Home » Dell Manuals » Servers » Dell PowerEdge 2321DS » Manual Viewer

Dell PowerEdge 2321DS User Manual - Page 204

LDAP SSL Certificates, Enabling SSL on a Domain Controller

View all Dell PowerEdge 2321DS manuals

Add to My Manuals
Save this manual to your list of manuals

Page 204 highlights

Access Control Attribute (Standard schema set only) The value of this field specifies which attribute in the LDAP directory is to be used to contain discretionary access control information and is only enabled when Standard Schema is selected. The Access Control Attribute is chosen from among the attributes in the LDAP directory object representing the group whose membership includes both the user and the appliance or attached computer that you are trying to access. When using the Standard schema, it is necessary for Group objects in the Group Container to have an attribute that is chosen to contain the permission level associated with the Group. The Access Control Attribute field, available when the Standard schema is selected, contains the name of the chosen attribute. The chosen attribute must be capable of storing a character string value; for example, the default attribute is "info" which is an attribute accessible via the Active Directory Users and Computers (ADUC) snap-in. Using ADUC, the value of the info attribute is set by accessing the "Notes" property of the Group object. LDAP SSL Certificates All LDAP protocol exchanges (between a Remote Console Switch and Active Directory servers) are secured by SSL. When the LDAP protocol is being protected by SSL, it is referred to as LDAPS (Lightweight Directory Access Protocol over SSL). Each LDAPS connection begins with a protocol handshake that triggers a security certificate transmission from the responding Active Directory server to the Remote Console Switch. Once received, the Remote Console Switch is responsible for verifying the certificate. In order to verify the certificate, the appliance must be configured with a copy of the root Certification Authority's (CA) certificate. Before this can be done, the certificate must first be generated. Enabling SSL on a Domain Controller If you plan to use Microsoft Enterprise Root CA to automatically assign all your domain controllers SSL certificate, you must perform the following steps to enable SSL on each domain controller if you have not previously done so. 1 Install a Microsoft Enterprise Root CA on a Domain Controller. 187 LDAP Feature for the Remote Console Switch

