DTX5000-CTL-R2 ServSwitch DTX™ Control Remotely manage and monitor multiple DTX extender systems.
FCC and IC RFI Statements Federal Communications Commission and Industry Canada Radio Frequency Interference Statements This equipment generates, uses, and can radiate radio-frequency energy, and if not installed and used properly, that is, in strict accordance with the manufacturer’s instructions, may cause interference to radio communication.
NOM Statement Instrucciones de Seguridad (Normas Oficiales Mexicanas Electrical Safety Statement) 1. Todas las instrucciones de seguridad y operación deberán ser leídas antes de que el aparato eléctrico sea operado. 2. Las instrucciones de seguridad y operación deberán ser guardadas para referencia futura. 3. Todas las advertencias en el aparato eléctrico y en sus instrucciones de operación deben ser respetadas. 4. Todas las instrucciones de operación y uso deben ser seguidas. 5.
Trademarks Used in this Manual Trademarks Used in this Manual Black Box and the Double Diamond logo are registered trademarks of BB Technologies, Inc. Any other trademarks mentioned in this manual are acknowledged to be the property of the trademark owners. Page 4 724-746-5500 | blackbox.
Table of Contents Table of Contents 1 Technical Specifications 2 Product Overview 10 2.1 Introduction 10 2.2 Features and benefits 10 2.3 System Components 10 2.4 Upgrading the DTX Control Software 11 2.5 Safety precautions 11 3 Installation and Setup 14 3.1 Installing the Appliance 14 3.1.1 Rack mounting the DTX Control Appliance 14 3.1.2 Connecting the DTX Control appliance 14 3.1.3 Configuring Network Settings 15 3.2 3.
Table of Contents 5.1.1 Ease of Installation 31 5.3 The Units All Window 31 5.3.1 Adding units via the Add Unit Wizard 32 5.3.2 Adding units from a range of IP addresses 33 5.3.3 Adding units on an IP subnet 34 5.5 Page 6 The Unit Overview Window 34 5.4.1 Changing unit properties 35 5.4.2 Configuring network settings for a transmitter or user station 35 5.4.3 Enabling Auto Login Mode for a DTX user station 36 5.4.4 Viewing version information 36 5.4.
Table of Contents 8 9 Authentication Services 56 8.1 Supported Authentication Services 56 8.1.1 DTX Control internal authentication service 57 8.1.2 Active Directory external authentication service 58 8.1.3 Windows NT external authentication service 62 8.1.4 LDAP external authentication service 64 8.1.5 RADIUS external authentication service 67 8.1.6 TACACS+ external authentication service 69 8.2 RSA SecurID external authentication service 71 8.
Page 8 724-746-5500 | blackbox.
Chapter 1 Technical Specifications 1 Technical Specifications Table 1.1: DTX Control Appliance Technical Specifications Network Connection Number 2 Type Ethernet, 10BaseT, 100BaseT, GigE Connector RJ-45 Serial Port Number 1 Type RS-232 serial Connector DB9 male Mechanical H xWxD 4.3 x 42.7 x 35.6 cm (1.7 x 16.8 x 14 in), 1 U form factor Weight 5.
Chapter 2 Product Overview 2 Product Overview 2.1 Introduction The DTX Control appliance is a secure, web browser-based, centralized enterprise management solution that allows users to remotely manage and monitor multiple DTX Extender systems. The DTX Extender system, which includes a transmitter and a user station, provides users with a full computer desktop experience from anywhere on the corporate TCP/IP network, while maintaining the computers securely housed in a corporate data center.
Chapter 2 Product Overview Administrators and users may connect to the DTX Control server from DTX Control software clients and use the DTX Control Explorer windows to communicate with the system. DTX Control server The DTX Control server contains the DTX Control software. The server provides a centralized database for storing configuration, user, unit and system information. It also provides services for authentication, access control and logging events.
Chapter 2 Product Overview • Follow all cautions and instructions in the installation documentation or on any cautionary cards shipped with the product. • Do not push objects through the openings in the equipment. Dangerous voltages may be present. Objects with conductive properties can cause fire, electric shock or damage to the equipment. • Do not make mechanical or electrical modifications to the equipment. • Do not block or cover openings on the equipment.
Chapter 2 Product Overview • Keep CAT 5 cable as far away as possible from potential sources of EMI, such as electrical cables, transformers and light fixtures. Do not tie cables to electrical conduits or lay cables on electrical fixtures. • Always test every installed segment with a cable tester. “Toning” alone is not an acceptable test. • Always install jacks so as to prevent dust and other contaminants from settling on the contacts.
