Logging in to the Admin Portal PDF

194 Pages·2016·12.51 MB·English

by

Checking for file health...

Save to my drive

Quick download

Administration Guide Symphony Administration Guide Enterprise and Business Version – April 2016 Discover Symphony! .................................................................................................................... 7 Preparing your installation -‐‑ what you need before starting ........................................ 7 Things you need to know ..................................................................................................................... 7 FQDNs and names used in this guide ............................................................................................................ 7 Locating your admin credentials and pod configuration details ...................................................... 7 Things you should have ........................................................................................................................ 8 Equipment and platform compatibility ........................................................................................................ 8 Identifying and accessing your Symphony service ..................................................................... 8 Access to Symphony Cloud Services .............................................................................................................. 8 Emails from Symphony ....................................................................................................................................... 8 Getting Started – Logging in to the Admin Portal .............................................................. 9 Understanding accounts ...................................................................................................................... 9 Log in to the Admin Portal .................................................................................................................. 9 Take a quick tour ................................................................................................................................. 11 Create another admin account ........................................................................................................ 13 Creating end user accounts ............................................................................................................... 13 Notification of Account creation ................................................................................................................... 15 Set up password with email .............................................................................................................. 16 First time user login—Pre-‐‑populating the user’s IM contacts and filters ......................... 16 Reviewing your new accounts ......................................................................................................... 17 Changing your password ................................................................................................................... 17 Logging out of the Admin Portal ...................................................................................................... 18 Key Management Infrastructure (Assisted Installation) ............................................. 18 The Symphony Private Pod Architecture ..................................................................................... 19 Selecting your Deployment Option ................................................................................................ 21 Option 1: Software SM and Key Manager Operating in the cloud .................................................. 21 Option2: Software SM and on-‐‑premises Key Manager ....................................................................... 22 Option3: HSM and on-‐‑prem KeyManager ................................................................................................ 23 Where to Install the Key Manager and HSM ................................................................................ 24 Load Balancers ..................................................................................................................................................... 25 Installing the Key Manager ............................................................................................................... 25 Install the host server for your Key Manager and Software SM ..................................................... 25 Create a Service Account for your Key Manager ................................................................................... 29 Download the KeyManager RPM file .......................................................................................................... 29 Installing the Java Cryptography Extension (JCE) ................................................................................ 30 Running the RPM Installation ........................................................................................................................ 31 Configuring Certificates .................................................................................................................................... 31 Bootstrapping the Software SM and HSM Keys ..................................................................................... 34 Software SM JSON file ....................................................................................................................................... 34 Safenet LUNA hardware HSM – JSON File ................................................................................................ 35 Bootstrapping your Keys ................................................................................................................................. 36 Administration Guide – Enterprise / Business Version 2 18-‐Apr-‐2016 Tomcat and KeyManager Configuration ................................................................................................... 37 Starting and Stopping the Tomcat service ............................................................................................... 39 Hardware Security Module -‐‑ HSM ................................................................................................... 40 Technical Specifications of SafeNet 7000 ........................................................................................... 41 KMs and HSMs installation on the customer network ................................................................ 42 Key Manager/HSM connectivity .............................................................................................................. 43 HSM Installation ................................................................................................................................... 43 Overview ............................................................................................................................................................... 43 Before you Begin ............................................................................................................................................... 44 Install Luna SA Appliance ................................................................................................................................ 44 Initial HSM Configuration .................................................................................................................. 47 Login ........................................................................................................................................................................ 47 Change Default Password ............................................................................................................................ 47 Set Time Zone, Date and Time .................................................................................................................. 47 Configure Network Parameters ............................................................................................................... 48 Change Network Configuration Settings ............................................................................................. 48 Generate a New Server Certificate ......................................................................................................... 50 Bind the Network Trust Link Service ................................................................................................... 51 Initialize the HSM and Adjust Policies ....................................................................................................... 52 SafeNet appliance software upgrade .......................................................................................................... 