upgrade Guide 1. Introduction... 3 2. Database System... 3 2.1. Software requirements... 3 2.2. Analysis of E-Notebook 10.0 and 11.0 database... 4 2.3.
More informationNetIQ Advanced Authentication Framework. Maintenance Guide. Version 5.1.0
NetIQ Advanced Authentication Framework Maintenance Guide Version 5.1.0 Table of Contents 1 Table of Contents 2 Introduction 3 About This Document 3 Purposes of Maintenance 3 Difficulties of Maintenance
More informationMigrating Exchange Server to Office 365
Migrating Exchange Server to Office 365 By: Brien M. Posey CONTENTS Domain Verification... 3 IMAP Migration... 4 Cut Over and Staged Migration Prep Work... 5 Cut Over Migrations... 6 Staged Migration...
More informationNETWRIX IDENTITY MANAGEMENT SUITE
NETWRIX IDENTITY MANAGEMENT SUITE FEATURES AND REQUIREMENTS Product Version: 3.3 February 2013. Legal Notice The information in this publication is furnished for information use only, and does not constitute
More informationAllianz Global Investors Remote Access Guide
Allianz Global Investors Remote Access Guide Web Address: http://remote.allianzgi-us.com/ Page 1 of 34 pages Please contact the Service Desk at Table of Contents 1. Introduction to the Remote Access Page
More informationServer-based Password Synchronization: Managing Multiple Passwords
Server-based Password Synchronization: Managing Multiple Passwords Self-service Password Reset Layer v.3.2-004 PistolStar, Inc. dba PortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax:
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationUsing. Microsoft Virtual PC. Page 1
Using Microsoft Virtual PC T4 Page 1 Microsoft Virtual PC Microsoft Virtual PC allows multiple Guest Operating Systems (Virtual Machines) to run using the resources of the Host Operating System (The PC
More informationCentralized Mac Home Directories On Windows Servers: Using Windows To Serve The Mac
Making it easy to deploy, integrate and manage Macs, iphones and ipads in a Windows environment. Centralized Mac Home Directories On Windows Servers: Using Windows To Serve The Mac 2011 ENTERPRISE DEVICE
More informationArchive Migrator Install Guide
Archive Migrator Publication Date: December, 2015 All Rights Reserved. This software is protected by copyright law and international treaties. Unauthorized reproduction or distribution of this software,
More informationinforouter V8.0 Server & Client Requirements
inforouter V8.0 Server & Client Requirements Please review this document thoroughly before proceeding with the installation of inforouter Version 8. This document describes the minimum and recommended
More informationSchoolBooking SSO Integration Guide
SchoolBooking SSO Integration Guide Before you start This guide has been written to help you configure SchoolBooking to operate with SSO (Single Sign on) Please treat this document as a reference guide,
More informationVyom SSO-Edge: Single Sign-On for BMC Remedy
Vyom SSO-Edge: Single Sign-On for BMC Remedy Guaranteed ROI of BMC Remedy with Reduced Service Desk Calls, Increased BMC Remedy Adoption, Improved End-User Satisfaction, Strengthened Security and Effective
More informationQuick User Guide. The KLZ Home Page www.klz.org.uk
Revised June 2014 Secure Online Communication Zone Quick User Guide This quick user guide provides the basic information that is needed for users to get the best experience from using KLZ. It explains
More informationThis Deployment Guide is intended for administrators in charge of planning, implementing and
YOUR AUTOMATED EMPLOYEE Foxtrot Deployment Guide Enterprise Edition Introduction This Deployment Guide is intended for administrators in charge of planning, implementing and maintaining the deployment
More informationMassey University Wireless Network Client Configuration Mac OS X 10.6 10.9
Massey University Wireless Network Client Configuration Mac OS X 10.6 10.9 MAC wireless network Requirements Information Technology Services You must have an active Massey username and password (i.e. you
More informationEnabling Kerberos SSO in IBM Cognos Express on Windows Server 2008
Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008 Nature of Document: Guideline Product(s): IBM Cognos Express Area of Interest: Infrastructure 2 Copyright and Trademarks Licensed Materials
More informationGroupware Project Definition: Scope of Project
Groupware Project Groupware Project Definition: Scope of Project Authors Mark Norman, Stuart Lee, Michael Fraser, Paul Davis Contents 1. Introduction...1 2. Management...2 3. Summary of the Project Deliverables...2
More informationManaging Your Microsoft Windows Server Fleet with AWS Directory Service. May 2015
Managing Your Microsoft Windows Server Fleet with AWS Directory Service May 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational
More informationAuthentication Methods
Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the
More informationfor Networks Installation Guide for the application on the server July 2014 (GUIDE 2) Lucid Rapid Version 6.05-N and later
for Networks Installation Guide for the application on the server July 2014 (GUIDE 2) Lucid Rapid Version 6.05-N and later Copyright 2014, Lucid Innovations Limited. All Rights Reserved Lucid Research
More informationMIGRATING TO AVALANCHE 5.0 WITH MS SQL SERVER
MIGRATING TO AVALANCHE 5.0 WITH MS SQL SERVER This document provides instructions for migrating to Avalanche 5.0 from an installation of Avalanche MC 4.6 or newer using MS SQL Server 2005. You can continue
More informationThe question becomes, How does the competent Windows IT professional open up their print server to their Mac clients?
