NetIQ Advanced Authentication Framework. Maintenance Guide. Version 5.1.0



Similar documents
NetIQ Advanced Authentication Framework. System Requirements. Version 5.1.0

NetIQ Advanced Authentication Framework - Administrative Tools. Installation Guide. Version 5.1.0

NetIQ Advanced Authentication Framework - Password Filter. Installation Guide. Version 5.1.0

NetIQ Advanced Authentication Framework. FIDO U2F Authentication Provider Installation Guide. Version 5.1.0

NetIQ Advanced Authentication Framework - Client. User's Guide. Version 5.1.0

Understand Troubleshooting Methodology

Planning and Administering Windows Server 2008 Servers

Course Agenda: Managing Active Directory with NetIQ Directory and Resource Administrator and NetIQ Exchange Administrator

ScoMIS Encryption Service

Before deploying SiteAudit it is recommended to review the information below. This will ensure efficient installation and operation of SiteAudit.

Information Security Operational Procedures Banner Student Information System Security Policy

SELF SERVICE RESET PASSWORD MANAGEMENT ARCHITECTURE GUIDE

SELF SERVICE RESET PASSWORD MANAGEMENT DATABASE REPLICATION GUIDE

Copyright

6425C - Windows Server 2008 R2 Active Directory Domain Services

ScoMIS Encryption Service

BACKUP STRATEGY AND DISASTER RECOVERY POLICY STATEMENT

MS-6425C - Configuring Windows Server 2008 Active Directory Domain Services

Managing and Maintaining Windows Server 2008 Servers (6430) Course length: 5 days

NetWrix Server Configuration Monitor

WatchGuard Dimension v1.1 Update 1 Release Notes

Managing and Monitoring Windows 7 Performance Lesson 8

Deploying the DisplayLink Software using the MSI files

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

ION EEM 3.8 Server Preparation

ILTA HANDS ON Securing Windows 7

Windows.NET Beta 3 Active Directory New Features

Securing Administrator Access to Internal Windows Servers

R3: Windows Server 2008 Administration. Course Overview. Course Outline. Course Length: 4 Day

Introduction to Active Directory Services

Moving the TRITON Reporting Databases

Creating a New Domain Tree in the Forest

Installing and Administering VMware vsphere Update Manager

Cover sheet. How do you create a backup of the OS systems during operation? SIMATIC PCS 7. FAQ November Service & Support. Answers for industry.

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

The remedies set forth in this SLA are your sole and exclusive remedies for any failure of the service.

Managing and Maintaining Windows Server 2008 Servers

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

STREAM FRBC

Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Installing, Configuring, and Managing a Microsoft Active Directory

Advanced Authentication

Hands-On Microsoft Windows Server Chapter 12 Managing System Reliability and Availability

Northwestern University Dell Kace Patch Management

Diamond II v2.3 Service Pack 4 Installation Manual

3. Where can I obtain the Service Pack 5 software?

Introducing ZENworks 11 SP4. Experience Added Value and Improved Capabilities. Article. Article Reprint. Endpoint Management

WatchGuard Mobile User VPN Guide

Moving/Restoring the StarShip SQL database

MOC 6436A: Designing Active Directory Infrastructure and Services in Windows Server 2008

Symantec Backup Exec 12.5 for Windows Servers. Quick Installation Guide

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V

Configuring and Troubleshooting Windows 2008 Active Directory Domain Services

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

Step by step guide for installing highly available System Centre 2012 Virtual Machine Manager Management server:

Windows Server 2003 Active Directory: Perspective

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Release Notes. Contents. Release Purpose. Platform Compatibility. Windows XP and Internet Explorer 8 Update

Full Disk Encryption Agent Reference

Installing SBS2003 Service Pack 1 Version 1.03

Installation Notes for Outpost Network Security (ONS) version 3.2

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Password Manager Windows Desktop Client

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Active Directory Objectives

MCTS Guide to Microsoft Windows 7. Chapter 13 Enterprise Computing

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

SELF SERVICE RESET PASSWORD MANAGEMENT ADMINISTRATOR'S GUIDE

Hosting Users Guide 2011

Changing the C Interface IP Address: step-by-step

Configuring and Administering Windows 7

Planning and Administering Windows Server 2008 Servers

Quick Start Guide 0514US

CC4 TEN: Pre-installation instructions for Windows Server networks

Course 50322B: Configuring and Administering Windows 7

NE-6425C Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Windows Server 2008/2012 Server Hardening

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015

Setting up Active Directory Domain Services

Nexio Connectus with Nexio G-Scribe

Table of Contents. FleetSoft Installation Guide

Advanced VMware Training

Implementing and Supporting Microsoft Windows XP Professional

Backup Manager Configuration and Deployment Guide. Version 9.1

The manual contains complete instructions on 'converting' your data to version 4.21.

