Copyright Statement Copyright © Acronis International GmbH, 2002-2014. All rights reserved. “Acronis” and “Acronis Secure Zone” are registered trademarks of Acronis International GmbH. "Acronis Compute with Confidence", “Acronis Startup Recovery Manager”, “Acronis Active Restore”, “Acronis Instant Restore” and the Acronis logo are trademarks of Acronis International GmbH. Linux is a registered trademark of Linus Torvalds. VMware and VMware Ready are trademarks and/or registered trademarks of VMware, Inc.
Table of contents 1 Mobile Access ..................................................................................................................6 1.1 Concepts ....................................................................................................................................6 1.2 Policies .......................................................................................................................................8 1.2.1 1.2.2 1.2.3 1.3 On-boarding Mobile Devices ........
Maintenance Tasks ........................................................................................................ 78 4.1 Disaster Recovery guidelines ...................................................................................................78 4.2 Backing up and Restoring Acronis Access ................................................................................80 4.3 Tomcat Log Management on Windows ..............................................................................
6 Configuring an AppConnect tunnel between the Access Mobile client and the Access server via username/password authentication........................................................................... 142 7 Adding Kerberos Constrained Delegation Authentication .............................................. 153 7.1.1 7.2 7.2.1 7.2.2 7.3 Installing Acronis Access on a Windows 2008 Microsoft Failover Cluster ..............................................
1 Mobile Access This section of the web interface covers all the settings and configurations affecting mobile device users. In this section Concepts..................................................................................................... 6 Policies ....................................................................................................... 8 On-boarding Mobile Devices ...................................................................25 Managing Gateway Servers ......................
Any number of Gateway Servers can later be added to the network and configured for access from the client app. Note: Details on installing Acronis Access are included in the Installing section of this guide. Configuration of Gateway Servers and Data Sources is explained in the Mobile Access (p. 6) section. If you wish to remotely manage your Access Mobile Clients, Acronis Access Client Management allows you to create policies per Active Directory user or group.
Fig 2. One Gateway Server, one Gateway Server + Acronis Access Server, many clients 1.2 Policies In this section User & Group Policies ................................................................................ 8 Allowed Apps ...........................................................................................21 Default Access Restrictions ......................................................................24 1.2.
If you would like all or most of your users to receive the same policy settings, you can enable the Default group policy. If it' s enabled all users which are not members of a group policy and do not have an explicit user policy, will become members of the Default group. The Default group is disabled by default. If you would like to deny a group of users access to Acronis Access management, ensure that they are not members of any configured group policies.
3. In the Find group field, enter the partial or complete Active Directory group name for which you'd like to create a policy. You can perform 'begins with' or 'contains' searches for Active Directory groups. Begins with search will complete much faster than contains searches. 4. Click Search and then find and click the group name in the listed results. 5. Make the necessary configurations in each of the tabs (Security (p. 13), Application (p. 15), Sync (p. 18), Home Folders (p. 19) and Server (p.
1.2.1.2 Exceptions for policy settings For users running the Access Mobile Client for Android, Access Mobile Client for Good Dynamics (iOS) and Access Mobile Client with Mobile Iron AppConenct apps, there are some exceptions to the way Acronis Access management policies are applied to the Access Mobile Client app. In the case of Android, a few of the features of the iOS client are not yet supported, so the related policies do not apply.
Groups, you need to enable the Block access to specific network paths for every User/Group policy that you want it to affect. To create a list: 1. 2. 3. 4. 5. Open the web interface as an administrator. Open the Policies (p. 8) page. Click on the desired User policy or Group policy. Open the Server Policy (p. 20) tab. Select the Block access to specific network paths check box. Note: You must perform this step for each User/Group policy that you want to assign the blacklist to. 6. 7. 8. 9. 10. 11. 12.
1.2.1.5 App password creation - The Access Mobile Client application can be set with a lock password that must be first entered when launching the application. Optional - This setting will not force the user to configure an application lock password, but they will be able to set one from the Settings menu within the app if they desire. Disabled - This setting will disable the ability to configure an application lock password from the Settings menu within the app.
to modify their App will lock setting from within the Access Mobile Client settings, select Allow user to change this setting. 14 Minimum password length - The minimum allowed length of the application lock password. Minimum number of complex characters - The minimum number of non-letter, non-number characters required in the application lock password. Require one or more letter characters - Ensures that there is at least one letter character in the application password.
1.2.1.6 Application Policy Require Confirmation When Deleting Files - When enabled, the user will be asked for confirmation each time they delete a file. If you would like the user to be able to later modify this setting, select Allow user to change this setting. Set the Default File Action - This option determines what will happen when a user taps a file in the Access Mobile Client application. If this is not set, the client application defaults to Action Menu.
Thumbnail Cache Size: - Sets how much space will be reserved for thumbnails. Only Download Thumbnail Previews on WiFi Networks - When enabled, thumbnails will be available only if the user is connected to a WiFi network. Content in My Files and File Inbox Expires after X days - If this option is enabled, files in the File Inbox and in My Files will be deleted from the device after the set number of days.
File Deletes - If this option is disabled, the user will not be able to delete files from the Gateway Server. This setting supersedes any NTFS permissions that client may have that allow file deletion. File Moves - If this option is disabled, the user will not be able to move files from one location to another on the Gateway Server, or from the server to the Access Mobile Client application's local My Files storage.
App Whitelist/Blacklist - Select a predefined whitelist or blacklist that restricts that third party apps that Acronis Access files can be opened into on the device. To create a whitelist or blacklist, click Allowed Apps in the top menu bar. Sending Files to Acronis Access from Other Apps - If this option is disabled, the Access Mobile Client application will not accept files sent to it from other applications' Open In feature.
Allow User to Create Sync Folders - Allows the user to create their own sync folders. Only Allow File Syncing While Device is on WiFi Networks - When this option is enabled, Acronis Access will not allow files to be synced over cellular connections. If Allow User to Change This Setting is enabled, clients will be able to enable or disable automatic file syncing while on WiFi networks.
Custom home directory path - The home folder shown in the Access Mobile Client app will connect the user to the server and path defined in this setting. The %USERNAME% wildcard can be used to include the user's username in the home folder path. %USERNAME% must be capitalized. Sync – This option selects the type of sync of your Home Directory. 1.2.1.
For every connection - The user is required to enter their password each time they connect to a server. Allow user to add individual servers - If this option is enabled, users will be able to manually add servers from within the Access Mobile Client application, as long as they have the server's DNS name or IP address. If you want the user to only have their policy Assigned Servers available, leave this option disabled.
Whitelists - allow you to specify a list of apps that Acronis Access files are allowed to be opened into. All other apps are denied access. Blacklists - allow you to specify a list of apps that Acronis Access files are not allowed to be opened into. All other apps are allowed access. In order for Acronis Access to identify a particular app, it needs to know the app's Bundle Identifier. A list of common apps, and their bundle identifiers, are included in the Acronis Access Web Interface by default.
You can find the bundle identifier either by browsing the files on your device (p. 23) or you can view it in an iTunes Library (p. 23). 1.2.2.2 Finding an app's bundle identifier by browsing the files on your device If you use software that allows browsing the contents of your device's storage, you can locate a app on the device and determine its bundle identifier . One app that can be used for this is iExplorer . 1. 2. 3. 4. 5. 6.
11. The string value below it is the bundle identifier value that you will need to enter for the app in Acronis Access. These are commonly formatted as: com.companyname.appname 1.2.3 Default Access Restrictions This section allows you to set restrictions for clients contacting the management server and these restrictions are also the default restrictions for Gateway Servers. Note: For information on setting custom access restrictions for your Gateway Servers visit the Editing Gateway Servers (p.
may also be used to allow multiple client management servers in a domain, for instance. Partial names do not need wildcard symbols. Allow Client Certificate Authentication - If you uncheck this option, users will not be able to connect via certificate and will be able to connect via client username and password or smart card.
The Access Mobile Client application settings and features controlled by the management policy include: Requiring a Access Mobile Client application lock password Assigned folders can be configured to perform 1-way to 2-way syncing with the server App password complexity requirements Ability to remove the Access Mobile Client app from management Allow emailing and printing files from the Access Mobile Client Allow storing files on the device Allow Access Mobile Client on-d
Acronis Access includes two device enrollment mode options. This mode is used for all client enrollments. You will need to select the option that fits your requirements: PIN number + Active Directory username and password - In order to activate their Acronis Access app and gain access to Acronis Access servers, a user is required to enter an expiring, one-time use PIN number and a valid Active Directory username and password.
Download enrollment invitations as CSV - The entire or filtered invitations list can be exported to a CSV file and opened in Excel or imported into a custom process. Using basic URL enrollment links when PIN numbers are not required: If your server is configured to not require PIN numbers for client enrollment, you can give your users a standard URL that will automatically start the enrollment process when tapped from the mobile device.
7. Choose the number of days you'd like the invitation to be valid for in the Number of days until invitation expires field. 8. Choose the number of PINs you'd like to send to each user on the invitations list. This can be used in cases where a user may 2 or 3 devices. They will receive individual emails containing each unique one-time-use PIN.
The email guides them through the process of installing the Access Mobile Client and entering their enrollment information. If the Access Mobile Client app has already been installed, and the user taps the "Tap this link to automatically begin enrollment..." option while viewing this email on their device, Acronis Access will automatically launch and the enrollment form will be displayed.
If their management policy requires an application lock password, they will be prompted to enter one. All password complexity requirements configured in their policy will be enforced for this initial password, and for any change of their application lock password in the future.
A confirmation window may appear if your management policy restricts the storage of files in Acronis Access or disables your ability to add individual servers from within the Access Mobile Client app. If you have files stored locally in the Access Mobile Client app, you will be asked to confirm that any files in your My Files local file storage will be deleted. If you select No, the management enrollment process will be canceled and your files will remain unchanged.
1.4 Managing Gateway Servers The Acronis Access Gateway Server is the server contacted by the Access Mobile Clients that handles accessing and manipulating files and folders in file servers, SharePoint respositories, and/or Sync & Share volumes. The Gateway Server is the "gateway" for mobile clients to their files. The Acronis Access Server can manage and configure one or more Gateway Servers from the same management console.
Support for content search of shared is enabled by default, and can be enabled or disabled by checking this option. You can enable or disable content searching for each Gateway Server in the Edit Server dialog. In addition to enabling this setting, content search requires that the Microsoft Windows Search application be installed on the Acronis Access Gateway server and be configured to index any data source where content search is enabled.
Note: The port 443 is the default port. If you have changed the default port, add your port number after localhost. 3. Write down the Administration Key. 4. 5. 6. 7. Open the Acronis Access Web Interface. Open the Mobile Access tab. Open the Gateway Servers page. Press the Add New Gateway Server button. 8. Enter a Display Name for your Gateway Server. 9. Enter the DNS name or IP address of your Gateway Server.
