Copyright Statement Copyright © Acronis International GmbH, 2002-‐2015. All rights reserved. ͞ ĐƌŽŶŝƐ͟ ĂŶĚ ͞ ĐƌŽŶŝƐ ^ĞĐƵƌĞ ŽŶĞ͟ ĂƌĞ ƌĞŐŝƐƚĞƌĞĚ ƚƌĂĚĞŵĂƌŬƐ ŽĨ ĐƌŽŶŝƐ /ŶƚĞƌŶĂƚŝŽŶĂů 'ŵď,͘ Η ĐƌŽŶŝƐ ŽŵƉƵƚĞ ǁŝƚŚ ŽŶĨŝĚĞŶĐĞΗ͕ ͞ ĐƌŽŶŝƐ ^ƚĂƌƚƵƉ ZĞĐŽǀĞƌLJ DĂŶĂŐĞƌ͕͟ ͞ ĐƌŽŶŝƐ ĐƚŝǀĞ ZĞƐƚŽƌĞ͕͟ ͞ ĐƌŽŶŝƐ /ŶƐƚĂŶƚ ZĞƐƚŽƌĞ͟ ĂŶĚ ƚŚĞ ĐƌŽŶŝƐ ůŽŐŽ ĂƌĞ ƚƌĂĚĞŵĂƌŬƐ ŽĨ ĐƌŽŶŝƐ /ŶƚĞƌŶĂƚŝŽŶĂů 'ŵď,͘ Linux is a registered trademark of Linus Torvalds.
1 Mobile Access This section of the web interface covers all the settings and configurations affecting mobile device users. In this section Concepts ..................................................................................................... 3 Policies ....................................................................................................... 5 On-‐boarding Mobile Devices ...................................................................
Any number of Gateway Servers can later be added to the network and configured for access from the client app. Note: Details on installing Acronis Access are included in the Installing section of this guide. Configuration of Gateway Servers and Data Sources is explained in the Mobile Access (p. 3) section.
Fig 2. One Gateway Server, one Gateway Server + Acronis Access Server, many clients 1.2 Policies Acronis Access Client Management allows policies to be assigned to Active Directory groups. Group policies will usually address most or all of your client management requirements. The group policies list is displayed in order of precedence, with the first group in the list having the highest priority.
In this section Adding a New Policy ................................................................................... 6 Modifying Policies ...................................................................................... 7 Policy Settings ............................................................................................ 8 Creating a Blocked Path list ..................................................................... 18 Allowed Apps .........................
To add a new user policy: 1. Open the User policies tab. 2. Click the Add new policy button to add a new user policy. This will open the Add a new user policy page. 3. In the Find user field, enter the partial or complete Active Directory user name for which you'd like to create a policy. You can perform 'begins with' or 'contains' searches for Active Directory users.
To modify a group policy 1. 2. 3. 4. Click the Groups Policies option in top menu bar. Click on the group you would like to modify. Make any changes necessary on the Edit Group Policy page and press Save. To temporarily disable a policy, uncheck the check box in the Enabled column for the desired group. This change takes effect immediately. 5.
1.2.3.1 Security Policy App password creation -‐ The Access Mobile Client application can be set with a lock password that must be first entered when launching the application. Optional -‐ This setting will not force the user to configure an application lock password, but they will be able to set one from the Settings menu within the app if they desire.
to modify their App will lock setting from within the Access Mobile Client settings, select Allow user to change this setting. 10 Minimum password length -‐ The minimum allowed length of the application lock password. Minimum number of complex characters -‐ The minimum number of non-‐letter, non-‐number characters required in the application lock password.
1.2.3.2 Application Policy Require Confirmation When Deleting Files -‐ When enabled, the user will be asked for confirmation each time they delete a file. If you would like the user to be able to later modify this setting, select Allow user to change this setting. Set the Default File Action -‐ This option determines what will happen when a user taps a file in the Access Mobile Client application.
Thumbnail Cache Size: -‐ Sets how much space will be reserved for thumbnails. Only Download Thumbnail Previews on WiFi Networks -‐ When enabled, thumbnails will be available only if the user is connected to a WiFi network. Content in My Files and File Inbox Expires after X days -‐ If this option is enabled, files in the File Inbox and in My Files will be deleted from the device after the set number of days.
File Deletes -‐ If this option is disabled, the user will not be able to delete files from the Gateway Server. This setting supersedes any NTFS permissions that client may have that allow file deletion. File Moves -‐ If this option is disabled, the user will not be able to move files from one location to another on the Gateway Server, or from the server to the Access Mobile Client application's local My Files storage.
App Whitelist/Blacklist -‐ Select a predefined whitelist or blacklist that restricts that third party apps that Acronis Access files can be opened into on the device. To create a whitelist or blacklist, click Allowed Apps in the top menu bar.
Allow User to Create Sync Folders -‐ Allows the user to create their own sync folders. Only Allow File Syncing While Device is on WiFi Networks -‐ When this option is enabled, Acronis Access will not allow files to be synced over cellular connections. If Allow User to Change This Setting is enabled, clients will be able to enable or disable automatic file syncing while on WiFi networks.
Custom home directory path -‐ The home folder shown in the Access Mobile Client app will connect the user to the server and path defined in this setting. The %USERNAME% wildcard can be used to include the user's username in the home folder path. %USERNAME% must be capitalized. Sync ʹ This option selects the type of sync of your Home Directory.
Allow user to add individual servers -‐ If this option is enabled, users will be able to manually add servers from within the Access Mobile Client application, as long as they have the server's DNS name or IP address. If you want the user to only have their policy Assigned Servers available, leave this option disabled.
are deferred to the Good Dynamics system and the Good Dynamics policy set that you have configured on your Good Control server. With MobileIron, a few of the standard Acronis Access policy features are deferred to the MobileIron AppConnect platform. These exceptions are noted on the Acronis Access policy configuration pages. Hover over the Good, Android and MobileIron logos for more details on the individual policy exceptions.
1.2.5 Allowed Apps Acronis Access Client Management allows you to create whitelists or blacklists that restrict the Access Mobile Client's ability to open files into other apps on a mobile device. These can be used to ensure that any files accessible through the Access Mobile Client can only be opened into secure, trusted apps.
4. Enter the app's Bundle identifier. This must match the intended apps bundle identifier exactly, or it will not white or blacklisted. 5. Click Save. You can find the bundle identifier either by browsing the files on your device or you can view it in an iTunes Library. 1.2.5.
7. 8. 9. 10. 11. Unzip this newly created ZIP file and you'll end up with a folder with the application name. Inside that folder is a file called iTunesMetadata.plist Open this PLIST file in a text editor. Find the softwareVersionBundleId key in the list. The string value below it is the bundle identifier value that you will need to enter for the app in Acronis Access. These are commonly formatted as: com.companyname.appname 1.2.
Require that client is enrolled with an Acronis Access server -‐ If you select this option, all Access Mobile Clients connecting to this server are required to be managed by a Acronis Access server that is listed under Allowable Acronis Access servers. This option ensures that all clients accessing the server have the settings and security options you require.
need to enroll the Access Mobile Client app on their device with the Acronis Access Server. Once enrolled, their mobile client configuration, security settings, and capabilities are controlled by their Acronis Access user or group policy.
4. Open the Settings tab. 5. Select the desired device enrollment requirements Acronis Access includes two device enrollment mode options. This mode is used for all client enrollments.
Download enrollment invitations as CSV -‐ The entire or filtered invitations list can be exported to a CSV file and opened in Excel or imported into a custom process.
7. Choose the number of days you'd like the invitation to be valid for in the Number of days until invitation expires field. 8. Choose the number of PINs you'd like to send to each user on the invitations list. This can be used in cases where a user may 2 or 3 devices. They will receive individual emails containing each unique one-‐time-‐use PIN.
The email guides them through the process of installing the Access Mobile Client and entering their enrollment information. If the Access Mobile Client app has already been installed, and the user taps the "Tap this link to automatically begin enrollment..." option while viewing this email on their device, Acronis Access will automatically launch and the enrollment form will be displayed.
If their management policy requires an application lock password, they will be prompted to enter one. All password complexity requirements configured in their policy will be enforced for this initial password, and for any change of their application lock password in the future.
A confirmation window may appear if your management policy restricts the storage of files in Acronis Access or disables your ability to add individual servers from within the Access Mobile Client app. If you have files stored locally in the Access Mobile Client app, you will be asked to confirm that any files in your My Files local file storage will be deleted.
1.4 Managing Gateway Servers The Acronis Access Gateway Server is the server contacted by the Access Mobile Clients that handles accessing and manipulating files and folders in file servers, SharePoint respositories, and/or Sync & Share volumes. The Gateway Server is the "gateway" for mobile clients to their files. The Acronis Access Server can manage and configure one or more Gateway Servers from the same management console.
Support for content search of shared is enabled by default, and can be enabled or disabled by checking this option. You can enable or disable content searching for each Gateway Server in the Edit Server dialog.
Note: The port 443 is the default port. If you have changed the default port, add your port number after localhost. 3. Write down the Administration Key. 4. 5. 6. 7. Open the Acronis Access Web Interface. Open the Mobile Access tab. Open the Gateway Servers page. Press the Add New Gateway Server button. 8. Enter a Display Name for your Gateway Server. 9. Enter the DNS name or IP address of your Gateway Server.
1.4.2 Server Details Opening the Details page of a Gateway Server gives you a lot of useful information about that specific server and its users. Status The Status section gives you information about the Gateway Server itself. Information like the operating system, the type of the license, number of licenses used, version of the Gateway Server and more.
Displays a table of all users currently active in this Gateway Server. User -‐ Shows the user's Active Directory (full) name. Location -‐ Shows the IP address of the device. Device -‐ Shows the name given to the device by the user. Model -‐ Shows the type/model of the device. OS -‐ Shows the operating system of the device.