Chapter 3 Installation and Setup 3 Installation and Setup The following sections will help you install and set up your DTX Control appliance. Helpful topics in this chapter include the following: • Installing the Appliance on page 14 • Launching the DTX Control Appliance Web Interface on page 16 • Replication on page 23 • Next Steps on page 26 3.1 Installing the Appliance 3.1.
Chapter 3 Installation and Setup NOTE: The DTX user stations and transmitters must be connected to LAN port 1. However, you can access the DTX Control appliance using the browser on a computer connected to either LAN port 1 or LAN port 2. 3.1.
Chapter 3 Installation and Setup 3.2 Launching the DTX Control Appliance Web Interface The DTX Control appliance operates using default Internet Explorer settings. In the event that the default Internet Explorer settings have been altered, SSL and Javascript must be enabled to successfully access the DTX Control appliance. To launch the DTX Control appliance web interface: 1. Launch Microsoft® Internet Explorer. 2.
Chapter 3 Installation and Setup Using the side navigation bar Use the side navigation bar to display windows or perform operations. The contents of the side navigation bar vary, depending on the tab and top navigation bar options that are in use. The arrows displayed in the side navigation bar indicate where sub-options are available. You can display these items by clicking the main link. Where no arrow is displayed, clicking the link brings you directly to the option you have selected.
Chapter 3 Installation and Setup Table 3.2: General Keyboard Commands Key Tab Description Transfers focus to the next control in the window, including the calendar Shift-Tab Transfers focus to the previous HTML control 3.3 Configuring DTX Control Servers This section describes how to configure DTX Control server properties, backup and restore hub servers and manage spoke servers. This can be done from the System tab in the DTX Control Explorer window.
Chapter 3 Installation and Setup • Has the certificate expired? • Does the name on the DTX Control server certificate match the name the DTX Control client used to access the DTX Control server? A Security Alert dialog box will appear if the answer to any of the three questions is No. To prevent the Security Alert message box from appearing when you connect to the DTX Control hub server, all three questions must be answered Yes.
Chapter 3 Installation and Setup 3. In the Spoke Servers window, click Certificate. The Spoke Server Certificate window will open including information about the spoke server certificate (Actual Certificate) and the certificate registered for this spoke server on the hub server (Registered Certificate). 4. The window displays the certificate on the spoke server and the certificate registered on the hub server.
Chapter 3 Installation and Setup -orIf you are restoring a 3.0.0 or greater database backup, click the Restore System tool icon. 4. Follow the wizard and pop-up instructions. 3.5 Spoke Servers Information on the hub server is replicated on one or more spoke servers. Information about each spoke server, such as the IP address, port number and certificate, is stored in the hub server’s database. You may specify up to 15 DTX Control servers as spoke servers.
Chapter 3 Installation and Setup NOTE: When registering a hub server as a spoke server on another DTX Extender system, the information on the hub server being registered will be lost. Its database will be updated to match the new hub server to which it is being registered. 1. Click the System tab. 2. Click DTX Control in the top navigation bar. The side navigation bar will include the name of the server to which you are logged in. 3. Select Tools in the side navigation bar.
Chapter 3 Installation and Setup 6. Click Save and then click Close. The Spoke Servers window will open. To delete a spoke server: 1. On the hub server, click the System tab. 2. Click DTX Control in the top navigation bar. The side navigation bar will include the name of the server to which you are logged in. 3. Click Properties in the side navigation bar, and then click Spoke Servers. The Spoke Servers window will open. 4. Click the checkbox to the left of the spoke servers you wish to delete.
Chapter 3 Installation and Setup When different changes are made to one existing item, two outcomes are possible. For example, assume an item is added and configured on the hub server and is then replicated to the spoke server. Later, an administrator changes something about the item on the spoke server. Another administrator then changes something about the item on the hub server. When the replication task runs, two things may happen.
Chapter 3 Installation and Setup 7. Wait until the registration process ends. In this step all the data in the spoke is deleted and overwritten with the data from the hub. 8. After the registration process is complete, click Finish to exit the wizard. To promote a DTX 5000-CTL Management Appliance from spoke to hub: Once a DTX 5000-CTL Management Appliance has been registered as spoke of another DTX 5000-CTL Management Appliance hub, you can promote spokes to work as a hub.
Chapter 3 Installation and Setup NOTE: When the Fast Switch option is enabled, security protocols will be disabled and data will not be encrypted. To enable the Fast Switch Enable system option: 1. Click System - DTX Control.. 2. Click Fast Switch in the side navigation bar. 3. Click the Fast Switch checkbox to enable or disable the option. All appliances will be rebooted for the change to take effect. NOTE: Fast Switch Enable is disabled in the DTX Control factory default settings.