1.4.2 Server Details Opening the Details page of a Gateway Server gives you a lot of useful information about that specific server and its users. Status The Status section gives you information about the Gateway Server itself. Information like the operating system, the type of the license, number of licenses used, version of the Gateway Server and more.
Displays a table of all users currently active in this Gateway Server. User - Shows the user's Active Directory (full) name. Location - Shows the IP address of the device. Device - Shows the name given to the device by the user. Model - Shows the type/model of the device. OS - Shows the operating system of the device. Client Version - Shows the version of the Acronis Access app installed on the device. Policy - Shows the policy for the account used by the device.
Logging The Logging section allows you to control whether the logging events from this specific Gateway Server will be shown in the Audit Log and allows you to enable Debug logging for this server. To enable Audit Logging for a specific gateway server: 1. 2. 3. 4. 5. 6. 7. 8. Open the web interface. Log in as an administrator. Open the Mobile Access tab. Open the Gateway Servers tab. Find the server for which you want to enable Audit Logging. Press the Details button.
Search Index local data sources for filename search By default, indexed searching is enabled on all Gateway Servers. You can disable or enable indexed searching for each Gateway Server in the Gateway’s Edit Server dialog. Default path By default on a standalone server, Acronis Access stores index files in the Search Indexes directory in the Acronis Access Gateway Server application folder. If you would like to locate the index files in a different location, enter the path to a new folder.
SharePoint Entering these credentials is optional for general SharePoint support, but required to enumerate site collections. For example, say you have two site collections: http://sharepoint.example.com and http://sharepoint.example.com/SeparateCollection. Without entering credentials, if you create a volume pointing to http://sharepoint.example.com, you will not see a folder called SeparateCollection when enumerating the volume. The account needs to have Full Read access to the web application.
3. Under Web Applications click on Manage web applications. 4. Select your web application from the list and click on User Policy. 5. Select the checkbox of the user you want to give permissions to and click on Edit Permissions of Selected Users. If the user is not in the list, you can add him by clicking on Add Users.
6. From the Permission Policy Levels section, select the checkbox for Full Read - Has Full read-only access. 7. Press the Save button.
Advanced Note: It is recommended that these settings only be changed at the request of a customer support representative. Hide inaccessible items - When enabled, files and folders for which the user does not have the Read permission will not be shown. Hide inaccessible items on reshares - When enabled, files and folders located on a network reshare for which the user does not have the Read permission will not be shown.
present delegated credentials to your SharePoint server on behalf of you users. Enabling the Acronis Access Windows server to perform Kerberos Delegation: 1. In Active Directory Users and Computers, locate the Windows server or servers that you have the Gateway Server installed on. They are commonly in the Computers folder. 2. Open the Properties window for the Windows server and select the Delegation tab. 3. Select Trust this computer for delegation to specified services only 4.
to manage all policies, devices and settings while the gateways' role is to provide access to the file shares. To create a cluster group: Please make sure that you have already configured a correct Address for Administration on each Gateway before proceeding. This is the DNS or IP address of the Gateway server. 1. 2. 3. 4. 5. 6. 7. 8. 45 Open the Acronis Access Web Interface. Open the Mobile Access tab. Open the Gateway Servers page. Press the Add Cluster Group button. Enter a display name for the group.
9. Press Create. Editing a cluster group: Editing cluster groups does not differ from editing regular Gateways. For more information visit the Editing Gateway Servers (p. 37) article. Adding members to an existing cluster group: 1. Open the web interface and navigate to Mobile Access -> Gateway Servers. 2. Open the action menu for the desired cluster group and select Add Cluster Members from the available actions. 3. Select the desired Gateway Servers from the list and press Add. 1.
Changing Permissions for Shared Files and Folders Acronis Access uses the existing Windows user accounts and passwords. Because Acronis Access enforces Windows NTFS permissions, you should normally use Windows’ built-in tools for adjusting directory and file permissions. The standard Windows tools provide the most flexibility for setting up your security policy.
2-Way - The folder will appear as a local folder in the Acronis Access client app. Its complete contents will initially be synced from the server to the device. If files in this folder are added, modified, or deleted, either on the device or on the server, these changes will be synced back to the server or device. Require Salesforce activity logging Acronis has partnered with Salesforce to offer an option for logging access to files shown to customers using Acronis Access.
additional configurations to the Gateway Server used to connect to these Data Sources. For more information visit the Editing Gateway Servers (p. 37) article. Note: Make sure you have at least 1 Gateway Server available. Creating a Data Source To create a Data source: 1. Open the Acronis Access Web Interface. 2. Open the Mobile Access tab. 3. Open the Data Sources tab.
4. 5. 6. 7. 8. Go to Folders. Press the Add New Folder button. Enter a display name for the folder. Select the Gateway Server which will give access to this folder. Select the location of the data. This can be on the actual Gateway Server, on another SMB server, on a SharePoint Site or Library or on a Sync & Share server. Note: When selecting Sync & Share, make sure to enter the full path to the server with the port number. e.g.: https://mycompany.com:3000 9.
By pressing the Edit resources assigned to button, the administrator can quickly edit the assignments for this policy. 1.5.3 Gateway Servers Visible on Clients Gateway Servers can be assigned to User or Group policies and can be used as Data Sources. This page displays all Gateway Servers displayed on the user's Acronis Access Mobile client and if those Gateway Servers are assigned to a User or Group policy. You can also edit these assignment here.
2. Press the Save button. 1.5.4 Legacy Data Sources If you have updated to Acronis Access from a previous mobilEcho installation, all of your assigned folders will carry over automatically and will be put in this section. If you're still using a mobilEcho 4.5 server or older, you can also create a volume in the mobilEcho Administrator, and add it to the Legacy Data Sources from this page. Adding a new legacy folder 1. 2. 3. 4. Press the Add New Legacy Folder button. Enter a Display Name.
To move your Legacy Data Sources to the new system: 1. 2. 3. 4. 5. Find the mobilEcho File Server on which the Data Source resides. Upgrade the mobilEcho File Server to the Acronis Access Gateway server. Open the Acronis Access web interface and log in as an administrator. Open the Gateway Servers tab. Add your server to the list of Gateway Servers. For more information on this process, visit the Managing Gateway Servers (p. 33) section. 6. Add a license for the Gateway Server. 7.
their IT administrator. This option is recommended when the enhanced security of two-factor device enrollment is required. 54 Active Directory username and password only - A user can activate their Acronis Access app using only their Active Directory username and password. This option allows a user to enroll one or more devices at any point in the future.
2 Sync & Share This section of the Web Interface is available only if you have enabled Sync & Share functionality. Otherwise you will see a button Enable sync & share support. In this section Sharing Restrictions .................................................................................55 LDAP Provisioning ....................................................................................56 Quotas ......................................................................................................
2.2 LDAP Provisioning Members of groups listed here will have their user accounts automatically created at first login. LDAP Group This is the list of currently selected groups. Common Name / Display Name - The display name given to the user or group. Distinguished Name - The distinguished name given to the user or group. A distinguished name is a unique name for an entry in the Directory Service. 2.3 Quotas Administrators can set the amount of space dedicated to each user in the system.
Ad-hoc User Quota - Sets the quota for Ad-Hoc users. LDAP User Quota - Sets the quota for LDAP users. Enable admin-specific quotas? - If enabled, administrators will have a separate quota applied to them. Admin Quota - Sets the quota for administrators. Note: If a user is a member of multiple groups, only the biggest quota is applied. Note: Quotas can be specified for individual users. Individual quota settings override all other quota settings.
Keep at least X revisions per file, regardless - If enabled, keeps a minimum number of revisions per file, regardless of their age. Only keep X revisions per file - If enabled, limits the maximum number of revisions per file. Note: Pushing the Save button will start a purge immediately, otherwise a regular scan runs every 60 minutes. 2.5 User Expiration Policies Users who expire will lose access to all their data. You can reassign the data from the Manage Deleted Users page.
2.6 File Repository These settings determine where files uploaded for syncing and sharing will be stored. In the default configuration, the file system repository is installed on the same server as the Acronis Access Server. The File Repository is used to store Acronis Access Sync & Share files and previous revisions. The Acronis Access Configuration utility is used to set the file repository address, port and file store location.
2.7 Acronis Access Client These settings are for the Access Desktop Client. Force Legacy Polling Mode - Forces the clients to poll the server instead of being asynchronously notified by the server. You should only enable this option if instructed to do so by Acronis support. Client Polling Time - Sets the time intervals in which the client will poll the server. This option is available only when Force Legacy Polling Mode is enabled.
Copyright © Acronis International GmbH, 2002-2014
3 Server Administration In this section Administering a Server .............................................................................62 Administrators and Privileges ..................................................................63 Audit Log ..................................................................................................66 Server .......................................................................................................67 SMTP .........................................
3.2 Administrators and Privileges Provisioned LDAP Administrator Groups This section allows you to manage your administrative groups. Users in these groups will automatically receive the group's administrative privileges. All of the rights are shown in a table, the ones that are currently enabled have a green mark. Using the Actions button you can delete or edit the group. You can edit the group's administrative rights. To add a provisioned LDAP administrator group: 1. Press the Add Provisioned Group.
3. 4. 5. 6. Mark all of the administrative rights you want your group users to have. Find the group. Click on the group name. Press Save. Administrative Users This section lists all your Users with administrative rights, their authentication type (Ad-Hoc or LDAP), whether they have Sync & Share rights and their status (Disabled or Enabled). You can invite a new user with full or partial administrative rights using the Add Administrator button. Using the Actions button you can delete or edit the user.
Administrative rights Full administrative rights - Gives the user full administrative rights. Can manage mobile Data Sources - Gives the user the right to manage the mobile Data Sources. This includes adding new Gateway Servers and Data Sources, managing the assigned sources, gateways visible on clients and legacy Data Sources. Can manage mobile policies - Gives the user the right to manage the mobile policies.
3.3 3.3.1 Audit Log Log Here you can see all of the recent events (depending on your purging policy, the time limit might be different), the users from which the log originated and a message explaining the action. Filter by User – filters the logs by User. You can select All, No user or choose one of the available users. Filter by Shared Projects – filters the logs by Shared Project. You can select All, Not shared or choose one of the available Shared Projects.
Note: The default location for the debug logs is: C:\Program Files (x86)\Acronis\Access\Gateway Server\Logs\AcronisAccessGateway 1. 2. 3. 4. 5. 6. 7. 8. Open the web interface. Log in as an administrator. Open the Mobile Access tab. Open the Gateway Servers tab. Find the server for which you want to enable Debug Logging. Press the Details button. In the Logging section check Debug Logging. Press the Save button. 3.3.
