User Management in ServerView 6.30
|
|
- Avis Doyle
- 8 years ago
- Views:
Transcription
1 User Guide - English FUJITSU Software ServerView Suite User Management in ServerView 6.30 Centralized Authentication and role-based Authorization Edition March 2014
2 Comments Suggestions Corrections The User Documentation Department would like to know your opinion of this manual. Your feedback helps us optimize our documentation to suit your individual needs. Feel free to send us your comments by to Certified documentation according to DIN EN ISO 9001:2008 To ensure a consistently high quality standard and user-friendliness, this documentation was created to meet the regulations of a quality management system which complies with the requirements of the standard DIN EN ISO 9001:2008. cognitas. Gesellschaft für Technik-Dokumentation mbh Copyright and Trademarks Copyright 2014 Fujitsu Technology Solutions GmbH. All rights reserved. Delivery subject to availability; right of technical modifications reserved. All hardware and software names used are trademarks of their respective manufacturers.
3 Contents 1 Introduction Authorization and authentication concept Target Groups of this Manual Structure of the manual Changes since the previous manual ServerView Suite link collection Documentation for ServerView Suite Notational Conventions User management and security architecture (overview) Prerequisites Global user management using an LDAP directory service Benefits of using a directory service Supported directory services Using Open DJ or an already existing, configured directory service Common user management for the ServerView Suite and the irmc S2/S3/S Role Based Access Control (RBAC) Users, user roles and privileges RBAC implementation in OpenDJ RBAC combined with an already existing configured directory service Single sign-on (SSO) using a CAS service CAS based SSO architecture Single sign-on from the user s point of view User Management in ServerView
4 3 ServerView user management via an LDAP directory service Configuring directory service access ServerView user management with OpenDJ Predefined users and roles Defining / changing the passwords of the predefined users OpenDJ Directory Manager s password Defining / changing the password of svuser Changing predefined passwords of the predefined users Administrator, Monitor, Operator and UserManager Changing the LDAP ports of OpenDJ Changing the LDAP port numbers on Windows systems Changing the LDAP port numbers on Linux systems Managing users, roles and privileges in OpenDJ Starting ServerView User Management Change your own password for OpenDJ User Management wizard Integrating an irmc S2/S3/S4 into ServerView user management with OpenDJ and SSO Integrating an irmc S2/S3/S4 into ServerView user management with OpenDJ Configuring the irmc S2/S3 web interface for CAS-based single sign-on (SSO) authentication Backing up and restoring OpenDJ data Backing up and restoring OpenDJ data on Windows systems Backing up and restoring OpenDJ data on Linux systems Integrating ServerView user management into Microsoft Active Directory Changing the password of the LDAP bind account LDAP Password Policy Enforcement (LPPE) Managing SSL Certificates on the CMS and managed nodes Managing SSL Certificates (Overview) Managing SSL certificates on the CMS A self-signed certificate is created automatically during setup Creating a CA Certificate Software tools to manage certificates and keys User Management in ServerView
5 4.2.4 Replacing the certificate on the Central Management Station (CMS) Replacing the certificate on a Windows system Replacing the certificate on a Linux system Preparing managed nodes for RBAC and client authentication Transferring <system_name>.scs.pem and <system_name>.scs.xml to the managed node Installing the certificate files on a Windows system Installing the certificate files together with the ServerView agents Installing the certificate files on a Windows system where the ServerView agents are already installed Installing the certificate files on a Linux or VMware system Installing the certificate files together with the ServerView agents Installing the certificate files on a Linux/VMware system where the ServerView agents are already installed Installing the certificate via ServerView Update Manager (on a Windows / Linux / VMware system) Using the ServerView Update Manager to install the CMS certificate on the managed node (overview) Installing the CMS certificate on the managed node Uninstalling the CMS certificate from the managed node Role-based permissions for accessing Operations Manager Privilege categories and related privileges Privilege categories (overview) AgentDeploy category AlarmMgr category ArchiveMgr category BackupMgr category Common category ConfigMgr category InvMgr category irmc_mmb category PerfMgr category PowerMon category RackManager category User Management in ServerView
6 RaidMgr category RemDeploy category ReportMgr category SCS category ServerList category UpdMgr category UserMgr category VIOM category Predefined users and roles in OpenDJ Audit logging Audit log storage location Audit log entries Types of audit log entries Header of an audit log entry Structured data of an audit log entry origin element ServerView:env@231 element ServerView:audit@231 element ServerView[.<COMP_NAME>]:msg@231 element ServerView[.<COMP_NAME>]:<operation>@231 element Examples: Entries in the audit log file Appendix 1 - Global irmc S2/S3 user management via an LDAP directory service User management concept for the irmc S2/S Global user management for the irmc S2/S Overview irmc S2/S3 user management via an LDAP directory service (concept) Global irmc S2/S3 user management using roles Organizational unit (OU) SVS Cross-server, global user permissions SVS: Permission profiles are defined via roles SVS_LdapDeployer - Generating, maintaining and deleting the SVS structures Configuration file (XML file) User Management in ServerView
7 Starting SVS_LdapDeployer deploy: Create or modify an LDAP v2 structure delete: Deleting an LDAP v2 structure Typical application scenarios Performing an initial configuration of an LDAP v2 structure Re-generating or expanding an LDAP v2 structure Re-generating an LDAP v2 structure and prompting for and saving authentication data irmc S2/S3 user management via Microsoft Active Directory Configuring irmc S2/S3 LDAP/SSL access at the Active Directory server Assigning user roles to an irmc S2/S3 user irmc S2/S3 user management via Novell edirectory Software components and system requirements Installing Novell edirectory Configuring Novell edirectory Integrating irmc S2/S3 user management in Novell edirectory Assigning an irmc S2/S3 user to a permission group Tips on administering Novell edirectory irmc S2/S3 user management via OpenLDAP Installing OpenLDAP Creating SSL certificates Configuring OpenLDAP Integrating irmc S2/S3 user management in OpenLDAP Tips on OpenLDAP administration Configuring alerting to global irmc S2/S3 users Global alerting Displaying alert roles Assigning irmc S2/S3 users to an alert role SSL copyright Appendix 2 - Global irmc S4 user management via an LDAP directory service User management concept for the irmc S Global user management for the irmc S Overview irmc S4 user management via an LDAP directory service (concept) Global irmc S4 user management using roles User Management in ServerView
8 Organizational unit (OU) SVS Cross-server, global user permissions SVS: Permission profiles are defined via roles SVS_LdapDeployer - Generating, maintaining and deleting the SVS structures Configuration file (XML file) Starting SVS_LdapDeployer deploy: Create or modify an LDAP v2 structure delete: Deleting an LDAPv2 structure Typical application scenarios Performing an initial configuration of an LDAP v2 structure Re-generating or expanding an LDAP v2 structure Re-generating an LDAP v2 structure and prompting for and saving authentication data irmc S4 user management via Microsoft Active Directory Configuring irmc S4 LDAP/SSL access at the Active Directory server Assigning user roles to an irmc S4 user irmc S4 user management via Novell edirectory Software components and system requirements Installing Novell edirectory Configuring Novell edirectory Integrating irmc S4 user management in Novell edirectory Assigning an irmc S4 user to a permission group Tips on administering Novell edirectory irmc S4 user management via OpenLDAP Installing OpenLDAP Creating SSL certificates Configuring OpenLDAP Integrating irmc S4 user management in OpenLDAP Tips on OpenLDAP administration Configuring alerting to global irmc S4 users Global alerting Displaying alert roles Assigning irmc S4 users to an alert role SSL copyright User Management in ServerView
