Setup Guide for AD FS 3.0 on the Apprenda Platform

Size: px
Start display at page:

Download "Setup Guide for AD FS 3.0 on the Apprenda Platform"

Transcription

1 Setup Guide for AD FS 3.0 on the Apprenda Platform Last Updated for Apprenda The Apprenda Platform leverages Active Directory Federation Services (AD FS) to support identity federation. AD FS and the Apprenda Platform can then be configured to authenticate against an external user store (e.g. Active Directory). In Apprenda terminology, AD FS instances that are leveraged and managed by the Apprenda Platform are called AD FS nodes. For those who may not be familiar with AD FS setup, this guide provides information on configuring AD FS nodes for use with the Apprenda Platform. Setup information is based on scenarios that have been configured and tested by the Apprenda Client Services team. Notable characteristics of AD FS 3.0: AD FS 3.0 is available as a role on Windows Server 2012 R2. Although earlier versions of AD FS offered a stand-alone federation server option, AD FS 3.0 can be installed only as a federation server farm. Note that you can set up a farm with only one server (and add servers later as needed). AD FS 3.0 configuration requires a domain administrator account. The account is required for setup only and will no longer be needed once AD FS setup is complete, but will be required again in the future if configuration changes must be made (e.g., adding a node to the farm). Unlike earlier versions of AD FS, an underlying installation of IIS is not required for AD FS 3.0. IT professionals who are familiar with AD FS setup and configuration should feel free to forego this guide and configure AD FS nodes to meet the basic Apprenda requirements outlined in the Pre-Installation Checklist while keeping in accordance with the procedures outlined by their own enterprise IT policy. Contents Apprenda AD FS Configuration Pre-requisites... 2 Configuration for an AD FS Federation Server Farm... 6 Install Apprenda with an AD FS Federation Server Farm Appendix 1: Understanding AD FS Trust Relationships... 18

2 2 APPRENDA AD FS CONFIGURATION PRE-REQUISITES The following should be performed prior to configuring AD FS and installing the Apprenda Platform. Apprenda Windows App Server Pre-requisites AD FS nodes will also act as Apprenda Windows Application Servers, as they host the Apprenda Windows Host in order to support the Apprenda Federation WCF service. As such, they must meet all the requirements for Windows Application Servers (including all hardware and software requirements for Apprenda Platform Windows Servers in general) listed in the Pre-Installation Checklist. Federation Service and Site Name Each AD FS node must run AD FS under a service name (and hosts. For an AD FS Federation Service farm, the service name must be the same across all AD FS nodes. The following form is suggested (where cloudurl is the root URL that will be used in one of the clouds on your Apprenda environment): identity.cloudurl. If, for instance, the cloudurl planned for one of the clouds on your Apprenda environment is apprenda.fedtest, the suggested identity service and site name would be identity.apprenda.fedtest. DNS Setup A DNS A record entry must be set up that points the identity site name (e.g., identity.cloudurl) to the AD FS node(s). If you will use more than one AD FS node, a load balancer may be used to distribute traffic; alternately, a round-robin DNS setup will suffice. Accounts Install account The account under which AD FS is configured must have domain administrator privileges on each AD FS node. A check made by the AD FS 3.0 Configuration Wizard (and related Powershell commands) requires domain administrator privileges (and prevents workarounds to this requirement that were available in earlier versions of AD FS). AD FS Service account You will need a dedicated Service Account under which the AD FS service will run on all AD FS nodes. You may use a domain user account or, if supported on your domain, a group Managed Service Account. The account will be granted Log on as a Service rights on the AD FS nodes during the AD FS configuration process, as the AD FS service will log on as this account. It is important that you (or your

3 3 IT department) ensure that Group Policy settings will not disable the Log on as a Service permission for this account. Certificates AD FS requires a certificate for three different purposes: SSL certificate (you must provide this) Token Signing certificate (can be provided or generated through AD FS) Token Decrypting certificate (can be provided or generated through AD FS) SSL and Root Certificates You will need an SSL certificate in.pfx format where the CN matches the federation service/site name (e.g., identity.cloudurl) or the CN is a wildcard for the cloudurl of the environment (e.g., *.cloudurl). Unless it is already installed on the AD FS nodes (as is common practice in some enterprise IT or when using certificates from a commercial provider), you will also need the root certificate used to issue the SSL certificate. Once you have obtained the certificate(s), the following must be performed on each AD FS node: Open the MMC Certificate Snap-in: Open MMC (which should be included on all Windows OS) Under File choose Add/Remove Snap-in Select the Certificates snap-in and click Add. Select Computer account, then click Next. Select Local computer, then click Finish. Click OK to open the snap-in. Import the SSL certificate: Under Certificates (Local Computer), right-click on the Personal folder and select All Tasks > Import to open the Certificate Import Wizard. Click Next. Use the browse functionality to select the SSL certificate, then click Next. Type the password for the certificate and select Mark this key as exportable. Click Next. Choose the option to place all certificates in the Personal certificate store and click Next. Click Finish to complete the process. The certificate will now appear in the Personal > Certificates folder. Grant the AD FS Service Account permission to manage the private keys for the SSL certificate: Right-click on the SSL certificate and select All Tasks > Manage Private Keys. Add the AD FS Service Account to the list of Group or user names. Grant the account Full control.

4 4 Import the root certificate (issuer of the SSL certificate) as a Trusted Certificate Authority: Under Certificates (Local Computer), right-click on the Trusted Root Certification Authorities folder and select All Tasks > Import to open the Certificate Import Wizard. Click Next. Use the browse functionality to select the root certificate, then click Next. Choose the option to place all certificates in the Trusted Root Certification Authorities certificate store and click Next. Click Finish to complete the process. The certificate will now appear in the Trusted Root Certification Authorities > Certificates folder. Token Signing Certificate and Token Decrypting Certificate For the Token Signing and Token Decrypting certificates, you may provide certificates (recommended) or you may enable the Automatic Certificate Rollover Feature in AD FS, which will create and manage selfsigned certificates. When this feature is enabled, managed certificates hit their expiration date, AD FS will create new self-signed certificates and replace them. You may specify certificates when configuring the AD FS service. Depending on your organizational needs, you may choose to use a separate certificate for each certificate type, or you may choose to simply use the AD FS SSL certificate for the Token Signing and Token Decrypting certificates. We recommend using the certificate that will be used as the Apprenda Platform Signing certificate as the AD FS Token Signing certificate. This certificate may also be used for the Token Decrypting certificate. In all cases, be mindful of any expiration dates on the certificates, as expired certificates that are not managed by AD FS must be replaced. Please Note: The AD FS configuration process will set up a Token Signing certificate as per your specification (either one that you specify or one that is managed by AD FS). After the Apprenda installation completes, however, this certificate will be marked as the Secondary Token Signing certificate, and the Apprenda installer will configure AD FS to use the Apprenda Platform Signing certificate as the Primary Token Signing certificate in AD FS. This is necessary in order for the Apprenda Platform to locate (and therefore control) the certificate that will be used for AD FS Token Signing so that Apprenda workloads can properly validate the source of the claims they receive. Importing Additional Certificates If Automatic Certificate Rollover is disabled and certificates other than the AD FS SSL certificate will be used, they should be imported into the Personal Certificate Store as per the procedures outlined in the Import the SSL Certificate step above. You should also follow the steps outlined in the Grant the AD FS Service Account permission to manage the private keys for the SSL certificate section above for each additional certificate.