Session timeout in minutes – sets the length of the user session. Enable Sync and Share Support - this checkbox enables/disables the Sync and Share features. Notification Settings Email administrator a summary of errors? – If enabled, a summary of errors will be sent to specified email addresses. 68 Email Addresses – one or more email addresses which will receive a summary of errors. Notification Frequency – frequency for sending error summaries. Sends emails only if errors are present.
3.5 SMTP Acronis Access Server uses the configured SMTP server to send emails to invite users to share or enroll mobile devices, as well as notify users and administrators of server activity. SMTP server address - enter the DNS name of an SMTP server that will be used to send email invitations to your users. SMTP server port - enter your SMTP server port. This setting defaults to port 587. From Name - this is the username that appears in the "From" line in emails sent by the server.
3.6 LDAP Microsoft Active Directory can be used to provide mobile access and sync and share access to users in your organization. LDAP is not required for unmanaged mobile access or sync and share support, but is required for managed mobile access. Other Active Directory products (i.e. Open Directory) are not supported at this time.
Enable LDAP? - If enabled, you will be able to configure LDAP. LDAP server address - enter the DNS name or IP address of the Active Directory server you would like to use for regulating access. LDAP server port - the default Active Directory port is 389. This will likely not need to be modified. Note: If you're supporting multiple domains you should probably use the global catalog port. Use LDAP secure connection? - disabled by default.
templates can be found in the Legacy mobilEcho files folder by default located here: C:\Program Files (x86)\Group Logic\Access Server\Legacy mobilEcho files. The files are named invitation.html.erb and invitation.txt.erb. Select Language - Select the default language of the invitation emails. Note: When sending an enrollment invitation or an invitation to a share or sharing a single file, you can select another language in the invitation dialog.
Note: Editing a template in English does not edit the other languages. You need to edit each template separately for each language. Notice that templates allow you to include dynamic information by including parameters. When a message is delivered these parameters are replaced with the appropriate data. Different events have different available parameters. Note: Pressing the View Default button will show you the default template.
3.8 Licensing You will see a list of all your licenses. License - Type of the license (Trial, subscription etc). Clients - Maximum number of allowed licensed users. Current Licensed Client Count - Number of currently used user licenses. Current Free Client Count - Number of free users currently in the system. Adding a new license 1. 2. 3. 4. Copy your license key. Paste it in the Add license key field. Read and accept the licensing agreement by selecting the checkbox. Press Add License.
To license them, you will need a mobilEcho license. Follow the steps below: 1. Open the web interface and log in as an administrator. 2. Open the General Settings tab and open the Licensing page. 3. In the Legacy mobilEcho Licenses section you have a list of all Gateway servers using the old licensing. 4. Press Add License for the desired Gateway and enter your license key. 5. Press Save. 3.
As of version 7.0 of the Acronis Access Server, the exceptions module has been removed from the list of available modules and is enabled at all times by default. Users that have upgraded from a previous version of Acronis Access may still see the exceptions module in the list. Once you make a change to the logging options and press Save, it will disappear. Warning: These settings should not be used during normal operation and production conditions.
1. 2. 3. 4. 5. 6. 7. 8. 9. Open http://newrelic.com/ http://newrelic.com/ and create a New Relic account. For Application type select Mobile app. For Platform mark Ruby. Finish creating your account and log in. Go to Applications, leave the ruby bundle(step 1) as is and continue to the next step. Download the New Relic script - newrelic.yml. Open your Acronis Access web UI. Go to Settings and click on Monitoring. Enter the path to the newrelic.yml including the extension (e.g C:\software\newrelic.yml).
4 Maintenance Tasks To backup all of Acronis Access's elements and as part of your best practices and backup procedures, you may want to read the Disaster Recovery guidelines (p. 78) article. In this section Disaster Recovery guidelines ...................................................................78 Backing up and Restoring Acronis Access ................................................80 Tomcat Log Management on Windows ...................................................
Note: The FileStore structure contains user files and folders in encrypted form. This structure can be copied or backed up using any standard file copy tool (robocopy, xtree). Normally this structure should be located in a high availability network volume or NAS so the location may differ from the default. PostGreSQL database. This is a discrete element running as a Windows service, installed and used by Acronis Access.
1. Boot up the recovery node. Adjust any network configuration like IP Address, Host Name if needed. Test Active Directory connectivity and SMTP access, 2. If needed restore the most recent Acronis Access software suite backup. 3. Verify that Tomcat is not running (Windows Control Panel/Services). 4. If needed, restore the FileStore. Make sure the relative location of the FileStore is the same as it was in the source computer.
Info: For more information on PostgreSQL backup procedures and command syntax please read this: http://www.postgresql.org/docs/9.2/static/backup.html http://www.postgresql.org/docs/9.1/static/backup.html Backing up your Gateway Server's database 1. Go to the server on which you have your Acronis Access Gateway Server installed. 2. Navigate to the folder containing the database. Note: The default location is: C:\Program Files (x86)\Acronis\Access\Gateway Server\database 3. Copy the mobilEcho.
A "password for user postgres: " message may appear. If that happens, enter the postgres password that you set during the Acronis Access installation process. acronisaccess_production must be entered exactly as shown. This is the Acronis Access database name. 6. Once the process has completed successfully, restart the postgres service and start the Acronis Access Tomcat service. Note: Typing the password will not result in any visual changes in the Command Prompt window.
4.3 Tomcat Log Management on Windows As part of its normal operation Tomcat creates and writes information to a set of log files. Unless periodically purged, these files accumulate and consume valuable space. It is commonly accepted by the IT community that the informational value those logs provide degrades rapidly. Unless other factors like regulations or compliance with certain policies play, keeping those log files in the system a discrete number of days is what is required.
REM NumDays - Log files older than NumDays will be processed set NumDays=14 REM ===== END OF CONFIGURATIONS ====================== ECHO ECHO ===== START ============ REM ForFiles options: REM "/p": the path where you want to delete files. REM "/s": recursively look inside other subfolders present in the folder mentioned in the batch file path REM "/d": days for deleting the files older than the present date.
4. To automate the process, open Task Scheduler and create a new task. Define a name and a description for the task. 5. Set the task to run daily. 6. Define at what time the task should start. It is recommended to run this process when the system is not under extreme load or other maintenance processes are running.
7. Set the action type to “Start a program”. 8. Click the Browse button, locate and select the script (batch) file. 9. When done, click Finish. 10. In the tasks list you may want to right click on the task, select properties and verify the task will run whether a user is logged on or not, for unattended operation. 11. You can verify the task is properly configured and running properly by selecting the task, right clicking on it and selecting “Run”.
4.4 Automated Database Backup With the help of the Windows Task Scheduler, you can easily setup an automated backup schedule for your Acronis Access database. Creating the database backup script 1. Open Notepad (or another text editor) and enter the following: @echo off for /f "tokens=1-4 delims=/ " %%i in ("%date%") do ( set dow=%%i set month=%%j set day=%%k set year=%%l ) set datestr=%month%_%day%_%year% echo datestr is %datestr% set BACKUP_FILE=AAS_%datestr%_DB_Backup.
1. Enter a name and description for the task (e.g. AAS Database Backup). 2. Select Run whether user is logged in or not. On the Triggers tab: 1. Click New. 2. Select On a schedule for Begin the task. 3. Select daily and select the time when the script will be run and how often the script should be rerun (how often you want to backup your database). 4. Select Enabled from the Advanced settings and press OK. On the Actions tab: 1. 2. 3. 4. Click New. Select Start a program for Action.
2. Click on the Acronis Access Tomcat Configuration tool shortcut. 3. Open the Java tab. 4. Change the Maximum memory pool to the desired size and press OK. 5. Restart the Acronis Access Tomcat service.
5 Supplemental Material In this section Conflicting Software .................................................................................90 Load balancing Acronis Access .................................................................90 Third-party Software for Acronis Access..................................................96 Using Acronis Access with Microsoft Forefront Threat Management Gateway (TMG) Unattended desktop client configuration ..............................................
In the setup example we will use three separate machines. One of them will act as our File Repository and Database and the other two as both Access and Gateway servers. Below you can see a guide on how to configure this setup. This guide will provide the details necessary to properly load balance the Acronis Access product in your environment. On the server that will be hosting your PostgreSQL database and File Repository, perform the following steps: 1. Start the Acronis Access installer and press Next.
6. After finishing the installation procedure, proceed with going through the Configuration Utility. a. You will be prompted to open the Configuration Utility. Press OK. b. Select the address and port on which your File Repository will be accessible. Note: You will need to set the same address and port in the Acronis Access web interface. For more information visit the Using the Configuration Utility and File Repository (p. 59) articles. c. Select the path to the File Store.
2. In the Access installer, choose Custom, and select only Acronis Access Server and Acronis Access Gateway Server and continue with the installation procedure. 3. After finishing the installation procedure, proceed with going through the Configuration Utility. a. You will be prompted to open the Configuration Utility. Press OK. b. On the Access Server tab: Enter the address and port on which your Acronis Access management server will be reachable (i.e. 10.27.81.3 and 10.27.81.4).
Note: If you don't have a certificate, a self-signed certificate will be created by Acronis Access. This certificate should NOT be used in production environments. 4. Navigate to the Acronis Access installation directory (e.g. C:\Program Files (x86)\Acronis\Access\Access Server\ ) and edit acronisaccess.cfg with a text editor. 5. Set the username, password, and internal address of the server that will be running the PostgreSQL database and save the file.
c. The Client Enrollment Address should be the external address of your load balancer (i.e. mylb.company.com). Select your Color Scheme. Enter the DNS name or IP address of your SMTP server Select the language for the Audit Log messages. Under the SMTP tab: Enter the port of your SMTP server. If you do not use certificates for your SMTP server, unmark Use secure connection?. Enter the name which will appear in the "From" line in emails sent by the server.
5. Create a Cluster Group and add all of your Gateway servers to it. Your primary server should be the one you have already gone through the Setup Wizard on. For more information visit the Cluster Groups (p. 44) article. Note: Please make sure that you have already configured a correct Address for Administration on each Gateway before proceeding. This is the DNS or IP address of the Gateway server. a. b. c. d. e. f. g. Expand the Mobile Access tab. Open the Gateway Servers page.
http://wiki.postgresql.org/wiki/Running_&_Installing_PostgreSQL_On_Native_Windows#Antivirus_s oftware. For information on backing up a PostgreSQL database: PostgreSQL backup. 5.3.2 Apache Tomcat Acronis Access Server uses ApacheTomcat for its web server. Acronis Access 2.7 and later installs its own version of Tomcat into the Group Logic\Common or Acronis\Common folder. Troubleshooting Tomcat Wiki https://wiki.openmrs.org/display/docs/Troubleshooting+Tomcat.
your TMG server to get it working with Acronis Access. To use TMG as reverse proxy and firewall for your Acronis Access server you need to create two separate networks on your TMG computer: internal and external. The two TMG network adapters should be properly configured, one with a private (internal IP address) and one with a public (external IP address). The Acronis Access server should be part of the internal network.