Logging The Logging section allows you to control whether the logging events from this specific Gateway Server will be shown in the Audit Log and allows you to enable Debug logging for this server. To enable Audit Logging for a specific gateway server: 1. 2. 3. 4. 5. 6. 7. 8. Open the web interface. Log in as an administrator. Open the Mobile Access tab. Open the Gateway Servers tab.
Search Index local data sources for filename search By default, indexed searching is enabled on all Gateway Servers. You can disable or enable indexed ƐĞĂƌĐŚŝŶŐ ĨŽƌ ĞĂĐŚ 'ĂƚĞǁĂLJ ^ĞƌǀĞƌ ŝŶ ƚŚĞ 'ĂƚĞǁĂLJ͛Ɛ Ěŝƚ ^ĞƌǀĞƌ ĚŝĂůŽŐ͘ Default path By default on a standalone server, Acronis Access stores index files in the Search Indexes directory in the Acronis Access Gateway Server application folder.
SharePoint Entering these credentials is optional for general SharePoint support, but required to enumerate site collections. For example, say you have two site collections: http://sharepoint.example.com and http://sharepoint.example.com/SeparateCollection. Without entering credentials, if you create a volume pointing to http://sharepoint.example.com, you will not see a folder called SeparateCollection when enumerating the volume.
3. Under Web Applications click on Manage web applications. 4. Select your web application from the list and click on User Policy. 5. Select the checkbox of the user you want to give permissions to and click on Edit Permissions of Selected Users. If the user is not in the list, you can add him by clicking on Add Users.
6. From the Permission Policy Levels section, select the checkbox for Full Read -‐ Has Full read-‐only access. 7. Press the Save button.
Advanced Note: It is recommended that these settings only be changed at the request of a customer support representative. Hide inaccessible items -‐ When enabled, files and folders for which the user does not have the Read permission will not be shown.
present delegated credentials to your SharePoint server on behalf of you users. Enabling the Acronis Access Windows server to perform Kerberos Delegation: 1. In Active Directory Users and Computers, locate the Windows server or servers that you have the Gateway Server installed on. They are commonly in the Computers folder. 2. Open the Properties window for the Windows server and select the Delegation tab. 3.
to manage all policies, devices and settings while the gateways' role is to provide access to the file shares. To create a cluster group: Please make sure that you have already configured a correct Address for Administration on each Gateway before proceeding. This is the DNS or IP address of the Gateway server. 1. 2. 3. 4. 5. 6. 7. 8. Open the Acronis Access Web Interface. Open the Mobile Access tab.
9. Press Create. Editing a cluster group: Editing cluster groups does not differ from editing regular Gateways. For more information visit the Editing Gateway Servers (p. 34) article. Adding members to an existing cluster group: 1. Open the web interface and navigate to Mobile Access -‐> Gateway Servers. 2. Open the action menu for the desired cluster group and select Add Cluster Members from the available actions. 3.
Changing Permissions for Shared Files and Folders Acronis Access uses the existing Windows user accounts and passwords. Because Acronis Access ĞŶĨŽƌĐĞƐ tŝŶĚŽǁƐ Ed&^ ƉĞƌŵŝƐƐŝŽŶƐ͕ LJŽƵ ƐŚŽƵůĚ ŶŽƌŵĂůůLJ ƵƐĞ tŝŶĚŽǁƐ͛ ďƵŝůƚ-‐in tools for adjusting directory and file permissions. The standard Windows tools provide the most flexibility for setting up your security policy.
server are added, modified, or deleted. This folder is intended to give local/offline access to a set of server-‐based files and appears as read-‐only to the user. 2-‐Way -‐ The folder will appear as a local folder in the Acronis Access client app. Its complete contents will initially be synced from the server to the device.
The Access Mobile Client supports NTLM, Kerberos Constrained Delegation, Claims based and SharePoint 365 authentication. Depending on your SharePoint setup, you may need to make some additional configurations to the Gateway Server used to connect to these Data Sources. For more information visit the Editing Gateway Servers (p. 34) article. Note: Make sure you have at least 1 Gateway Server available.
3. 4. 5. 6. 7. 8. Open the Data Sources tab. Go to Folders. Press the Add New Folder button. Enter a display name for the folder. Select the Gateway Server which will give access to this folder. Select the location of the data. This can be on the actual Gateway Server, on another SMB server, on a SharePoint Site or Library or on a Sync & Share server.
The Folders table lists the Data Source's display name, Gateway Server, sync type, path and the policies to which this Data Source is assigned. By pressing the Edit resources assigned to button, the administrator can quickly edit the assignments for this policy.
1.5.3 Gateway Servers Visible on Clients Gateway Servers can be assigned to User or Group policies and can be used as Data Sources. This page displays all Gateway Servers displayed on the user's Acronis Access Mobile client and if those Gateway Servers are assigned to a User or Group policy. You can also edit these assignment here.
Adding a new legacy folder 1. 2. 3. 4. Press the Add New Legacy Folder button. Enter a Display Name. This name will be shown in the mobilEcho client application. Select the mobilEcho server that contains the mobilEcho volume where the folder is located. Enter the folder's Path. The path must begin with the mobilEcho shared volume name.
1.6 Settings Enrollment Settings Mobile Client Enrollment Address -‐ specifies the address which mobile clients should use when enrolling in client management. Note: It is highly recommended to use a DNS name for the mobile client enrollment address. After successfully enrolling in Client Management, the Access Mobile Client app stores the address of the management server.
2 Sync & Share This section of the Web Interface is available only if you have enabled Sync & Share functionality. Otherwise you will see a button Enable sync & share support. In this section Sharing Restrictions ................................................................................. 52 LDAP Provisioning .................................................................................... 53 Quotas ...................................................
2.2 LDAP Provisioning Members of groups listed here will have their user accounts automatically created at first login. LDAP Group This is the list of currently selected groups. Common Name / Display Name -‐ The display name given to the user or group. Distinguished Name -‐ The distinguished name given to the user or group. A distinguished name is a unique name for an entry in the Directory Service. 2.
Enable Quotas? -‐ If enabled, limits the maximum space a user has by a quota. Ad-‐hoc User Quota -‐ Sets the quota for Ad-‐Hoc users. LDAP User Quota -‐ Sets the quota for LDAP users. Enable admin-‐specific quotas? -‐ If enabled, administrators will have a separate quota applied to them. Admin Quota -‐ Sets the quota for administrators.
Keep at least X revisions per file, regardless -‐ If enabled, keeps a minimum number of revisions per file, regardless of their age. Only keep X revisions per file -‐ If enabled, limits the maximum number of revisions per file. Note: Pushing the Save button will start a purge immediately, otherwise a regular scan runs every 60 minutes. 2.5 User Expiration Policies Users who expire will lose access to all their data.
2.6 File Repository These settings determine where files uploaded for syncing and sharing will be stored. In the default configuration, the file system repository is installed on the same server as the Acronis Access Server. The File Repository is used to store Acronis Access Sync & Share files and previous revisions. The Acronis Access Configuration utility is used to set the file repository address, port and file store location.
2.7 Acronis Access Client These settings are for the Access Desktop Client. Force Legacy Polling Mode -‐ Forces the clients to poll the server instead of being asynchronously notified by the server. You should only enable this option if instructed to do so by Acronis support. Client Polling Time -‐ Sets the time intervals in which the client will poll the server.
58 Copyright © Acronis International GmbH, 2002-2015
3 Server Administration In this section Administering a Server ............................................................................. 59 Administrators and Privileges .................................................................. 60 Audit Log .................................................................................................. 63 Server .......................................................................................................
3.2 Administrators and Privileges Provisioned LDAP Administrator Groups This section allows you to manage your administrative groups. Users in these groups will automatically receive the group's administrative privileges. All of the rights are shown in a table, the ones that are currently enabled have a green mark. Using the Actions button you can delete or edit the group. You can edit the group's administrative rights.
3. 4. 5. 6. Mark all of the administrative rights you want your group users to have. Find the group. Click on the group name. Press Save. Administrative Users This section lists all your Users with administrative rights, their authentication type (Ad-‐Hoc or LDAP), whether they have Sync & Share rights and their status (Disabled or Enabled).
Administrative rights Full administrative rights -‐ Gives the user full administrative rights. Can manage mobile Data Sources -‐ Gives the user the right to manage the mobile Data Sources. This includes adding new Gateway Servers and Data Sources, managing the assigned sources, gateways visible on clients and legacy Data Sources. Can manage mobile policies -‐ Gives the user the right to manage the mobile policies.
3.3 3.3.1 Audit Log Log Here you can see all of the recent events (depending on your purging policy, the time limit might be different), the users from which the log originated and a message explaining the action. Filter by User ʹ filters the logs by User. You can select All, No user or choose one of the available users. Filter by Shared Projects ʹ filters the logs by Shared Project.
Note: The default location for the debug logs is: C:\Program Files (x86)\Acronis\Access\Gateway Server\Logs\AcronisAccessGateway 1. 2. 3. 4. 5. 6. 7. 8. Open the web interface. Log in as an administrator. Open the Mobile Access tab. Open the Gateway Servers tab. Find the server for which you want to enable Debug Logging. Press the Details button. In the Logging section check Debug Logging. Press the Save button. 3.3.
Session timeout in minutes ʹ sets the length of the user session. Enable Sync and Share Support -‐ this checkbox enables/disables the Sync and Share features. Notification Settings Email administrator a summary of errors? ʹ If enabled, a summary of errors will be sent to specified email addresses. 3.5 Email Addresses ʹ one or more email addresses which will receive a summary of errors.
Custom schemes You can customize the look of both the Administration page and the Web Client page through custom schemes. To do so: 1. Open your Acronis Access installation folder (e.g. C:\Program Files (x86)\Acronis\Access\) and navigate to \Access Server\Web Application\customizations\. 2. Open the folder with the name of your database. e.g.