5 5 Locating Certificate Thumbprints Some of the installation steps below require the thumbprint for a certificate. The thumbprint of a certificate can be located as follows: In the MMC Certificate Snap-in, open the Personal > Certificates folder. Right-click on the certificate and select Open. The thumbprint for the certificate is listed on the Details tab. Click on the thumbprint row to view the thumbprint in the lower window (where you can copy it). SQL Server or Windows Internal Database AD FS requires a database to store configuration data. One of the following can be used: Recommended: An instance of SQL Server where an AD FS database can be created. The instance must be configured beforehand (preferably as a failover cluster if HA and/or scale is a concern). The following account permissions are required to use this option: o The account used to install/configure AD FS must have permissions to create the necessary AD FS configuration databases and grant permissions to the AD FS service account. This can be achieved by granting the SQL Server sysadmin role during AD FS installation. o The AD FS Service Account must be given access to the SQL Server instance; it will be granted permission to read the necessary AD FS configuration databases. o The SQL instance must be configured to Allow Remote Connections. Windows Internal Database, which is included with the AD FS installation. It should be noted that this option limits the total number of servers allows in an AD FS farm to five. SQL Server is recommended as it offers HA and scalability when a failover cluster is used. It also allows for future addition/removal of AD FS nodes by removing ties to a Windows Internal Database instance on a given AD FS node. For this reason, the Windows Internal Database options should be used only in lab environments where upgrading to a different version of AD FS will not be a concern. As per Microsoft s documentation, the following versions of SQL can be used with AD FS 3.0: SQL Server 2008 /R2 SQL Server 2012 SQL Server 2014 AD FS 3.0 Installed AD FS 3.0 is available on Windows Server 2012 R2 only. To install, simply add the Active Directory Federation Services Role through the Server Manager. Please note that all AD FS nodes within an AD FS Web Farm must run the same version of AD FS.

6 6 CONFIGURATION FOR AN AD FS FEDERATION SERVER FARM The instructions below outline the configuration steps for an AD FS Farm using SQL Server for the AD FS Configuration database. Checklist: DNS entry or entries have been configured. A dedicated AD FS Service Account has been created; Group Policy grants this account Log on as a Service rights. Credentials for a domain administrator account that can be used to configure AD FS; this user should also have local administrator privileges on the AD FS nodes. A dedicated SQL instance for the AD FS Configuration DB has been set up. o The install user has sysadmin permissions for the duration of AD FS installation and configuration. o The AD FS Service Account has read access to the instance. All certificates you will use are installed on the machine as noted above. The thumbprint for the identity SSL certificate you will use (see the Certificates section above) is on hand. If you are not installing using an account with domain admin permissions, the thumbprints for the Token Signing and Token Decrypting certificates are also on hand. AD FS has been installed on all AD FS nodes. Install the First Node in the Federation Farm PERFORM INITIAL AD F S CONFIGURATION STEP S The initial AD FS Configuration for the first node of a Federation Farm can be performed through the AD FS GUI Wizard or via AD FS Powershell commands. Both options are described below. Initial Configuration Option 1: AD FS GUI Wizard The AD FS GUI Wizard can be used to configure the initial AD FS node. Use this option only if you want AD FS to manage the Token Signing and Decrypting Certificates. If you want to specify the Token Signing and Token Decrypting certificates, use the Powershell Option below. 1. Launch the AD FS Configuration Wizard. This can be done through the Configure the federation service on this server option under the Notifications flag in the Server Manager console:

7 7 2. Select Create the first federation server in a federation server farm and click Next. 3. If the executing user (the user account under which you logged in to the server) is not a domain administrator, provide the credentials for an account that has domain administrator privileges and then click Next.

8 8 4. Specify the AD FS Service Properties: a. Select the certificate that will be used for the identity SSL certificate. b. If the certificate CN has a wildcard prefix (i.e., *.cloudurl), adjust the Federation Service Name so that it matches the Federation Service Name for which the DNS entry was configured (e.g., identity.cloudurl). If the certificate does not have a wildcard prefix (i.e., identity.cloudurl), the Federation Service Name will update automatically to match the CN of the SSL certificate. c. Specify a friendly name for the Federation Service Display Name. d. Click Next. 5. Select User an existing domain user account or group Managed Service Account. Specify the credentials for the AD FS Service Account you will use and click Next. 6. Select Specify the location of a SQL Server database. a. In the Database Host Name field, type the name of the server that houses the SQL Server instance that you will host the AD FS configuration databases. b. If using a named instance (i.e., not the default instance), type the instance name in the Database Instance field. c. Click Next.

9 9 7. The Wizard will now summarize the options; review these options, and use the Previous buttons in the installer to make changes if anything is amiss. If you wish, you may click on the View script button in order to export a Powershell script that can be used for automating additional installations. Click Next. 8. The Wizard will now run a series of pre-requisite checks in order to validate your configuration options. Once it has passed successfully, the Configure button will become enabled. Click on the Configure button to complete the installation. 9. Proceed to the Finalize AD FS Service Configuration section below. Initial Configuration Option 2: Powershell The initial AD FS node may alternately be configured using AD FS Powershell commands. The examples below specify the Token Signing and Token Decrypting certificates. If you prefer to let AD FS manage these certificates, simply omit the SigningCertificateThumbprint and DecryptionCertificateThumbprint parameters. Please note that full documentation on AD FS Powershell cmdlets can be found at OPTION 2A: IF THE AD FS SERVICE ACCOUNT IS A DOMAIN ACCOUNT 1. Open Powershell as a user with Domain Administrator privileges. 2. If the AD FS Service Account is a domain account, run the following command, which will prompt you to enter the credentials for the AD FS Service Account user: $fscredential = Get-Credential 3. Update the following command by replacing the X placemarkers with the values specific to your AD FS setup: Install-AdfsFarm CertificateThumbprint XX -FederationServiceName XX -ServiceAccountCredential $fscredential -SQLConnectionString "Data Source=SQLHost;Integrated Security=True" -SigningCertificateThumbprint XX -DecryptionCertificateThumbprint XX OverwriteConfiguration -FederationServiceName should be the name of the service (identity.cloudurl) $fscredential will retrieve the AD FS Service Account information stored in the previous command SQLHost corresponds to the SQL Server instance in which the AD FS databases will be stored. NOTE: -OverwriteConfiguration will wipe and any existing AD FS database that you already have in the specified SQL Server instance.