5.4.2.1 Understanding Forefront Threat Management Gateway (TMG) Network Topology Forefront TMG includes four different network templates, that can fit in your existing network topology. It is important to choose the most appropriate for your organization option. After installing TMG, the Getting Started Wizard will appear, where you need to make initial configuration to your TMG.
Single Network Adapter - This topology enables limited Forefront TMG functionality. In this topology, Forefront TMG is connected to one network only, either the internal network or a perimeter network. Typically, you would use this configuration when Forefront TMG is located in the internal corporate network or in a perimeter network, and another firewall is located at the edge, protecting corporate resources from the Internet.
HTTP authentication: Basic authentication - The user enters a username and password which the TMG server validates against the specified authentication server. Digest and WDigest authentication - Has the same features as the Basic authentication but provides a more secure way of transmitting the authentication credentials. Integrated windows authentication - Uses the NTLM, Kerberos, and Negotiate authentication mechanisms.
Verify that your CA is in the list of trusted root CAs: 1. On each edge server, click Start, and then click Run. In the Open box, type mmc, and then click OK. This opens an MMC console. 2. On the File menu, click Add/Remove Snap-in. 3. In the Add Standalone Snap-ins box, click Certificates, and then click Add. 4. In the Certificate snap-in dialog box, click Computer account, and then click Next. 5.
5. On the Client Connection Security page select Require SSL secured connections with clients and click Next. 6. On the Web Listener IP Addresses page select External and click Next.
7. On the Listener SSL Certificates page select Use a single certificate for this Web Listener and click the Select Certificate button. Select the appropriate certificate and click the Select button to confirm your choice. 8. Confirm that the correct certificate appears on the Listener SSL Certificates page and click Next. 9. On the Authentication Settings page choose the type of authentication you'd like Acronis Access to use when it contacts the TMG reverse proxy server, and click Next.
105 SSL Client Certificate Authentication - Use this option if you'd like the Access Mobile Client app to authenticate with the TMG reverse proxy with an SSL user identity certificate. This certificate must be added to the Access Mobile Client app before the user can authenticate with the TMG reverse proxy server. Additional instructions can be found here. http://support.grouplogic.
10. On the Single Sign On Settings page verify that the SSO setting is disabled and click Next. 11. Review your selections on the Completing The New Web Listener Wizard page and click Finish. 12. Click the Apply button to commit the changes.
13. In the left pane of the Forefront TMG Management Console click Monitoring, then click on the Configuration tab in the middle pane. Keep clicking on the Refresh Now link in the right pane (Tasks tab) until there is a green icon with the checkbox in front of the TMG computer name (array name). 5.4.5 Create a New Web Site Publishing Rule 1. In the Forefront TMG Management Console expand Forefront TMG (Array Name or Computer Name) in the left pane. 2.
4. On the Select Rule Action page verify that the Allow option is selected and click Next. 5. On the Publishing Type page choose the applicable option for your case and click Next.
6. On the Server Connection Security page choose the Use SSL to connect to the published Web server or server farm option and click Next. 7. On the Internal Publishing Details page type "intname.domain.com" in the Internal site name field, where domain is a placeholder for the domain name the server you want to publish belongs to, and intname is a name you give to this server, which should be different than the external name in order to prevent routing loop. Click Next to commit the changes.
8. On the Internal Publishing Details page enter "/*" in the Path (optional) field to allow access to the entire content of the Acronis Access Gateway server. Click Next. 9. On the Public Name Details page you need to specify the name that the remote clients will use to connect to the published server. Enter "access.domain.com" in the Public name field, where domain is a placeholder for the domain name of the server you want to publish. Leave the other options the way they are by default and click Next.
10. On the Select Web Listener page select the web listener that you have created for Acronis Access from the drop-down menu and click Next. 11. On the Authentication Delegation page select the No delegation, but client may authenticate directly option from the drop-down menu and click Next.
12. On the User Sets page verify that the default All Users option is present and click Next to continue. 13. On the Completing The New Web Publishing Rule Wizard page review the summary of your selections. Click Test Rule to confirm that the publishing rule is working properly. Click Finish to complete the process.
14. Click the Apply button to commit the changes. 15. In the left pane of the Forefront TMG Management Console click Monitoring, then click on the Configuration tab in the middle pane. Keep clicking on the Refresh Now link in the right pane (Tasks tab) until there is a green icon with the checkbox in front of the TMG computer name (array name). 5.4.
5.5 Unattended desktop client configuration With the use of Microsoft's Group Policy Management, you can easily configure the Acronis Access Desktop client on multiple machines remotely. The only thing end users will have to do is install, start the client and enter their password. The Group Policy Management also ensures that users cannot change/replace the correct settings by accident. If this happens, they can simply log off and when they log in, the correct settings will be re-applied.
8. For the Sync-Folder: a. For Value name enter "activEcho Folder". b. For Value type select REG_SZ. c. For Value data enter the following token and path: %USERPROFILE%\Desktop\AAS Data Folder 9. For the Auto-Update: a. For Value name enter "AutoCheckForUpdates". b. For Value type select DWORD. c. For Value data enter "00000001". The value "1" enables this setting and the client will automatically check for updates. Setting the value to "0" will disable the setting. 10. For the Certificates: a.
If you want to monitor the actual computer as well 1. 2. 3. 4. Open http://newrelic.com/ http://newrelic.com/ and log in with your account. Press Servers and download the New Relic installer for your operating system. Install the New Relic monitor on your server. The New Relic server monitor requires Microsoft .NET Framework 4. The link the New Relic installer takes you to is only for the Microsoft .NET Framework 4 Client Profile.
Note: In case you receive this error: WARNING: can't open config file: /usr/local/ssl/openssl.cnf run the following command: set OPENSSL_CONF=C:\OpenSSL-Win64\bin\openssl.cfg change the path, depending on where you installed OpenSSL. After you have completed this procedure, attempt step 1 again. 2. You will now be asked to enter details to be entered into your CSR. Use the name of the web server as Common Name (CN). If the domain name is mydomain.
All of the certificates successfully installed in the Windows Certificate Store will be available when using the Acronis Access Configuration Utility. Configure Acronis Access to use your certificate After you've successfully installed your certificate to your certificate store, you have to configure Acronis Access to use that certificate. 1. Launch the Acronis Access Configuration Utility. Note: Located in C:\Program Files (x86)\Acronis\Access\Configuration Utility by default. 2.
Press Edit and under Allow, mark the following permissions: Traverse Folder/Execute File List Folder/Read Data Read Attributes Read Extended Attributes Create Files/Write Data Create Folders/Append Data Write Attributes Write Extended Attributes Delete Read Permissions For the drop-only users Press Edit and under Allow, mark the following permissions: List Folder/Read Data Create Files/Write Data Read Permissions For the Creator Owner group Press Edit and under Allow, mark th
5.9 Customizing the web interface Acronis Access allows for the web based user interface to be modified to satisfy branding and look and feel requirements. The logo can be changed to permit customers to better integrate the solution with their corporate standards. To add a custom logo: 1. Open the web interface and navigate to General Settings -> Server. 2. Select Use Custom Logo and select the desired image. The file must be a JPEG or PNG, with a minimum width of 160 pixels.
5.11 How to move the FileStore to a non-default location. Note: Before proceeding, please log-in as an administrator, go to the Server Settings page and from the File Store Repository Service field take note of the port being used. This port is normally 5787 but your setup may be different. You will need this port in the following steps. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. Go to the machine on which Acronis Access is installed. Stop the Acronis Access File Repository Server service.
Good Proxy server - This service is installed on an on-premise server and is used to provide network access for Good Dynamics apps needing to communicate with on-premise application servers, such as a Acronis Access Gateway server.
1. A trial version of the server-side software can be requested by visiting the Trial page. Once this request form has been submitted, you will receive an email with links to download the Acronis Access server trial installer and to the Quick Start Guide to assist in initial setup. 2. The Acronis Access for Good Dynamics client app is a free download from the Apple App Store http://www.grouplogic.com/web/megoodappstore. http://www.grouplogic.
On the Acronis Access for Good app page, click the Get Application button to request a trial or licensed version of the app. https://begood.good.com/gd-app-details.
If you select a trial version of the app, your access should be granted within a few minutes. You should receive a notification from the beGood site when your request has been accepted and notifying you that the Acronis Access for Good app as been published to your Good Control server. Once this has happened, log into your Good Control server and click Manage Applications in the lefthand menu. Acronis Access should now be listed as a Partner app in your managed applications list.
In the Server Info box, enter the DNS name or IP address of your Acronis Access Gateway server. The Port number is usually 443, unless you've configured Acronis Access to run on a non-standard port. All communication between Acronis Access clients and the Gateway servers occurs on port 443 by default. Click the 'Check' button to save this change. 5.12.3.
In the Additional Servers box, enter the Gateway server's DNS name or IP address and it's port, then click the "+" icon to add it to the list. The default Gateway server port is 443. 5.12.4 Good Dynamics Policy Sets and Acronis Access The Acronis Access for Good Dynamics app respects the policy settings included in a user's assigned Policy Set. Policy sets are configured on the Good Control server.
apps that include this feature. This functionality is be available, even with the Good Control Data Leakage Protection policy setting enabled. An upcoming version of Acronis Access for Good Dynamics will add the ability to transfer files directly between the Acronis Access for Good Dynamics app and other 3rd party Good Dynamics apps.
4. Select Acronis Access for Good from the list of available applications and click OK. To generate an Access Key that will allow a user to enroll their Acronis Access for Good app with Good Dynamics: 1. Select Manage Users from the lefthand menu in the Good Control console. 2. Select the user you'd like to create an Access Key for. 3. On the Access Keys tab, select the number of keys you'd like to send and click the Provision button.
5.12.6 Enrolling the Acronis Access client app in Good Dynamics The Acronis Access for Good client app available on the Apple App Store http://www.grouplogic.com/web/megoodappstore is purpose build as a Good Dynamics integrated application. When first installed on a device, the Acronis Access app starts and required the user to activate it in your Good Dynamics system. To enroll a Acronis Access client app in Good Dynamics: 1. Launch Acronis Access for Good Dynamics on your device. 2.
4. If required by your Good Dynamics policy, you will be asked to set an application lock password. If you are also using Good for Enterprise, Acronis Access may require that you log into Good for Enterprise in order to gain access to the Acronis Access app. 5. Once this process is completed, you will be taken to the Acronis Access application's home screen.
From this point on, when you start the Access Mobile Client app, you may be required to enter the Acronis Access for Good Dynamics application password that you configured earlier, or you may be required to authenticate with your Good for Enterprise app before Acronis Access opens. Aside from that requirement, Acronis Access for Good Dynamics functions the same way that standard Access Mobile Client does. Some features in the app may be restricted based on your Good Dynamics policy set.