52 Introduction to Partitions ............................................................................................................................... 53 Partition Requirements and Size ................................................................................................................. 53 Create a Partition and Adjust Policies ........................................................................................................ 53 Activate Partition (Only If using PED based authentication) ........................................................... 55 Download Safenet software ....................................................................................................................... 55 Set Up a Network trust Link ........................................................................................................................... 60 High Availability Groups .................................................................................................................................. 63 Updating your Key Manager ............................................................................................................. 66 Managing your pod ................................................................................................................... 66 The Symphony Pod .............................................................................................................................. 66 Roles ......................................................................................................................................................... 66 Compliance Roles ................................................................................................................................................ 69 Roles for Information Barriers ...................................................................................................................... 70 Searching and filtering ....................................................................................................................... 71 Create a user and generate a password manually .................................................................... 71 Editing a user ........................................................................................................................................................ 73 Changing the Username ................................................................................................................................... 73 Deactivating an account ................................................................................................................................... 74 Promoting an end user to admin .................................................................................................................. 75 Changing a user’s password ........................................................................................................................... 75 Creating Service User Accounts ....................................................................................................... 75 Feature Entitlements ................................................................................................................ 77 Configuration scenarios ..................................................................................................................... 78 Disable features for the entire pod ................................................................................................ 78 Enabling feature settings for new users by default .................................................................. 79 Manually setting features for all users (without using default values) ............................. 79 Enabling External Communications (sharing files is not yet available) ............................ 80 Administration Guide – Enterprise / Business Version 3 18-‐Apr-‐2016 Enabling “Can Send Files Internally” ............................................................................................. 80 Making changes to an individual user ........................................................................................... 81 Managing Applications ............................................................................................................ 81 Installing a New Application ............................................................................................................. 81 Application Entitlement ..................................................................................................................... 83 Installing the desktop client .................................................................................................. 85 Download the desktop client ............................................................................................................ 85 Note on dependencies ....................................................................................................................................... 85 Installation Instructions -‐‑ Connecting the client to your Private Pod URL ................................ 85 Launching the desktop client ........................................................................................................... 87 Installing Symphony on multiple users’ computers ................................................................. 87 Authenticating using Single Sign-‐‑On (SSO) ....................................................................... 88 Configuration information required ............................................................................................. 88 Notes on Symphony’s implementation of SSO ............................................................................ 88 SSO and Domain Names ..................................................................................................................... 88 Configuring SSO ..................................................................................................................................... 89 Implications of SSO .............................................................................................................................. 90 Switching off SSO .................................................................................................................................. 90 SSO accounts that also have passwords ........................................................................................ 91 LDAP Synchronization (Sync) ................................................................................................ 91 LDAP Sync Architecture ..................................................................................................................... 92 Tools ......................................................................................................................................................................... 94 Supported Directory Systems .......................................................................................................... 94 Preparing to Install ............................................................................................................................................. 94 Creating the Service User Account .............................................................................................................. 96 Configuring the Directory Bridge ................................................................................................................. 97 Downloading the Directory Bridge ............................................................................................................. 98 Installation ............................................................................................................................................. 98 Account Deletion is NOT Possible .............................................................................................................. 109 Assigning Feature Entitlements.................................................................................................................. 110 Configuration Reference ................................................................................................................. 111 Elements of Configuration ............................................................................................................................ 111 Sync Destinations .............................................................................................................................................. 