10 10 Example Install-AdfsFarm CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -FederationServiceName identity.apprenda.fedtest -ServiceAccountCredential $fscredential -SQLConnectionString "Data Source=Server01\Instance01;Integrated Security=True" -SigningCertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -DecryptionCertificateThumbprint cf2e5064c521d625c8d53536bc98aa8e08f5f2ad -OverwriteConfiguration 4. Run the updated command 5. Proceed to the Finalize AD FS Service Configuration section below. OPTION 2B: IF THE AD FS SERVICE ACCOUNT IS A GROUP MANAGED SERVICE ACCOUNT 1. Open Powershell as a user with Domain Administrator privileges. 2. Update the following command by replacing the X placemarkers with the values specific to your AD FS setup: Install-AdfsFarm CertificateThumbprint XX -FederationServiceName XX -GroupServiceAccountIdentifier DOMAIN\Account -SQLConnectionString "Data Source=SQLHost;Integrated Security=True" -SigningCertificateThumbprint XX -DecryptionCertificateThumbprint XX OverwriteConfiguration -FederationServiceName should be the name of the service (identity.cloudurl) -GroupServiceAccountIdentifier specifies AD FS Service Account SQLHost corresponds to the SQL Server instance in which the AD FS databases will be stored. NOTE: -OverwriteConfiguration will wipe and any existing AD FS database that you already have in the specified SQL Server instance. Example Install-AdfsFarm CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -FederationServiceName identity.apprenda.fedtest -GroupServiceAccountIdentifier CONTOSO\GroupAccount01 -SQLConnectionString "Data Source=Server01\Instance01;Integrated Security=True" -SigningCertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -DecryptionCertificateThumbprint cf2e5064c521d625c8d53536bc98aa8e08f5f2ad -OverwriteConfiguration 3. Run the updated command. 4. Proceed to the Finalize AD FS Service Configuration section below.

11 11 FINALIZE AD FS SERVI CE CONFIGURATION FOR THE FIRST NODE 1. Open the AD FS Manager and click on Edit Federation Service Properties. 2. Change the Federation Service identifier to match the following pattern (the final slash is critical):

12 12 3. Click on Apply when done. 4. Restart the Federation Service via the Windows Services window. It is listed as Active Directory Federation Services. Join Additional Nodes to the Federation Server Farm Additional AD FS nodes can be joined to an existing Federation Server Farm through the AD FS GUI Wizard or via AD FS Powershell commands. Both options are described below. Join Additional Nodes to the Federation Server Farm Option 1: AD FS GUI Wizard 1. Launch the AD FS Configuration Wizard. This can be done through the Configure the federation service on this server option under the Notifications flag in the Server Manager console:

13 13 2. Select Add a federation server to a federation server farm and click Next. 3. If the executing user (the user account under which you logged in to the server) is not a domain administrator, provide the credentials for an account that has domain administrator privileges and then click Next. 4. Select Specify the database location for an existing farm using SQL Server. a. In the Database Host Name field, type the name of the server that houses the SQL Server instance that hosts the AD FS configuration databases. b. If using a named instance (i.e., not the default instance), type the instance name in the Database Instance field. 5. Select the certificate that will be used for the identity SSL certificate. Click Next. 6. Select the AD FS Service account (the same account that was used for the first node in the farm). As needed, type in the password for the account. Click Next. 7. The Wizard will now summarize the options; review these options, and use the Previous buttons in the installer to make changes if anything is amiss. If you wish, you may click on the View script button in order to export a Powershell script that can be used for automating additional installations. Click Next. 8. The Wizard will now run a series of pre-requisite checks in order to validate your configuration options. Once it has passed successfully, the Configure button will become enabled. Click on the Configure button to complete the installation. 9. Open AD FS manager and confirm Federation Service Identifier matches identity.rooturl/adfs/ls/.

14 14 Join Addition Nodes to the Federation Server Farm Option 2: Powershell Please note that full documentation on AD FS Powershell cmdlets can be found at OPTION 2A: IF THE AD FS SERVICE ACCOUNT IS A DOMAIN ACCOUNT 1. Open Powershell as a user with Domain Administrator privileges. 2. If the AD FS Service Account is a domain account, run the following command, which will prompt you to enter the credentials for the AD FS Service Account user: $fscredential = Get-Credential 3. Update the following command by replacing the X placemarkers with the values specific to your AD FS setup: Add-AdfsFarmNode -ServiceAccountCredential $fscredential -SQLConnectionString "Data Source=SQLHost;Integrated Security=True" CertificateThumbprint XX $fscredential will retrieve the AD FS Service Account information stored in the previous command SQLHost corresponds to the SQL Server instance in which the AD FS databases are be stored. Example Add-AdfsFarmNode -ServiceAccountCredential $fscredential -SQLConnectionString "Data Source=Server01\Instance01;Integrated Security=True" CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed 4. Run the updated command 5. Open AD FS manager and confirm Federation Service Identifier matches identity.rooturl/adfs/ls/. OPTION 2B: IF THE AD FS SERVICE ACCOUNT IS A GROUP MANAGED SERVICE ACCOUNT 1. Open Powershell as a user with Domain Administrator privileges. 2. Update the following command by replacing the X placemarkers with the values specific to your AD FS setup: Add-AdfsFarmNode -GroupServiceAccountIdentifier DOMAIN\Account -SQLConnectionString "Data Source=SQLHost;Integrated Security=True" CertificateThumbprint XX -FederationServiceName should be the name of the service (identity.cloudurl) -GroupServiceAccountIdentifier specifies AD FS Service Account

15 15 SQLHost corresponds to the SQL Server instance in which the AD FS databases are stored. Example Add-AdfsFarmNode -GroupServiceAccountIdentifier CONTOSO\GroupAccount01 -SQLConnectionString "Data Source=Server01\Instance01;Integrated Security=True" CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed 3. Run the updated command 4. Open AD FS manager and confirm Federation Service Identifier matches identity.rooturl/adfs/ls/. INSTALL APPRENDA WITH AN AD FS FEDERATION SERVER FARM At this point we have configured the Federation portion of the installation. Let s go ahead and install the Platform. Because the installer is not designed to accommodate a Federation Server Farm, we will do the following: Select all AD FS Nodes as Application Servers, which will install and configure the Windows Host service. Configure the first AD FS node in the Federation Server Farm as the Apprenda Managed AD FS Host. Manually configure the remaining AD FS Nodes as Apprenda Managed AD FS Hosts. Configure AD FS Nodes as Application Servers in the Apprenda Installer 1. Open the Apprenda Installer. 2. Select the Install option. 3. Select Multi Server and Show Advanced Options. 4. Fill out the necessary information until you reach the What Servers Should We Start Off With? page. 5. In addition to your environment s other servers, be sure to add all AD FS nodes as Application Servers. Configure the first AD FS Node as an Apprenda Managed AD FS Host 1. Continue and fill out the necessary information until you reach the Apprenda Security page. 2. Do not select the Require Authorization to access the System Operations Center (SOC), as skipping this at install will permit authentication troubleshooting. SOC Authorization can be reenabled at a later time. 3. Fill out the Federation Information as follows: a. Apprenda Managed ADFS Host is the name of the first AD FS node in the farm. b. The endpoint is the Federation Service Identifier configured in ADFS.