3.6 SMTP Acronis Access Server uses the configured SMTP server to send emails to invite users to share or enroll mobile devices, as well as notify users and administrators of server activity. SMTP server address -‐ enter the DNS name of an SMTP server that will be used to send email invitations to your users. SMTP server port -‐ enter your SMTP server port. This setting defaults to port 587.
3.7 LDAP Microsoft Active Directory can be used to provide mobile access and sync and share access to users in your organization. LDAP is not required for unmanaged mobile access or sync and share support, but is required for managed mobile access. Other Active Directory products (i.e. Open Directory) are not supported at this time.
Enable LDAP? -‐ If enabled, you will be able to configure LDAP. LDAP server address -‐ enter the DNS name or IP address of the Active Directory server you would like to use for regulating access. LDAP server port -‐ the default Active Directory port is 389. This will likely not need to be modified. Note: If you're supporting multiple domains you should probably use the global catalog port.
templates can be found in the Legacy mobilEcho files folder by default located here: C:\Program Files (x86)\Group Logic\Access Server\Legacy mobilEcho files. The files are named invitation.html.erb and invitation.txt.erb. Select Language -‐ Select the default language of the invitation emails.
Note: Editing a template in English does not edit the other languages. You need to edit each template separately for each language. Notice that templates allow you to include dynamic information by including parameters. When a message is delivered these parameters are replaced with the appropriate data. Different events have different available parameters.
3.9 Licensing You will see a list of all your licenses. License -‐ Type of the license (Trial, subscription etc). Clients -‐ Maximum number of allowed licensed users. Current Licensed Client Count -‐ Number of currently used user licenses. Current Free Client Count -‐ Number of free users currently in the system. Adding a new license 1. 2. 3. 4. Copy your license key. Paste it in the Add license key field.
To license them, you will need a mobilEcho license. Follow the steps below: 1. Open the web interface and log in as an administrator. 2. Open the General Settings tab and open the Licensing page. 3. In the Legacy mobilEcho Licenses section you have a list of all Gateway servers using the old licensing. 4. Press Add License for the desired Gateway and enter your license key. 5. Press Save. 3.
As of version 7.0 of the Acronis Access Server, the exceptions module has been removed from the list of available modules and is enabled at all times by default. Users that have upgraded from a previous version of Acronis Access may still see the exceptions module in the list. Once you make a change to the logging options and press Save, it will disappear.
1. Open http://newrelic.com/ http://newrelic.com/ and create a New Relic account or log in with an existing account. Once that is done, proceed with your Application configuration. 2. For Application Type select APM. 3. For platform, select Ruby. 4. Download the New Relic script shown in Step 3 of the New Relic Starting Guide (newrelic.yml). 5. Open your Acronis Access web console. 6. Navigate to Settings -‐> Monitoring. 7.
4 Maintenance Tasks To backup all of Acronis Access's elements and as part of your best practices and backup procedures, you may want to read the Disaster Recovery guidelines (p. 76) article. In this section Disaster Recovery guidelines ................................................................... 76 Backing up and Restoring Acronis Access ................................................ 78 Tomcat Log Management on Windows .............
Note: The FileStore structure contains user files and folders in encrypted form. This structure can be copied or backed up using any standard file copy tool (robocopy, xtree). Normally this structure should be located in a high availability network volume or NAS so the location may differ from the default. PostGreSQL database. This is a discrete element running as a Windows service, installed and used by Acronis Access.
1. Boot up the recovery node. Adjust any network configuration like IP Address, Host Name if needed. Test Active Directory connectivity and SMTP access, 2. If needed restore the most recent Acronis Access software suite backup. 3. Verify that Tomcat is not running (Windows Control Panel/Services). 4. If needed, restore the FileStore. Make sure the relative location of the FileStore is the same as it was in the source computer.
Info: For more information on PostgreSQL backup procedures and command syntax please read this: http://www.postgresql.org/docs/9.2/static/backup.html http://www.postgresql.org/docs/9.1/static/backup.html Backing up your Gateway Server's database 1. Go to the server on which you have your Acronis Access Gateway Server installed. 2. Navigate to the folder containing the database. Note: The default location is: C:\Program Files (x86)\Acronis\Access
A "password for user postgres: " message may appear. If that happens, enter the postgres password that you set during the Acronis Access installation process. acronisaccess_production must be entered exactly as shown. This is the Acronis Access database name. 6. Once the process has completed successfully, restart the postgres service and start the Acronis Access Tomcat service.
4.3 Tomcat Log Management on Windows As part of its normal operation Tomcat creates and writes information to a set of log files. Unless periodically purged, these files accumulate and consume valuable space. It is commonly accepted by the IT community that the informational value those logs provide degrades rapidly.
REM NumDays -‐ Log files older than NumDays will be processed set NumDays=14 REM ===== END OF CONFIGURATIONS ====================== ECHO ECHO ===== START ============ REM ForFiles options: REM "/p": the path where you want to delete files.
4. To automate the process, open Task Scheduler and create a new task. Define a name and a description for the task. 5. Set the task to run daily. 6. Define at what time the task should start. It is recommended to run this process when the system is not under extreme load or other maintenance processes are running.
7. ^Ğƚ ƚŚĞ ĂĐƚŝŽŶ ƚLJƉĞ ƚŽ ͞^ƚĂƌƚ Ă ƉƌŽŐƌĂŵ͘͟ 8. Click the Browse button, locate and select the script (batch) file. 9. When done, click Finish. 10. In the tasks list you may want to right click on the task, select properties and verify the task will run whether a user is logged on or not, for unattended operation. 11.
4.4 Automated Database Backup With the help of the Windows Task Scheduler, you can easily setup an automated backup schedule for your Acronis Access database. Creating the database backup script 1.
1. Enter a name and description for the task (e.g. AAS Database Backup). 2. Select Run whether user is logged in or not. On the Triggers tab: 1. Click New. 2. Select On a schedule for Begin the task. 3. Select daily and select the time when the script will be run and how often the script should be rerun (how often you want to backup your database). 4. Select Enabled from the Advanced settings and press OK.
2. Click on the Acronis Access Tomcat Configuration tool shortcut. 3. Open the Java tab. 4. Change the Maximum memory pool to the desired size and press OK. 5. Restart the Acronis Access Tomcat service.
5 Supplemental Material In this section Conflicting Software ................................................................................. 88 Load balancing Acronis Access ................................................................. 88 Third-‐party Software for Acronis Access .................................................. 94 Using Acronis Access with Microsoft Forefront Threat Management Gateway (TMG) Unattended desktop client configuration ...........
In the setup example we will use three separate machines. One of them will act as our File Repository and Database and the other two as both Access and Gateway servers. Below you can see a guide on how to configure this setup. This guide will provide the details necessary to properly load balance the Acronis Access product in your environment.
6. After finishing the installation procedure, proceed with going through the Configuration Utility. a. You will be prompted to open the Configuration Utility. Press OK. b. Select the address and port on which your File Repository will be accessible. Note: You will need to set the same address and port in the Acronis Access web interface. For more information visit the Using the Configuration Utility and File Repository (p. 56) articles.
2. In the Access installer, choose Custom, and select only Acronis Access Server and Acronis Access Gateway Server and continue with the installation procedure. 3. After finishing the installation procedure, proceed with going through the Configuration Utility. a. You will be prompted to open the Configuration Utility. Press OK. b.
Note: If you don't have a certificate, a self-‐signed certificate will be created by Acronis Access. This certificate should NOT be used in production environments. 4. Navigate to the Acronis Access installation directory (e.g. C:\Program Files (x86)\Acronis\Access\Access Server\ ) and edit acronisaccess.cfg with a text editor. 5.
c. The Client Enrollment Address should be the external address of your load balancer (i.e. mylb.company.com). Select your Color Scheme. Enter the DNS name or IP address of your SMTP server Select the language for the Audit Log messages. Under the SMTP tab: Enter the port of your SMTP server. If you do not use certificates for your SMTP server, unmark Use secure connection?.
5. Create a Cluster Group and add all of your Gateway servers to it. Your primary server should be the one you have already gone through the Setup Wizard on. For more information visit the Cluster Groups (p. 41) article. Note: Please make sure that you have already configured a correct Address for Administration on each Gateway before proceeding. This is the DNS or IP address of the Gateway server. a. b. c. d. e. f. g.
http://wiki.postgresql.org/wiki/Running_&_Installing_PostgreSQL_On_Native_Windows#Antivirus_s oftware. For information on backing up a PostgreSQL database: PostgreSQL backup. 5.3.2 Apache Tomcat Acronis Access Server uses ApacheTomcat for its web server. Acronis Access 2.7 and later installs its own version of Tomcat into the Group Logic\Common or Acronis\Common folder. Troubleshooting Tomcat Wiki https://wiki.openmrs.
your TMG server to get it working with Acronis Access. To use TMG as reverse proxy and firewall for your Acronis Access server you need to create two separate networks on your TMG computer: internal and external. The two TMG network adapters should be properly configured, one with a private (internal IP address) and one with a public (external IP address). The Acronis Access server should be part of the internal network.
5.4.2.1 Understanding Forefront Threat Management Gateway (TMG) Network Topology Forefront TMG includes four different network templates, that can fit in your existing network topology. It is important to choose the most appropriate for your organization option. After installing TMG, the Getting Started Wizard will appear, where you need to make initial configuration to your TMG.
Single Network Adapter -‐ This topology enables limited Forefront TMG functionality. In this topology, Forefront TMG is connected to one network only, either the internal network or a perimeter network. Typically, you would use this configuration when Forefront TMG is located in the internal corporate network or in a perimeter network, and another firewall is located at the edge, protecting corporate resources from the Internet.
HTTP authentication: Basic authentication -‐ The user enters a username and password which the TMG server validates against the specified authentication server. Digest and WDigest authentication -‐ Has the same features as the Basic authentication but provides a more secure way of transmitting the authentication credentials. Integrated windows authentication -‐ Uses the NTLM, Kerberos, and Negotiate authentication mechanisms.
