Recent pages

Edit
page

New
page

Print
page
Page last modified 20:21, 18 Nov 2009 by jon.vickers
0
bigWebApps HelpDesk Manual > Active Directory Replicator > Overview

Overview

From $1

  • What is it.
    • The bigWebApps AD Replicator is software installed on our clients network to allow single sign-on using local Active Directory user accounts.
  • What is copied.
    • The AD Replicator will copy users in local AD Groups that are mapped to bigWebDesk Roles (eg. Administrators, Technicians, Users, Super Users)
    • Only the fields: AD Sid; FirstName, LastName, and Email Address are copied to bigWebApps servers.
    • No AD passwords or password hashes are copied from client's network to bigWebApps
  • Where to install.
    • Requires installation on local Windows Server 2003 or Windows XP machine local on the client's network.
  • Locations Setup.
    • Ad Replicator currently does NOT associate the login with a location. This can be done from the web interface when the user is inputing a ticket for the first time.  We have discussed some type of AD OU mapping to BWD groups for the future, no dates on when this might be implemented.
  • Requirements
    • Each user in Active Directory must have an email address. User's without email addresses will not be copied.
    • the computer or server that the Ad Replicator is installed MUST be a member of the domain.

   

Install Process

1. Call - Review Questionaire Answer Questions

Initially we schedule a call with your team to explain how the replicator works, all the components to the replicator and review any settings we will need

2. Install and Initial Replication

We will install the replicator components, setup the initial ad replicator mappings, and start test replication

3. Call - Sign Off 

After the install, we will schedule a follow up call a few days later to verify that no replicator errors are occurring and validate replication is functioning correctly.

PreInstall Client Steps

Select a Server

Select either a Windows Server 2003 Domain Memember Server or Windows XP Machine with IIS installed.  We prefer not to install on a Domain Controller.

Select your public redirect URL

Select a public url such as:   http://helpdesk.acme.com  or http://itsupport.coweta.k12.ga.us.  

Make the proper external DNS entries to forward this new dns entry to the proper firewall and internal server

Decide on SSL or Non SSL

If you intend to support FireFox or other NON-IE browsers, we recommend you enable SSL on this redirect site. This requires us to setup IIS in Basic Authenication Mode, which requires an SSL Certificate.  IF you have self signed certificate infrastructure you can create self signed certificate etc.  Consult your Firewall or SSL administrator on the best way to generate the certificate for the new domain name.

If you intend to only support Internet Explorer Clients, you can setup IIS in Integrated Authentication mode, which can work without an SSL certificate.

We recommend using SSL and Basic Authentication for the least amount of future troubles.

Setup a temporary web page on new server

Go ahead and create a temporary IIS web site with basic html test page to prove the site is up and running.

Test this site from outside your network as well as inside your network to make sure all Firewalls and DNS entries are working properly.

If Required, Enable SSL on this site and test to make sure you can access the site via https:// as well.


    

Current Install ProcessOverview

  1. Complete the AD Replicator Questionaire.doc Form, completed by local network admin contact.
  2. bigWebApps Engineer will review the questionaire and validate the login credentials are working properly.
  3. bigWebApps Engineer will install base replicator engine (very small Windows Service)
  4. bigWebApps will verify the 3 AD test accounts replicate properly and the system is working.
  5. Setup a GoToMeeting web meeting to review what is installed and train local network admin how to configure the AD replicator engine. 
    1. During call, setup the redirector page like https://helpdesk.acmeinc.com/  This page will redirect domain users to the bigWebApps HelpDesk preauthenticated.

 

Requirements

  • IIS 6.0+ Windows Server 2003 or Windows XP Pro 
  • SSL Certificate for https://bigwebdesk.yourdomain.com if you need to support FireFox Browser or MacIntosh computers .  If you are only supporting IE, you can use Integrated Authentication without an SSL Certificate.  We recommend you purchase a real SSL certificate.  Even though you could use a self issued, this has been proven to cause usability issues, the $150 is worth the money spent to stop these phone calls.
  • Group Policy to add http://bigwebdesk.yourdomain.com to "Local Intranet" IE Site Zone if you want 1 click sign-in on Internet Explorer and Windows.
  • Publish http: & https://bigwebdesk.yourdomain.com on your company firewall to the AD Replicator Server on your LAN.

Parts

  1. Windows Service. This service performs synchronizations between the client's AD Users and bigWebDesk.
  2. Admin Control Panel. This is a web based control panel that manages AD Group to bigWebDesk mappings and other replication settings. Requires IIS 6.0 and ASP.NET 2.0
  3. Single Sign-On ASP.NET Page. This is a single web page published on the client's extranet web site. This page should be available on the public internet. This page will use Windows Integrated or Digest Challenge login to authenticate the user using local active directory credentials, then quickly redirect to https://login.bigwebapps.com with the user preauthenticated via a temporary transfer token. An example location to publish could be https://bwa.acme.com/  , this page will redirect to https://login.bigwebapps.com preauthenticated without the need to relogin.
Tags:
Attach file or image
Files (0)
 
Images (0)
 
Comments (0)
You must login to post a comment.

 
Powered by MindTouch Deki Express: open source enterprise collaboration and wiki software
SourceForge.net