Section	Page
Safety Precautions	14
General	14
Rack Mounting of Systems	16
LAN Options	17
Product Overview	18
Remote Console Switch Features and Benefits	18
SIP Intelligent Module	18
Multiplatform Support	19
Interoperability with Avocent® IQ Module Intelligent Cabling	19
OSCAR Interface	19
On-board Web Interface	19
DSView® 3 Management Software Plug-in	19
Virtual Media	20
Security	20
Encryption	20
Operation Modes	21
Video	21
FLASH Upgradeable	21
Cascade (Tier) Expansion	22
Remote Console Switch Software Features and Benefits	22
Easy to Install and Configure	22
Powerful Customization Capabilities	23
Extensive Remote Console Switch Management	23
IPv4 and IPv6 Capabilities	23
LDAP	23
Interoperability with Avocent Products	23
Installation	25
Remote Console Switch Quick Setup Checklist	25
Remote Console Switch Installation and Setup	27
Getting Started	27
Setting Up Your Network	28
Keyboards	28
Rack Mounting Your Remote Console Switch Unit	28
Installing the Remote Console Switch Unit	32
Video Optimization	41
Mouse Acceleration	41
Connecting a SIP	41
Adding a Cascade Switch	43
Cascading with Legacy Switches	46
Adding a PEM (Optional)	47
Connecting to the Network	49
On-board Web Interface Installation and Setup	49
Supported Browsers	49
Launching the On-board Web Interface	49
Remote Console Switch Software Installation and Setup	50
Installing the Remote Console Switch Software	51
Controlling Your System at the Analog Ports	53
Viewing and Selecting Ports and Devices	53
Selecting Devices	55
Soft Switching	55
Navigating the OSCAR Interface	56
Configuring OSCAR Interface Menus	58
Changing the Display Behavior	59
Setting Console Security	61
Controlling the Status Flag	63
Setting the Interface Language	65
Assigning Device Types	65
Assigning Device Names	67
Configuring Network Settings	68
Displaying Version Information	70
Scanning Your System	70
Setting the Preemption Warning	72
Displaying Configuration Information	73
Running System Diagnostics	74
Broadcasting to Servers	75
Power Controlling Devices	77
Power window	77
PDUs window	78
PDU Settings window	78
PDU Inlets window	79
PDU Outlets window	80
Remote Console Switch Software Basic Operations	82
Launching the Remote Console Switch Software	82
Navigating the Remote Console Switch Software	82
Viewing Your System in the Explorer	83
Explorer Window Features	84
Adding a Remote Console Switch or Avocent Remote Console Switch	85
Accessing Your Remote Console Switch	92
Launching the VNC or RDP Viewer	94
Changing Server and Switch Properties	95
Changing General Properties	95
Changing Server Network Properties	97
Changing Switch Network Properties	98
Changing Information Properties	100
Viewing Server Connections Properties	101
VNC properties	102
RDP properties	104
Accessing a Server via a Browser Window	106
Changing Server and Switch Options	106
General options	106
HTTP/HTTPS options	108
VNC options	108
RDP options	109
Organizing Your System	110
Modifying Custom Field Names	112
Creating Folders	112
Assigning a Unit to a Site, Location, or Folder	113
Deleting and Renaming	114
Customizing the Explorer Window	116
Modifying the Selected View on Startup	116
Changing the Default Browser	117
Managing Your Local Databases	117
Saving a Database	117
Exporting a Database	118
Loading a Database	119
Using the Viewer	120
Accessing Servers from the Remote Console Switch Software	120
Accessing Servers from the On-board Web Interface	122
Interacting With the Server Being Viewed	123
Viewer Window Features	124
Adjusting the Viewer	125
Adjusting the Viewer Resolution	128
Adjusting the Video Quality	129
Minimizing Remote Video Session Discoloration	131
Improving Screen Background Color Display	131
Setting Mouse Scaling	132
Minimizing Mouse Trailing	133
Improving Mouse Performance	133
Reducing Mouse Cursor Flickering	134
Viewing Multiple Servers Using the Scan Mode	134
Scanning Your Servers	134
Thumbnail View Status Indicators	137
Navigating the Thumbnail Viewer	138
Using Macros to Send Keystrokes to the Server	139
Session Options - General Tab	140
Screen Capturing	141
Preemption	142
Preemption of Remote User by a Remote Administrator	143
Preemption of a Local User/Remote Administrator by a Remote Administrator	143
Connection Sharing	143
Virtual Media	146
Common Virtual Media Terms	146
Configuring Virtual Media Locally	147
Enabling/Disabling Virtual Media Using the OSCAR Interface	147
Setting Virtual Media Options Using the OSCAR Interface	148
Configuring Virtual Media Remotely	150
Enabling/Disabling Virtual Media Using the On-board Web Interface	150
Setting Virtual Media Options Using the On-board Web Interface	152
Launching Virtual Media	152
Virtual Floppy Drive	154
Virtual CD/DVD Drive	155
Virtual Media Connection Status	155
Reserving a Virtual Media Session	156
Resetting the USB Bus	156
Managing Your Remote Console Switch Using the On-board Web Interface	157
Migrating Switches from the Remote Console Switch Software	157
Viewing and Configuring Remote Console Switch Parameters	158
Changing Remote Console Switch Parameters	158
Setting Up User Accounts	160
Locking and Unlocking User Accounts	164
Enabling and Configuring SNMP	165
Enabling Individual SNMP Traps	167
Viewing and Resynchronizing Server Connections	168
Modifying a Server Name	169
Viewing and Configuring Tiered Switch Connections	170
Viewing the SIPs and Avocent IQ Modules	171
Viewing Remote Console Switch Version Information	172
SIPs Subcategory	173
Upgrading Firmware	176
Controlling User Status	179
Rebooting Your System	181
Managing Remote Console Switch Configuration Files	181
Managing User Databases	182
Installing a Web Certificate	184
Managing PDUs	185
Migrating Your Remote Console Switch	188
Accessing the AMP	188
Upgrading Firmware Using the AMP	189
Upgrading Remote Console Switch Firmware	189
Migrating Remote Console Switches to the On- board Web Interface	190
Using the Resync Wizard	192
LDAP Feature for the Remote Console Switch	194
Overview	194
The Structure of Active Directory	194
Domain Controller Computers	195
Object Classes	195
Attributes	196
Schema Extensions	196
Standard Schema versus Dell Extended Schema	197
Standard Installation	198
Configure the Override Admin Account	199
Configuring DNS Settings	199
Configuring the Network Time Protocol Settings	200
Configuring the LDAP Authentication Parameters	201
LDAP SSL Certificates	204
Enabling SSL on a Domain Controller	204
Login Timeout	209
CA Certificate Information Display	209
Configuring Group Objects	210
Active Directory Object Overview for Standard Schema	213
Dell Extended Schema Active Directory Object Overview	214
Configuring Active Directory with Dell Schema Extensions to Access Your RCS	219
Extending the Active Directory Schema (Optional)	219
Installing the Dell Extension to the Active Directory Users and Computers Snap-In (Optional)	220
Adding Users and Privileges to Active Directory with Dell Schema Extensions	221
Creating a SIP Object	221
Creating a Privilege Object	221
Using Dell Association Objects Syntax	222
Creating an Association Object	223
Adding Objects to an Association Object	223
Console Redirection Access Security	224
Using Active Directory to Log In to the Remote Console Switch	225
Target Device Naming Requirements for LDAP Implementation	225
Frequently Asked Questions	226
Appendix A: Updating the Remote Console Switch Software	229
Appendix B: Remote Console Switch Software Keyboard and Mouse Shortcuts	230
Appendix C: TCP Ports	233
Appendix D: MIBs and SNMP Traps	234
MIB Groups	235
Enterprise Traps	248
Appendix E: FLASH Upgrades	264
Upgrading the Remote Console Switch	264
Upgrading the SIP module firmware	267
Appendix F: Technical Specifications	270
Appendix G: Technical Support	274