Verify that your CA is in the list of trusted root CAs: 1. On each edge server, click Start, and then click Run. In the Open box, type mmc, and then click OK. This opens an MMC console. 2. On the File menu, click Add/Remove Snap-‐in. 3. In the Add Standalone Snap-‐ins box, click Certificates, and then click Add. 4. In the Certificate snap-‐in dialog box, click Computer account, and then click Next. 5.
5. On the Client Connection Security page select Require SSL secured connections with clients and click Next. 6. On the Web Listener IP Addresses page select External and click Next.
7. On the Listener SSL Certificates page select Use a single certificate for this Web Listener and click the Select Certificate button. Select the appropriate certificate and click the Select button to confirm your choice. 8. Confirm that the correct certificate appears on the Listener SSL Certificates page and click Next. 9.
SSL Client Certificate Authentication -‐ Use this option if you'd like the Access Mobile Client app to authenticate with the TMG reverse proxy with an SSL user identity certificate. This certificate must be added to the Access Mobile Client app before the user can authenticate with the TMG reverse proxy server. Additional instructions can be found here. http://support.grouplogic.
10. On the Single Sign On Settings page verify that the SSO setting is disabled and click Next. 11. Review your selections on the Completing The New Web Listener Wizard page and click Finish. 12. Click the Apply button to commit the changes.
13. In the left pane of the Forefront TMG Management Console click Monitoring, then click on the Configuration tab in the middle pane. Keep clicking on the Refresh Now link in the right pane (Tasks tab) until there is a green icon with the checkbox in front of the TMG computer name (array name). 5.4.5 Create a New Web Site Publishing Rule 1.
4. On the Select Rule Action page verify that the Allow option is selected and click Next. 5. On the Publishing Type page choose the applicable option for your case and click Next.
6. On the Server Connection Security page choose the Use SSL to connect to the published Web server or server farm option and click Next. 7. On the Internal Publishing Details page type "intname.domain.
8. On the Internal Publishing Details page enter "/*" in the Path (optional) field to allow access to the entire content of the Acronis Access Gateway server. Click Next. 9. On the Public Name Details page you need to specify the name that the remote clients will use to connect to the published server. Enter "access.domain.
10. On the Select Web Listener page select the web listener that you have created for Acronis Access from the drop-‐down menu and click Next. 11. On the Authentication Delegation page select the No delegation, but client may authenticate directly option from the drop-‐down menu and click Next.
12. On the User Sets page verify that the default All Users option is present and click Next to continue. 13. On the Completing The New Web Publishing Rule Wizard page review the summary of your selections. Click Test Rule to confirm that the publishing rule is working properly. Click Finish to complete the process.
14. Click the Apply button to commit the changes. 15. In the left pane of the Forefront TMG Management Console click Monitoring, then click on the Configuration tab in the middle pane. Keep clicking on the Refresh Now link in the right pane (Tasks tab) until there is a green icon with the checkbox in front of the TMG computer name (array name). 5.4.
5.5 Unattended desktop client configuration With the use of Microsoft's Group Policy Management, you can easily configure the Acronis Access Desktop client on multiple machines remotely. The only thing end users will have to do is install, start the client and enter their password. The Group Policy Management also ensures that users cannot change/replace the correct settings by accident.
8. For the Sync-‐Folder: a. For Value name enter "activEcho Folder". b. For Value type select REG_SZ. c. For Value data enter the following token and path: %USERPROFILE%\Desktop\AAS Data Folder 9. For the Auto-‐Update: a. For Value name enter "AutoCheckForUpdates". b. For Value type select DWORD. c. For Value data enter "00000001". The value "1" enables this setting and the client will automatically check for updates.
If you want to monitor the actual computer as well 1. 2. 3. 4. Open http://newrelic.com/ http://newrelic.com/ and log in with your account. Press Servers and download the New Relic installer for your operating system. Install the New Relic monitor on your server. The New Relic server monitor requires Microsoft .NET Framework 4. The link the New Relic installer takes you to is only for the Microsoft .NET Framework 4 Client Profile.
Note: In case you receive this error: WARNING: can't open config file: /usr/local/ssl/openssl.cnf run the following command: set OPENSSL_CONF=C:\OpenSSL-‐Win64\bin\openssl.cfg change the path, depending on where you installed OpenSSL. After you have completed this procedure, attempt step 1 again. 2. You will now be asked to enter details to be entered into your CSR. Use the name of the web server as Common Name (CN).
After you've successfully installed your certificate to your certificate store, you have to configure Acronis Access to use that certificate. 1. Launch the Acronis Access Configuration Utility. Note: Located in C:\Program Files (x86)\Acronis\Access\Configuration Utility by default. 2. Select your certificate from the Certificate selector on the Gateway Server and Access Server tabs. 3. Click Apply.
4. On the new window press Add, enter the name of the group you want to add and press OK. Do this for both LDAP groups and for the Creator Owner group. 5. Press OK to close the new window and return to the Security tab. Setting the permissions On the Security tab, press Advanced and on the Advanced Security Settings window press Change Permissions....
File Deletes Folder Copies Sending Files to Acronis Access from Other Apps Sending Files to Acronis Access Using Quickoffice 'Save Back' Done! Your Drop Folder is now configured and ready for use. 5.9 Customizing the web interface Acronis Access allows for the web based user interface to be modified to satisfy branding and look and feel requirements.
8. Find this setting: Allow client auto-‐update to version. 9. From the drop-‐down menu select your desired version. Note: The download link in the Action menu for your account, will still download the latest available Acronis Access Desktop Client version. If you do not want the users to download the latest version, go to the \Acronis\Access\Access Server\Web Application\clients folder and rename the latest client version (e.g. 3.0.
The components of the Good Dynamics platform include: Good Control server -‐ A server-‐based console that allows the enterprise to enable client access to Good Dynamics enabled apps, create policy sets that govern application permissions and the device types they are allowed to run on, and the ability to revoke access to or wipe Good Dynamics apps on specific devices.
5.12.2 Testing a trial version of Acronis Access for Good Dynamics The process of trialing Acronis Access for Good Dynamics is very much the same as a regular Acronis Access trial. 1. A trial version of the server-‐side software can be requested by visiting the Trial page.
On the Acronis Access for Good app page, click the Get Application button to request a trial or licensed version of the app. https://begood.good.com/gd-‐app-‐details.
If you select a trial version of the app, your access should be granted within a few minutes. You should receive a notification from the beGood site when your request has been accepted and notifying you that the Acronis Access for Good app as been published to your Good Control server. Once this has happened, log into your Good Control server and click Manage Applications in the lefthand menu.
In the Server Info box, enter the DNS name or IP address of your Acronis Access Gateway server. The Port number is usually 443, unless you've configured Acronis Access to run on a non-‐standard port. All communication between Acronis Access clients and the Gateway servers occurs on port 443 by default. Click the 'Check' button to save this change. 5.12.3.
In the Additional Servers box, enter the Gateway server's DNS name or IP address and it's port, then click the "+" icon to add it to the list. The default Gateway server port is 443. 5.12.4 Good Dynamics Policy Sets and Acronis Access The Acronis Access for Good Dynamics app respects the policy settings included in a user's assigned Policy Set. Policy sets are configured on the Good Control server.
apps that include this feature. This functionality is be available, even with the Good Control Data Leakage Protection policy setting enabled. An upcoming version of Acronis Access for Good Dynamics will add the ability to transfer files directly between the Acronis Access for Good Dynamics app and other 3rd party Good Dynamics apps.
4. Select Acronis Access for Good from the list of available applications and click OK. To generate an Access Key that will allow a user to enroll their Acronis Access for Good app with Good Dynamics: 1. Select Manage Users from the lefthand menu in the Good Control console. 2. Select the user you'd like to create an Access Key for. 3.
5.12.6 Enrolling the Acronis Access client app in Good Dynamics The Acronis Access for Good client app available on the Apple App Store http://www.grouplogic.com/web/megoodappstore is purpose build as a Good Dynamics integrated application. When first installed on a device, the Acronis Access app starts and required the user to activate it in your Good Dynamics system. To enroll a Acronis Access client app in Good Dynamics: 1.
4. If required by your Good Dynamics policy, you will be asked to set an application lock password. If you are also using Good for Enterprise, Acronis Access may require that you log into Good for Enterprise in order to gain access to the Acronis Access app. 5. Once this process is completed, you will be taken to the Acronis Access application's home screen.
From this point on, when you start the Access Mobile Client app, you may be required to enter the Acronis Access for Good Dynamics application password that you configured earlier, or you may be required to authenticate with your Good for Enterprise app before Acronis Access opens. Aside from that requirement, Acronis Access for Good Dynamics functions the same way that standard Access Mobile Client does.
5.13 MobileIron AppConnect support In this section Introduction ........................................................................................... 131 Testing a trial version of Acronis Access with AppConnect ................... 131 Creating an AppConnect configuration and policy for Acronis Access on your MobileIron VSP Activating the Acronis Access iOS client with AppConnect ...................
The iOS device also needs to have the MobileIron Mobile@Work app https://itunes.apple.com/app/mobilecho/id320659794 installed before any AppConnect-‐enabled apps can be activated. When you are ready to activate Access Mobile Clients with AppConnect, please proceed to the following sections of this document. 5.13.
Within App Settings, click Add New and select Configuration in the AppConnect menu item.