16 16 4. Complete the Apprenda installation. Grant the AD FS Service Account permission to manage the private keys for the Apprenda Platform Signing Certificate Apprenda Platform installation will add the Apprenda Signing certificate to the certificate store on the AD FS nodes. The AD FS Service Account must have read permissions to the private key for this certificate. Perform the following on all AD FS Nodes. Open the MMC Certificate Snap-in: Open MMC (which should be included on all Windows OS) Under File choose Add/Remove Snap-in Select the Certificates snap-in and click Add. Select Computer account, then click Next. Select Local computer, then click Finish. Click OK to open the snap-in. Grant the AD FS Service Account permission to manage the private keys for the Apprenda Platform Signing certificate: Under Certificates (Local Computer), open the Personal>Certificates folder and locate the Apprenda Platform Signing certificate. Its name should match the pattern cloudurl Signing (e.g., apprenda.fedtest Signing ). Right-click on the Apprenda Signing certificate and select All Tasks > Manage Private Keys. Add the AD FS Service Account to the list of Group or user names. Grant the account Read permissions.

17 17 Manually configure the remaining AD FS Nodes Repeat these steps for each additional AD FS node in the farm. Copy Apprenda AD FS Artifacts to the New AD FS Nodes 1. On the first ADFS node; you will find an AdfsBoostrapper directory in the Apprenda install drive\folder (by default, this will be C:\ApprendaPlatform). 2. Copy the AdfsBootstrapper folder to ApprendaPlatform folder on the additional AD FS node. 3. On the additional AD FS node, look in the AdfsBootstrapper\AttributeStore3.0 folder and locate the Apprenda.Federation.AttributeStore.3.0.dll 4. Copy the Apprenda.Federation.AttributeStore.3.0.dll to the C:\Windows\ADFS directory 5. Restart the AD FS Service. Update the SaaSGrid Core DB 1. Connect to the SaaSGrid Core DB (you can use the install credentials). 2. Look in the Artifact_Host table and get the ID for the additional node. 3. In the Host_Tag table, add a line where host_id= the id of the new node from the Artifact Host table, and tag_id=3 4. In the SOC, deploy the federation service to the additional node. Optional: Configure Application Deployment Policy If desired, move any unneeded services off the federation nodes and set up a deployment policy to only allow the federation service.

18 18 APPENDIX 1: UNDERSTANDING AD FS TRUST RELATIONSHIPS AD FS uses trust relationships to manage how claims are accepted and issued (see Microsoft s AD FS documentation for an explanation of the types of trusts and related terminology used in AD FS). Below is a list of AD FS trust relationships that are either created by Apprenda or must be created manually for certain Apprenda Platform authentication configurations to work. It should be noted that existing claims for an AD FS instance can be viewed in AD FS Manager under the Trust Relationships folder. Trust Relationships Created at Apprenda Platform Installation/UI Deployment Claims Provider Trust (created by Apprenda) When the Apprenda Platform is installed on an environment with AD FS nodes, the installer will create a Claims Provider Trust between the AD FS nodes and the Apprenda Platform. The trust will be located on the Apprenda AD FS nodes: Location: Apprenda AD FS nodes. Type: Claims Provider Trust. Display Name: Apprenda The claim provider s federation metadata field will point to a URL that is dynamically generated by the Apprenda Platform s authentication UI (and depends on the subdomain and cloudurl that has been configured for the Platform): o Format: o Example: Relying Party Trusts (created by Apprenda) When each UI is deployed on the Apprenda Platform (as either part of the Apprenda Platform portals or as part of a guest application), a corresponding Relying Party Trust will be created on the Apprenda AD FS nodes. Location: Apprenda AD FS nodes. Type: Relying Party Trust. The Display Name will typically correspond to the URL of the UI. Trust Relationships for Configuring Apprenda to Work with a Secure Token Service After installation of the Apprenda Platform with AD FS is complete, it is typically configured to work with a Secure Token Service (STS). This involves the following trust relationships.

19 19 Claims Provider Trust (created by Apprenda) PLATFORM-WIDE FEDERATION (WITH A SINGLE STS): Platform-wide federation (typically used to federate against a single external user store) is configured through the User Store page in the System Operations Center. Part of the setup entails entering the federation metadata URL for the STS in the appropriate input box or uploading a metadata file: The Platform will create a Claims Provider Trust on the Apprenda AD FS nodes using the information from the STS metadata URL or file: Location: Apprenda AD FS nodes. Type: Claims Provider Trust. Display Name: Apprenda Platform The claim provider s federation metadata field will point to the metadata URL for the Secure Token Service (if a metadata file is used, the URL information will be extracted from the file). ACCOUNT-LEVEL FEDERATION (WITH ONE STS PER TENANT): The Apprenda Platform can be configured to allow each Tenant account to authenticate against a different STS. In such cases, federation for each Tenant is configured through the Account Portal, where the federation metadata URL for the STS must be entered into the appropriate input box. The Platform will create a Claims Provider Trust on the Apprenda AD FS nodes using the information from the STS metadata URL: Location: Apprenda AD FS nodes.