INTRODUCTION With the number of Macs growing, especially in the academic and consumer fields the need to support them has become a must have for many existing Windows environments. The question becomes,
More informationfor Networks Installation Guide for the application on the server August 2014 (GUIDE 2) Lucid Exact Version 1.7-N and later
for Networks Installation Guide for the application on the server August 2014 (GUIDE 2) Lucid Exact Version 1.7-N and later Copyright 2014, Lucid Innovations Limited. All Rights Reserved Lucid Research
More informationCA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationHow To - Implement Single Sign On Authentication with Active Directory
How To - Implement Single Sign On Authentication with Active Directory Applicable to English version of Windows This article describes how to implement single sign on authentication with Active Directory
More informationSingle Sign-On for SAP R/3 on UNIX with Centrify DirectControl and Microsoft Active Directory
W H I T E P A P E R C E N T R I F Y C O R P. M A Y 2008 Single Sign-On for SAP R/3 on UNIX with Centrify DirectControl and Microsoft Active Directory The Active Directory-Based Single Sign-On Solution
More informationUser Guide Microsoft Exchange Remote Test Instructions
User Guide Microsoft Exchange Remote Test Instructions University of Louisville Information Technology 1.1 Who Should Use It This guide is intended for University of Louisville Faculty and Staff participating
More informationContents. Supported Platforms. Event Viewer. User Identification Using the Domain Controller Security Log. SonicOS
SonicOS User Identification Using the Domain Controller Security Log Contents Supported Platforms... 1 Event Viewer... 1 Configuring Group Policy to Enable Logon Audit... 2 Events in Security Log... 4
More informationIdentikey Server Windows Installation Guide 3.1
Identikey Server Windows Installation Guide 3.1 Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis,
More informationHELP DOCUMENTATION E-SSOM INSTALLATION GUIDE
HELP DOCUMENTATION E-SSOM INSTALLATION GUIDE Copyright 1998-2013 Tools4ever B.V. All rights reserved. No part of the contents of this user guide may be reproduced or transmitted in any form or by any means
More informationAsta Powerproject Enterprise
Asta Powerproject Enterprise Overview and System Requirements Guide Asta Development plc Kingston House Goodsons Mews Wellington Street Thame Oxfordshire OX9 3BX United Kingdom Tel: +44 (0)1844 261700
More informationPearl Echo Installation Checklist
Pearl Echo Installation Checklist Use this checklist to enter critical installation and setup information that will be required to install Pearl Echo in your network. For detailed deployment instructions
More informationAvatier Identity Management Suite
Avatier Identity Management Suite Migrating AIMS Configuration and Audit Log Data To Microsoft SQL Server Version 9 2603 Camino Ramon Suite 110 San Ramon, CA 94583 Phone: 800-609-8610 925-217-5170 FAX:
More information800-782-3762 www.stbernard.com. Active Directory 2008 Implementation. Version 6.410
800-782-3762 www.stbernard.com Active Directory 2008 Implementation Version 6.410 Contents 1 INTRODUCTION...2 1.1 Scope... 2 1.2 Definition of Terms... 2 2 SERVER CONFIGURATION...3 2.1 Supported Deployment
More informationDocumentation. CloudAnywhere. http://www.cloudiway.com. Page 1
Documentation CloudAnywhere http://www.cloudiway.com Page 1 Table of Contents 1 INTRODUCTION 3 2 OVERVIEW 4 2.1 KEY FUNCTIONALITY 4 2.2 PREREQUISITES 5 3 FEATURES 6 3.1 A UNIVERSAL PROVISIONING SOLUTION.