Chapter 4 Units View Windows 4 Units View Windows Units View windows display list of units that have been added to the DTX Control database. A user must have unit view access rights to open Units View windows. Also, units will not display if they are hidden. Each Units View window contains one or more information fields. Units are displayed in a table format with column headings. Use the checkbox to the left of each unit name to select/deselect the unit for an operation.
Chapter 4 Units View Windows 3. Enable the Show hidden items checkbox if you wish to display hidden units in the Units View Customization window with a transparent icon. 4. Click Save and then click Close. The window will open, containing the Visibility column. The Visibility column will display Hide for each unit. 5. Click Hide for each unit. The display of the selected unit will be turned off in the Units View window if Show hidden items was not selected in the Units View Customization window.
Chapter 4 Units View Windows 4.4 Multiple Unit Operations from a Units View Window From a Units View window, you may delete one or more units or assign access rights for one or more units. You may also use the Operations button/menu to initiate certain actions on one or more units. • Hiding units from view • Reboot • Show version • Change unit properties Custom operations defined in plug-ins may also be listed in the Operations menu.
Chapter 4 Units View Windows 4.5 Unit Overview Windows You may change the overview information for one target device from a Unit Overview window. From a Units View window, you can change the type or icon for several target devices in one operation. This may be helpful when you want to assign the same values to several units. To change overview information for a target device: 1. In a Units View window containing target devices, click on the name of a target device. The Unit Overview window will open. 2.
Chapter 5 Managing Units 5 Managing Units This chapter describes how to manage unit properties and settings, access rights and local account settings, and how to view unit asset and usage reports. 5.1 Using the Units Tab in the Explorer Window From the Units tab in the DTX Control Explorer, you can manage user operations such as adding and deleting units, changing unit properties and upgrading your firmware. When you click the Units tab, the Units - All window displays.
Chapter 5 Managing Units Table 5.1: Unit Status Values Status and Type Icon Description Managed Units Idle Unit is turned on, can be communicated with and is not associated with an active media session. Managed Units In Use Unit is associated with a session. Managed Units Upgrading Unit firmware is being upgraded. Managed Units Target Computers Target Computers Not Responding Idle Target computer is not associated with an active media session.
Chapter 5 Managing Units Adding a single appliance This procedure is valid for DTX user stations and transmitters. NOTE: A unit can only be added to the DTX Control database if it is turned on and attached to the network. To add a single unit that already has an IP address: 1. In a Units - All window containing managed units, click Add. The Add Unit Wizard Welcome Window will open. Click Next. 2. The Select Add Unit Procedure window will open. Click Add a single unit, then click Next. 3.
Chapter 5 Managing Units 4. The DTX Control appliance will search for managed units within the IP address range. When the search is completed, the Select Units to Add window will open, listing the results. 5. To add one or more managed units, select the managed units in the Units Found list, then click Add. The managed units will be moved to the Units to Add list. 6. To remove one or more managed units, select the managed units in the Units to Add list, then click Remove.
Chapter 5 Managing Units 2. Click the unit name you wish to change. The Unit Overview window will open. 3. Type a new name for the managed unit. NOTE: You cannot change the unit type. 4. Click Save and then click Close. 5.4.1 Changing unit properties The DTX Control appliance enables you to manage the department and location properties as well as the primary contact details for each unit. To change the properties of a unit: 1. Click the Units tab.
Chapter 5 Managing Units 5.4.3 Enabling Auto Login Mode for a DTX user station Auto Login Mode enables you to configure a DTX user station to grant any user access to the target computer paired with that DTX user station, without the need to enter a username or a password. To enable or disable Auto Login Mode for a DTX user station: 1. Click the Units tab. A list of all units managed by the DTX Control appliance is displayed. 2. Click the DTX user station name for which you require information.
Chapter 5 Managing Units To change the operating mode for a DTX user station: 1. Click the Units tab. A list of all units managed by the DTX Control appliance is displayed. 2. Click the appropriate DTX user station name. The Unit Overview window opens. 3. Under unit settings in the side navigation bar, click Modes. The Unit Auto Login/Operating Mode Settings window opens. 4. In the Unit Operating Mode section, choose Extender or Desktop. 5. Click Save and then click Close. 5.4.
Chapter 5 Managing Units 5.4.9 Viewing/changing target computer overview information To view overview information for a target computer: 1. Click the Units tab. The Units - All window will open. 2. Select Target Computers from the side navigation bar. A list of all the target computers that are managed by the DTX Control appliance is displayed. 3. Click the name of a target computer in the Target Computers - All window. The Target Computer Overview window will open.
Chapter 5 Managing Units 3. The Target Computer Properties window opens. This window displays the general properties of the target computer. Edit the properties you wish to change. 4. Click Save. 5.4.12 Share Mode Share Mode allows multiple users (up to eight user stations per transmitter) to share the audio and video of a target computer over the network and arbitrate for control of that computer. To set the transmitter to shared mode: 1. Click the Units tab.