9 1 Introduction This manual describes the authorization and authentication concept on which the global user management and the security architecture of the ServerView Suite and the irmc S2/S3/S4 are based. 1.1 Authorization and authentication concept User management and security architecture of the ServerView Suite and the irmc S2/S3/S3/S4 are based on three fundamental concepts: Global user management using an LDAP directory service Role Based Access Control (RBAC) Single sign-on (SSO) based on a centralized authentication service (CAS) Global user management using an LDAP directory service Users are stored and managed centrally for all related central management stations (CMS) by means of a directory service. The directory service provides all data needed for authentication and authorization. You have the option to use ServerView Operations Manager s own preconfigured directory service (ForgeRock s OpenDJ) or an already operating, configured directory service (e.g. Microsoft Active Directory). Role Based Access Control (RBAC) Role Based Access Control (RBAC) manages access control by defining a set of user roles (security roles). One or more roles are assigned to each user, and one or more user privileges are assigned to each role. RBAC allows you to align your security concept with the structure of your organization by assigning a task-oriented permission profile to each role. RBAC is already implemented in the OpenDJ directory service, which is automatically installed during the installation of ServerView Operations Manager. If you use an already configured directory service such as Active Directory, you have to additionally import the ServerView-specific privileges into it. Subsequently, you can assign the required roles to the users that are supposed to have the associated privileges. User Management in ServerView 9
10 Target Groups of this Manual Single sign-on (SSO) The ServerView Suite provides the single sign-on (SSO) feature for the login to its individual components. The SSO is based on a central authentication service (CAS). SSO means you have to prove your authentication only once. Once your authentication has been successful, you can access all ServerView components without being prompted to log in again at any of them. 1.2 Target Groups of this Manual This manual is intended for system administrators, network administrators and service technicians who already have a basic knowledge of hardware and software. The manual provides an overview of the authorization and authentication concept of the ServerView Suite and describes in detail the steps you have to take to setup ServerView user management or to integrate ServerView user management into the already existing user management of your IT. 10 User Management in ServerView
11 Structure of the manual 1.3 Structure of the manual This manual provides you with information about the following topics: Chapter 2: User management and security architecture (overview) This chapter provides you with an overview of the authorization and authentication concept of the ServerView Suite. Chapter 3: ServerView user management via an LDAP directory service This chapter provides you with information on the following topics: Configuring directory service access. ServerView user management with OpenDJ Integrating ServerView user management into Microsoft Active Directory. Chapter 4: Managing SSL Certificates on the CMS and the managed nodes This chapter provides you with information on the following topics: Managing SSL Certificates (overview). Managing SSL Certificates on the Central Management Station (CMS). Preparing managed nodes for RBAC and client authentication. Chapter 5: Role-based permissions on accessing Operations Manager This chapter provides you with detailed information on the following topics: Privilege categories and related privileges. Predefined users and roles in OpenDJ Chapter 6: Audit logging This chapter provides you with detailed information on CAS-related audit logging, the audit log storage location, and the structure of the audit log entries. User Management in ServerView 11
12 Changes since the previous manual Appendix 1 : irmc S2/S3 user management via an LDAP directory service This chapter provides you with information on the following topics: Global User management concept for the irmc S2/S3. User permissions, permission groups and roles. irmc S2/S3 user management via Microsoft Active Directory, Novell edirectory, OpenLDAP, and OpenDJ. Appendix 2 : irmc S4 user management via an LDAP directory service This chapter provides you with information on the following topics: Global User management concept for the irmc S4. User permissions, permission groups and roles. irmc S4 user management via Microsoft Active Directory, Novell edirectory, OpenLDAP, and OpenDJ. 1.4 Changes since the previous manual This edition of the "User Management in ServerView" manual is valid for the ServerView Operations Manager version 6.30 and replaces the following online manual: ServerView Suite - User Management in ServerView, October 2013 edition. The manual features the following changes and enhancements: A new script has been provided for changing the password of the read-only user account being used for the LDAP queries on Active Directory. This script allows you to change the password without having to restart a Windows service or Linux daemon, see section "Changing the password of the LDAP bind account" on page User Management in ServerView
13 ServerView Suite link collection 1.5 ServerView Suite link collection Via the link collection, Fujitsu Technology Solutions provides you with numerous downloads and further information on the ServerView Suite and PRIMERGY servers. For ServerView Suite, links are offered on the following topics: Forum Service Desk Manuals Product information Security information Software downloads Training I The downloads include the following: Current software versions for the ServerView Suite as well as additional Readme files. Information files and update sets for system software components (BIOS, firmware, drivers, ServerView agents and ServerView update agents) for updating the PRIMERGY servers via ServerView Update Manager or for locally updating individual servers via ServerView Update Manager Express. The current versions of all documentation on the ServerView Suite. You can retrieve the downloads free of charge from the Fujitsu Technology Solutions Web server. For PRIMERGY servers, links are offered on the following topics: Service Desk Manuals Product information Spare parts catalogue User Management in ServerView 13
14 Documentation for ServerView Suite Access to the link collection You can reach the link collection of the ServerView Suite in various ways: 1. Via ServerView Operations Manager. Select Help Links on the start page or on the menu bar. This opens the start page of the ServerView link collection. 2. Via the start page of the online documentation for the ServerView Suite on the Fujitsu Technology Solutions manual server. I You access the start page of the online documentation via the following link: In the selection list on the left, select Industry standard servers. Click the menu item PRIMERGY ServerView Links. This opens the start page of the ServerView link collection. 3. Via the ServerView Suite DVD. In the start window of the ServerView Suite DVD, select the option Select ServerView Software Products. Click Start. This takes you to the page with the software products of the ServerView Suite. On the menu bar select Links. This opens the start page of the ServerView link collection. 1.6 Documentation for ServerView Suite The documentation can be downloaded free of charge from the Internet. You will find the online documentation at under the link x86 Servers. For an overview of the documentation to be found under ServerView Suite as well as the filing structure, see the ServerView Suite sitemap (ServerViewSuite Site Overview). 14 User Management in ServerView
15 Notational Conventions 1.7 Notational Conventions The following notational conventions are used in this manual: V Caution I This symbol points out hazards that can lead to personal injury, loss of data or damage to equipment. This symbol highlights important information and tips. italics fixed font semi-bold fixed font <abc> [Key symbols] Table 1: Notational conventions This symbol refers to a step that you must carry out in order to continue with the procedure. Commands, menu items, names of buttons, options, variables, file names and path names are shown in italics in descriptive text. System outputs are indicated using a fixed font. Commands to be entered via the keyboard are written in a semi-bold fixed font. Angle brackets are used to enclose variables which are to be replaced by actual values. Keys are shown according to their representation on the keyboard. If uppercase letters are to be entered explicitly, then the Shift key is shown, e.g. [SHIFT] - [A] for A. If two keys need to be pressed at the same time, this is shown by placing a hyphen between the two key symbols. References to text or sections of text in this manual are shown with the chapter or section heading and the page on which that chapter or section begins. Screen outputs Please note that the screen output is dependent in part on the system used and therefore some details may not correspond exactly to the output you will see on your system. You may also see system-dependent differences in the menu items available. User Management in ServerView 15
16