5.13 MobileIron AppConnect support In this section Introduction ...........................................................................................133 Testing a trial version of Acronis Access with AppConnect ...................133 Creating an AppConnect configuration and policy for Acronis Access on your MobileIron VSP Activating the Acronis Access iOS client with AppConnect ...................138 Ongoing AppConnect management of Access Mobile Clients ...............
The iOS device also needs to have the MobileIron Mobile@Work app https://itunes.apple.com/app/mobilecho/id320659794 installed before any AppConnect-enabled apps can be activated. When you are ready to activate Access Mobile Clients with AppConnect, please proceed to the following sections of this document. 5.13.3 Creating an AppConnect configuration and policy for Acronis Access on your MobileIron VSP Before you can start on-boarding Acronis Access users (p. 25).
Within App Settings, click Add New and select Configuration in the AppConnect menu item.
Within this new AppConnect App Configuration, enter the following information: Name – This can be any name you’d like to assign to this configuration. You may create more than one configuration and assign those configurations to different MobileIron labels. Description – This can be any description you like. Application – This must be set to the Bundle Identifier of the Access Mobile Client app, which is: com.grouplogic.
enrollmentAutoSubmit - This key is optional. This will cause the enrollment form to be submitted automatically, so that they user does not have to tap the “Enroll Now” button to proceed. To enable this key, set its value to: Yes requirePIN – This key is optional.
Allow Open In - Select this option if you would like to allow Acronis Access users to open files into other applications on the device. If selected, this option will also allow you to specify a list of specific apps that are allowed. 5.13.3.3 Assign labels to the new Configuration and Container Policy In order for these new policies to be applied to mobile devices, ensure that you assign the MobileIron labels for any required users to both the Configuration and the Container Policy. 5.13.
the Acronis Access app, tapping the MobileIron AppConnect option towards the bottom of the settings list, and selecting the Enable button. If the AppConnect setup does not begin immediately, please leave the Acronis Access app open for a few minutes to allow it to begin. Once setup begins, it will proceed as described in the previous scenario. If the Mobile@Work app is not present on the device, Acronis Access will display a warning on this Settings menu rather than an Enable button. 5.13.4.
As this is a complex setup in order to reduce errors and simplify troubleshooting, it will be accomplished in two phases. The first phase will establish an AppTunnel using username/password to authentication to the Acronis Access server. This infrastructure will be built on in phase two to add on Kerberos Constrained Delegation. It is highly recommended to test the tunnel works with username/password authentication before moving on to Kerberos to eliminate steps in problem determination.
communication. Port 88 is used for Kerberos protocol communication. Port 389 (or 636) is used for the LDAP ping between Sentry and the KDC to verify that the KDC IP is the same as the Active Directory IP. If Windows Server 2003 is being used, the KDC may listen for requests on port 88 using UDP instead of TCP. You can force Kerberos to use TCP instead of UDP by changing the MaxPacketSize from 0 to 1 in the registry editor.
6 Configuring an AppConnect tunnel between the Access Mobile client and the Access server via username/password authentication The first step towards configuring an AppConnect tunnel between the Acronis Access mobile client and the Acronis Access server is to add and configure the Sentry to the VSP. This is a muti-step process broken down into the following phases.
4. Click Generate. 5. Then click Save. 6. Click View Certificate on the new CA. 7. Copy the certificate to a new text file and save to the desktop. 1. Open the MobileIron VSP Admin Portal. 2. Select Policies & Configs and open Configuration.
3. Press Add New and select SCEP. Name: Enter a name based on your preference. Setting Type: Select Local. Local CAs: Name of the CA created in "Generate a new Local CA". Subject: Enter a name based on your preference (e.g. CN=tunneling) but it must start with CN=.. Key Size: Select the same value you selected when generating the CA. In this case, select 2048. 4. Click Save. 1. Still within the MobileIron VSP Admin Portal, select Settings open Sentry. 2.
Sentry Host Name/IP: The DNS name your sentry is installed on. It must be reachable via the MobileIron VSP. Sentry Port: The port open for connection via the MobileIron VSP (default is 9090). Enable App Tunneling: Mark the checkbox. Device Authentication: Select Identity Certificate. 3. Click Upload Certificate. 4. Browse and select the text file you saved to desktop in "Generate a new local CA". 5. Click Upload Certificate.
6. 1. Still within the MobileIron VSP Admin Portal, select Policies & Configs and open Configurations. 2. Press Add New, select AppConnect and select Container Policy. Name: Enter a name based on your preference. Application: Enter com.grouplogic.mobilecho. This is a Bundle ID from the iOS App Store. Policies: Set whatever MobileIron policies you want to use for managing Acronis Access. 3. Click Save. 1.
2. Press Add New, select AppConnect and select Configuration. Name: Enter a name based on your preference. App Tunnel Application: Enter com.grouplogic.mobilecho. This is the Bundle ID as seen in the Apple store. URL Wildcard: The URL that the client will try to contact the Acronis Access gateway server on. This must match the "Address for client connections" configured for the Gateway server in the Acronis Access admin interface.
*Address for client connections from the Acronis Access web interface. This address will be used in profiles sent to the mobile client for making file system connections. The sentry URL Wildcard must match this address and port to route those connections through to the sentry. 1. Still within the MobileIron VSP Admin Portal, select Users & Devices and open Labels. 2. Press Add new. Name: Enter a name based on your preference. Description: Enter a description based on your preference. 3. Click Save.
2. Mark the SCEP, AppConnect policies, and AppConnect configurations you created while following this document. Open Configurations to view them listed. 3. Press More Actions and select Apply to Label. 4. Mark the Label created in "Create a new label". 5. Click Apply. 1. Still within the MobileIron VSP Admin Portal, Select Users & Devices and open Devices.
2. Mark the iOS device to be used for Sentry testing. 3. Select Actions -> Apply to Label. 4. Check Label created in "Create a new label". 5. Click Apply. 1. Open the Mobile@Work app and open the Settings. 2. Tap on Check for Updates. 3. Tap on Force Device Check-In. If this is successful the SCEP configured in this document should show up in the device settings at Settings -> General -> Profiles.
4. Install Acronis Access from the App Store and Launch it. 5. Select Enroll Now on the Welcome view or go to Settings and scroll down to Enrollment. 6. Enter the address used for client connections to the Acronis Access Gateway and configured in the AppConnect Configuration. For a true test this URL should not be reachable by the mobile client (use celluar or an external network). 7. Tap continue. 8. Enter Username and Password and tap Enroll Now.
5. When traffic comes from the mobile device you should see the sentry log scroll with entries related to the hostname configured.
7 Adding Kerberos Constrained Delegation Authentication Once you have setup and verified the AppTunnel works via Username/Password authentication for Acronis Access, you can modify the configurations created to allow Kerberos Constrained Delegation authentication to the Acronis Access Gateway. When this is properly configured the end user will not have to supply a username or password to enroll with management or to browse data sources.
Ensure that the correct domain name is selected in the field next to the User Logon Name field. If the correct domain is not selected, choose the correct domain name from the drop-down list next to the User Logon Name field. 5. Click Next. Password: Enter a password. Password never expires: Ensure that User must change password at next logon is not selected. Typically, in the enterprise, the User cannot change password and Password Never Expires fields should be selected. 6. Click Next. 7.
4. Find and select the Kerberos user account that you created in "Create a Kerberos Service Account". 5. Right-click on the account and select Properties. Click on the Delegation tab. Select Trust This User For Delegation To Specified Services Only. Select Use Any Authentication Protocol. 6. Press Add…. 7. Press Users or Computers…. 155 Enter the computer name of the Acronis Access Gateway Server. Click on Check Names.
The correct computer name should appear in the object name box. 8. Click OK.
9. Find and select the "http" service in the Add Services window. 10. Click OK. Note: For a large deployment with multiple Gateway Servers you should repeat steps 6 through 10 for each Gateway Server. However, for the initial setup, it's best to begin with a single Gateway Server hosting some local test folders. Once you have confirmed access to those, then you can expand to additional Gateway Servers and non-local folders. 1. Open the MobileIron VSP Admin Portal. 2.
4. Click on its name and click Edit in the panel on the right. Enter two Subject Alternative Name Types NT Principal Name: $USER_UPN$ Distinguished Name: $USER_DN$ Note: These entries require user accounts on the VSP to come from the active directory and these variables to be supplied by it. This configuration is beyond the scope of this document. 5. Click Save. 6. Since you have modified the SCEP, you will have to re-provision the device in Mobile@Work before testing the iOS client.
1. Still in the MobileIron VSP Admin Portal, select Settings and open Sentry. 2. Find the Sentry created in "Add and Configure the Sentry". 3. Click on the Edit icon. In the Device Authentication Configuration select the following for the Certificate Field Mapping: Subject Alternative Name Type: NT Principal Name Value: User UPN In the App Tunneling Configuration change the Server Authentication to Kerberos. In the Kerberos Authenication Configuration section.
Using either the Sentry EXEC or the Sentry logs in the System Manager verify the Sentry is able to reach and receive a Kerberos ticket from the KDC. Find the line "Informational only: Successfully Received Sentry Service Ticket from KDC". This verifies the Sentry is able to reach and communicate with the KDC. The changes we made to the SCEP must be pushed down to the iOS device. The changes we made to the Sentry can take several minutes to be pushed down to it.
You can verify the SCEP is properly updated using the iOS Settings app. Under Settings -> General -> Profiles -> The SCEP name you created -> More Details -> Certificate -> The portion after CN= you enter in the subject name of the SCEP, you should see entries for "Subject Alternative Name" and "Directory Name". If this is properly pulled from Active Directory it should match the user that you used to activate Mobile@Work. If that is correct reinstall the Acronis Access Mobile Client.
2. 3. 4. 5. 6. 7. 8. 9. Find the computer object corresponding to the Gateway server. Right-click on the user and select Properties. Open the Delegation tab. Select Trust this computer for delegation to specified services only. Under that select Use any authentication protocol. Click Add. Click Users or Computers. Search for the sever object for the SMB share or SharePoint server and click OK. For SMB shares, select the cifs service. For SharePoint, select the http service. 10.
2. Disable any anti-virus software you have or it may interrupt the installation procedure resulting in a failed installation. 3. Double-click on the installer executable. 4. Press Next to begin. 5. Read and accept the license agreement. 6. Press Install. Note: If you're deploying multiple Acronis Access servers, or you are installing a non-standard configuration, you can select which components to install from the Custom Install button. 7.
9. Choose a location on a shared disk for the Postgres Data folder and press Next. 10. A window displaying all the components which will be installed appears. Press OK to continue. When the Acronis Access installer finishes, press Exit. Creating the Service group 1. Open the Failover Cluster Manager and expand your cluster. 2. Right-click on Services and Applications and select More Actions.