111 Attribute Maps ................................................................................................................................................... 113 Sync Classes ......................................................................................................................................................... 114 Sync Pipes ............................................................................................................................................................. 115 Sync Sources ........................................................................................................................................................ 116 Compliance ................................................................................................................................ 116 Content Export ................................................................................................................................... 116 Installing the Content Export Bridge ........................................................................................................ 118 Managing and Upgrading the Content Export Bridge ....................................................................... 125 Enabling Content Export ................................................................................................................................ 126 Enabling SFTP Content Export .................................................................................................................... 126 Recurring Export ............................................................................................................................................... 127 Manual Export .................................................................................................................................................... 129 Administration Guide – Enterprise / Business Version 4 18-‐Apr-‐2016 File names ............................................................................................................................................................ 129 Content Export Verification .......................................................................................................................... 131 Accessing the exported SFTP repository ................................................................................................ 131 Exported Content .............................................................................................................................................. 132 Escaped Characters .......................................................................................................................................... 134 Wall Post Information ..................................................................................................................... 135 Content Export Verification ........................................................................................................... 135 User Summary Information ........................................................................................................... 135 Content Export Schema ................................................................................................................... 135 Active Compliance ............................................................................................................................. 141 Expression Filters ............................................................................................................................................. 142 Information Barriers ....................................................................................................................................... 143 Disclaimers .......................................................................................................................................................... 144 List ALL ROOMS and Monitor ...................................................................................................................... 146 Symphony Platform -‐‑ Installing the Agent Server ........................................................ 146 Introduction ........................................................................................................................................ 146 Purpose and Scope of the Agent API ......................................................................................................... 147 User Stories supported by Version 1.0 .................................................................................................... 147 Deployment ......................................................................................................................................................... 148 Agent Purpose .................................................................................................................................................... 149 API Change Management ............................................................................................................................... 149 Authentication .................................................................................................................................................... 149 Agent Simulator Installation ......................................................................................................... 150 Platform Dependencies .................................................................................................................................. 150 Prerequisites ....................................................................................................................................................... 150 Installation and Configuration of the Agent Simulator ..................................................................... 150 Running The Curl Examples ......................................................................................................................... 152 Running the Bulk Presence Example ........................................................................................................ 155 Running the Get Messages Example ......................................................................................................... 155 Running the Test IM Example ..................................................................................................................... 156 Observing the Sent Messages ....................................................................................................................... 157 Observing curl Output and Testing Authorization ............................................................................. 158 Testing the Imposter Client Certificate ................................................................................................... 162 Running The Java Examples ......................................................................................................................... 164 The Java Example Implementation ........................................................................................................... 166 Generating API Documentation and Code Stubs ..................................................................... 169 MessageML .......................................................................................................................................... 170 Production Deployment .................................................................................................................. 171 Platform Dependencies ................................................................................................................... 171 Prerequisites ...................................................................................................................................... 171 Installation and Configuration of the Agent Server ............................................................... 171 Testing the Agent Server using the Simulator Example Programs .................................. 181 BULK MANAGE USERS (CSV Import) .................................................................................. 183 Overview .............................................................................................................................................. 183 Get the CSV template ........................................................................................................................ 184 Introducing the CSV format ........................................................................................................... 184 CSV for Symphony ............................................................................................................................. 