17 2 User management and security architecture (overview) The authorization and authentication concept provided by the user management and security architecture of the ServerView Suite is based on three fundamental concepts: "Global user management using an LDAP directory service" on page 20: User names are stored and managed centrally for all related platforms using a directory service. The directory service provides all data needed for authentication and authorization. "Role Based Access Control (RBAC)" on page 23: Role Based Access Control (RBAC) manages user authorization by assigning permissions by means of user roles (security roles). In this case, each role defines a specific, task-oriented permission profile. "Single sign-on (SSO) using a CAS service" on page 26: The various ServerView products have their own Web servers or application servers, which all have to individually determine a user s identify before allowing administrative access. This would require the user to issue repeatedly his or her credentials whenever changing from one product s web pages to the ones of another. With SSO, a user logs in once and is subsequently able to access all systems and services participating at the "SSO domain" without being prompted to log in again at any of them. An "SSO Domain" comprises all systems where authentication is performed using the same CAS service. The following sections provide more detailed information about these concepts. I Interaction between ServerView Operations Manager Ï 5.0 and ServerView Agents < 5.0: ServerView Agents < V5.0 do not support the concepts mentioned above. Nevertheless, you can use ServerView Operations Manager V5.x to perform any operations (including security-relevant operations) for ServerView Agents < V5.0. To enable this, Operations Manager s user/password list must contain valid entries (user/password combinations with the appropriate permissions) for the related managed nodes. The procedure is similar to that used in ServerView Operations Manager < V5.0. Single sign-on is not supported. User Management in ServerView 17
18 Prerequisites 2.1 Prerequisites ServerView Suite user management and security architecture require the following software: JBoss Web server As of version 5.0, ServerView Operations Manager uses the JBoss Web server. The required files are installed automatically together with the ServerView Operations Manager software. JBoss is configured as an independent service referred to as ServerView JBoss Applications Server 7. You can start / stop the service as follows: On Windows Server 2008/2012 systems: Select Administrative Tools - Services I On all Windows systems, you can alternatively use the following CLI commands for starting and stopping the JBoss service: "%WINDIR%\system32\net.exe" start "ServerView JBoss Application Server 7" "%WINDIR%\system32\net.exe" stop "ServerView JBoss Application Server 7" On Linux systems, use the following command: /etc/init.d/sv_jboss start stop LDAP directory service During installation of ServerView Operations Manager, you can select whether you want to use ServerView Operations Manager s internally used OpenDJ directory service or an already existing directory service (e.g. Microsoft Active Directory). 18 User Management in ServerView
19 Prerequisites Centralized Authentication Service (CAS) The CAS service is needed for the single sign-on (SSO) feature. The CAS service caches user credentials on the server side and subsequently authenticates users invisibly when they request for different services. CAS is installed automatically along with the ServerView Operations Manager software. For details on how to install the ServerView Operations Manager, which includes the components mentioned above, please refer to the manuals "ServerView Operations Manager - Installation under Windows" and "ServerView Operations Manager - Installation under Linux". User Management in ServerView 19
20 Global user management using an LDAP directory service 2.2 Global user management using an LDAP directory service The global user management of the ServerView Suite and of the irmc S2/S3/S4 each centrally stores users for all Central Management Stations (CMS) / irmc S2/S3/S4 in the directory of an LDAP directory service. This enables you to manage the users on a central server. The users can therefore be used by all the CMS and irmc S2/S3/S4 that are connected to this server in the network. I Important note: Performing integrated user management based on a common directory service only works for both ServerView users and global irmc S2/S3/S4 users if the irmc S2/S3/S4 is configured to belong to the DEFAULT department. I Throughout this manual, the term "user management of the irmc S2/S3/S4" is used in the sense of "global" irmc S2/S3/S4 user management. Besides, the irmc S2/S3/S4 supports "local" user management, which stores the related user IDs locally in the irmc S2/S3/S4 s non-volatile storage and manages them via the irmc S2/S3/S4 user interfaces (see the "irmc S2/S3 - integrated Remote Management Controller" and the "irmc S4 - integrated Remote Management Controller" manuals for details) Benefits of using a directory service The use of a directory service offers the following benefits: A directory service manages real user identities thus making it possible to use personal identities instead of unspecific local accounts. A directory service uncouples user management from server management. Thus, a server administrator cannot change user rights unless he or she has the right to modify directory service data. ServerView uses the directory service for both authentication and authorization of a user: Authentication validates a user s identity: "Who are you?" Authorization defines a user s rights: "What are you allowed to do?" 20 User Management in ServerView
21 Global user management using an LDAP directory service Furthermore, using a directory service for the CMS allows you to use the same user identifications for logins on the CMS and on the managed servers Supported directory services Directory services supported by the ServerView Suite: The ServerView Suite currently supports the following directory services: OpenDJ (running in "embedded" mode on JBoss). Microsoft Active Directory I During the installation of ServerView Operations Manager you have the option to choose ServerView's internal directory service (OpenDJ). Directory services supported by the irmc S2/S3/S4: The irmc S2/S3/S4 currently supports the following directory services: Microsoft Active Directory Novell edirectory OpenLDAP OpenDJ (running in "embedded" mode on JBoss) Using Open DJ or an already existing, configured directory service Using OpenDJ If you do not specify a separate directory service during the installation of Operations Manager, the setup installs ForgeRock's OpenDJ as its own directory service. The service runs in "embedded" mode on JBoss. Thus, OpenDJ is only available if the service ServerView JBoss Application Server 7 is running. Using an already existing, configured directory service If a directory service (e.g. Microsoft Active Directory) has already been established for the user management in your IT environment, you can use it instead of ServerView's own OpenDJ. User Management in ServerView 21
22 Global user management using an LDAP directory service Common user management for the ServerView Suite and the irmc S2/S3/S4 Using Active Directory, you can set up a cross-server user management comprising all servers managed by the ServerView Suite as well as the related irmc S2/S3/S4. CMS Login Authentication (SSL) irmc S2/S3/S4... Login Authentication (SSL) Directory service (e.g. Active Directory) Central user identifications ServerView RAID Login Authentication (SSL) Figure 1: Shared use of the global users by various components of the ServerView suite Communications between the individual CMS / irmc S2/S3/S4 /... and the central directory service is performed via the TCP/IP protocol LDAP (Lightweight Directory Access Protocol). LDAP makes it possible to access the directory services used most frequently and most suitable for user management. I For security reasons, it is urgently recommended that communication via LDAP is secured by SSL. Otherwise passwords are transmitted in plain text. 22 User Management in ServerView
23 Role Based Access Control (RBAC) 2.3 Role Based Access Control (RBAC) User management of the ServerView Suite as well as global irmc S2/S3/S4 user management is based on role-based access control (RBAC), which enables you to align your security concept with your organization s structure. RBAC is based on the principle of least privilege. This means that no user should have more privileges than are necessary for using a particular ServerView component or performing a particular ServerView-specific task Users, user roles and privileges RBAC controls the assignment of permissions to users by means of user roles instead of directly assigning the corresponding privileges to users: A set of privileges is assigned to each user role. Each set defines a specific, task-oriented permission profile for activities on the ServerView Suite. One or more roles are assigned to each user. The concept of user roles offers important advantages, including: The individual permissions do not need to be assigned to each user or user group individually. Instead, they are assigned to the user role. It is only necessary to adapt the permissions of the user role if the permission structure changes. Several roles may be assigned to each user. In this case, the permissions for this user are defined by the sum of the permissions of all assigned roles. User Management in ServerView 23