20 20 Type: Claims Provider Trust. Display Name: the Tenant alias of the corresponding Tenant account. The claim provider s federation metadata field will point to the metadata URL for the STS. Relying Party Trusts (must be created manually) In most cases a Relying Party Trust must be manually configured between the Apprenda AD FS nodes and the STS. Although the setup process will vary depending on the STS used, instructions for configuring a Relying Party Trust in AD FS can be found in Microsoft s online documentation: Typically, your organization will already have an STS in place (along with administrators practiced in managing it). If this is the case, please provide your STS administrator with the metadata URL for the Apprenda AD FS nodes, which can be found in the Configure Identity Federation section of the User Store page in the System Operations Center (for Platform-wide Federation):

ADFS Integration Guidelines

ADFS Integration Guidelines ADFS Integration Guidelines Version 1.6 updated March 13 th 2014 Table of contents About This Guide 3 Requirements 3 Part 1 Configure Marcombox in the ADFS Environment 4 Part 2 Add Relying Party in ADFS

More information

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal 1.1.3 On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal 1.1.3 On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected ( Avaya one X Portal 1.1.3 Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL) Configuration This document provides configuration steps for Avaya one X Portal s 1.1.3 communication

More information

LAB 1: Installing Active Directory Federation Services

LAB 1: Installing Active Directory Federation Services LAB 1: Installing Active Directory Federation Services Contents Lab: Installing and Configuring Active Directory Federation Services... 2 Exercise 1: installing and configuring Active Directory Federation

More information

AvePoint Meetings 3.2.2 for SharePoint On-Premises. Installation and Configuration Guide

AvePoint Meetings 3.2.2 for SharePoint On-Premises. Installation and Configuration Guide AvePoint Meetings 3.2.2 for SharePoint On-Premises Installation and Configuration Guide Issued August 2015 Table of Contents About AvePoint Meetings for SharePoint... 4 System Requirements... 5 2 System

More information

MicrosoftDynam ics GP 2015. TenantServices Installation and Adm inistration Guide

MicrosoftDynam ics GP 2015. TenantServices Installation and Adm inistration Guide MicrosoftDynam ics GP 2015 TenantServices Installation and Adm inistration Guide Copyright Copyright 2014 Microsoft Corporation. All rights reserved. Limitation of liability This document is provided as-is.

More information

Step by step guide for installing highly available System Centre 2012 Virtual Machine Manager Management server:

Step by step guide for installing highly available System Centre 2012 Virtual Machine Manager Management server: Step by step guide for installing highly available System Centre 2012 Virtual Machine Manager Management server: Here are the pre-requisites for a HA VMM server installation: 1. Failover clustering feature

More information

Introduction to the EIS Guide

Introduction to the EIS Guide Introduction to the EIS Guide The AirWatch Enterprise Integration Service (EIS) provides organizations the ability to securely integrate with back-end enterprise systems from either the AirWatch SaaS environment

More information

Cloud Services ADM. Agent Deployment Guide

Cloud Services ADM. Agent Deployment Guide Cloud Services ADM Agent Deployment Guide 10/15/2014 CONTENTS System Requirements... 1 Hardware Requirements... 1 Installation... 2 SQL Connection... 4 AD Mgmt Agent... 5 MMC... 7 Service... 8 License

More information

SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE)

SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE) 12/15/2012 WALISYSTEMSINC.COM SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE) Setup SSL in SharePoint 2013 In the last article (link below), you learned how to setup SSL in SharePoint 2013

More information

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer.

More information

Setting Up SSL on IIS6 for MEGA Advisor

Setting Up SSL on IIS6 for MEGA Advisor Setting Up SSL on IIS6 for MEGA Advisor Revised: July 5, 2012 Created: February 1, 2008 Author: Melinda BODROGI CONTENTS Contents... 2 Principle... 3 Requirements... 4 Install the certification authority

More information

Copyright 2015 http://itfreetraining.com

Copyright 2015 http://itfreetraining.com This video will install Active Directory Federation Services on Windows Server 2012. In a previous video, an enterprise CA was installed and configured. This video will use that enterprise CA to issue

More information

LT Auditor+ 2013. Windows Assessment SP1 Installation & Configuration Guide

LT Auditor+ 2013. Windows Assessment SP1 Installation & Configuration Guide LT Auditor+ 2013 Windows Assessment SP1 Installation & Configuration Guide Table of Contents CHAPTER 1- OVERVIEW... 3 CHAPTER 2 - INSTALL LT AUDITOR+ WINDOWS ASSESSMENT SP1 COMPONENTS... 4 System Requirements...

More information

Secure Messaging Server Console... 2

Secure Messaging Server Console... 2 Secure Messaging Server Console... 2 Upgrading your PEN Server Console:... 2 Server Console Installation Guide... 2 Prerequisites:... 2 General preparation:... 2 Installing the Server Console... 2 Activating

More information

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved. Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,

More information

Deploy Remote Desktop Gateway on the AWS Cloud

Deploy Remote Desktop Gateway on the AWS Cloud Deploy Remote Desktop Gateway on the AWS Cloud Mike Pfeiffer April 2014 Last updated: May 2015 (revisions) Table of Contents Abstract... 3 Before You Get Started... 3 Three Ways to Use this Guide... 4

More information

Deploying Remote Desktop Connection Broker with High Availability Step-by-Step Guide

Deploying Remote Desktop Connection Broker with High Availability Step-by-Step Guide Deploying Remote Desktop Connection Broker with High Availability Step-by-Step Guide Microsoft Corporation Published: May 2010 Abstract This guide describes the steps for configuring Remote Desktop Connection

More information

RoomWizard Synchronization Software Manual Installation Instructions

RoomWizard Synchronization Software Manual Installation Instructions 2 RoomWizard Synchronization Software Manual Installation Instructions Table of Contents Exchange Server Configuration... 4 RoomWizard Synchronization Software Installation and Configuration... 5 System

More information

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users SyAM Management Utilities and Non-Admin Domain Users Some features of SyAM Management Utilities, including Client Deployment and Third Party Software Deployment, require authentication credentials with

More information

SQL Server 2008 and SSL Secure Connection

SQL Server 2008 and SSL Secure Connection Ivan Mackintosh 9 January 2013 - v1.0 SQL Server 2008 and SSL Secure Connection This document describes the steps involved for converting an existing SQL Connection to a secure SSL Connection suitable

More information

NSi Mobile Installation Guide. Version 6.2

NSi Mobile Installation Guide. Version 6.2 NSi Mobile Installation Guide Version 6.2 Revision History Version Date 1.0 October 2, 2012 2.0 September 18, 2013 2 CONTENTS TABLE OF CONTENTS PREFACE... 5 Purpose of this Document... 5 Version Compatibility...

More information

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

HOTPin Integration Guide: Google Apps with Active Directory Federated Services HOTPin Integration Guide: Google Apps with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as

More information

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3) Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3) Manual installation of agents and importing the SCOM certificate to the servers to be monitored:

More information

Secret Server Installation Windows 8 / 8.1 and Windows Server 2012 / R2

Secret Server Installation Windows 8 / 8.1 and Windows Server 2012 / R2 Secret Server Installation Windows 8 / 8.1 and Windows Server 2012 / R2 Table of Contents Table of Contents... 1 I. Introduction... 3 A. ASP.NET Website... 3 B. SQL Server Database... 3 C. Administrative

More information

Installation Guide. SafeNet Authentication Service

Installation Guide. SafeNet Authentication Service SafeNet Authentication Service Installation Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

Active Directory Management. Agent Deployment Guide

Active Directory Management. Agent Deployment Guide Active Directory Management Agent Deployment Guide Document Revision Date: June 12, 2014 Active Directory Management Deployment Guide i Contents System Requirements...1 Hardware Requirements...1 Installation...3