Within this new AppConnect App Configuration, enter the following information: Name ʹ dŚŝƐ ĐĂŶ ďĞ ĂŶLJ ŶĂŵĞ LJŽƵ͛Ě ůŝŬĞ ƚŽ ĂƐƐŝŐŶ ƚŽ ƚŚŝƐ ĐŽŶĨŝŐƵƌĂƚŝŽŶ͘ zŽƵ ŵĂLJ ĐƌĞĂƚĞ ŵŽƌĞ ƚŚĂŶ one configuration and assign those configurations to different MobileIron labels. Description ʹ This can be any description you like. Application ʹ This must be set to the Bundle Identifier of the Access Mobile Client app, which is: com.grouplogic.
enrollmentAutoSubmit -‐ This key is optional. This will cause the enrollment form to be ƐƵďŵŝƚƚĞĚ ĂƵƚŽŵĂƚŝĐĂůůLJ͕ ƐŽ ƚŚĂƚ ƚŚĞLJ ƵƐĞƌ ĚŽĞƐ ŶŽƚ ŚĂǀĞ ƚŽ ƚĂƉ ƚŚĞ ͞ ŶƌŽůů EŽǁ͟ ďƵƚƚŽŶ ƚŽ proceed. To enable this key, set its value to: Yes requirePIN ʹ This key is optional.
Allow Open In -‐ Select this option if you would like to allow Acronis Access users to open files into other applications on the device. If selected, this option will also allow you to specify a list of specific apps that are allowed. 5.13.3.
the Acronis Access app, tapping the MobileIron AppConnect option towards the bottom of the settings list, and selecting the Enable button. If the AppConnect setup does not begin immediately, please leave the Acronis Access app open for a few minutes to allow it to begin. Once setup begins, it will proceed as described in the previous scenario.
As this is a complex setup in order to reduce errors and simplify troubleshooting, it will be accomplished in two phases. The first phase will establish an AppTunnel using username/password to authentication to the Acronis Access server. This infrastructure will be built on in phase two to add on Kerberos Constrained Delegation.
communication. Port 88 is used for Kerberos protocol communication. Port 389 (or 636) is used for the LDAP ping between Sentry and the KDC to verify that the KDC IP is the same as the Active Directory IP. If Windows Server 2003 is being used, the KDC may listen for requests on port 88 using UDP instead of TCP.
6 Configuring an AppConnect tunnel between the Access Mobile client and the Access server via username/password authentication The first step towards configuring an AppConnect tunnel between the Acronis Access mobile client and the Acronis Access server is to add and configure the Sentry to the VSP. This is a muti-‐step process broken down into the following phases.
4. Click Generate. 5. Then click Save. 6. Click View Certificate on the new CA. 7. Copy the certificate to a new text file and save to the desktop. 1. Open the MobileIron VSP Admin Portal. 2. Select Policies & Configs and open Configuration.
3. Press Add New and select SCEP. Name: Enter a name based on your preference. Setting Type: Select Local. Local CAs: Name of the CA created in "Generate a new Local CA". Subject: Enter a name based on your preference (e.g. CN=tunneling) but it must start with CN=.. Key Size: Select the same value you selected when generating the CA. In this case, select 2048. 4. Click Save. 1.
Sentry Host Name/IP: The DNS name your sentry is installed on. It must be reachable via the MobileIron VSP. Sentry Port: The port open for connection via the MobileIron VSP (default is 9090). Enable App Tunneling: Mark the checkbox. Device Authentication: Select Identity Certificate. 3. Click Upload Certificate. 4. Browse and select the text file you saved to desktop in "Generate a new local CA". 5. Click Upload Certificate.
6. 1. Still within the MobileIron VSP Admin Portal, select Policies & Configs and open Configurations. 2. Press Add New, select AppConnect and select Container Policy. Name: Enter a name based on your preference. Application: Enter com.grouplogic.mobilecho. This is a Bundle ID from the iOS App Store. Policies: Set whatever MobileIron policies you want to use for managing Acronis Access. 3. Click Save. 1.
2. Press Add New, select AppConnect and select Configuration. Name: Enter a name based on your preference. App Tunnel Application: Enter com.grouplogic.mobilecho. This is the Bundle ID as seen in the Apple store. URL Wildcard: The URL that the client will try to contact the Acronis Access gateway server on.
*Address for client connections from the Acronis Access web interface. This address will be used in profiles sent to the mobile client for making file system connections. The sentry URL Wildcard must match this address and port to route those connections through to the sentry. 1. Still within the MobileIron VSP Admin Portal, select Users & Devices and open Labels. 2. Press Add new.
2. Mark the SCEP, AppConnect policies, and AppConnect configurations you created while following this document. Open Configurations to view them listed. 3. Press More Actions and select Apply to Label. 4. Mark the Label created in "Create a new label". 5. Click Apply. 1. Still within the MobileIron VSP Admin Portal, Select Users & Devices and open Devices.
2. Mark the iOS device to be used for Sentry testing. 3. Select Actions -‐> Apply to Label. 4. Check Label created in "Create a new label". 5. Click Apply. 1. Open the Mobile@Work app and open the Settings. 2. Tap on Check for Updates. 3. Tap on Force Device Check-‐In. If this is successful the SCEP configured in this document should show up in the device settings at Settings -‐> General -‐> Profiles.
4. Install Acronis Access from the App Store and Launch it. 5. Select Enroll Now on the Welcome view or go to Settings and scroll down to Enrollment. 6. Enter the address used for client connections to the Acronis Access Gateway and configured in the AppConnect Configuration. For a true test this URL should not be reachable by the mobile client (use celluar or an external network). 7. Tap continue. 8.
5. When traffic comes from the mobile device you should see the sentry log scroll with entries related to the hostname configured.
7 Adding Kerberos Constrained Delegation Authentication Once you have setup and verified the AppTunnel works via Username/Password authentication for Acronis Access, you can modify the configurations created to allow Kerberos Constrained Delegation authentication to the Acronis Access Gateway. When this is properly configured the end user will not have to supply a username or password to enroll with management or to browse data sources.
Ensure that the correct domain name is selected in the field next to the User Logon Name field. If the correct domain is not selected, choose the correct domain name from the drop-‐down list next to the User Logon Name field. 5. Click Next. Password: Enter a password. Password never expires: Ensure that User must change password at next logon is not selected.
4. Find and select the Kerberos user account that you created in "Create a Kerberos Service Account". 5. Right-‐click on the account and select Properties. Click on the Delegation tab. Select Trust This User For Delegation To Specified Services Only. Select Use Any Authentication Protocol. 6. Press ĚĚ͙. 7. Press hƐĞƌƐ Žƌ ŽŵƉƵƚĞƌƐ͙. 153 Enter the computer name of the Acronis Access Gateway Server.
The correct computer name should appear in the object name box. 8. Click OK.
9. Find and select the "http" service in the Add Services window. 10. Click OK. Note: For a large deployment with multiple Gateway Servers you should repeat steps 6 through 10 for each Gateway Server. However, for the initial setup, it's best to begin with a single Gateway Server hosting some local test folders. Once you have confirmed access to those, then you can expand to additional Gateway Servers and non-‐local folders.
4. Click on its name and click Edit in the panel on the right. Enter two Subject Alternative Name Types NT Principal Name: $USER_UPN$ Distinguished Name: $USER_DN$ Note: These entries require user accounts on the VSP to come from the active directory and these variables to be supplied by it. This configuration is beyond the scope of this document. 5. Click Save. 6.
1. Still in the MobileIron VSP Admin Portal, select Settings and open Sentry. 2. Find the Sentry created in "Add and Configure the Sentry". 3. Click on the Edit icon. In the Device Authentication Configuration select the following for the Certificate Field Mapping: Subject Alternative Name Type: NT Principal Name Value: User UPN In the App Tunneling Configuration change the Server Authentication to Kerberos.
Using either the Sentry EXEC or the Sentry logs in the System Manager verify the Sentry is able to reach and receive a Kerberos ticket from the KDC. Find the line "Informational only: Successfully Received Sentry Service Ticket from KDC". This verifies the Sentry is able to reach and communicate with the KDC. The changes we made to the SCEP must be pushed down to the iOS device.
You can verify the SCEP is properly updated using the iOS Settings app. Under Settings -‐> General -‐> Profiles -‐> The SCEP name you created -‐> More Details -‐> Certificate -‐> The portion after CN= you enter in the subject name of the SCEP, you should see entries for "Subject Alternative Name" and "Directory Name".
2. 3. 4. 5. 6. 7. 8. 9. Find the computer object corresponding to the Gateway server. Right-‐click on the user and select Properties. Open the Delegation tab. Select Trust this computer for delegation to specified services only. Under that select Use any authentication protocol. Click Add. Click Users or Computers. Search for the sever object for the SMB share or SharePoint server and click OK.
2. Disable any anti-‐virus software you have or it may interrupt the installation procedure resulting in a failed installation. 3. Double-‐click on the installer executable. 4. Press Next to begin. 5. Read and accept the license agreement. 6. Press Install.
9. Choose a location on a shared disk for the Postgres Data folder and press Next. 10. A window displaying all the components which will be installed appears. Press OK to continue. When the Acronis Access installer finishes, press Exit. Creating the Service group 1. Open the Failover Cluster Manager and expand your cluster. 2. Right-‐click on Services and Applications and select More Actions.
3. Select the Create Empty Service or Application and press Next. Give the service group a proper name. (e.g. Acronis Access, AAS Cluster). Configurations on the Active node 1. Configure your Gateway Server's database to be on a location on a shared disk. a. Navigate to C:\Program Files (x86)\Acronis\Access\Gateway Server\ b. Find the database.yml file and open it with a text editor. c. Find this line: database_path: '.
2. Select Generic Service. 3. Select the proper service and press Next. 4. On the confirmation window press Next.
5. Press Next on the Replicate Registry Settings window. 6. On the summary window press Finish. Setting a Client Access Point 1. Right-‐click on the Acronis Access service group and select Add a resource. 2. Select Client Access Point. 3. Enter a name for this access point.
4. Select a network. 5. Enter the IP address and press Next. 6. On the Confirmation window press Next. 7. On the summary window press Finish. Adding a shared disk 1. Right-‐click on the Acronis Access service group and select Add Storage. 2. Select the desired shared drive. 3. On the Confirmation window press Next. 4. On the summary window press Finish.