24 Role Based Access Control (RBAC) RBAC implementation in OpenDJ RBAC is already implemented in the OpenDJ directory service that is automatically installed during the installation of Operations Manager. Predefined users and roles By default, OpenDJ provides the predefined user roles Administrator, Monitor, Operator, and UserAdministrator, each of them being dedicated to one of the predefined users Administrator, Monitor, Operator, and UserManager, respectively. You can of course align your security concept with your organization s structure by creating additional users, roles, and role-to-user assignments. In figure 2 is shown the concept of role-based assignment of user permissions with the user names Administrator, Monitor, Operator and UserManager and the corresponding roles Administrator, Monitor, Operator and UserAdministrator. Users Administrator Operator Monitor UserManager Roles Administrator Operator Monitor UserAdministrator Privileges e.g. modify alarm config. e.g. access archive mgr. e.g. access serverlist UserMgmt Figure 2: Example of role-based assignment of user permissions I Strictly speaking, OpenDJ predefines two additional users that are comprehensively authorized and dedicated to special purposes: "cn=directory Manager" (OpenDJ's Directory Manager account) and svuser (used for accessing the directory service by CAS and ServerView's security module). The scope of permissions granted by the predefined user roles increases from Monitor (lowest permission level) through Operator up to Administrator (highest permission level). For details, see chapter "Audit logging" on page User Management in ServerView
25 Role Based Access Control (RBAC) I The UserAdministrator role does not match this hierarchy as its only purpose is to provide the privileges allowing for user management with OpenDJ. If an external directory service (e.g. Active Directory) is used for user management in ServerView, the UserAdministrator role is not imported into this directory service. Aligning your security concept with your organization s structure To align your security concept with your organization s structure, the ServerView Suite allows you to conveniently create additional users, roles, and role-to-user assignments by using the User Management link under the Security entry in the SerververView Operations Manager s start page RBAC combined with an already existing configured directory service You can also integrate RBAC user management for the ServerView Suite into your already existing RBAC user management that is based on a configured directory service (e.g. Microsoft Active Directory). See section "Integrating ServerView user management into Microsoft Active Directory" on page 60) for details. User Management in ServerView 25
26 Single sign-on (SSO) using a CAS service 2.4 Single sign-on (SSO) using a CAS service In order to allow users to login to their individual components (e.g. Web services), the ServerView Suite provides the single sign-on (SSO) feature. ServerView implements the SSO mechanism by means of a central authentication service (CAS), which processes the single sign-on procedure in a completely transparent manner from the user s point of view. V Important! Always sign off and close your browser if you have to let your PC unattended! The CAS stores the information on a user s identity in a secure browser cookie (Ticket Granting Cookie, TGC, see page 28), which is deleted when the user explicitly signs off, or when the user closes the browser. An unattended browser session therefore represents a severe security gap. I Requirement for using SSO: The CAS service must be configured for all irmc S2/S3/S4 participating in the SSO domain (see the "irmc S2/S3 - integrated Remote Management Controller" and the "irmc S4 - integrated Remote Management Controller" manual for details). It is absolutely necessary that all systems participating in the SSO domain reference the CMS via the same addressing representation. (An SSO Domain comprises all systems where authentication is performed using the same CAS service.) Thus, for example, if you have installed the ServerView Operations Manager by using the name "my-cms.my-domain", you must specify exactly the same name for configuring the CAS service for an irmc S2/S3/S4. If, instead, you specify only "my-cms" or another IP address of my-cms, SSO will not be enabled between the two systems. 26 User Management in ServerView
27 Single sign-on (SSO) using a CAS service CAS based SSO architecture An SSO architecture is based on the following components and items: CAS service providing the centralized authentication service CAS client as part of any "casified" ServerView Suite component Service Ticket (ST) Ticket Granting Ticket (TGT) Centralized Authentication Service (CAS service) manages user authentication The CAS service manages the central user authentication. For this purpose, the CAS service mediates between the browser on the management console (client system) and the directory service that manages the users. CAS client intercepts and redirects the service request The CAS client is part of any "casified" ServerView Suite component. It is a filter that intercepts any request to the component in order to validate the user's authentication. The CAS client redirects the request to the CAS service, which subsequently processes user authentication. Service Ticket (ST) and Service Granting Ticket (TGT) After having successfully authenticated the user, the CAS service assigns the so-called Ticket Granting Ticket (TGT) to the user. This is technically achieved by setting a corresponding secure browser cookie. Whenever the CAS client of a ServerView Suite component redirects an HTTPS request to the CAS service, the TGT cookie causes the service to create a request specific Service Ticket (ST) and send it back to the CAS client by an additional request parameter. First, the CAS client validates the ST by a direct call to the CAS service and only then passes the original request to the ServerView Suite component. User Management in ServerView 27
28 Single sign-on (SSO) using a CAS service Ticket Granting Cookie (TGC) Once the Web browser has established an SSO session with the CAS service, the Web browser exposes a secure cookie to the CAS service. This cookie contains a string identifying a Ticket Granting Ticket (TGT), and therefore is referred to as the ticket granting cookie (TGT cookie or TGC). I The TGC will be destroyed when the user logs out of CAS or when he/she closes the browser. The Ticket Granting Ticket Cookie has a lifetime that is set in CAS service's configuration file (pre-configured value: 24 hours). Its maximum duration is 24 hours. This means that a user is logged out after 24 hours at the latest. The maximum duration time cannot be modified on an installed system. How CAS based SSO processes an initial single sign-on (SSO) request In figure 3 is illustrated how CAS based single sign-on (SSO) processes an initial single sign-on authentication. Figure 3: SSO architecture using the CAS service 28 User Management in ServerView
29 Single sign-on (SSO) using a CAS service Explanation: 1. A user calls a ServerView Suite component e.g. the Operations Manager by entering the service s URL at the Management Console. 2. This user request is redirected to the CAS service. 3. The CAS service generates a CAS login window, which is displayed at the management console. The CAS login window prompts the user for the login credentials (user name and password). 4. The user enters his login credentials. 5. The CAS service validates user name and password and redirects the request to the originally requested component. In addition, the CAS service sets the TGT cookie and assigns the user the Service Ticket (ST) and Ticket Granting Ticket (TGT). 6. The CAS client sends the Service Ticket to the CAS service for validation. 7. If validation was successful, the CAS service returns the following information: "Service Ticket is ok.", user name. 8. The web application (ServerView component) answers the original request (see step 1). How CAS based SSO processes subsequent SSO requests Once being successfully authenticated to access a service (e.g. the Operations Manager), the user can call another service (e.g. the irmc S2/S3/S4 Web interface) without being prompted for login credentials. In this case the CAS service performs authentication using the Ticket Granting Cookie (TGC) which has been set during a former login procedure for this user. If the TGC matches a valid ticket-granting ticket (TGT), the CAS service automatically issues a service ticket (ST) each time the Web browser sends a request for a service of the "SSO domain". Thus, the user can access the ServerView Suite component without being prompted for credentials. User Management in ServerView 29
30 Single sign-on (SSO) using a CAS service Single sign-on from the user s point of view SSO means that you have to prove your authentication only once, namely to the CAS service: At your first login to a component of the ServerView Suite (e.g. Operations Manager) the CAS service displays a separate window that prompts you for your credentials (user name and password). Once authentication is successful, you can access all ServerView Suite components and irmc S2/S3/S4 of your SSO domain without being prompted to log in at any of them again. (3) CAS login window (1) (4) CAS service (2) (1a) (5) (5) (5) Operations Mgr. other Web app.... irmc S2/S3/S4 Web GUI (1) A user sends an HTTP Request to a ServerView Suite component (e.g. Operations Manager). (1a) CAS internally redirects the request to the CAS service (transparently for the user). (2) The CAS service displays its login window prompting the user for his login credentials. (3) The user enters his user name / password combination and confirms his settings. (4) The CAS service authenticates the user. (5) Once authentication has been successful, the user is allowed to access any other component without being prompted to login again. Figure 4: Single sign-on procedure from the user s point of view 30 User Management in ServerView