DriveLock and Windows 7

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10

Office 365 Windows Intune Administration Guide

Planning and Administering Windows Server 2008 Servers

Chapter 1 Scenario 1: Acme Corporation

Symantec PGP Whole Disk Encryption Hands-On Lab V 3.7

For your eyes only - Encryption and DLP Erkko Skantz

Symantec Backup Exec 2010 R2. Quick Installation Guide

PATCHING WINDOWS SERVER 2012 DOMAIN CONTROLLERS. Prepared By: Sainath K.E.V MVP Directory Services

Designing a Windows Server 2008 Active Directory Infrastructure and Services

Transcription:

NetIQ Advanced Authentication Framework Maintenance Guide Version 5.1.0

Table of Contents 1 Table of Contents 2 Introduction 3 About This Document 3 Purposes of Maintenance 3 Difficulties of Maintenance 3 Terms 4 Responsibilities of Staff Working with NetIQ 5 NetIQ Administrator Responsibilities 5 NetIQ Security Officer Responsibilities 5 Recommendation for Upgrading Procedure 6 What You Need To Do In Case Of Authenticore Server Is Unavailable 7 Enhancing Reliability and Security of Infrastructure 8 Infrastructure 8 NetIQ Authenticore Servers 8 Servers and Workstations with NetIQ Components Installed 8 Enhancing Security 10 Index 11 2

Introduction About This Document This Maintenance Guide is intended for NetIQ Administrators and NetIQSecurity Officers and describes how to maintain Infrastructure with NetIQ Advanced Authentication Framework solution. Purposes of Maintenance Maintenance is necessary for providing uninterrupted possibility to authenticate by various authentication methods and uninterrupted possibility to administrate NetIQ settings of users and computers using NetIQ Advanced Authentication Framework. This document describes maintenance remedies for End Users, because only end users are directly interacting with NetIQ. Difficulties of Maintenance Difficulties of maintenance depends on homogeneity of infrastructure. The uniform infrastructure contains workstations with the same or similar hardware and software configurations. The maintenance of such infrastructure is easier than the maintenance of infrastructure that contains workstations with various types of hardware and software configurations. End users must spend more time and engage more people for configuring of specific features (drivers, hardware compatibility, operating systems, third-party software). So these conclusions is right also for NetIQ maintenance. Check NetIQ system requirements for preliminary compatibility checking with your infrastructure. 3

Terms NetIQ Administrator user with delegated NetIQ privileges. NetIQ Administrator performs installation and configuring of NetIQ Advanced Authentication Framework. Check Administrator responsibility list. NetIQ Helpdesk a technical staff of NetIQ Support Center that assists End Users in case of any questions and problematic situations on NetIQ Advanced Authentication Framework. NetIQ Knowledge Base a section of NetIQ Support Center, which contains useful information with often asked questions and appropriate answers on NetIQ solution. NetIQ Security Officer user with delegated NetIQ privileges. NetIQ Security Officer assists user to enroll his/her own authenticator and monitor security during users authentication. Check Security Officer responsibility list. NetIQ Support Center a department of NetIQ Company; also means NetIQ support website. Defect - an error in the Software which is reproducible or repeatable and which causes the NetIQ solution to not function substantially in conformance with its specifications, the applicable End User documentation, or other related documentation, including without limitation, any other engineering documentation for the NetIQ solution, or commonly accepted operating principles as defined by industry standards. End user company that is using or plans to use NetIQ Advanced Authentication Framework. Incident - a situation when End User or distributor is needed to contact NetIQ Helpdesk for assistance. Infrastructure object of End User that contains all servers, workstations and communication channels between them. 4

Responsibilities of Staff Working with NetIQ NetIQ Administrator Responsibilities 1. Installation of server and administrative components. 2. Preliminary check of NetIQ system requirements and NetIQ upgrade in test environment or on the small selection in production domain to be sure that the upgrade will not cause any problems. 3. Upgrade of server and administrative components. 4. Deployment and upgrade of client components. 5. Configuration of Authenticore Servers. 6. Solution of any problem depending on inability to logon. 7. Regular inspection of events with system failures and warnings including NetIQ Authenticore server failures. 8. Assist NetIQ Security Officer with any NetIQ problems. 9. Ask NetIQ Helpdesk for extra technical help upon NetIQ solution. 10. Notify NetIQ Helpdesk about any Defects in NetIQ solution. 11. Communication with NetIQ Helpdesk about defects and Incidents (NetIQ Helpdesk can ask extra information for diagnostics of incident), including checking of workarounds and confirmation of closing an incident. NetIQ Security Officer Responsibilities 1. Enrolling users authenticators. 2. Assist users with enrolling and understanding of how NetIQ works and how users need to use it. 3. Regular inspection of NetIQ events with any failures and warnings. 5