3. Select the Create Empty Service or Application and press Next. Give the service group a proper name. (e.g. Acronis Access, AAS Cluster). Configurations on the Active node 1. Configure your Gateway Server's database to be on a location on a shared disk. a. Navigate to C:\Program Files (x86)\Acronis\Access\Gateway Server\ b. Find the database.yml file and open it with a text editor. c. Find this line: database_path: './database/' and replace ./database/ with the path you want to use (e.g.
2. Select Generic Service. 3. Select the proper service and press Next. 4. On the confirmation window press Next.
5. Press Next on the Replicate Registry Settings window. 6. On the summary window press Finish. Setting a Client Access Point 1. Right-click on the Acronis Access service group and select Add a resource. 2. Select Client Access Point. 3. Enter a name for this access point.
4. Select a network. 5. Enter the IP address and press Next. 6. On the Confirmation window press Next. 7. On the summary window press Finish. Adding a shared disk 1. Right-click on the Acronis Access service group and select Add a resource. 2. Select the desired shared drive. 3. On the Confirmation window press Next. 4. On the summary window press Finish.
Configuring dependencies 1. Double click on the Acronis Access Service group. For PostgreSQL and Acronis Access File Repository services do the following: 1. Right-click on the appropriate service and select Properties. 2. Click on the Dependencies tab. 3. Click on Resource and select the shared disk you have added. 4. Press Apply and close the window. For PostgreSQL also do the following: 1. Click on the Registry Replication tab.
2. Press Add and enter the following: SYSTEM\CurrentControlSet\Services\AcronisAccessPostgreSQL\(For older versions of Acronis Access the service may be different. e.g. postgresql-x64-9.2) For the Acronis Access Gateway Server service do the following: 1. Right-click on the appropriate service and select Properties. 2. Click on the Dependencies tab.
3. Click on Resource and select the shared disk you have added and the Network Name (this is the name of the Client access point). 4. Press Apply and close the window. For the Acronis Access Tomcat service do the following: 1. Right-click on the appropriate service and select Properties. 2. Click on the Dependencies tab.
3. Click on Resource and select the PostgreSQL and Acronis Access Gateway Server services as dependencies.Press Apply and close the window. Note: If you want to run the Gateway and Access servers on different IP addresses add the second IP as a resource to the Acronis Access Service group and set it as a dependency for the network name. Bringing the service group online and using the Configuration Utility 1.
3. Configure the Acronis Access Gateway Server service to listen on the IP address(es) for the Acronis Access Service group. 4. Configure the Acronis Access Server service to listen on the IP address(es) for the Acronis Access Service group. Note: If Redirect requests from port 80 is selected, Tomcat will listen for incoming traffic on the unsecure port 80 and redirect it to the HTTPS port you have specified above. If you have another program listening on port 80, do not check this box.
5. Configure the Acronis Access File Repository to listen on localhost and change the Filestore path to be on the shared disk. This path should be the same for both nodes. 6. Click OK to complete the configuration and restart the services. Installation and configuration on the second node 1. Disable any anti-virus software you have or it may interrupt the installation procedure resulting in a failed installation. 2.
7. Configure the Acronis Access Gateway Server service to listen on the IP address(es) for the Acronis Access Service group. 8. Configure the Acronis Access Server service to listen on the IP address(es) for the Acronis Access Service group. Note: If Redirect requests from port 80 is selected, Tomcat will listen for incoming traffic on the unsecure port 80 and redirect it to the HTTPS port you have specified above. If you have another program listening on port 80, do not check this box.
9. Configure the Acronis Access File Repository to listen on localhost and change the Filestore path to be on the shared disk. This path should be the same for both nodes. 10. Click OK to complete the configuration and restart the services. 7.2.2 Installing Acronis Access on a Windows 2012 Microsoft Failover Cluster Installing Acronis Access Please make sure you are logged in as an administrator before installing Acronis Access. 1. Download the Acronis Access installer. 2.
Note: If you're deploying multiple Acronis Access servers, or you are installing a non-standard configuration, you can select which components to install from the Custom Install button. 7. Either use the default path or select a new one for the Acronis Access main folder and press OK. 8. Set a password for the user Postgres and write it down. This password will be needed for database backup and recovery. 9. Choose a location on a shared disk for the Postgres Data folder and press Next. 10.
2. Select Create empty role. Give the role a proper name. (e.g. Acronis Access, AAS Cluster) Configurations on the Active node 1. Configure your Gateway Server's database to be on a location on a shared disk. a. Navigate to C:\Program Files (x86)\Acronis\Access\Gateway Server\ b. Find the database.yml file and open it with a text editor. c. Find this line: database_path: './database/' and replace ./database/ with the path you want to use (e.g. database_path: 'S:/access_cluster/database/').
Adding all of the necessary services to the Acronis Access role Complete the following procedure for each of the following services: AcronisAccessGateway, AcronisAccessPostgreSQL (this may be different depending on the version of Acronis Access), AcronisAccessRepository and AcronisAccessTomcat 1. Right-click on the Acronis Access role and select Add a resource. 2. Select Generic Service.
3. Select the proper service and press Next. 4. On the Confirmation window press Next. 5. On the summary window press Finish. Setting an Access Point 1. Right-click on the Acronis Access role and select Add a resource.
2. Select Client Access Point. 3. Enter a name for this access point. 4. Select a network. 5. Enter the IP address and press Next. 6. On the Confirmation window press Next.
7. On the summary window press Finish. Adding a shared disk 1. Right-click on the Acronis Access role and select Add Storage. 2. Select the desired shared drive. Configuring dependencies 1. Select the Acronis Access role and click on the Resources tab For PostgreSQL and Acronis Access File Repository services do the following: 1. Right-click on the appropriate service and select Properties. 2. Click on the Dependencies tab.
3. Click on Resource and select the shared disk you have added. 4. Press Apply and close the window. For the Acronis Access Gateway Server service do the following: 1. Right-click on the appropriate service and select Properties. 2. Click on the Dependencies tab. 3. Click on Resource and select the shared disk you have added and the Network Name (this is the name of the Client access point).
4. Press Apply and close the window. For the Acronis Access Tomcat service do the following: 1. Right-click on the appropriate service and select Properties. 2. Click on the Dependencies tab. 3. Click on Resource and select the PostgreSQL and Acronis Access Gateway Server services as dependencies.Press Apply and close the window.
3. Configure the Acronis Access Gateway Server service to listen on the IP address(es) for the Acronis Access Service group. 4. Configure the Acronis Access Server service to listen on the IP address(es) for the Acronis Access Service group. Note: If Redirect requests from port 80 is selected, Tomcat will listen for incoming traffic on the unsecure port 80 and redirect it to the HTTPS port you have specified above. If you have another program listening on port 80, do not check this box.
5. Configure the Acronis Access File Repository to listen on localhost and change the Filestore path to be on the shared disk. This path should be the same for both nodes. 6. Click OK to complete the configuration and restart the services. Installation and configuration on the second node 1. Disable any anti-virus software you have or it may interrupt the installation procedure resulting in a failed installation. 2.
4. Open the key: DataDirectory and change the value to the path you have selected for the PostgreSQL data folder location (e.g. E:/PostgreSQL/data). 5. Close Regedit and continue with the steps below. 6. Move the Acronis Access role to the second node. Using the Configuration Utility on the second node 1. Launch the Configuration Utility.
2. Configure the Acronis Access Gateway Server service to listen on the IP address(es) for the Acronis Access Service group. 3. Configure the Acronis Access Server service to listen on the IP address(es) for the Acronis Access Service group. Note: If Redirect requests from port 80 is selected, Tomcat will listen for incoming traffic on the unsecure port 80 and redirect it to the HTTPS port you have specified above. If you have another program listening on port 80, do not check this box.
4. Configure the Acronis Access File Repository to listen on localhost and change the Filestore path to be on the shared disk. This path should be the same for both nodes. 5. Click OK to complete the configuration and restart the services. 7.3 Upgrading from mobilEcho 4.5 on a Microsoft Failover Cluster Warning! Acronis Access failover clustering is not supported by versions older than 5.0.3. If you're using an older version, you will have to upgrade to version 5.0.
4. Disable any anti-virus software you have or it may interrupt the installation procedure resulting in a failed installation. 5. Double-click on the installer executable. 6. Press Next to begin. 7. Read and accept the license agreement. 8. Press Install. Note: If you're deploying multiple Acronis Access servers, or you are installing a non-standard configuration, you can select which components to install from the Custom Install button. 9.
11. Choose a location on a shared disk for the Postgres Data folder and press Next. 12. A window displaying all the components which will be installed appears. Press OK to continue. 13. When the Acronis Access installer finishes, press Exit.Navigate to your shared disk, locate and copy these 3 files: production.sqlite3, mobilEcho_manager.cfg and priority.txt (this one might not exist) and paste them to the Acronis Access installation directory, replacing the existing files.
2. Select Generic Service. 3. Select the proper service and press Next. 4. On the confirmation window press Next.
5. Press Next on the Replicate Registry Settings window. 6. On the summary window press Finish. Configuring dependencies 1. Double click on the Acronis Access Service group. For PostgreSQL and Acronis Access File Repository services do the following: 1. Right-click on the appropriate service and select Properties. 2. Click on the Dependencies tab. 3. Click on Resource and select the shared disk you have added. 4. Press Apply and close the window. For PostgreSQL also do the following: 1.
2. Press Add and enter the following: SYSTEM\CurrentControlSet\Services\AcronisAccessPostgreSQL\(For older versions of Acronis Access the service may be different. e.g. postgresql-x64-9.2) For the Acronis Access Gateway Server service do the following: 1. Right-click on the appropriate service and select Properties. 2. Click on the Dependencies tab.
3. Click on Resource and select the shared disk you have added and the Network Name (this is the name of the Client access point). 4. Press Apply and close the window. For the Acronis Access Tomcat service do the following: 1. Right-click on the appropriate service and select Properties. 2. Click on the Dependencies tab.
3. Click on Resource and select the PostgreSQL and Acronis Access Gateway Server services as dependencies.Press Apply and close the window. Note: If you want to run the Gateway and Access servers on different IP addresses add the second IP as a resource to the Acronis Access Service group and set it as a dependency for the network name. Bringing the service group online and using the Configuration Utility 1.
3. Configure the Acronis Access Gateway Server service to listen on the IP address(es) for the Acronis Access Service group. 4. Configure the Acronis Access Server service to listen on the IP address(es) for the Acronis Access Service group. Note: If Redirect requests from port 80 is selected, Tomcat will listen for incoming traffic on the unsecure port 80 and redirect it to the HTTPS port you have specified above. If you have another program listening on port 80, do not check this box.
5. Configure the Acronis Access File Repository to listen on localhost and change the Filestore path to be on the shared disk. This path should be the same for both nodes. 6. Click OK to complete the configuration and restart the services. Installation and configuration on the second node 1. Disable any anti-virus software you have or it may interrupt the installation procedure resulting in a failed installation. 2.