31 3 ServerView user management via an LDAP directory service This chapter provides you with information on the following topics: "Configuring directory service access" on page 31 "ServerView user management with OpenDJ" on page 32 "Integrating ServerView user management into Microsoft Active Directory" on page 60 I Important note: To operate both ServerView user management and irmc S2/S3/S4 global user management within the same Organizational Unit (OU) SVS, irmc S2/S3/S4 user management must only use the DEFAULT department. Alert roles cannot be used in the ServerView Suite, i.e. they are ignored by all ServerView components except the irmc S2/S3/S Configuring directory service access Both centralized authentication and role-based authorization of the ServerView user management are based on data that are managed centrally using an LDAP directory service. The information needed for connecting to an LDAP directory service is requested during Operations Manager setup. If want to modify these settings later on, proceed as follows: On Windows systems, repeat the setup performing an upgrade/modify installation. On Linux systems, execute the following command: /opt/fujitsu/serverviewsuite/svom/serverview/tools/changecomputerdetails.sh User Management in ServerView 31
32 ServerView user management with OpenDJ 3.2 ServerView user management with OpenDJ If you do not specify a separate directory service during the installation of Operations Manager installation, the setup installs ForgeRock's OpenDJ as its own directory service. The service runs in "embedded" mode on JBoss. Thus, OpenDJ is only available if the service ServerView JBoss Application Server 7 is running Predefined users and roles Role Based Access Control (RBAC) is already implemented in the OpenDJ directory service. OpenDJ predefines the user roles Administrator, Monitor, Operator, and UserAdministrator, each of them being dedicated to one of the predefined users Administrator, Operator, Monitor, and UserManager. In addition, OpenDJ predefines two comprehensively authorized users that are dedicated to special purposes. In table 2 on page 33 an overview is given of the user names, passwords and roles that are predefined in OpenDJ. V CAUTION! For better security, it is strongly recommended that you change the predefined passwords as soon as possible. For details on how to change passwords, please refer to the section "Defining / changing the passwords of the predefined users" on page 34. For details on the scope of permissions granted by the individual user roles, see chapter "Role-based permissions for accessing Operations Manager" on page User Management in ServerView
33 ServerView user management with OpenDJ User name Password User role LDAP Distinguished name / Description./. admin cn=directory Manager,cn=Root DNS,cn=config svuser The Password has to be specified during installation of ServerView Operations Manager. This is OpenDJ s Directory Manager account. A root DN (or root user) is generally given full access to all data in the server. In OpenDJ, root users will be allowed to bypass access control evaluation by default. They will have full access to the server configuration and perform most other types of operations. OpenDJ allows the server to be configured with multiple root users. All rights given to root users are assigned through privileges. cn=svuser,ou=users,dc=fujitsu,dc=com This account is used for accessing the directory service by CAS and ServerView's security module. Therefore, you will find the related data in the configuration file <ServerView directory>\jboss\standalone\ svconf\sv-sec-config.xml. Administrator admin Administrator cn=serverview Administrator,ou=users, dc=fujitsu,dc=com Default user for role Administrator. Monitor admin Monitor cn=serverview Monitor,ou=users, dc=fujitsu,dc=com Default user for role Monitor. Operator admin Operator cn=serverview Operator,ou=users, dc=fujitsu,dc=com Default user for role Operator. UserManager admin UserAdministrator cn=serverview UserManager,ou=users, dc=fujitsu,dc=com Table 2: User names, roles and passwords predefined in OpenDJ Default user for role UserAdministrator. User Management in ServerView 33
34 ServerView user management with OpenDJ Defining / changing the passwords of the predefined users I Important note: Do not use the backslash character ("\") within your passwords OpenDJ Directory Manager s password I Please note: The OpenDJ Directory Manager s predefined password is "admin". For security reasons, it is strongly recommended that you change the predefined password. I In the following explanation, the string "new_dm_pw" is a placeholder for the new password. Replace the placeholder with the adequate password you want to use. Changing the OpenDJ Directory Manager s predefined password on Windows systems I Please note: To set up a password containing one or more percent signs (%), you have to double any percent sign when specifying the password in the command line. E.g., you must type hello%%world in the command line for setting up the password hello%world. On Windows systems, proceed as follows to change the predefined password: 1. Open a Windows Command Prompt. 2. Ensure that the environment variables JAVA_HOME and OPENDS_JAVA_HOME are set to the installation directory of the Java Runtime Environment (JRE). If, for example, the JRE is installed under C:\Program Files (x86)\java\jre7, setting the variables is done by entering the following commands: SET JAVA_HOME=C:\Program Files (x86)\java\jre7 SET OPENDS_JAVA_HOME=C:\Program Files (x86)\java\jre7 SET PATH=C:\Program Files (x86)\java\jre7\bin 3. Change directory to <ServerView directory>\opends\bat. 34 User Management in ServerView
35 ServerView user management with OpenDJ 4. Change the OpenDJ Directory Manager's password (here: the predefined password "admin") by entering the following command in one single line: ldappasswordmodify -h localhost -p D "cn=directory Manager" -w admin -a "dn:cn=directory Manager,cn=Root DNs,cn=config" -n "new_dm_pw" -c "admin" 5. Restart the service ServerView JBoss Application Server 7 to activate your password settings. Changing the OpenDJ Directory Manager s predefined password on Linux Systems I Please note: To set up a password containing one or more special characters of the shell, you have to precede ("escape") any special character with a backslash ("\") when specifying the password in the command line. E.g., you must type hello\$world in the command line for setting up the password hello$world. On Linux systems, proceed as follows to change the predefined passwords: 1. Open a command shell. 2. Ensure that the environment variables JAVA_HOME and OPENDS_JAVA_HOME are set to the installation directory of the Java Runtime Environment (JRE). If, for example, the JRE is installed under /usr/java/default, setting the variables is done by entering the following commands: export JAVA_HOME=/usr/java/default export OPENDS_JAVA_HOME=/usr/java/default 3. Change directory to /opt/fujitsu/serverviewsuite/opends/bin. 4. Change the OpenDJ Directory Manager's password by entering the following command in one single line:./ldappasswordmodify -h localhost -p D "cn=directory Manager" -w admin -a "dn:cn=directory Manager,cn=Root DNs,cn=config" -n "new_dm_pw" -c "admin" 5. Restart the ServerView JBoss service to activate your password settings: /etc/init.d/sv_jboss restart User Management in ServerView 35
Installation ServerView ESXi CIM Provider V6.12
Installation Guide - English FUJITSU Software ServerView Suite Installation ServerView ESXi CIM Provider V6.12 VMware vsphere Hypervisor server (ESXi) as of version 4.0 Edition February 2013 Comments Suggestions
More informationServerView Integration Pack for Microsoft SCCM
User Guide - English FUJITSU Software ServerView Suite ServerView Integration Pack for Microsoft SCCM Edition July 2012 Comments Suggestions Corrections The User Documentation Department would like to
More informationServerView Inventory Manager
User Guide - English FUJITSU Software ServerView Suite ServerView Inventory Manager ServerView Operations Manager V6.21 Edition October 2013 Comments Suggestions Corrections The User Documentation Department
More informationUser Guide - English. FUJITSU Software ServerView Suite. Local Service Panels. Local Service Concept (LSC)
User Guide - English FUJITSU Software ServerView Suite Local Service Panels Local Service Concept (LSC) Edition February 2013 Comments Suggestions Corrections The User Documentation Department would like
More informationUser Guide - English. ServerView Suite. DeskView and ServerView Integration Pack for Microsoft SCCM
User Guide - English ServerView Suite DeskView and ServerView Integration Pack for Microsoft SCCM Edition June 2010 Comments Suggestions Corrections The User Documentation Department would like to know
More informationServerView Operations Manager V7.10
User Guide - English FUJITSU Software ServerView Suite ServerView Operations Manager V7.10 Server Management Edition June 2015 Comments Suggestions Corrections The User Documentation Department would like