More informationNovell ZENworks Asset Management 7.5
Novell ZENworks Asset Management 7.5 w w w. n o v e l l. c o m October 2006 INSTALLATION GUIDE Table Of Contents 1. Installation Overview... 1 If you are upgrading... 1 Installation Choices... 1 ZENworks
More informationfor Networks Installation Guide for the application on a server September 2015 (GUIDE 2) Memory Booster version 1.3-N and later
for Networks Installation Guide for the application on a server September 2015 (GUIDE 2) Memory Booster version 1.3-N and later Copyright 2015, Lucid Innovations Limited. All Rights Reserved Lucid Research
More informationADAM 5.5. System Requirements
ADAM 5.5 System Requirements 1 1. Overview The schema below shows an overview of the ADAM components that will be installed and set up. ADAM Server: hosts the ADAM core components. You must install the
More informationHow to configure your Windows PC post migrating to Microsoft Office 365
How to configure your Windows PC post migrating to Microsoft Office 365 1 Contents Purpose... 3 Document Support Boundaries... 3 Examples used in this document... 4 Several different Microsoft Office 365
More informationLync Online Deployment Guide. Version 1.0
Date 28/07/2014 Table of Contents 1. Provisioning Lync Online... 1 1.1 Operating System Requirements... 1 1.2 Browser Requirements Administrative Centre... 1 2. Obtaining your login Credentials & Logging
More informationLepide Active Directory Self Service. Configuration Guide. Follow the simple steps given in this document to start working with
Lepide Active Directory Self Service Configuration Guide 2014 Follow the simple steps given in this document to start working with Lepide Active Directory Self Service Table of Contents 1. Introduction...3
More informationQuality Management Consultancy
Microsoft Active Directory Domain Objectives:- Learn what s new and what s updated in Active Directory Domain Services Install, upgrade and configure Windows Server 2012 Domain Controllers Work with the
More informationSCOPE OF SERVICE Hosted Cloud Storage Service: Scope of Service
Hosted Cloud Storage Service: Scope of Service 1. Definitions 1.1 For the purposes of this Schedule: Access Account is an End User account with Data Storage requiring authentication via a username and
More informationHow To Create An Easybelle History Database On A Microsoft Powerbook 2.5.2 (Windows)
Introduction EASYLABEL 6 has several new features for saving the history of label formats. This history can include information about when label formats were edited and printed. In order to save this history,
More informationWhite Pages Managed Service Solution Rapid Global Directory Implementation. White Paper
White Pages Managed Service Solution Rapid Global Directory Implementation White Paper December 2014 Author: Tom Eggleston Version: 1.0 Status: FINAL Reference: DA-WP01 Creation Date: 03/12/14 Revision
More informationAn identity management solution. TELUS AD Sync
An identity management solution TELUS AD Sync June 2013 Introduction An important historic challenge faced by small and mid-sized businesses when opting for the TELUS Business E-mail Service is the requirement
More informationMod 2: User Management
Office 365 for SMB Jump Start Mod 2: User Management Chris Oakman Managing Partner Infrastructure Team Eastridge Technology Stephen Hall CEO & SMB Technologist District Computers 1 Jump Start Schedule
More informationHosted Microsoft Exchange Client Setup & Guide Book
Hosted Microsoft Exchange Client Setup & Guide Book Section 1 Microsoft Outlook Web Access (OWA) access directions Section 2 Windows Mobile Phone ActiveSync setup & configuration Section 3 - Apple iphone
More informationNTP Software File Auditor for Windows Edition
NTP Software File Auditor for Windows Edition An NTP Software Installation Guide Abstract This guide provides a short introduction to installation and initial configuration of NTP Software File Auditor
More informationContents. Before You Install... 3. Server Installation... 5. Configuring Print Audit Secure... 10
Installation Guide Contents Before You Install... 3 Server Installation... 5 Configuring Print Audit Secure... 10 Configuring Print Audit Secure to use with Print Audit 6... 15 Licensing Print Audit Secure...