Configuring dependencies 1. Double click on the Acronis Access Service group. For PostgreSQL and Acronis Access File Repository services do the following: 1. Right-‐click on the appropriate service and select Properties. 2. Click on the Dependencies tab. 3. Click on Resource and select the shared disk you have added. 4. Press Apply and close the window. For PostgreSQL also do the following: 1. Click on the Registry Replication tab.
2. Press Add and enter the following: SYSTEM\CurrentControlSet\Services\AcronisAccessPostgreSQL\(For older versions of Acronis Access the service may be different. e.g. postgresql-‐x64-‐9.2) For the Acronis Access Gateway Server service do the following: 1. Right-‐click on the appropriate service and select Properties. 2. Click on the Dependencies tab.
3. Click on Resource and select the shared disk you have added and the Network Name (this is the name of the Client access point). 4. Press Apply and close the window. For the Acronis Access Tomcat service do the following: 1. Right-‐click on the appropriate service and select Properties. 2. Click on the Dependencies tab.
3. Click on Resource and select the PostgreSQL and Acronis Access Gateway Server services as dependencies.Press Apply and close the window. Note: If you want to run the Gateway and Access servers on different IP addresses add the second IP as a resource to the Acronis Access Service group and set it as a dependency for the network name. Bringing the service group online and using the Configuration Utility 1.
3. Configure the Acronis Access Gateway Server service to listen on the IP address(es) for the Acronis Access Service group. 4. Configure the Acronis Access Server service to listen on the IP address(es) for the Acronis Access Service group. Note: If Redirect requests from port 80 is selected, Tomcat will listen for incoming traffic on the unsecure port 80 and redirect it to the HTTPS port you have specified above.
5. Configure the Acronis Access File Repository to listen on localhost and change the Filestore path to be on the shared disk. This path should be the same for both nodes. 6. Click OK to complete the configuration and restart the services. Installation and configuration on the second node 1. Disable any anti-‐virus software you have or it may interrupt the installation procedure resulting in a failed installation. 2.
7. Configure the Acronis Access Gateway Server service to listen on the IP address(es) for the Acronis Access Service group. 8. Configure the Acronis Access Server service to listen on the IP address(es) for the Acronis Access Service group. Note: If Redirect requests from port 80 is selected, Tomcat will listen for incoming traffic on the unsecure port 80 and redirect it to the HTTPS port you have specified above.
9. Configure the Acronis Access File Repository to listen on localhost and change the Filestore path to be on the shared disk. This path should be the same for both nodes. 10. Click OK to complete the configuration and restart the services. 7.2.
Note: If you're deploying multiple Acronis Access servers, or you are installing a non-‐standard configuration, you can select which components to install from the Custom Install button. 7. Either use the default path or select a new one for the Acronis Access main folder and press OK. 8. Set a password for the user Postgres and write it down. This password will be needed for database backup and recovery. 9.
2. Select Create empty role. Give the role a proper name. (e.g. Acronis Access, AAS Cluster) Configurations on the Active node 1. Configure your Gateway Server's database to be on a location on a shared disk. a. Navigate to C:\Program Files (x86)\Acronis\Access\Gateway Server\ b. Find the database.yml file and open it with a text editor. c. Find this line: database_path: './database/' and replace .
Adding all of the necessary services to the Acronis Access role Complete the following procedure for each of the following services: AcronisAccessGateway, AcronisAccessPostgreSQL (this may be different depending on the version of Acronis Access), AcronisAccessRepository and AcronisAccessTomcat 1. Right-‐click on the Acronis Access role and select Add a resource. 2. Select Generic Service.
3. Select the proper service and press Next. 4. On the Confirmation window press Next. 5. On the summary window press Finish. Setting an Access Point 1. Right-‐click on the Acronis Access role and select Add a resource.
2. Select Client Access Point. 3. Enter a name for this access point. 4. Select a network. 5. Enter the IP address and press Next. 6. On the Confirmation window press Next.
7. On the summary window press Finish. Adding a shared disk 1. Right-‐click on the Acronis Access role and select Add Storage. 2. Select the desired shared drive. Configuring dependencies 1. Select the Acronis Access role and click on the Resources tab For PostgreSQL and Acronis Access File Repository services do the following: 1. Right-‐click on the appropriate service and select Properties. 2. Click on the Dependencies tab.
3. Click on Resource and select the shared disk you have added. 4. Press Apply and close the window. For the Acronis Access Gateway Server service do the following: 1. Right-‐click on the appropriate service and select Properties. 2. Click on the Dependencies tab. 3. Click on Resource and select the shared disk you have added and the Network Name (this is the name of the Client access point).
4. Press Apply and close the window. For the Acronis Access Tomcat service do the following: 1. Right-‐click on the appropriate service and select Properties. 2. Click on the Dependencies tab. 3. Click on Resource and select the PostgreSQL and Acronis Access Gateway Server services as dependencies.Press Apply and close the window.
3. Configure the Acronis Access Gateway Server service to listen on the IP address(es) for the Acronis Access Service group. 4. Configure the Acronis Access Server service to listen on the IP address(es) for the Acronis Access Service group. Note: If Redirect requests from port 80 is selected, Tomcat will listen for incoming traffic on the unsecure port 80 and redirect it to the HTTPS port you have specified above.
5. Configure the Acronis Access File Repository to listen on localhost and change the Filestore path to be on the shared disk. This path should be the same for both nodes. 6. Click OK to complete the configuration and restart the services. Installation and configuration on the second node 1. Disable any anti-‐virus software you have or it may interrupt the installation procedure resulting in a failed installation. 2.
4. Open the key: DataDirectory and change the value to the path you have selected for the PostgreSQL data folder location (e.g. E:/PostgreSQL/data). 5. Close Regedit and continue with the steps below. 6. Move the Acronis Access role to the second node. Using the Configuration Utility on the second node 1. Launch the Configuration Utility. On a clean install, this is generally located at C:\Program Files (x86)\Acronis\Access\Configur
2. Configure the Acronis Access Gateway Server service to listen on the IP address(es) for the Acronis Access Service group. 3. Configure the Acronis Access Server service to listen on the IP address(es) for the Acronis Access Service group. Note: If Redirect requests from port 80 is selected, Tomcat will listen for incoming traffic on the unsecure port 80 and redirect it to the HTTPS port you have specified above.
4. Configure the Acronis Access File Repository to listen on localhost and change the Filestore path to be on the shared disk. This path should be the same for both nodes. 5. Click OK to complete the configuration and restart the services. 7.3 Upgrading from mobilEcho 4.5 on a Microsoft Failover Cluster Warning! Acronis Access failover clustering is not supported by versions older than 5.0.3.
4. Disable any anti-‐virus software you have or it may interrupt the installation procedure resulting in a failed installation. 5. Double-‐click on the installer executable. 6. Press Next to begin. 7. Read and accept the license agreement. 8. Press Install.
11. Choose a location on a shared disk for the Postgres Data folder and press Next. 12. A window displaying all the components which will be installed appears. Press OK to continue. 13. When the Acronis Access installer finishes, press Exit.Navigate to your shared disk, locate and copy these 3 files: production.sqlite3, mobilEcho_manager.cfg and priority.
2. Select Generic Service. 3. Select the proper service and press Next. 4. On the confirmation window press Next.
5. Press Next on the Replicate Registry Settings window. 6. On the summary window press Finish. Configuring dependencies 1. Double click on the Acronis Access Service group. For PostgreSQL and Acronis Access File Repository services do the following: 1. Right-‐click on the appropriate service and select Properties. 2. Click on the Dependencies tab. 3. Click on Resource and select the shared disk you have added. 4.
2. Press Add and enter the following: SYSTEM\CurrentControlSet\Services\AcronisAccessPostgreSQL\(For older versions of Acronis Access the service may be different. e.g. postgresql-‐x64-‐9.2) For the Acronis Access Gateway Server service do the following: 1. Right-‐click on the appropriate service and select Properties. 2. Click on the Dependencies tab.
3. Click on Resource and select the shared disk you have added and the Network Name (this is the name of the Client access point). 4. Press Apply and close the window. For the Acronis Access Tomcat service do the following: 1. Right-‐click on the appropriate service and select Properties. 2. Click on the Dependencies tab.
3. Click on Resource and select the PostgreSQL and Acronis Access Gateway Server services as dependencies.Press Apply and close the window. Note: If you want to run the Gateway and Access servers on different IP addresses add the second IP as a resource to the Acronis Access Service group and set it as a dependency for the network name. Bringing the service group online and using the Configuration Utility 1.
3. Configure the Acronis Access Gateway Server service to listen on the IP address(es) for the Acronis Access Service group. 4. Configure the Acronis Access Server service to listen on the IP address(es) for the Acronis Access Service group. Note: If Redirect requests from port 80 is selected, Tomcat will listen for incoming traffic on the unsecure port 80 and redirect it to the HTTPS port you have specified above.
5. Configure the Acronis Access File Repository to listen on localhost and change the Filestore path to be on the shared disk. This path should be the same for both nodes. 6. Click OK to complete the configuration and restart the services. Installation and configuration on the second node 1. Disable any anti-‐virus software you have or it may interrupt the installation procedure resulting in a failed installation. 2.
7. Configure the Acronis Access Gateway Server service to listen on the IP address(es) for the Acronis Access Service group. 8. Configure the Acronis Access Server service to listen on the IP address(es) for the Acronis Access Service group. Note: If Redirect requests from port 80 is selected, Tomcat will listen for incoming traffic on the unsecure port 80 and redirect it to the HTTPS port you have specified above.
9. Configure the Acronis Access File Repository to listen on localhost and change the Filestore path to be on the shared disk. This path should be the same for both nodes. 10. Click OK to complete the configuration and restart the services. 7.3.2 Upgrading a mobilEcho server on a Windows 2012 (R2) Failover Cluster to Acronis Access 1. Open the Failover Cluster Manager and double-‐click on your service group. 2.