More informationServerView Operations Manager V7.10
Installation Guide - English FUJITSU Software ServerView Suite ServerView Operations Manager V7.10 Installing ServerView Operations Manager Software under Windows (Operations Manager, Update Manager, Event
More informationServerView Agents V7.10 for Windows
Installation and User Guide - English FUJITSU Software ServerView Suite ServerView Agents V7.10 for Windows (Windows Server 2008/2012) Edition April 2015 Comments Suggestions Corrections The User Documentation
More informationServerView Suite ServerView Operations Manager V5.0
Installation Guide - English ServerView Suite ServerView Operations Manager V5.0 Installation ServerView Agents for Windows: - Installation ServerView Agents (Windows 2003/2008) - Installation ServerView
More informationServerView System Monitor
User Guide - English FUJITSU Software ServerView Suite ServerView System Monitor (Part of ServerView Agents for Windows and Linux) Edition May 2015 Comments Suggestions Corrections The User Documentation
More informationCA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationFUJITSU Software ServerView Suite ServerView Installation Manager
User Guide - English FUJITSU Software ServerView Suite ServerView Installation Manager Edition July 2015 Comments Suggestions Corrections The User Documentation Department would like to know your opinion
More informationUsing LDAP Authentication in a PowerCenter Domain
Using LDAP Authentication in a PowerCenter Domain 2008 Informatica Corporation Overview LDAP user accounts can access PowerCenter applications. To provide LDAP user accounts access to the PowerCenter applications,
More informationwww.novell.com/documentation Policy Guide Access Manager 3.1 SP5 January 2013
www.novell.com/documentation Policy Guide Access Manager 3.1 SP5 January 2013 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation,
More informationEnglish ETERNUS CS800 S3. Backup Exec OST Guide
English ETERNUS CS800 S3 Backup Exec OST Guide Edition April 2012 Comments Suggestions Corrections The User Documentation Department would like to know your opinion on this manual. Your feedback helps
More informationServerView Event Manager
User Guide - English FUJITSU Software ServerView Suite ServerView Event Manager ServerView Operations Manager V7.10 Edition June 2015 Comments Suggestions Corrections The User Documentation Department
More informationMonitoring FibreCAT CX systems with ServerView Operations Manager
User Guide - English FUJITSU Software ServerView Suite Monitoring FibreCAT CX systems with ServerView Operations Manager Edition May 2009 Comments Suggestions Corrections The User Documentation Department
More informationMonitoring of VMware-based PRIMERGY Servers with ServerView
User Guide - English FUJITSU Software ServerView Suite Monitoring of VMware-based PRIMERGY Servers with ServerView VMware vsphere Hypervisor (ESXi - V4.0 and V4.1) Edition July 2011 Comments Suggestions
More informationInstallation and Setup Guide
Installation and Setup Guide Contents 1. Introduction... 1 2. Before You Install... 3 3. Server Installation... 6 4. Configuring Print Audit Secure... 11 5. Licensing... 16 6. Printer Manager... 17 7.
More informationVMware Mirage Web Manager Guide
Mirage 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,
More informationUser Management Resource Administrator. Managing LDAP directory services with UMRA
User Management Resource Administrator Managing LDAP directory services with UMRA Copyright 2005, Tools4Ever B.V. All rights reserved. No part of the contents of this user guide may be reproduced or transmitted
More informationNSi Mobile Installation Guide. Version 6.2
NSi Mobile Installation Guide Version 6.2 Revision History Version Date 1.0 October 2, 2012 2.0 September 18, 2013 2 CONTENTS TABLE OF CONTENTS PREFACE... 5 Purpose of this Document... 5 Version Compatibility...
More informationLifeSize Control Installation Guide
LifeSize Control Installation Guide April 2005 Part Number 132-00001-001, Version 1.0 Copyright Notice Copyright 2005 LifeSize Communications. All rights reserved. LifeSize Communications has made every
More informationUser Guide - English. FUJITSU SoftwareServerView Suite. Remote Management. irmc S2/S3 - integrated Remote Management Controller
User Guide - English FUJITSU SoftwareServerView Suite Remote Management irmc S2/S3 - integrated Remote Management Controller Edition July 2012 Comments Suggestions Corrections The User Documentation Department
More informationUser Management Guide
AlienVault Unified Security Management (USM) 4.x-5.x User Management Guide USM v4.x-5.x User Management Guide, rev 1 Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
More informationF-Secure Messaging Security Gateway. Deployment Guide
F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4
More informationSophos Mobile Control Installation guide. Product version: 3.5
Sophos Mobile Control Installation guide Product version: 3.5 Document date: July 2013 Contents 1 Introduction...3 2 The Sophos Mobile Control server...4 3 Set up Sophos Mobile Control...10 4 External
More informationHow To Manage Storage With Novell Storage Manager 3.X For Active Directory
www.novell.com/documentation Installation Guide Novell Storage Manager 4.1 for Active Directory September 10, 2015 Legal Notices Condrey Corporation makes no representations or warranties with respect
More informationNovell Access Manager
J2EE Agent Guide AUTHORIZED DOCUMENTATION Novell Access Manager 3.1 SP3 February 02, 2011 www.novell.com Novell Access Manager 3.1 SP3 J2EE Agent Guide Legal Notices Novell, Inc., makes no representations
More informationCA Nimsoft Service Desk
CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationRealPresence Platform Director
RealPresence CloudAXIS Suite Administrators Guide Software 1.3.1 GETTING STARTED GUIDE Software 2.0 June 2015 3725-66012-001B RealPresence Platform Director Polycom, Inc. 1 RealPresence Platform Director
More informationInstalling and Configuring vcenter Support Assistant
Installing and Configuring vcenter Support Assistant vcenter Support Assistant 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationUSER GUIDE WEB-BASED SYSTEM CONTROL APPLICATION. www.pesa.com August 2014 Phone: 256.726.9200. Publication: 81-9059-0703-0, Rev. C
USER GUIDE WEB-BASED SYSTEM CONTROL APPLICATION Publication: 81-9059-0703-0, Rev. C www.pesa.com Phone: 256.726.9200 Thank You for Choosing PESA!! We appreciate your confidence in our products. PESA produces
More informationWatchDox Administrator's Guide. Application Version 3.7.5
Application Version 3.7.5 Confidentiality This document contains confidential material that is proprietary WatchDox. The information and ideas herein may not be disclosed to any unauthorized individuals
More informationSophos Mobile Control Installation guide. Product version: 3.6
Sophos Mobile Control Installation guide Product version: 3.6 Document date: November 2013 Contents 1 Introduction...3 2 The Sophos Mobile Control server...5 3 Set up Sophos Mobile Control...11 4 External
More informationOnCommand Performance Manager 1.1
OnCommand Performance Manager 1.1 Installation and Setup Guide For Red Hat Enterprise Linux NetApp, Inc. 495 East Java Drive Sunnyvale, CA 94089 U.S. Telephone: +1 (408) 822-6000 Fax: +1 (408) 822-4501
More informationCA Spectrum and CA Service Desk
CA Spectrum and CA Service Desk Integration Guide CA Spectrum 9.4 / CA Service Desk r12 and later This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter
More informationAdministrator Guide. v 11
Administrator Guide JustSSO is a Single Sign On (SSO) solution specially developed to integrate Google Apps suite to your Directory Service. Product developed by Just Digital v 11 Index Overview... 3 Main
More informationDeploying RSA ClearTrust with the FirePass controller
Deployment Guide Deploying RSA ClearTrust with the FirePass Controller Deploying RSA ClearTrust with the FirePass controller Welcome to the FirePass RSA ClearTrust Deployment Guide. This guide shows you
More informationwww.novell.com/documentation Jobs Guide Identity Manager 4.0.1 February 10, 2012
www.novell.com/documentation Jobs Guide Identity Manager 4.0.1 February 10, 2012 Legal Notices Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation,
More informationTIBCO Spotfire Web Player 6.0. Installation and Configuration Manual
TIBCO Spotfire Web Player 6.0 Installation and Configuration Manual Revision date: 12 November 2013 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED
More informationEMC NetWorker. Security Configuration Guide. Version 8.2 SP1 302-001-577 REV 02
EMC NetWorker Version 8.2 SP1 Security Configuration Guide 302-001-577 REV 02 Copyright 2014-2015 EMC Corporation. All rights reserved. Published in USA. Published February, 2015 EMC believes the information
More informationVirtual CD v10. Network Management Server Manual. H+H Software GmbH
Virtual CD v10 Network Management Server Manual H+H Software GmbH Table of Contents Table of Contents Introduction 1 Legal Notices... 2 What Virtual CD NMS can do for you... 3 New Features in Virtual
More informationNetIQ Identity Manager Setup Guide
NetIQ Identity Manager Setup Guide July 2015 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE
More informationCopyright 2012 Trend Micro Incorporated. All rights reserved.