More information

Windows Azure Pack Installation and Initial Configuration

Windows Azure Pack Installation and Initial Configuration Windows Azure Pack Installation and Initial Configuration Windows Server 2012 R2 Hands-on lab In this lab, you will learn how to install and configure the components of the Windows Azure Pack. To complete

More information

Windows Intune Walkthrough: Windows Phone 8 Management

Windows Intune Walkthrough: Windows Phone 8 Management Windows Intune Walkthrough: Windows Phone 8 Management This document will review all the necessary steps to setup and manage Windows Phone 8 using the Windows Intune service. Note: If you want to test

More information

Introduction to Directory Services

Introduction to Directory Services Introduction to Directory Services Overview This document explains how AirWatch integrates with your organization's existing directory service such as Active Directory, Lotus Domino and Novell e-directory

More information

WhatsUp Gold v16.3 Installation and Configuration Guide

WhatsUp Gold v16.3 Installation and Configuration Guide WhatsUp Gold v16.3 Installation and Configuration Guide Contents Installing and Configuring WhatsUp Gold using WhatsUp Setup Installation Overview... 1 Overview... 1 Security considerations... 2 Standard

More information

Shavlik Patch for Microsoft System Center

Shavlik Patch for Microsoft System Center Shavlik Patch for Microsoft System Center User s Guide For use with Microsoft System Center Configuration Manager 2012 Copyright and Trademarks Copyright Copyright 2014 Shavlik. All rights reserved. This

More information

Active Directory Management. Agent Deployment Guide

Active Directory Management. Agent Deployment Guide Active Directory Management Agent Deployment Guide Document Revision Date: April 26, 2013 Active Directory Management Deployment Guide i Contents System Requirements... 1 Hardware Requirements... 2 Agent

More information

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services 1 HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided

More information

O Reilly Media, Inc. 3/2/2007

O Reilly Media, Inc. 3/2/2007 A Setup Instructions This appendix provides detailed setup instructions for labs and sample code referenced throughout this book. Each lab will specifically indicate which sections of this appendix must

More information

DriveLock Quick Start Guide

DriveLock Quick Start Guide Be secure in less than 4 hours CenterTools Software GmbH 2012 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Installing and Configuring vcenter Multi-Hypervisor Manager

Installing and Configuring vcenter Multi-Hypervisor Manager Installing and Configuring vcenter Multi-Hypervisor Manager vcenter Server 5.1 vcenter Multi-Hypervisor Manager 1.1 This document supports the version of each product listed and supports all subsequent

More information

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2 Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2 Last revised: November 12, 2014 Table of Contents Table of Contents... 2 I. Introduction... 4 A. ASP.NET Website... 4 B.

More information

Step-By-Step Guide to Deploying Lync Server 2010 Enterprise Edition

Step-By-Step Guide to Deploying Lync Server 2010 Enterprise Edition Step-By-Step Guide to Deploying Lync Server 2010 Enterprise Edition The installation of Lync Server 2010 is a fairly task-intensive process. In this article, I will walk you through each of the tasks,

More information

Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide

Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide c623242f-20f0-40fe-b5c1-8412a094fdc7 Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide Microsoft Corporation Published: June 2009 Updated: April 2010 Abstract

More information

Building the SAP Business One Cloud Landscape Part of the SAP Business One Cloud Landscape Workshop

Building the SAP Business One Cloud Landscape Part of the SAP Business One Cloud Landscape Workshop Building the SAP Business One Cloud Landscape Part of the SAP Business One Cloud Landscape Workshop TABLE OF CONTENTS 1 INTRODUCTION... 3 2 LANDSCAPE DETAILS... 3 2.1 Server Details... 3 2.2 Landscape

More information

safend a w a v e s y s t e m s c o m p a n y

safend a w a v e s y s t e m s c o m p a n y safend a w a v e s y s t e m s c o m p a n y SAFEND Data Protection Suite Installation Guide Version 3.4.5 Important Notice This guide is delivered subject to the following conditions and restrictions:

More information

Configure Microsoft Dynamics AX Connector for Mobile Applications

Configure Microsoft Dynamics AX Connector for Mobile Applications Microsoft Dynamics AX 2012 Configure Microsoft Dynamics AX Connector for Mobile Applications White Paper April 2013 www.microsoft.com/dynamics/ax Send suggestions and comments about this document to adocs@microsoft.com.

More information

Installing and Configuring a. SQL Server 2012 Failover Cluster

Installing and Configuring a. SQL Server 2012 Failover Cluster Installing and Configuring a SQL Server 2012 Failover Cluster Edwin M Sarmiento Applies to: SQL Server 2012 SQL Server 2014 P a g e 1 Copyright This document is provided as-is. Information and views expressed

More information

Microsoft Corporation. Project Server 2010 Installation Guide

Microsoft Corporation. Project Server 2010 Installation Guide Microsoft Corporation Project Server 2010 Installation Guide Office Asia Team 11/4/2010 Table of Contents 1. Prepare the Server... 2 1.1 Install KB979917 on Windows Server... 2 1.2 Creating users and groups

More information

StarWind Virtual SAN Installing & Configuring a SQL Server 2012 Failover Cluster

StarWind Virtual SAN Installing & Configuring a SQL Server 2012 Failover Cluster #1 HyperConverged Appliance for SMB and ROBO StarWind Virtual SAN Installing & Configuring a SQL Server 2012 Failover JANUARY 2015 TECHNICAL PAPER Trademarks StarWind, StarWind Software and the StarWind

More information

Introduction to Mobile Access Gateway Installation

Introduction to Mobile Access Gateway Installation Introduction to Mobile Access Gateway Installation This document describes the installation process for the Mobile Access Gateway (MAG), which is an enterprise integration component that provides a secure

More information

vcenter Configuration Manager Backup and Disaster Recovery Guide VCM 5.3

vcenter Configuration Manager Backup and Disaster Recovery Guide VCM 5.3 vcenter Configuration Manager Backup and Disaster Recovery Guide VCM 5.3 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

More information

AVG Business SSO Connecting to Active Directory

AVG Business SSO Connecting to Active Directory AVG Business SSO Connecting to Active Directory Contents AVG Business SSO Connecting to Active Directory... 1 Selecting an identity repository and using Active Directory... 3 Installing Business SSO cloud

More information

NETWRIX USER ACTIVITY VIDEO REPORTER

NETWRIX USER ACTIVITY VIDEO REPORTER NETWRIX USER ACTIVITY VIDEO REPORTER ADMINISTRATOR S GUIDE Product Version: 1.0 January 2013. Legal Notice The information in this publication is furnished for information use only, and does not constitute

More information

How To Create An Easybelle History Database On A Microsoft Powerbook 2.5.2 (Windows)

How To Create An Easybelle History Database On A Microsoft Powerbook 2.5.2 (Windows) Introduction EASYLABEL 6 has several new features for saving the history of label formats. This history can include information about when label formats were edited and printed. In order to save this history,

More information

Installing GFI MailArchiver

Installing GFI MailArchiver Installing GFI MailArchiver Introduction This chapter highlights important points you should take into consideration before installing GFI MailArchiver on your network, so that you can make the best decisions

More information

AD RMS Windows Server 2008 to Windows Server 2008 R2 Migration and Upgrade Guide... 2 About this guide... 2

AD RMS Windows Server 2008 to Windows Server 2008 R2 Migration and Upgrade Guide... 2 About this guide... 2 Contents AD RMS Windows Server 2008 to Windows Server 2008 R2 Migration and Upgrade Guide... 2 About this guide... 2 Preparing for the migration or upgrade of an AD RMS cluster... 2 Checklist: Preparing

More information

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML --------------------------------------------------------------------------------------------------------------------------- Contents Overview...