8. Press Install. Note: If you're deploying multiple Acronis Access servers, or you are installing a non-‐standard configuration, you can select which components to install from the Custom Install button. 9. Either use the default path or select a new one for the Acronis Access main folder and press OK. 10. Set a password for the user Postgres and write it down. This password will be needed for database backup and recovery. 11.
Configurations on the Active node 1. Configure your Gateway Server's database to be on a location on a shared disk. a. Navigate to C:\Program Files (x86)\GroupLogic\mobilEcho Server\ b. Find the database.yml file and open it with a text editor. c. Find this line: database_path: './database/' and replace ./database/ with the path you want to use (e.g. database_path: 'S:/mobilEcho_cluster/database/').
3. Select the proper service and press Next. 4. On the Confirmation window press Next. 5. On the summary window press Finish. Setting an Access Point 1. Right-‐click on the Acronis Access role and select Add a resource.
2. Select Client Access Point. 3. Enter a name for this access point. 4. Select a network. 5. Enter the IP address and press Next. 6. On the Confirmation window press Next.
7. On the summary window press Finish. Adding a shared disk 1. Right-‐click on the Acronis Access role and select Add Storage. 2. Select the desired shared drive. Configuring dependencies 1. Select the Acronis Access role and click on the Resources tab For PostgreSQL and Acronis Access File Repository services do the following: 1. Right-‐click on the appropriate service and select Properties. 2. Click on the Dependencies tab.
3. Click on Resource and select the shared disk you have added. 4. Press Apply and close the window. For the Acronis Access Gateway Server service do the following: 1. Right-‐click on the appropriate service and select Properties. 2. Click on the Dependencies tab. 3. Click on Resource and select the shared disk you have added and the Network Name (this is the name of the Client access point).
4. Press Apply and close the window. For the Acronis Access Tomcat service do the following: 1. Right-‐click on the appropriate service and select Properties. 2. Click on the Dependencies tab. 3. Click on Resource and select the PostgreSQL and Acronis Access Gateway Server services as dependencies.Press Apply and close the window.
3. Configure the Acronis Access Gateway Server service to listen on the IP address(es) for the Acronis Access Service group. 4. Configure the Acronis Access Server service to listen on the IP address(es) for the Acronis Access Service group. Note: If Redirect requests from port 80 is selected, Tomcat will listen for incoming traffic on the unsecure port 80 and redirect it to the HTTPS port you have specified above.
5. Configure the Acronis Access File Repository to listen on localhost and change the Filestore path to be on the shared disk. This path should be the same for both nodes. 6. Click OK to complete the configuration and restart the services. Installation and configuration on the second node 1. Disable any anti-‐virus software you have or it may interrupt the installation procedure resulting in a failed installation. 2.
4. Open the key: DataDirectory and change the value to the path you have selected for the PostgreSQL data folder location (e.g. E:/PostgreSQL/data). 5. Close Regedit and continue with the steps below. 6. Move the Acronis Access role to the second node. Using the Configuration Utility on the second node 1. Launch the Configuration Utility. On an upgrade from mobilEcho, this is generally located at C:\Program Files (x86)\GroupLogic\C
2. Configure the Acronis Access Gateway Server service to listen on the IP address(es) for the Acronis Access Service group. 3. Configure the Acronis Access Server service to listen on the IP address(es) for the Acronis Access Service group. Note: If Redirect requests from port 80 is selected, Tomcat will listen for incoming traffic on the unsecure port 80 and redirect it to the HTTPS port you have specified above.
4. Configure the Acronis Access File Repository to listen on localhost and change the Filestore path to be on the shared disk. This path should be the same for both nodes. 5. Click OK to complete the configuration and restart the services. 7.4 Upgrading Acronis Access on a Microsoft Failover Cluster The following steps will help you upgrade your Acronis Access Server cluster to a newer version of Acronis Access. 1.
3. Stop all of the Acronis Access services (including postgres-‐some-‐version). The shared disk must be online. 4. Disable any anti-‐virus software you have or it may interrupt the installation procedure resulting in a failed installation. 5. Double-‐click on the installer executable. 6. Press Next to begin. 7. Read and accept the license agreement.
8. Press Upgrade. 9. Review the components which will be installed and press Install. 10. Enter the password for your postgres super-‐user and press Next. 11. When the installation finishes, press Exit to close the installer. Warning! Do not bring the cluster group online! 12. Move the cluster group to the second node. 13. Complete the same installation procedure on the second node. 14.
3. Open the server.xml file. 4. Find this line: SSLCipherSuite="" 5. Replace the contents between the two quotation marks with the ciphers you wish to use. Note: If you wish to support an unsecure version of Internet Explorer 8 or the Acronis Access Desktop client on Windows XP, enter the following: ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM e.g.: SSLCipherSuite="ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM" 6.
8 What's New In this section What's New in Acronis Access Server .................................................... 214 What's New in the Acronis Access app .................................................. 231 Previous Releases ................................................................................... 233 8.1 What's New in Acronis Access Server Note: Numbers such as "[DE1013, US552, #2717]" refer to Acronis' internal change tracking system.
Fixed a problem where a user's desktop synced network folder might not be removed when the server-‐side network folder was removed from their assigned data sources. Fixed an issue where gateway file shares could not be browsed from the web portal if a management server is required and the management server is listening on a non-‐standard port. When a user upgrades from Acronis Access 6.
Links to landing pages and folders from notification emails and from the Desktop Client Finder/Explorer contextual menus no longer sometimes require the user to log in. Fixed an issue when upgrading from mobilEcho 4.5 where legacy data sources might not be converted (DE13188). KNOWN ISSUES: Due to a bug in the included 3rd party Java installer, an issue may occur during installation on non-‐English Windows Servers.
Users running Internet Explorer 8 are automatically redirected to the Access 6 style web client interface. Internet Explorer 8 will be not supported by the redesigned Access 7 web interface. Server Administration from Internet Explorer 8 is not supported. These users will not have access to file server, NAS and SharePoint data sources from the web client interface.
Access Client Version is now displayed in the Users and Devices section of Access Server administration page. (US8696) Java version 7 U71 is used in this release. (US9486) The default threshold and interval for user notification as they approach their quota for Sync & Share can now be configured. (US8605) Apache Tomcat 7.0.56 is used in this release.
Acronis Access 6.1.3 ENHANCEMENTS The default SSL bindings of Acronis Access no longer support Internet Explorer 8 client connections. To enable unsecure Internet Explorer 8 connections on a new installation, please see this article: Changing the Acronis Access Tomcat SSL Ciphers (p. 212). (US8460) New Relic agent updated to the version 3.9.0.229.
Java 7 Update 51 is used in this release. BUG FIXES Fixed an issue with downloading Sync & Share files from an Amazon S3 repository. Fixed an issue with populating the owner_name value in the exported logs. Fixed possible request timeout issue when enrolling a mobile client in a large Active Directory.
Addressed a dependency issue that could prevent the Access Gateway service from starting automatically after a reboot on Windows Server 2008R2. Acronis Access 6.1 ENHANCEMENTS Web Services API for the Acronis Access Server administration. The API documentation is packaged within the Access server and is accessible by administrators. The link can be found in the footer.
The Acronis Gateway Server service is now dependent on other key services so it should be assured to start properly when the server starts up. When a Cluster Group is disbanded, any policies that were using that Cluster Group as the 'ĂƚĞǁĂLJ ^ĞƌǀĞƌ ƵƐĞĚ ƚŽ ĂĐĐĞƐƐ ͞DLJ EĞƚǁŽƌŬ &ŽůĚĞƌƐ͟ ;ůŽĐĂƚŝŽŶƐ ĂĚĚĞĚ ďLJ ƚŚĞ ƵƐĞƌͿ ǁŝůů ďĞ updated to instead use the last Gateway Server that was a member of the Cluster Group.
Acronis Access 6.0.1 ENHANCEMENTS ĚĚĞĚ Ă ŶĞǁ ƉŽůŝĐLJ ƚŽ ƐƉĞĐŝĨLJ ǁŚŝĐŚ ŐĂƚĞǁĂLJ Žƌ ĐůƵƐƚĞƌ ŐƌŽƵƉ ǁŝůů ďĞ ƵƐĞĚ ƚŽ ƐŚĂƌĞ ƵƐĞƌƐ͛ ĐƚŝǀĞ Directory assigned home folders.
Clients who do not have sync and share enabled will no longer be incorrectly reported as ͞ƵŶŵĂŶĂŐĞĚ͟ ŝŶ ƚŚĞ ĂƵĚŝƚ ůŽŐ͘ Files with Japanese or other characters in their filenames should no longer have the filenames changed when downloaded with Internet Explorer. Administrators should no longer see unresolvable errors when subscription licenses expire.
BUG FIXES The Default Language setting in Server Settings has been renamed to be clear that it is the default audit log language. If a data source for an Active Directory home folder cannot be resolved, the Mobile Clients will no longer see the home folder, instead of getting an error accessing the !HOME_DIR_SERVER. Miscellaneous bug fixes in the Acronis Access Desktop Client. Miscellaneous localization improvements.
On Windows Server 2003, the uninstall process no longer reports that PostgreSQL was not installed by the Acronis Access Server installer. The Configuration Utility now generates an error if the Gateway Service is configured to bind to all address on a port and the Access Server on a specific address with the same port. By default on clean installs Tomcat is now configured to not listen for shutdown requests on port 8005.
BUG FIXES Email notifications are now sent properly after an upgrade when custom templates were used. Newly created data sources are now checked to see if they are searchable immediately. Previously they were only checked in 15 minute intervals. Search is now available on data sources that add search indexing after the Gateway Server has started.
the following: ActiveRecord::JDBCError: ERROR: value too long for type character varying(255): INSERT INTO "password_resets" .... Customers that have this condition can upgrade to this new version of the server and the problem will be resolved automatically. Fixed an issue that could cause some clients to go into restricted mode after the upgrade to mobilEcho 5.0.