185 Administration Guide – Enterprise / Business Version 5 18-‐Apr-‐2016 Password field .................................................................................................................................................... 185 More about SEND_EMAIL ................................................................................................................ 187 Importing CSV ..................................................................................................................................... 187 Displaying Bulk Job History ........................................................................................................... 188 Handling errors ................................................................................................................................. 189 Create and modify users ................................................................................................................. 189 Managing admin accounts with the CSV file ............................................................................. 189 CSV best practices ............................................................................................................................. 190 Deactivating accounts ...................................................................................................................... 190 Usage Statistics and Audit Trail .......................................................................................... 190 Usage statistics ................................................................................................................................... 190 Audit Trail ............................................................................................................................................ 191 Filtering Interface for Audit Trail .............................................................................................................. 191 Conversations ..................................................................................................................................... 193 Administration Guide – Enterprise / Business Version 6 18-‐Apr-‐2016 Discover Symphony! Symphony is a cloud-based, secure communication and workflow platform designed to seamlessly exchange high value content and information, connect users to their community and improve workplace productivity through collaboration while maintaining organizational compliance. This guide describes how to plan, provision and administer a private pod - a dedicated version of Symphony. Preparing your installation -‐ what you need before starting Things you need to know You are free to name your Symphony service as you want, but Symphony needs to configure your choice during the initial creation of your service. Once this is done, you should will receive confirmation of the creation of the pod, the pod name, the IP address range used in your cloud service and your admin credentials. FQDNs and names used in this guide As we mentioned above, you are free to name your Symphony service the way you want. In this guide, we will use the following representation to indicate your pod’s name: <OrgName>. Symphony.com Some screenshots may also use: qa.Symphony.com In either case, you should substitute the name you have selected for your Symphony service. Finally some examples in the LDAP Sync section use “fakecorp” to represent your company name and this should be changed to the name used in your corporate directory service. Locating your admin credentials and pod configuration details During the creation of your pod (your company’s dedicated Symphony cloud service) we provisioned the following items: 1. The FQDN (domain name) for your pod 2. The associated IP address range 3. The credentials for your Super Admin account 4. Credentials for the Super Compliance Officer account You should have received all of the relevant details in an email from Symphony Global Services. Note: Super Compliance Officers receive their credentials separately Please locate this email and follow the instructions it contains. Administration Guide – Enterprise / Business Version 7 18-‐Apr-‐2016 Things you should have Equipment and platform compatibility You should have the latest version of the Google Chrome browser running on Windows, Mac or Chromebook computers or Internet Explorer (IE) 11. Identifying and accessing your Symphony service The Symphony client needs to have access to various components located outside your Firewall. Access to Symphony Cloud Services Please configure your firewall to allow the URLs and port numbers listed below. These values are provided as guidelines only. The actual names will be aligned with the service name you selected for your pod: https:// <OrgName>.symphony.com port 443 http:// <OrgName>.symphony.com port 80 https://s3.amazonaws.com/user-‐pics-‐demo port 443 https://resources.symphony.com port 443 To confirm that the firewall is open, testing each link will either result in a Symphony Login page or a 500 error confirming that the server was reached and responded. You should now be able to start managing your pod. Note: If you intend to activate Content Export then you will also need to allow the use of SFTP on port 22 by the system that will carry out the daily content download: https://<OrgName>-‐tools.symphony.com port 22 Emails from Symphony We use Amazon Simple Email Service (Amazon SES) to send application transaction emails. Note: We will enable DKIM signature for all Symphony application emails. Please ensure that you take the necessary steps with your email infrastructure to enable DKIM signature verification. To avoid any spam filtering of Symphony application emails: • Whitelist the FROM address: no-‐reply-‐< OrgName >@symphony.com in your corporate email system. • Make sure that emails from the following IPs are not blocked by your spam filters: 199.255.192.0/22 199.127.232.0/22 54.240.0.0/18 Administration Guide – Enterprise / Business Version 8 18-‐Apr-‐2016 For more information about AWS SES and DKIM features, visit: • http://sesblog.amazon.com/blog/tag/SPF • http://sesblog.amazon.com/post/TxEH4YOF3YJG0L/Amazon-‐SES-‐IP-‐addresses • http://docs.aws.amazon.com/ses/latest/DeveloperGuide/easy-‐dkim.html Access to the CAPTCHA sign-‐of-‐life mechanism We use the CAPTCHA mechanism to ensure a live person is using <set password>. Please allow access to: www.google.com/recaptcha You can read more about configuring firewalls to support CAPTCHA at: HTTPS://code.google.com/p/recaptcha/wiki/FirewallsAndRecaptcha Getting Started – Logging in to the Admin Portal Understanding accounts Symphony provides a hierarchy of roles for provisioning, managing and supporting your service – we provide full details on role management in the Roles section. With the Admin account you can create users and other admins, activate and de-activate accounts and set the security and password policy for the organization. Please protect your Admin account. As your system grows, so too do the risks associated with your credentials falling into the wrong hands. The Username field uniquely identifies each user in your pod and must be unique across all active or inactive user accounts. In addition, all users must have an email address, which must be unique across all active accounts in the pod. These rules apply to all accounts – including Admin accounts. Log in to the Admin Portal As we mentioned in the previous section, this version works on Chrome and IE11 – please launch your browser and then enter the URL identifying the admin portal for your Pod. The precise URL would have been communicated to you along with your account details. Administration Guide – Enterprise / Business Version 9 18-‐Apr-‐2016 If you are the first (i.e. root) admin, you can set your password by clicking on Forgot Password and entering the email address in which you received the email from Symphony Global Services. Once you have created your password, go back to the admin portal login page and enter your credentials. At first you will be presented with the standard Symphony user interface: click on the settings “gear” symbol located at the top right corner of the interface. The Settings options will be displayed as shown below: Administration Guide – Enterprise / Business Version 10 18-‐Apr-‐2016

Description:

name and this should be changed to the name used in your corporate directory service. Locating your admin credentials and pod configuration details. During the creation of your pod (your company's dedicated Symphony cloud service) we provisioned the following items: 1. The FQDN (domain name)

See more

Logging in to the Admin Portal PDF

Preview Logging in to the Admin Portal

The list of books you might like