More information

HOTPin Integration Guide: DirectAccess

HOTPin Integration Guide: DirectAccess 1 HOTPin Integration Guide: DirectAccess Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; Celestix assumes no responsibility

More information

Lab 05: Deploying Microsoft Office Web Apps Server

Lab 05: Deploying Microsoft Office Web Apps Server Lab 05: Deploying Microsoft Office Web Apps Server DISCLAIMER 2013 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Hyper-V, Internet Explorer, Lync, PowerPoint, Silverlight, SQL

More information

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication Certificate Based 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 31 Disclaimer Disclaimer of

More information

Integration Guide. Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008

Integration Guide. Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008 Integration Guide Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008 Integration Guide: Microsoft Active Directory Rights Management Services (AD RMS) Imprint

More information

Specops Command. Installation Guide

Specops Command. Installation Guide Specops Software. All right reserved. For more information about Specops Command and other Specops products, visit www.specopssoft.com Copyright and Trademarks Specops Command is a trademark owned by Specops

More information

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link: TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link: ftp://ftp.software.ibm.com/storage/tivoli-storagemanagement/maintenance/client/v6r2/windows/x32/v623/

More information

SHAREPOINT 2013 IN INFRASTRUCTURE AS A SERVICE

SHAREPOINT 2013 IN INFRASTRUCTURE AS A SERVICE SHAREPOINT 2013 IN INFRASTRUCTURE AS A SERVICE Contents Introduction... 3 Step 1 Create Azure Components... 5 Step 1.1 Virtual Network... 5 Step 1.1.1 Virtual Network Details... 6 Step 1.1.2 DNS Servers

More information

Kaspersky Lab Mobile Device Management Deployment Guide

Kaspersky Lab Mobile Device Management Deployment Guide Kaspersky Lab Mobile Device Management Deployment Guide Introduction With the release of Kaspersky Security Center 10.0 a new functionality has been implemented which allows centralized management of mobile

More information

HarePoint Workflow Extensions for Office 365. Quick Start Guide

HarePoint Workflow Extensions for Office 365. Quick Start Guide HarePoint Workflow Extensions for Office 365 Quick Start Guide Product version 0.91 November 09, 2015 ( This Page Intentionally Left Blank ) HarePoint.Com Table of Contents 2 Table of Contents Table of

More information

NetWrix Account Lockout Examiner Version 4.0 Administrator Guide

NetWrix Account Lockout Examiner Version 4.0 Administrator Guide NetWrix Account Lockout Examiner Version 4.0 Administrator Guide Table of Contents Concepts... 1 Product Architecture... 1 Product Settings... 2 List of Managed Domains and Domain Controllers... 2 Email

More information

ACTIVE DIRECTORY DEPLOYMENT

ACTIVE DIRECTORY DEPLOYMENT ACTIVE DIRECTORY DEPLOYMENT CASAS Technical Support 800.255.1036 2009 Comprehensive Adult Student Assessment Systems. All rights reserved. Version 031809 CONTENTS 1. INTRODUCTION... 1 1.1 LAN PREREQUISITES...

More information

SafeGuard Enterprise upgrade guide. Product version: 6.1

SafeGuard Enterprise upgrade guide. Product version: 6.1 SafeGuard Enterprise upgrade guide Product version: 6.1 Document date: February 2014 Contents 1 About this guide...3 2 Check the system requirements...4 3 Download installers...5 4 About upgrading...6

More information

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit www.specopssoft.

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit www.specopssoft. . All right reserved. For more information about Specops Deploy and other Specops products, visit www.specopssoft.com Copyright and Trademarks Specops Deploy is a trademark owned by Specops Software. All

More information

RSA Security Analytics

RSA Security Analytics RSA Security Analytics Event Source Log Configuration Guide Microsoft Windows using Eventing Collection Last Modified: Thursday, July 30, 2015 Event Source Product Information: Vendor: Microsoft Event

More information

Mobility Manager 9.0. Installation Guide

Mobility Manager 9.0. Installation Guide Mobility Manager 9.0 Installation Guide LANDESK MOBILITY MANAGER Copyright 2002-2012, LANDesk Software, Inc. and its affiliates. All rights reserved. LANDesk and its logos are registered trademarks or

More information

Deploy App Orchestration 2.6 for High Availability and Disaster Recovery

Deploy App Orchestration 2.6 for High Availability and Disaster Recovery Deploy App Orchestration 2.6 for High Availability and Disaster Recovery Qiang Xu, Cloud Services Nanjing Team Last Updated: Mar 24, 2015 Contents Introduction... 2 Process Overview... 3 Before you begin...

More information

These notes are for upgrading the Linko Version 9.3 MS Access database to a SQL Express 2008 R2, 64 bit installations:

These notes are for upgrading the Linko Version 9.3 MS Access database to a SQL Express 2008 R2, 64 bit installations: These notes are for upgrading the Linko Version 9.3 MS Access database to a SQL Express 2008 R2, 64 bit installations: This document substitutes for STEPS TWO and THREE of the upgrade Game Plan Webpage

More information

Migrating Exchange Server to Office 365

Migrating Exchange Server to Office 365 Migrating Exchange Server to Office 365 By: Brien M. Posey CONTENTS Domain Verification... 3 IMAP Migration... 4 Cut Over and Staged Migration Prep Work... 5 Cut Over Migrations... 6 Staged Migration...