More informationSINGLE SIGN-ON FOR MTWEB
SINGLE SIGN-ON FOR MTWEB FOR MASSTRANSIT ENTERPRISE WINDOWS SERVERS WITH DIRECTORY SERVICES INTEGRATION Group Logic, Inc. November 26, 2008 Version 1.1 CONTENTS Revision History...3 Feature Highlights...4
More informationXIA Configuration Server
XIA Configuration Server XIA Configuration Server v7 Installation Quick Start Guide Monday, 05 January 2015 1 P a g e X I A C o n f i g u r a t i o n S e r v e r Contents Requirements... 3 XIA Configuration
More informationNetwork Computing Architects Inc. (NCA) Network Operations Center (NOC) Services
Network Computing Architects Inc. (NCA), provides outsourced IT services by monitoring and managing clients computing assets. Included Services: For all systems covered under NOC Support, the following
More informationScoMIS Encryption Service
Introduction This guide explains how to install the ScoMIS Encryption Service Software onto a laptop computer. There are three stages to the installation which should be completed in order. The installation
More informationRichmond Systems. SupportDesk Quick Start Guide
Richmond Systems SupportDesk Quick Start Guide Table of Contents SupportDesk Quick Start Guide...1 Introduction...1 Pre-requisites...2 Installation at a Glance...2 Installation...3 Setup Console...13
More informationInstalling and Configuring Active Directory Agent
CHAPTER 2 Active Directory Agent is a software application that comes packaged as a Windows installer. You must install it on a Windows machine and configure it with client devices and AD domain controllers.
More informationWorking Together - Your Apple Mac and Microsoft Windows
Contains information about complex concepts and /or requires technical knowledge to get the most out of the article. Aimed at the more experienced / ambitious ICT manager or accidental techie. Working
More informationActive Directory Integration
Active Directory Integration Last updated March 2016 Contents Introduction:... 2 Administration configuration set up:... 2 Configuring for a single OU import... 3 User Importing... 3 Active Directory and
More informationE-Notebook SQL13.0 Desktop Migration and Upgrade Guide
E-Notebook SQL13.0 Desktop Migration and Upgrade Guide Last Modified: October 09, 2012 TABLE OF CONTENTS 1 Introduction... 3 2 Software Requirements... 3 2.1 Single User... 3 2.2 Remote (Shared Database
More informationTenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.
Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,
More informationServer External Authentication. FileMaker 9 Product Line
Server External Authentication FileMaker 9 Product Line Table of Contents What is Server External Authentication?...3 Why Use Server External Authentication?...3 Making Server External Authentication work...4
More informationIDENTITY MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region
IDENTITY MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationTest Case 3 Active Directory Integration
April 12, 2010 Author: Audience: Joe Lowry and SWAT Team Evaluator Test Case 3 Active Directory Integration The following steps will guide you through the process of directory integration. The goal of
More informationRSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide
RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks
More informationTechnical Specifications
Technical Specifications Deployment and Integration The zero footprint web architecture ensures no intrusion on your users computers. Use ZAP CubeXpress to bring in Microsoft Dynamics customizations and
More informationE M A I L S E T - U P G U I D E
E M A I L S E T - U P G U I D E In our effort to help eliminate unwanted Spam, your email system hosted on our SplashWeb server, has additional security features. Unfortunately, this does make setting
More information1 (11) Paperiton DMS Document Management System System Requirements Release: 2012/04 2012-04-16
1 (11) Paperiton DMS Document Management System System Requirements Release: 2012/04 2012-04-16 2 (11) 1. This document describes the technical system requirements for Paperiton DMS Document Management
More informationInstalling and Configuring WhatsUp Gold
Installing and Configuring WhatsUp Gold This guide provides information about installing and configuring WhatsUp Gold v14.2, including instructions on how to run the WhatsUp web interface through an Internet
More informationwww.stbernard.com Active Directory 2008 Implementation Guide Version 6.3
800 782 3762 www.stbernard.com Active Directory 2008 Implementation Guide Version 6.3 Contents 1 INTRODUCTION... 2 1.1 Scope... 2 1.2 Definition of Terms... 2 2 SERVER CONFIGURATION... 3 2.1 Supported
More informationMashup Sites for SharePoint 2007 Authentication Guide. Version 3.2.1
Mashup Sites for SharePoint 2007 Authentication Guide Version 3.2.1 Copyright Copyright 2012, JackBe Corp. and its affiliates. All rights reserved. Terms of Use This documentation may be printed and copied
More informationMashup Sites for SharePoint 2007 Authentication Guide. Version 3.1.1
Mashup Sites for SharePoint 2007 Authentication Guide Version 3.1.1 Copyright Copyright 2010-2011, JackBe Corp. and its affiliates. All rights reserved. Terms of Use This documentation may be printed and
More information2X Cloud Portal v10.5
2X Cloud Portal v10.5 URL: www.2x.com E-mail: info@2x.com Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise
More informationHow To Install Help Desk Premier
Help Desk Premier Installation Guide 2012 BrightBox Solutions All rights reserved. Last Updated October, 2012 Help Desk Premier is a trademark of BrightBox Solutions. Help Desk Premier software and the
More informationNovaBACKUP xsp Version 15.0 Upgrade Guide
NovaBACKUP xsp Version 15.0 Upgrade Guide NovaStor / November 2013 2013 NovaStor, all rights reserved. All trademarks are the property of their respective owners. Features and specifications are subject
More informationInstallation and Setup Guide
Installation and Setup Guide Contents 1. Introduction... 1 2. Before You Install... 3 3. Server Installation... 6 4. Configuring Print Audit Secure... 11 5. Licensing... 16 6. Printer Manager... 17 7.