7. Configure the Acronis Access Gateway Server service to listen on the IP address(es) for the Acronis Access Service group. 8. Configure the Acronis Access Server service to listen on the IP address(es) for the Acronis Access Service group. Note: If Redirect requests from port 80 is selected, Tomcat will listen for incoming traffic on the unsecure port 80 and redirect it to the HTTPS port you have specified above. If you have another program listening on port 80, do not check this box.
9. Configure the Acronis Access File Repository to listen on localhost and change the Filestore path to be on the shared disk. This path should be the same for both nodes. 10. Click OK to complete the configuration and restart the services. 7.3.2 Upgrading a mobilEcho server on a Windows 2012 Failover Cluster to Acronis Access 1. Open the Failover Cluster Manager and double-click on your service group. 2. Delete the mobilEcho service resources.
8. Press Install. Note: If you're deploying multiple Acronis Access servers, or you are installing a non-standard configuration, you can select which components to install from the Custom Install button. 9. Either use the default path or select a new one for the Acronis Access main folder and press OK. 10. Set a password for the user Postgres and write it down. This password will be needed for database backup and recovery. 11. Choose a location on a shared disk for the Postgres Data folder and press Next.
Configurations on the Active node 1. Configure your Gateway Server's database to be on a location on a shared disk. a. Navigate to C:\Program Files (x86)\GroupLogic\mobilEcho Server\ b. Find the database.yml file and open it with a text editor. c. Find this line: database_path: './database/' and replace ./database/ with the path you want to use (e.g. database_path: 'S:/mobilEcho_cluster/database/'). Note: Use slashes(/) as a path separator. Note: You can copy the configured database.
3. Select the proper service and press Next. 4. On the Confirmation window press Next. 5. On the summary window press Finish. Setting an Access Point 1. Right-click on the Acronis Access role and select Add a resource.
2. Select Client Access Point. 3. Enter a name for this access point. 4. Select a network. 5. Enter the IP address and press Next. 6. On the Confirmation window press Next.
7. On the summary window press Finish. Adding a shared disk 1. Right-click on the Acronis Access role and select Add Storage. 2. Select the desired shared drive. Configuring dependencies 1. Select the Acronis Access role and click on the Resources tab For PostgreSQL and Acronis Access File Repository services do the following: 1. Right-click on the appropriate service and select Properties. 2. Click on the Dependencies tab.
3. Click on Resource and select the shared disk you have added. 4. Press Apply and close the window. For the Acronis Access Gateway Server service do the following: 1. Right-click on the appropriate service and select Properties. 2. Click on the Dependencies tab. 3. Click on Resource and select the shared disk you have added and the Network Name (this is the name of the Client access point).
4. Press Apply and close the window. For the Acronis Access Tomcat service do the following: 1. Right-click on the appropriate service and select Properties. 2. Click on the Dependencies tab. 3. Click on Resource and select the PostgreSQL and Acronis Access Gateway Server services as dependencies.Press Apply and close the window.
3. Configure the Acronis Access Gateway Server service to listen on the IP address(es) for the Acronis Access Service group. 4. Configure the Acronis Access Server service to listen on the IP address(es) for the Acronis Access Service group. Note: If Redirect requests from port 80 is selected, Tomcat will listen for incoming traffic on the unsecure port 80 and redirect it to the HTTPS port you have specified above. If you have another program listening on port 80, do not check this box.
5. Configure the Acronis Access File Repository to listen on localhost and change the Filestore path to be on the shared disk. This path should be the same for both nodes. 6. Click OK to complete the configuration and restart the services. Installation and configuration on the second node 1. Disable any anti-virus software you have or it may interrupt the installation procedure resulting in a failed installation. 2.
4. Open the key: DataDirectory and change the value to the path you have selected for the PostgreSQL data folder location (e.g. E:/PostgreSQL/data). 5. Close Regedit and continue with the steps below. 6. Move the Acronis Access role to the second node. Using the Configuration Utility on the second node 1. Launch the Configuration Utility.
2. Configure the Acronis Access Gateway Server service to listen on the IP address(es) for the Acronis Access Service group. 3. Configure the Acronis Access Server service to listen on the IP address(es) for the Acronis Access Service group. Note: If Redirect requests from port 80 is selected, Tomcat will listen for incoming traffic on the unsecure port 80 and redirect it to the HTTPS port you have specified above. If you have another program listening on port 80, do not check this box.
4. Configure the Acronis Access File Repository to listen on localhost and change the Filestore path to be on the shared disk. This path should be the same for both nodes. 5. Click OK to complete the configuration and restart the services. 7.4 Upgrading Acronis Access on a Microsoft Failover Cluster The following steps will help you upgrade your Acronis Access Server cluster to a newer version of Acronis Access. 1. Go to the the active node. 2. Open the Cluster Administrator/Failover Cluster Manager.
3. Stop all of the Acronis Access services (including postgres-some-version). The shared disk must be online. 4. Disable any anti-virus software you have or it may interrupt the installation procedure resulting in a failed installation. 5. Double-click on the installer executable. 6. Press Next to begin. 7. Read and accept the license agreement.
8. Press Upgrade. 9. Review the components which will be installed and press Install. 10. Enter the password for your postgres super-user and press Next. 11. When the installation finishes, press Exit to close the installer. Warning! Do not bring the cluster group online! 12. Move the cluster group to the second node. 13. Complete the same installation procedure on the second node. 14. Bring all of the Acronis Access services online. 7.
3. Open the server.xml file. 4. Find this line: SSLCipherSuite="" 5. Replace the contents between the two quotation marks with the ciphers you wish to use. Note: If you wish to support an unsecure version of Internet Explorer 8 or the Acronis Access Desktop client on Windows XP, enter the following: ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM e.g.: SSLCipherSuite="ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM" 6. Save the changes made to the server.
8 What's New In this section What's New in Acronis Access Server ....................................................216 What's New in the Acronis Access app ..................................................230 Previous Releases...................................................................................231 8.1 What's New in Acronis Access Server Note: Numbers such as "[DE1013, US552, #2717]" refer to Acronis' internal change tracking system. Note: Numbers such as "[7.0.
Java version 7 U71 is used in this release. (US9486) The default threshold and interval for user notification as they approach their quota for Sync & Share can now be configured. (US8605) Apache Tomcat 7.0.56 is used in this release. (US9801) Improved audit logging when files are downloaded from direct download link. (DE10961) Sorting files by type is now allowed in the web client interface. (US6836) Postgres can now be removed using the 'Add/Remove Programs' control panel.
Acronis Access 6.1.3 ENHANCEMENTS The default SSL bindings of Acronis Access no longer support Internet Explorer 8 client connections. To enable unsecure Internet Explorer 8 connections on a new installation, please see this article: Changing the Acronis Access Tomcat SSL Ciphers (p. 214). (US8460) New Relic agent updated to the version 3.9.0.229. Please note that New Relic will stop working until it is upgraded to this release.
Java 7 Update 51 is used in this release. BUG FIXES Fixed an issue with downloading Sync & Share files from an Amazon S3 repository. Fixed an issue with populating the owner_name value in the exported logs. Fixed possible request timeout issue when enrolling a mobile client in a large Active Directory. Fixed a licensing message issue with running multiple Gateway servers on the same network using the same serial number.
Addressed a dependency issue that could prevent the Access Gateway service from starting automatically after a reboot on Windows Server 2008R2. Acronis Access 6.1 ENHANCEMENTS Web Services API for the Acronis Access Server administration. The API documentation is packaged within the Access server and is accessible by administrators. The link can be found in the footer. The Acronis Access audit log can now be configured to automatically export and purge old log entries.
The Acronis Gateway Server service is now dependent on other key services so it should be assured to start properly when the server starts up. When a Cluster Group is disbanded, any policies that were using that Cluster Group as the Gateway Server used to access “My Network Folders” (locations added by the user) will be updated to instead use the last Gateway Server that was a member of the Cluster Group. Fixed an issue with email address filtering for enrolled users.
Acronis Access 6.0.1 ENHANCEMENTS Added a new policy to specify which gateway or cluster group will be used to share users’ Active Directory assigned home folders. Active Directory assigned home folders will now automatically be shared by a gateway without the need to manually created a data source or enable the “Allow User to Add Network Folders by UNC path or URL” policy setting.
Clients who do not have sync and share enabled will no longer be incorrectly reported as “unmanaged” in the audit log. Files with Japanese or other characters in their filenames should no longer have the filenames changed when downloaded with Internet Explorer. Administrators should no longer see unresolvable errors when subscription licenses expire. Home directories should no longer be inaccessible after upgrades from pre-5.0 versions of mobilEcho. Miscellaneous localization bug fixes.
BUG FIXES The Default Language setting in Server Settings has been renamed to be clear that it is the default audit log language. If a data source for an Active Directory home folder cannot be resolved, the Mobile Clients will no longer see the home folder, instead of getting an error accessing the !HOME_DIR_SERVER. Miscellaneous bug fixes in the Acronis Access Desktop Client. Miscellaneous localization improvements. Acronis Access 5.1.
On Windows Server 2003, the uninstall process no longer reports that PostgreSQL was not installed by the Acronis Access Server installer. The Configuration Utility now generates an error if the Gateway Service is configured to bind to all address on a port and the Access Server on a specific address with the same port. By default on clean installs Tomcat is now configured to not listen for shutdown requests on port 8005. This prevents conflicts with other instances of Tomcat on a server.
BUG FIXES Email notifications are now sent properly after an upgrade when custom templates were used. Newly created data sources are now checked to see if they are searchable immediately. Previously they were only checked in 15 minute intervals. Search is now available on data sources that add search indexing after the Gateway Server has started. When configuring data sources the %USERNAME% token can now be used as part of a folder name, instead of the whole name. Acronis Access 5.0.
the following: ActiveRecord::JDBCError: ERROR: value too long for type character varying(255): INSERT INTO "password_resets" .... Customers that have this condition can upgrade to this new version of the server and the problem will be resolved automatically. Fixed an issue that could cause some clients to go into restricted mode after the upgrade to mobilEcho 5.0. The management server data sources table now shows the Gateway Server's display name instead of IP address. Acronis Access 5.0.
Sorting criteria chosen by the end user is now saved when browsing project folders. Notifications can now be configured to be sent when a file is downloaded / synced. Improved user interface responsiveness for re-assigning content when there are 1000s of users in the system. The Amazon S3 access key no longer displayed in plain text on the administration pages. Improved support for email invitations using different formats of email addresses.
A warning is presented if a user is invited for enrollment but does not match any existing user/group policy. The devices table now lists the user or group policy in use for each device. Content searching is now available against remote Windows file shares running Windows Search. A new token is available in the enrollment invitation templates to include the Active Directory user's Display Name.