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,
More informationConfigure Single Sign on Between Domino and WPS
Configure Single Sign on Between Domino and WPS What we are doing here? Ok now we have the WPS server configured and running with Domino as the LDAP directory. Now we are going to configure Single Sign
More informationAdministration Quick Start
www.novell.com/documentation Administration Quick Start ZENworks 11 Support Pack 3 February 2014 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of
More informationInstalling Management Applications on VNX for File
EMC VNX Series Release 8.1 Installing Management Applications on VNX for File P/N 300-015-111 Rev 01 EMC Corporation Corporate Headquarters: Hopkinton, MA 01748-9103 1-508-435-1000 www.emc.com Copyright
More informationRequest Manager Installation and Configuration Guide
Request Manager Installation and Configuration Guide vcloud Request Manager 1.0.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationSonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support
SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support Document Scope This document describes the integration of SonicOS Enhanced 3.2 with Lightweight Directory
More informationBusiness Interaction Server. Configuration Guide. 10300685-000 Rev A
Business Interaction Server Configuration Guide 10300685-000 Rev A 2008 Kofax Image Products, Inc., 16245 Laguna Canyon Road, Irvine, California 92618, U.S.A. All rights reserved. Use is subject to license
More informationHillstone StoneOS User Manual Hillstone Unified Intelligence Firewall Installation Manual
Hillstone StoneOS User Manual Hillstone Unified Intelligence Firewall Installation Manual www.hillstonenet.com Preface Conventions Content This document follows the conventions below: CLI Tip: provides
More informationPreparing for GO!Enterprise MDM On-Demand Service
Preparing for GO!Enterprise MDM On-Demand Service This guide provides information on...... An overview of GO!Enterprise MDM... Preparing your environment for GO!Enterprise MDM On-Demand... Firewall rules
More informationCA Nimsoft Monitor. Probe Guide for CA ServiceDesk Gateway. casdgtw v2.4 series
CA Nimsoft Monitor Probe Guide for CA ServiceDesk Gateway casdgtw v2.4 series Copyright Notice This online help system (the "System") is for your informational purposes only and is subject to change or
More informationACS 5.x and later: Integration with Microsoft Active Directory Configuration Example
ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example Document ID: 113571 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information
More informationHP A-IMC Firewall Manager
HP A-IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW101-20110805 Legal and notice information Copyright 2011 Hewlett-Packard Development Company, L.P. No part of this
More informationSophos for Microsoft SharePoint startup guide
Sophos for Microsoft SharePoint startup guide Product version: 2.0 Document date: March 2011 Contents 1 About this guide...3 2 About Sophos for Microsoft SharePoint...3 3 System requirements...3 4 Planning
More informationHow to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On
How to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On How to implement the X.509 certificate based Single Sign-On solution from SAP Page 2 of 34 How to
More informationSophos Mobile Control Installation guide. Product version: 3
Sophos Mobile Control Installation guide Product version: 3 Document date: January 2013 Contents 1 Introduction...3 2 The Sophos Mobile Control server...4 3 Set up Sophos Mobile Control...16 4 External
More information2X ApplicationServer & LoadBalancer Manual
2X ApplicationServer & LoadBalancer Manual 2X ApplicationServer & LoadBalancer Contents 1 URL: www.2x.com E-mail: info@2x.com Information in this document is subject to change without notice. Companies,
More informationContent Filtering Client Policy & Reporting Administrator s Guide
Content Filtering Client Policy & Reporting Administrator s Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION
More informationCopyright http://support.oracle.com/
Primavera Portfolio Management 9.0 Security Guide July 2012 Copyright Oracle Primavera Primavera Portfolio Management 9.0 Security Guide Copyright 1997, 2012, Oracle and/or its affiliates. All rights reserved.
More informationInstallation & Configuration Guide
Installation & Configuration Guide Bluebeam Studio Enterprise ( Software ) 2014 Bluebeam Software, Inc. All Rights Reserved. Patents Pending in the U.S. and/or other countries. Bluebeam and Revu are trademarks
More informationwebmethods Certificate Toolkit
Title Page webmethods Certificate Toolkit User s Guide Version 7.1.1 January 2008 webmethods Copyright & Document ID This document applies to webmethods Certificate Toolkit Version 7.1.1 and to all subsequent
More informationCustomer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background
Xerox Multifunction Devices Customer Tips June 5, 2007 This document applies to these Xerox products: X WC Pro 232/238/245/ 255/265/275 for the user Xerox Network Scanning HTTP/HTTPS Configuration using
More informationAdministration Guide. BlackBerry Enterprise Service 12. Version 12.0
Administration Guide BlackBerry Enterprise Service 12 Version 12.0 Published: 2015-01-16 SWD-20150116150104141 Contents Introduction... 9 About this guide...10 What is BES12?...11 Key features of BES12...
More informationAdeptia Suite LDAP Integration Guide
Adeptia Suite LDAP Integration Guide Version 6.2 Release Date February 24, 2015 343 West Erie, Suite 440 Chicago, IL 60654, USA Phone: (312) 229-1727 x111 Fax: (312) 229-1736 DOCUMENT INFORMATION Adeptia
More informationvcloud Director User's Guide
vcloud Director 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of
More informationUltimus and Microsoft Active Directory
Ultimus and Microsoft Active Directory May 2004 Ultimus, Incorporated 15200 Weston Parkway, Suite 106 Cary, North Carolina 27513 Phone: (919) 678-0900 Fax: (919) 678-0901 E-mail: documents@ultimus.com
More informationNovell Access Manager
Access Gateway Guide AUTHORIZED DOCUMENTATION Novell Access Manager 3.1 SP2 November 16, 2010 www.novell.com Novell Access Manager 3.1 SP2 Access Gateway Guide Legal Notices Novell, Inc., makes no representations
More informationIBM WebSphere Application Server V8.5 lab Basic Liberty profile administration using the job manager
IBM WebSphere Application Server V8.5 lab Basic Liberty profile administration using the job manager Scenario You are a system administrator responsible for managing web application server installations.