Recommendation for Upgrading Procedure It is recommended to upgrade NetIQ at the time of lowest user activity (evening after work, weekends). 1. Make a snapshot of virtual machine with Authenticore Server if you use virtual machines for NetIQ servers. 2. If you have only one Authenticore Server, we recommend you to install and configure additional server to provide fault tolerance. 3. Upgrade first Authenticore Server, restore the Enterprise Key, upgrade all authentication providers in case of there are changes in them; reboot server. 4. Make sure that the Authenticore Server was successfully started after reboot. 5. Stop other Authenticore Servers temporarily and try to authenticate by any user authenticator (this user should not have cached authenticators). 6. Start other Authenticore Servers. 7. If test authentication in step 5 was successful, you can upgrade other Authenticore Servers including all updated authentication providers one-by-one, else please check errors in Event Viewer and contact with NetIQ Helpdesk with detailed information. Please make sure that all Authenticore Servers were started after reboots. 8. Upgrade first Password Filter, reboot DC. 9. Check Event Viewer on DC to be sure that Password Filter was successfully loaded. 10. Upgrade other Password Filters one-by-one. 11. Upgrade Administrative tools on all NetIQ administrator servers and workstations. 12. Upgrade client components (NetIQ Client, authentication providers) on selection of 5-10 or 5% of workstations with different configurations. 13. Wait for 2-5 days: collect and analyze feedback from users. 14. Upgrade selection of 30% of workstations. 15. Wait for a week: collect and analyze feedback from users. 16. Upgrade remaining workstations. 6

What You Need To Do In Case Of Authenticore Server Is Unavailable 1. Check how many Authenticore Servers are unavailable. If all Authenticore Servers are unavailable, please provide users with temporary possibility to logon by classical password. 2. If you can start and logon to server, try to start Authenticore Server manually via Authenticore Server tray manager. 3. If you can t start server manually, try to re-install it. 4. Check Event Viewer for any errors, analyze errors. 5. Restore snapshot with working state, if you use virtual machines for servers. 6. Deploy new Authenticore Server(s) using existing Enterprise Key. Ask NetIQ administrator or responsible person for Enterprise Key. Enterprise Key should be stored in secure place. 7. If you have lost an Enterprise Key, you will need to generate new Enterprise Key. It also means that all NetIQ settings including enrolled authenticators will be lost and you will need to re-enroll them. 8. If your Authenticore Servers don t work after preparing new Authenticore Servers, please check schema extension, try to extend schema again. 7

Enhancing Reliability and Security of Infrastructure In this chapter: Infrastructure NetIQ Authenticore Servers Servers and Workstations with NetIQ components installed Enhancing security Infrastructure 1. Backup Active Directory monthly using any preferable utility. You need it, because all NetIQ settings are stored in AD/AD LDS. 2. Use two or more Domain Controllers for fault tolerance at first according to Microsoft s recommendations. 3. Availability of redundant communication channel between users workstations and near Authenticore Servers for a case of any communication channel problems. NetIQ Authenticore Servers 1. Use two or more NetIQ Authenticore Servers for each site. See Microsoft s recommendations for Domain Controllers. 2. Prevent situations when all Authenticore Servers are unavailable. Use Authenticore Servers in different locations. 3. Check Event Viewer for any system or NetIQ errors and warnings daily. 4. Use uninterruptible power supply for a case of electricity disconnection and disruption. 5. Availability of 30 GB free space on system partition of hard drive (for events and logs). 6. Save snapshot with working state after any upgrade in case of using virtual machines for NetIQ Authenticore Servers. 7. Every Authenticore Server must contain all used authentication providers installed. Servers and Workstations with NetIQ Components Installed 1. Use recommended operating system updates. 2. Availability of 60 GB free space on system partition of hard drive. 3. Check preliminary whether NetIQ supports new version of client and server OS before migrating to them. 4. If you use DLP software, make sure that this software doesn t block USB devices that are used for user authentication. 5. Use authenticators caching in the next situations: 8

A. Slow communication channel; B. Planned works with communication channel; C. Migration of employees to the new office; D. Business trip with corporate laptop. 9

Enhancing Security 1. Use secure storage for Enterprise Key. Otherwise you can compromise it. 2. Delegate Authenticore Admins privileges to trusted administrators only. Administrators should have good knowledge of Active Directory. 3. Delegate NetIQ Advanced Authentication Framework Admins and NetIQ Advanced Authentication Framework User/Computer settings management privileges to trusted security officers only. 10

Index A Active Directory 8, 10 Administrative tools 6 Administrator 4-5 Authentication 1, 3-4, 10 Authenticore server 5 C Client 6 D Domain 8 E Enterprise Key 6-7, 10 Event Viewer 6-8 P Password 6 R Restore 7 S Security 3-5, 8, 10 Server 6-7 Software 4 Support 4 U User 10 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information