More informationActive Directory Integration OID & AD in Harmony. Ray Tindall SAGE Computing Services
Active Directory Integration OID & AD in Harmony Ray Tindall SAGE Computing Services Active Directory Integration OID & AD in Harmony? SAGE Computing Services Customised Oracle Training Workshops and Consulting
More informationSage Grant Management System Requirements
Sage Grant Management System Requirements You should meet or exceed the following system requirements: One Server - Database/Web Server The following system requirements are for Sage Grant Management to
More informationHow To Install A New Database On A 2008 R2 System With A New Version Of Aql Server 2008 R 2 On A Windows Xp Server 2008 (Windows) R2 (Windows Xp) (Windows 8) (Powerpoint) (Mysql
Microsoft SQL Server Express 2008 R2 Install on Windows Server 2008 r2 for HoleBASE SI The following guide covers setting up a SQL server Express 2008 R2 system and adding a new database and user for HoleBASE
More informationAWS Directory Service. Simple AD Administration Guide Version 1.0
AWS Directory Service Simple AD Administration Guide AWS Directory Service: Simple AD Administration Guide Copyright 2015 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's
More informationWindows Server 2003 Active Directory: Perspective
Mary I. Hubley, MaryAnn Richardson Technology Overview 25 September 2003 Windows Server 2003 Active Directory: Perspective Summary The Windows Server 2003 Active Directory lies at the core of the Windows
More informationNetwrix Auditor for Windows Server
Netwrix Auditor for Windows Server Quick-Start Guide Version: 7.0 7/7/2015 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment from
More informationKaseya Server Instal ation User Guide June 6, 2008
Kaseya Server Installation User Guide June 6, 2008 About Kaseya Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations. Kaseya's
More informationSyncLockStatus Evaluator s Guide
SyncLockStatus Evaluator s Guide 2011 Table of Contents Introduction... 2 System Requirements... 2 Required Microsoft Components... 2 Contact Information... 3 SyncLockStatus Architecture... 3 SyncLockStatus
More informationaims sql server installation guide
aims sql server installation guide Document Version: 4000 February 2015 CONTENTS AIMS Installation Guide... 3 Installing the AIMS Software... 4 Pre-Requisites... 4 Installation... 4 Shortcuts... 4 Directory
More informationCross-Realm Trust Interoperability, MIT Kerberos and AD
Cross-Realm Trust Interoperability, MIT Kerberos and AD Dmitri Pal Sr. Engineering Manager Red Hat Inc. 10/27/2010 1 INTERNAL ONLY PRESENTER NAME What is our focus? Traditional view on Kerberos interoperability
More informationRSA Authentication Manager 7.1 Basic Exercises
RSA Authentication Manager 7.1 Basic Exercises Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA and the RSA logo
More informationBarTender Print Portal. Web-based Software for Printing BarTender Documents WHITE PAPER
BarTender Print Portal Web-based Software for Printing BarTender Documents WHITE PAPER Contents Overview 3 Installing Print Portal 4 Configuring Your Installation 4 Supported Printing Technologies 5 Web
More information