More informationOverview of ServerView Windows Agent This chapter explains overview of ServerView Windows Agent, and system requirements.
ServerView User s Guide (For Windows Agent) Areas Covered - Before Reading This Manual This section explains the notes for your safety and conventions used in this manual. Chapter 1 Overview of ServerView
More informationIBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide
IBM SPSS Collaboration and Deployment Services Version 6 Release 0 Single Sign-On Services Developer's Guide Note Before using this information and the product it supports, read the information in Notices
More informationUser Identification and Authentication
User Identification and Authentication Vital Security 9.2 Copyright Copyright 1996-2008. Finjan Software Inc.and its affiliates and subsidiaries ( Finjan ). All rights reserved. All text and figures included
More informationSetting Up Scan to SMB on TaskALFA series MFP s.
Setting Up Scan to SMB on TaskALFA series MFP s. There are three steps necessary to set up a new Scan to SMB function button on the TaskALFA series color MFP. 1. A folder must be created on the PC and
More informationSophos Mobile Control Installation guide
Sophos Mobile Control Installation guide Product version: 2.5 Document date: July 2012 Contents 1 Introduction... 3 2 The Sophos Mobile Control server... 4 3 Set up Sophos Mobile Control... 13 4 Running
More informationInstallation and Configuration Guide
www.novell.com/documentation Installation and Configuration Guide GroupWise Coexistence Solution for Exchange November 2015 Legal Notices Novell, Inc., makes no representations or warranties with respect
More informationUSER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity
USER GUIDE Lightweight Directory Access Protocol () Schoolwires Centricity TABLE OF CONTENTS Introduction... 1 Audience and Objectives... 1 Overview... 1 Servers Supported by Centricity... 1 Benefits of
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationSA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide
SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide Published July 2015 This document covers steps to configure Citrix VDI on Pulse Secure s SA Series SSL VPN platforms. It also covers brief
More informationUser's Guide. Product Version: 2.5.0 Publication Date: 7/25/2011
User's Guide Product Version: 2.5.0 Publication Date: 7/25/2011 Copyright 2009-2011, LINOMA SOFTWARE LINOMA SOFTWARE is a division of LINOMA GROUP, Inc. Contents GoAnywhere Services Welcome 6 Getting Started
More informationCA Unified Infrastructure Management Server
CA Unified Infrastructure Management Server CA UIM Server Configuration Guide 8.0 Document Revision History Version Date Changes 8.0 September 2014 Rebranded for UIM 8.0. 7.6 June 2014 No revisions for
More informationIntegrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER
Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Table of Contents Introduction.... 3 Requirements.... 3 Horizon Workspace Components.... 3 SAML 2.0 Standard.... 3 Authentication
More informationSuperLumin Nemesis. Administration Guide. February 2011
SuperLumin Nemesis Administration Guide February 2011 SuperLumin Nemesis Legal Notices Information contained in this document is believed to be accurate and reliable. However, SuperLumin assumes no responsibility
More informationSecure Messaging Server Console... 2
Secure Messaging Server Console... 2 Upgrading your PEN Server Console:... 2 Server Console Installation Guide... 2 Prerequisites:... 2 General preparation:... 2 Installing the Server Console... 2 Activating
More informationDesktop Surveillance Help
Desktop Surveillance Help Table of Contents About... 9 What s New... 10 System Requirements... 11 Updating from Desktop Surveillance 2.6 to Desktop Surveillance 3.2... 13 Program Structure... 14 Getting
More informationEnabling SSL and Client Certificates on the SAP J2EE Engine
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs SAP AG 1 Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine
More informationMcAfee SMC Installation Guide 5.7. Security Management Center
McAfee SMC Installation Guide 5.7 Security Management Center Legal Information The use of the products described in these materials is subject to the then current end-user license agreement, which can
More informationSC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide
SC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide Copyright and Trademark Statements 2014 ViewSonic Computer Corp. All rights reserved. This document contains proprietary information that
More informationDEPLOYMENT GUIDE Version 1.1. Deploying the BIG-IP LTM v10 with Citrix Presentation Server 4.5
DEPLOYMENT GUIDE Version 1.1 Deploying the BIG-IP LTM v10 with Citrix Presentation Server 4.5 Table of Contents Table of Contents Deploying the BIG-IP system v10 with Citrix Presentation Server Prerequisites
More informationVMware vcenter Log Insight Getting Started Guide
VMware vcenter Log Insight Getting Started Guide vcenter Log Insight 1.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationOnCommand Unified Manager
OnCommand Unified Manager Operations Manager Administration Guide For Use with Core Package 5.2 NetApp, Inc. 495 East Java Drive Sunnyvale, CA 94089 U.S. Telephone: +1(408) 822-6000 Fax: +1(408) 822-4501
More informationDEPLOYMENT GUIDE Version 1.1. Deploying F5 with Oracle Application Server 10g
DEPLOYMENT GUIDE Version 1.1 Deploying F5 with Oracle Application Server 10g Table of Contents Table of Contents Introducing the F5 and Oracle 10g configuration Prerequisites and configuration notes...1-1
More informationInterworks. Interworks Cloud Platform Installation Guide
Interworks Interworks Cloud Platform Installation Guide Published: March, 2014 This document contains information proprietary to Interworks and its receipt or possession does not convey any rights to reproduce,
More informationNovell Identity Manager
Password Management Guide AUTHORIZED DOCUMENTATION Novell Identity Manager 3.6.1 June 05, 2009 www.novell.com Identity Manager 3.6.1 Password Management Guide Legal Notices Novell, Inc. makes no representations
More informationNETASQ ACTIVE DIRECTORY INTEGRATION
NETASQ ACTIVE DIRECTORY INTEGRATION NETASQ ACTIVE DIRECTORY INTEGRATION RUNNING THE DIRECTORY CONFIGURATION WIZARD 2 VALIDATING LDAP CONNECTION 5 AUTHENTICATION SETTINGS 6 User authentication 6 Kerberos
More informationUsing LDAP with Sentry Firmware and Sentry Power Manager (SPM)
Using LDAP with Sentry Firmware and Sentry Power Manager (SPM) Table of Contents Purpose LDAP Requirements Using LDAP with Sentry Firmware (GUI) Initiate a Sentry GUI Session Configuring LDAP for Active
More informationSMART Vantage. Installation guide
SMART Vantage Installation guide Product registration If you register your SMART product, we ll notify you of new features and software upgrades. Register online at smarttech.com/registration. Keep the
More informationClearswift SECURE Exchange Gateway Installation & Setup Guide. Version 1.0
Clearswift SECURE Exchange Gateway Installation & Setup Guide Version 1.0 Copyright Revision 1.0, December, 2013 Published by Clearswift Ltd. 1995 2013 Clearswift Ltd. All rights reserved. The materials
More informationConfiguring SonicWALL TSA on Citrix and Terminal Services Servers
Configuring on Citrix and Terminal Services Servers Document Scope This solutions document describes how to install, configure, and use the SonicWALL Terminal Services Agent (TSA) on a multi-user server,
More information