8.2 What's New in the Acronis Access app Access Mobile Client 6.1 ENHANCEMENTS Added support for iOS 7 managed app configuration. Miscellaneous fixes and improvements. Updated MobileIron AppConnect integration to version 1.7. Addressed an issue where iWork files might appear as zip files. Added new mobilecho:// link variables (action=edit & action=preview) that can be used to automatically open the linked file. Access Mobile Client 6.0.
ENHANCEMENTS Added support for using smart cards to unlock the mobilEcho app and to authenticate with mobilEcho servers. This feature utilizes the Thursby PKard Reader app and the smart cards (CAC, PIV, etc) and card readers the Thursby app supports. Miscellaneous fixes and improvements. mobilEcho 4.5.1 mobilEcho now supports iOS 7, both when operating as a standalone app and when MobileIron AppConnect-enabled. Miscellaneous fixes and improvements. mobilEcho 4.
the full functionality of the combined product. To request this upgrade, please submit this web form. For the latest information, please visit the What' New in Acronis Access Server (p. 216) article. activEcho 5.1.
Folders can be downloaded as a ZIP file from the Projects view in the Web UI. Sharing invitation dialogs now support type-ahead against both local users and users in Active Directory / LDAP. The previous revisions feature for finding / downloading / restoring previous versions of files has been redesigned and is more flexible. Previous revisions can be selected to be "made current". activEcho desktop clients (Mac/Windows) now show progress indicators files being synchronized.
activEcho 2.7.3 (Released: June 2013) ENHANCEMENTS: Switched to using the official AWS library file for Amazon S3 connections. Files now can be successfully uploaded to any of the eight Amazon S3 bucket regions. BUG FIXES: Pending users can now be deleted without error. Files which were not fully uploaded to the Amazon S3 file repository will now be removed from the repository if the repository is accessible after the upload failure occurs.
activEcho 2.7.0 (Released: February 2013) ENHANCEMENTS: Mac and Windows sync clients will now be notified when they have updated content available for download. These notifications will reduce load on the server and improve performance by avoiding many unnecessary requests from clients to the server to check for updates when none are available. Mac and Windows sync clients have been made more resilient to errors on single files and folders.
Files will no longer be marked deleted if they can't be found in the repository. They will need to manually be removed. Tomcat no longer needs to be restarted when S3 repository settings are changed. All activEcho server logging is now written to a date-stamped activEcho.log file which is rotated daily. This log file can be found inside the Tomcat logs folder. A configuration flag has been added to allow the activEcho web server to support HTTP connections instead of HTTPS.
Duplicate files will no longer appear in the web interface if you pause and resume the client in the middle of uploading a file. Fixed a Mac client bug where the client receives an error when a file is deleted off the server side while the client is downloading the file. The sync client will no longer fail to complete in rare cases where folders are aggressively renamed with similar names. The sync client will no longer attempt to delete files repeatedly if it cannot succeed.
Quotas can now be defined specifically for administrative users. Automatic purging of user accounts if no activity has occurred, or a specific absolute time has passed. Support for configuring the length of time before expiration of shared links. New share permissions allow owner to hide display of share members to non-owners, and prevent non-owners from inviting others. New behavior when unsharing projects, local data will be deleted from the client on next connection.
The domain for LDAP authentication list can use either ; or , as a delimiter. Various improvements on syncing files and folders where an item or the parent folder(s) have been deleted. Fixed files modification dates that were not set properly based on timezones under some circumstances. Period is a valid character in S3 bucket names when using Amazon S3 for the file repository. Fixed high CPU usage on both Mac and Windows desktop clients. Miscellaneous other bug fixes. activEcho 2.5.
The activEcho 2.5 client is not compatible with the 2.1 server. Please upgrade your server to 2.5 first, and then upgrade the clients. The activEcho 2.1 client is compatible with the 2.5 server but will not have all of the new features available. ENHANCEMENTS: Support for quotas. Different quotas values can be set for Active Directory vs. ad-hoc users, as well as based on Active Directory group membership.
Email template notification errors could occur after a user is deleted from activEcho if they were sharing content. LDAP settings are no longer validated if LDAP has been disabled in the management settings. When a folder is unshared, the owner can now see past events in the web log for that folder. The web log allows filtering of past events for users who are no longer part of the shared folder.
Miscellaneous usability enhancements. BUG FIXES: Various bug fixes related to authentication with Active Directory via email addresses. The built-in Administrator account will now never use Active Directory for authentication. Miscellaneous bug fixes in desktop syncing. activEcho 2.0.2 (Released: March 2012) BUG FIXES: Improvements to desktop syncing when Microsoft Office files are edited directly in the activEcho Folder. Various bug fixes in desktop syncing.
ENHANCEMENTS Users with mobilEcho 5.1 or later on iOS can now create their data sources directly from the application to access any file share or SharePoint location. Users enter UNC paths or SharePoint URLs from the client. New policy settings have been introduced on the management server to control whether clients are allowed to create these data sources, and which Gateway Servers are used for these requests. Multiple Gateway Servers can now share a common configuration via a Cluster Group.
mobilEcho 5.0.3 BUG FIXES When configuring data sources the %USERNAME% token can now be used as part of a folder name, instead of the whole name. Newly created data sources are now checked to see if they are searchable immediately. Previously they were only checked in 15 minute intervals. Search is now available on data sources that add search indexing after the Gateway Server has started. mobilEcho 5.0.
mobilEcho 5.0 ENHANCEMENTS The mobilEcho Client Management Server is integrated with Acronis Access Server and built on Apache Tomcat and PostgreSQL database for improved scalability and resilience. The mobilEcho Administrator previously used to manage individual mobilEcho servers has been removed; Access Gateway Servers (formerly mobilEcho File Access Servers) are now managed directly within the Acronis Access Server web administration user interface.
BUG FIXES Home directory configuration is now retrieved properly when LDAP is configured to use the global catalog. Improved handling of Active Directory lookups when trailing spaces are used. The "Enrolled at" date is now formatted properly when exporting to .CSV file. Improved support for displaying Unicode via the web administration user interface. SharePoint folders ending with a space can now be enumerated by clients.
Increased the maximum volume name length to 127 UTF-8 characters to allow for longer volume names when using Unicode characters. Added separate columns to the exported .csv devices list for display name and common name to make the usernames more clear. BUG FIXES: Fixed an issue where the exported .csv devices list would display the domain name incorrectly if the domain name contained numerical characters.
mobilEcho 4.3 (Released: March 2013) ENHANCEMENTS: The mobilEcho server now supports mobilEcho clients with optional support for MobileIron AppConnect activated. The server now allows administrators to require or restrict mobilEcho access to iOS clients with AppConnect enabled. This setting is located in the "Settings" window of the "mobilEcho Administrator" application, on the "Security" tab. BUG FIXES: Fixed an issue where clients upgrading from mobilEcho Server 4.0.
Fixed a problem where whitelists and blacklists could not be assigned when adding or editing a user or group profile. Fixed a problem where files that were already on the device could sync again unnecessarily if the sync source was within an activEcho volume. The password field on the login page of the client management web UI now has auto-complete disabled. Removing a user or group profile now causes the name information for that user/group to be removed from cache.
Added a column to the LDAP search table for Distinguished Name so that users with the same name in different subdomains can be distinguished. Added new management profile setting to allow or disallow users from opening and/or sending links to files. Added client Good Dynamics status in the management server Devices list. Devices enrolled with Good Dynamics will no longer have the "Reset App Password" option available. The app password is managed within the Good Control console in this scenario.
Fixed a problem where selecting the "Reindex all volumes" button in the mobilEcho Administrator would generate an invalid error message. Fixed a problem where filtering on a Unicode string in the Client Management Administrator could generate an "incompatible character encodings" error. SharePoint "Wiki Page Gallery" libraries are now removed from site enumerations because they are not supported by mobilEcho. Fixed a problem where new profile settings could become corrupted on upgrade.
ENHANCEMENTS: Added profile settings for "Number of days to warn of pending lock" and "Number of days to warn of pending wipe". These settings relate to existing settings that can wipe or lock the mobilEcho app if the device does not contact the management server for a specified period of time. Added pagination, filtering and sorting to the Users and Groups pages within the mobilEcho Client Management server.
The mobilEcho Client Management server can now filter the invitations tables by username. The mobilEcho Client Management server can now export the devices list to a .csv file. The mobilEcho Client Management server now sorts and paginates the devices, users, groups and invitations tables. Added a profile setting to allow/disallow users from creating bookmarks. Added a profile setting to disable My Files while still allowing sync folders.
Fixed a problem where users could fail to see their home directories if the client authenticated to the management server with a user principal name (UPN) such as user@domain.com. Fixed a problem where the "%USERNAME%" wildcard would fail to use the correct username if the client authenticated to the management server with a user principal name (UPN) such as user@domain.com. mobilEcho 3.6 (Released: April 2012) ENHANCEMENTS: Improved performance of Active Directory lookups for users and groups.
Fixed a problem where the server could allow mobilEcho clients to overwrite files that were flagged as read-only. Fixed some mobilEcho Client Management display issues on Mac Safari. Fixed a problem where Verizon iPad 3 devices were displayed as "AT&T" (and vice versa) in the mobilEcho Client Management devices page. Fixed a problem where the mobilEcho Administrator could crash when viewing the list of connected users. Fixed a problem where the invitation email would fail to show the username. mobilEcho 3.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mobilEcho\Parameters4\Refreshable\P ez\GetShowHiddenSMBShares BUG FIXES: Fixed a problem where the mobilEcho Client Management server would appear to allow access without a proper username and password. Fixed a problem where files would incorrectly require a sync after a change in daylight savings time. Fixed a problem where renamed files would continue to be returned in search results when searching under the old filename.
The text of enrollment invitation emails can be customized. Please visit the GroupLogic Knowledge Base for more information: http://support.grouplogic.com/?p=3749 Added a setting to the management configuration file to control the name that enrollment invitation emails appear from (e.g. "mobilEcho Invitation ". Version 3.0 only allowed an address to be specified (e.g. "mobilEcho_invitation@example.com").
Fixed a problem in the mobilEcho Administrator where the Help button would not adjust properly as the Users window was resized. mobilEcho 3.0 (Released: October 2011) ENHANCEMENTS: Centrally managed device enrollment. Client enrollment invitations are now generated and emailed to the user from the mobilEcho Client Management Administrator. These invitations include a one-time use PIN number required for client enrollment. Remote wipe and remote reset of app passwords is now performed on a per-device basis.
Fixed a bug when listing the contents of folders which may have resulted in slow performance or client timeouts if many of the folders were not accessible to the client. mobilEcho 2.1.0 (Released: July 2011) ENHANCEMENTS: Added the ability to create mobilEcho shares that reshare data on a remote system. The mobilEcho reshare feature is only available for customers with an enterprise license. Reshares can be a particular share (e.g. "\\server\share") or an entire server ("\\server\").