More information

Active Directory Installation on Windows Server 2012

Active Directory Installation on Windows Server 2012 Active Directory Installation on Windows Server 2012 What really active directory is..? Active Directory Domain Services (AD DS) is an extensible and scalable directory service you can use to efficiently

More information

2X ApplicationServer & LoadBalancer Manual

2X ApplicationServer & LoadBalancer Manual 2X ApplicationServer & LoadBalancer Manual 2X ApplicationServer & LoadBalancer Contents 1 URL: www.2x.com E-mail: info@2x.com Information in this document is subject to change without notice. Companies,

More information

System Administration Training Guide. S100 Installation and Site Management

System Administration Training Guide. S100 Installation and Site Management System Administration Training Guide S100 Installation and Site Management Table of contents System Requirements for Acumatica ERP 4.2... 5 Learning Objects:... 5 Web Browser... 5 Server Software... 5

More information

Kaseya Server Instal ation User Guide June 6, 2008

Kaseya Server Instal ation User Guide June 6, 2008 Kaseya Server Installation User Guide June 6, 2008 About Kaseya Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations. Kaseya's

More information

NETWRIX PASSWORD MANAGER

NETWRIX PASSWORD MANAGER NETWRIX PASSWORD MANAGER ADMINISTRATOR S GUIDE Product Version: 6.1 February/2012 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment

More information

NetIQ Advanced Authentication Framework - Administrative Tools. Installation Guide. Version 5.1.0

NetIQ Advanced Authentication Framework - Administrative Tools. Installation Guide. Version 5.1.0 NetIQ Advanced Authentication Framework - Administrative Tools Installation Guide Version 5.1.0 Table of Contents 1 Table of Contents 2 Introduction 3 About This Document 3 NetIQ Advanced Authentication

More information

App Orchestration Setup Checklist

App Orchestration Setup Checklist App Orchestration Setup Checklist This checklist is a convenient tool to help you plan and document your App Orchestration deployment. Use this checklist along with the Getting Started with Citrix App

More information

Sophos Mobile Control Installation guide. Product version: 3.5

Sophos Mobile Control Installation guide. Product version: 3.5 Sophos Mobile Control Installation guide Product version: 3.5 Document date: July 2013 Contents 1 Introduction...3 2 The Sophos Mobile Control server...4 3 Set up Sophos Mobile Control...10 4 External

More information

Wavecrest Certificate

Wavecrest Certificate Wavecrest InstallationGuide Wavecrest Certificate www.wavecrest.net Copyright Copyright 1996-2015, Wavecrest Computing, Inc. All rights reserved. Use of this product and this manual is subject to license.

More information

IIS, FTP Server and Windows

IIS, FTP Server and Windows IIS, FTP Server and Windows The Objective: To setup, configure and test FTP server. Requirement: Any version of the Windows 2000 Server. FTP Windows s component. Internet Information Services, IIS. Steps:

More information

MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM)

MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM) MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM) MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM) Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative

More information

ILTA 2013 - HAND 6B. Upgrading and Deploying. Windows Server 2012. In the Legal Environment

ILTA 2013 - HAND 6B. Upgrading and Deploying. Windows Server 2012. In the Legal Environment ILTA 2013 - HAND 6B Upgrading and Deploying Windows Server 2012 In the Legal Environment Table of Contents Purpose of This Lab... 3 Lab Environment... 3 Presenter... 3 Exercise 1 Add Roles and Features...

More information

Universal Management Service 2015

Universal Management Service 2015 Universal Management Service 2015 UMS 2015 Help All rights reserved. No parts of this work may be reproduced in any form or by any means - graphic, electronic, or mechanical, including photocopying, recording,

More information

Quick Install Guide. Lumension Endpoint Management and Security Suite 7.1

Quick Install Guide. Lumension Endpoint Management and Security Suite 7.1 Quick Install Guide Lumension Endpoint Management and Security Suite 7.1 Lumension Endpoint Management and Security Suite - 2 - Notices Version Information Lumension Endpoint Management and Security Suite

More information

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014 S/MIME on Good for Enterprise MS Online Certificate Status Protocol Installation and Configuration Notes Updated: October 08, 2014 Installing the Online Responder service... 1 Preparing the environment...

More information

Renew ADFS and ADFS Proxy servers SSL Service Communication certificate

Renew ADFS and ADFS Proxy servers SSL Service Communication certificate Renew ADFS and ADFS Proxy servers SSL Service Communication certificate There are 3 ADFS servers in the farm, one of them running in the Disaster Recovery network and 3 ADFS Proxy servers in the farm,

More information

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210

More information

Installing and Configuring vcloud Connector

Installing and Configuring vcloud Connector Installing and Configuring vcloud Connector vcloud Connector 2.7.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

LAB 2: Identity Management

LAB 2: Identity Management LAB 2: Identity Management Contents Lab 2: Identity Management... 2 Exercise 1: install and configure prerequisites for configuring AD FS... 3 Tasks... 3 Exercise 2: adding and verifying a standard domain

More information

NetWrix Password Manager. Quick Start Guide

NetWrix Password Manager. Quick Start Guide NetWrix Password Manager Quick Start Guide Contents Overview... 3 Setup... 3 Deploying the Core Components... 3 System Requirements... 3 Installation... 4 Windows Server 2008 Notes... 4 Upgrade Path...

More information

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them. This chapter provides information about the Security Assertion Markup Language (SAML) Single Sign-On feature, which allows administrative users to access certain Cisco Unified Communications Manager and

More information

Browser-based Support Console

Browser-based Support Console TECHNICAL PAPER Browser-based Support Console Mass deployment of certificate Netop develops and sells software solutions that enable swift, secure and seamless transfer of video, screens, sounds and data

More information

Check Point FDE integration with Digipass Key devices

Check Point FDE integration with Digipass Key devices INTEGRATION GUIDE Check Point FDE integration with Digipass Key devices 1 VASCO Data Security Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document

More information

Sophos for Microsoft SharePoint startup guide

Sophos for Microsoft SharePoint startup guide Sophos for Microsoft SharePoint startup guide Product version: 2.0 Document date: March 2011 Contents 1 About this guide...3 2 About Sophos for Microsoft SharePoint...3 3 System requirements...3 4 Planning

More information

Configuration Guide. BES12 Cloud

Configuration Guide. BES12 Cloud Configuration Guide BES12 Cloud Published: 2016-04-08 SWD-20160408113328879 Contents About this guide... 6 Getting started... 7 Configuring BES12 for the first time...7 Administrator permissions you need

More information

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008 Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008 Nature of Document: Guideline Product(s): IBM Cognos Express Area of Interest: Infrastructure 2 Copyright and Trademarks Licensed Materials

More information

File Auditor for NAS, Net App Edition

File Auditor for NAS, Net App Edition File Auditor for NAS, Net App Edition Installation Guide Revision 1.2 - July 2015 This guide provides a short introduction to the installation and initial configuration of NTP Software File Auditor for

More information

This How To guide will take you through configuring Network Load Balancing and deploying MOSS 2007 in SharePoint Farm.

This How To guide will take you through configuring Network Load Balancing and deploying MOSS 2007 in SharePoint Farm. Quick Brief This How To guide will take you through configuring Network Load Balancing and deploying MOSS 2007 in SharePoint Farm. This document will serve as prerequisite for Enterprise Portal deployment

More information