Sorting criteria chosen by the end user is now saved when browsing project folders. Notifications can now be configured to be sent when a file is downloaded / synced. Improved user interface responsiveness for re-‐assigning content when there are 1000s of users in the system. The Amazon S3 access key no longer displayed in plain text on the administration pages.
A warning is presented if a user is invited for enrollment but does not match any existing user/group policy. The devices table now lists the user or group policy in use for each device. Content searching is now available against remote Windows file shares running Windows Search. A new token is available in the enrollment invitation templates to include the Active Directory user's Display Name.
8.2 What's New in the Acronis Access app Access Mobile Client 6.1.5 BUG FIXES: Fixed an issue that could occur while manual starting syncs of multiple folders simultaneously. Access Mobile Client 6.1.4 BUG FIXES: Fixed an issue that could occur while syncing a home directory folder. Fixed an issue where documents with protected fields could encounter compatibility issues when saved by SmartOffice.
Access Mobile Client 6.0 ENHANCEMENTS dŚĞ ŵŽďŝů ĐŚŽ ŵŽďŝůĞ ĂƉƉ ŝƐ ŶŽǁ ŶĂŵĞĚ ͚ ĐƌŽŶŝƐ ĐĐĞƐƐ͛͘ Miscellaneous fixes and improvements. mobilEcho 5.1 ENHANCEMENTS Implemented new iOS 7 style interface. Support for Kerberos Constrained Delegation authentication to mobilEcho Servers. Network shares and SharePoint locations can now be added from within the app, if allowed by your mobilEcho profile.
In-‐app text file editing. The interval at which mobilEcho will perform file syncs while the app is open can now be set. Improvements to sync progress and error indication. Text search and table of contents are now available when viewing a PDF file while your IT administrator has disabled PDF annotation. Support for user certificate authentication with mobilEcho servers.
activEcho 5.0.3 BUG FIXES Email notifications are now sent properly after an upgrade when custom templates were used. activEcho 5.0.2 ENHANCEMENTS Improved performance of the activEcho client when there are a large number of updates. BUG FIXES Upgrades from activEcho 2.7 now work properly on non-‐English PostgreSQL installations. activEcho 5.0.1 No changes. activEcho 5.0.
Improved user interface responsivness for re-‐assigning content when there are 1000s of users in the system. The Amazon S3 access key no longer displayed in plain text on the administration pages. Improved support for email invitations using different formats of email addresses. New Administration mode toggles between a user's individual project / log views and the administration console.
activEcho 2.7.2 (Released: May 2013) BUG FIXES: Files which were not fully uploaded to the file repository will now be removed from the repository if the repository is accessible after the upload failure occurs. Fixed a rare case where the activEcho client would fail to sync due to the structure of a system file ID. activEcho 2.7.
The Projects tab in the web interface has been optimized for increased performance and smoother user interaction. The Projects tab now supports pagination, sorting, filtering. The move dialog in the web interface now loads quickly, even when the user has a large hierarchy of folders. All client connections can be disabled for administrative purposes from the Server Settings page in the web UI.
ActivEcho's Tomcat is now configured to redirect HTTP to HTTPS by default. Customers not needing redirection refer to the online documentation: https://docs.grouplogic.com/display/ActivEcho/activEcho+Server#activEchoServer-‐Redirectin gHTTPrequeststoHTTPS The list of shares has now been removed from the left panel of the projects web page to improve the page performance. Filtering options have been added to projects page sidebar.
LDAP authentication by email will now work properly for LDAP domains where authentication by common name is not permitted. Fixed various case-‐sensitivity bugs with LDAP authentication. Adding trial server licenses will no longer occasionally fail. Unsharing a folder with Unicode characters in the name using "Remove all" will no longer cause an error.
Support provided for creating Tomcat server clusters running activEcho for load balancing and resilience. Improved diagnostic logging provided in the file repository service. Desktop Sync clients on Mac and Windows now provide a menu option to display recently updated files. Clicking an entry in the list opens the folder containing the file. Mac OS X sync client now supports Gatekeeper signing and notification center on OS X 10.8.
activEcho 2.5.1 (Released: July 2012) ENHANCEMENTS: Support for mobilEcho 4.0 for access to activEcho using mobile devices. mobilEcho 4.0 now allows sharing of activEcho, file shares, and SharePoint servers simultaneously. Additional license is required for accessing file shares and SharePoint with mobilEcho. Uploading and downloading of files via mobile devices is faster.
Support for selective syncing. Via the web, users can pick which folders they want to have synced to their desktop vs. only accessible via the web. This allows users to have access to shared content but not necessarily have all content synced to their local desktop.
activEcho 2.1.1 (Released: June 2012) ENHANCEMENTS: Email addresses for LDAP authenticated users now update when the primary email address changes in LDAP. Improved LDAP performance. BUG FIXES: Improved authentication against LDAP to avoid timeouts against large catalogs. activEcho 2.1.0 (Released: May 2012) ENHANCEMENTS: Automatic purging of previous revisions and deleted files based on administrative rules.
Improvements to desktop syncing when Microsoft Office files are edited directly in the activEcho Folder. Various bug fixes in desktop syncing. Bug fixes in activEcho server installer to fix future upgrades. activEcho 2.0.1 (Released: March 2012) BUG FIXES: Improvements to the server administration user experience. Various bug fixes in desktop syncing. Improvements to the client installer upgrade process. activEcho 2.0.
certificates using MobileIron AppTunnel. Note that when using this form of authentication, mobile clients cannot access activEcho shares. The required data sources are now automatically created when assigning home folders to a user or group policy. Previously administrators needed to manually create a data source for the server hosting the home directory.
The Folder list in Data Sources now shows the assigned Gateway Server using its Display Name instead of its IP Address. BUG FIXES Clients can now access data sources with a colon in their name. Sorting the Active Users table by Policy or Idle Time no longer generates an error.
New "Assigned Sources" capability allows administrators to get a report of all of the assigned resources that a particular Active Directory user or group will receive. Audit logging can be enabled to report on mobile user activity across multiple Acronis Access Gateway Servers.
ENHANCEMENTS: Added support for smart card authentication, and added a setting to allow or disallow clients using this new authentication method. mobilEcho 4.5.1 (Released: September 2013) ENHANCEMENTS: The mobilEcho server now supports requiring that mobilEcho Android clients are managed by MobileIron AppConnect.
mobilEcho 4.3.2 (Released: April 2013) BUG FIXES: Fixed an issue where mobilEcho Administrator could fail to create an activEcho volume when the product is licensed with a Retail serial number. Fixed an issue where a mobilEcho client could fail to open its home directory if the home directory is configured using the %USERNAME% wildcard and the server domain and the user's domain have a trust relationship.
Fixed an issue where the client would fail to show an error or would show an incorrect error message if the user's AD account password had expired, or the account was locked out or disabled. Fixed an issue where the server upgrade process could fail if mobilEcho had been installed to a non-‐system drive.
Fixed a problem where the server check for free disk space in a folder would incorrectly check the free space at the root of the mobilEcho volume. Fixed a problem where open file handles would not be closed for 24 hours if a client disconnected in the middle of a file transfer. These handles will now be closed when the session times out, after 15 minutes.
Fixed a problem where attempting to read a file on an activEcho volume that no longer exists would result in a corrupted file being read rather than an error being returned. Fixed a problem where the presence of a misconfigured or unavailable activEcho volume could cause clients to time out when attempting to retrieve the volume list.
BUG FIXES: Fixed a problem accessing SharePoint sites and document libraries whose paths are multiple levels below their parent site. Fixed a problem accessing SharePoint sites that use Claims Based Authentication. mobilEcho 4.0.2 (Released: September 2012) ENHANCEMENTS: Added support for Android clients. Added settings to the mobilEcho Administrator for restricting access by iOS and/or Android clients.
Fixed a problem where users could fail to authenticate with SharePoint volumes if their username contained Unicode characters and authentication was performed using NTLM. Fixed a problem where users could fail to authenticate with SharePoint volumes if the user was a member of a subdomain and authentication was performed using NTLM.
BUG FIXES: Fixed a problem where files and folders ending in a period or space could fail to be accessible on activEcho volumes. Fixed a problem where the Devices page could fail to load in mobilEcho Client Management server after Japanese and Chinese users have enrolled. mobilEcho 3.
Add profile settings for allowing/denying the ability of users to create sync folders, and to perform a Quickoffice® "Save Back". The mobilEcho Client Management server can now be configured to store database and profile information in a different location than the application directory, allowing for the management server service to be failed over to other cluster nodes.
Added support for 2-‐way sync folders. Client-‐side changes made in 2-‐way sync enabled folders will be synced back to the server automatically. These 2-‐way sync folders can be provisioned through the mobilEcho Client Management server. Added support for reverse proxy authentication.
Fixed a problem where mobilEcho could fail to install or run on systems missing a system DLL (normaliz.dll). Fixed a problem where the client could fail to copy a file to the server if the user account did not have permission to calculate the amount of free space on the volume. The client would report an error about there not being enough free space on the volume. Removed extraneous logging from the mobilEcho LOG.TXT file.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mobilEcho\Parameters4\Refreshable\P ez\HideInaccessibleItemsOnReshares BUG FIXES: Fixed a problem where the mobilEcho Client Management server would not properly calculate an Active Directory home directory path if the associated 'Network reshare path mapping' included a trailing backslash.
Specific mobilEcho shared volumes or folders within shared volumes can now be assigned to user or group profiles. These shared volumes or folders are then automatically displayed in the mobilEcho client app. Shared volumes or folders assigned to user or group profiles can be configured to automatically one-‐way sync from server to mobilEcho client, making the contained files available for online or offline use.
Management profiles can now be disabled so that the corresponding user or group cannot receive their profile. Added the ability to prevent clients from connecting to servers with self-‐signed certificates. Added a management setting to enable or disable copying text from a previewed document. Added a management setting that tells the client to store files so that they are not backed up by iTunes. mobilEcho 2.0.