Match case Limit results 1 per page

187

LDAP Feature for the Remote Console Switch

LDAP SSL Certificates

All LDAP protocol exchanges (between a Remote Console Switch and Active

Directory servers) are secured by SSL. When the LDAP protocol is being

protected by SSL, it is referred to as LDAPS (Lightweight Directory Access

Protocol over SSL). Each LDAPS connection begins with a protocol

handshake that triggers a security certificate transmission from the

responding Active Directory server to the Remote Console Switch. Once

received, the Remote Console Switch is responsible for verifying the

certificate. In order to verify the certificate, the appliance must be configured

with a copy of the root Certification Authority's (CA) certificate. Before this

can be done, the certificate must first be generated.

Enabling SSL on a Domain Controller

If you plan to use Microsoft Enterprise Root CA to automatically assign all

your domain controllers SSL certificate, you must perform the following steps

to enable SSL on each domain controller if you have not previously done so.

Install a Microsoft Enterprise Root CA on a Domain Controller.

Access Control

Attribute

(Standard

schema set only)

The value of this field specifies which attribute in the LDAP

directory is to be used to contain discretionary access control

information and is only enabled when Standard Schema is

selected.

The

Access Control Attribute

is chosen from among the

attributes in the LDAP directory object representing the group

whose membership includes both the user and the appliance or

attached computer that you are trying to access.

When using the Standard schema, it is necessary for Group

objects in the Group Container to have an attribute that is

chosen to contain the permission level associated with the

Group. The Access Control Attribute field, available when the

Standard schema is selected, contains the name of the chosen

attribute. The chosen attribute must be capable of storing a

character string value; for example, the default attribute is “info”

which is an attribute accessible via the Active Directory Users

and Computers (ADUC) snap-in. Using ADUC, the value of the

info attribute is set by accessing the “Notes” property of the

Group object.