Chapter 5 Managing Units 3. Click to select the checkbox to the left of one or more departments/locations. To delete all departments/locations in the page, click to select the checkbox to the left of the Name field at the top of the list. 4. Click Delete. A confirmation dialog box will appear. 5. Confirm or cancel the deletion. To change the name of a department or location: 1. Click the Units tab. The Units - All window will open. 2.
Chapter 5 Managing Units • A user with User rights to a switch in the DTX Control software will not be assigned any access rights in the DTX Control system. • A user with Admin rights to a switch in the DTX Control software will be assigned the Reboot Appliance, Flash Upgrade Appliance and Configure Appliance Settings access rights in the DTX Control system.
Chapter 5 Managing Units 2. Click Active Sessions in the side navigation bar. The Active Media Sessions window opens, displaying a list of all the current active media sessions. 5.5.4 Performing a forced log-out To disconnect an active media session: 1. Click the Units tab. The Units - All window will open. 2. Click Active Sessions in the side navigation bar. The Active Media Sessions window will open. A list is displayed of all the current active media sessions. 3.
Chapter 6 Unit Sessions and Connections 6 Unit Sessions and Connections This chapter describes how to view and manage unit sessions and connections in the DTX Control software. 6.1 Force and Follow Modes Force Mode allows the DTX Control administrator to force a user login/logout or a connection/disconnection between a receiver and a transmitter from within the DTX Control web interface. It can be used independently or in conjunction with Follow Mode to control a pre-defined group of user stations.
Chapter 6 Unit Sessions and Connections 6.1.2 Multi-video Follow Mode To create a user station group and designate targets for Multi-video Follow Mode: 1. Click the Units tab. 2. Select Follow Mode from the side navigation bar. 3. Select the UserStation Groups tab and click New. 4. In the Receivers drop-down list, select the user station that you wish to be the leader and click Add. The user station will move to the top of the configuration table. 5.
Chapter 6 Unit Sessions and Connections 3. From the Receiver drop-down list, select the lead user station. 4. Click the checkbox next to the desired transmitter. 5. Click Force Connectionor Force Disconnection. NOTE: If at any time the leader logs out, all user stations in the user station group will be logged out regardless of their mode or connection. 6.
Chapter 6 Unit Sessions and Connections 6.2.2 Active sessions on a target device To display information about active sessions on a target device: In a Units View window containing target devices, click on a target device Status field. The Active Sessions window for that target device will open. You may also display active session information for a target device by clicking on a target device name in a Units View window, which will open the Unit Overview window.
Chapter 7 Grouping Units 7 Grouping Units The DTX Control Explorer automatically groups managed appliances by the type of appliance. Target devices are automatically grouped based on the type to which they are assigned.
Chapter 7 Grouping Units 2. To change the name of a site, click Sites in the top navigation bar. The Sites window will open. To change the name of a department, click Departments in the top navigation bar. The Departments window will open. To change the name of a location, click Locations in the top navigation bar. The Locations window will open. 3. Click on the name of a site/department/location. The Site/Department/Location Name window will open. 4. Type a new 1-64 character name. 5.
Chapter 7 Grouping Units To define custom fields: NOTE: You must have Software Administrator or Appliance Administrator access to define custom fields. 1. Click the Units tab. 2. Click Custom Field Labels in the side navigation bar. The Unit Custom Field Labels window will open. 3. For each custom field, type the 1-64 character name for the first custom field label.
Chapter 7 Grouping Units Figure 7.1: Unit Groups Structure Page 50 724-746-5500 | blackbox.
Chapter 7 Grouping Units Table 7.2: Unit Groups Features Can change rights? Can have subgroups? Can add units as members? Global Root Yes Yes No, can only add groups Unassigned Yes No No Personal Root No Yes No, can only add groups Global Groups Yes Yes Yes Personal Groups No Yes Yes Group Type System Defined User Defined 7.3.
Chapter 7 Grouping Units Three personal unit groups have been created. The ProjectA and ProjectB unit groups do not have subgroups. The ProjectC unit group has one or more subgroups. To display a list of unit groups in the Unit Groups window: 1. Click the Units tab. 2. Click Groups in the top navigation bar. The Unit Groups window will open. If a unit group has subgroups (children), an arrow will be displayed next to its name. • To display a list of groups in the global root group, click Global Root.
Chapter 7 Grouping Units 6. Click Close. 7.3.2 Adding or deleting a unit group To add a unit group: 1. Click the Units tab. 2. Click Groups in the top navigation bar. The Unit Groups window will open. 3. Click the checkbox next to the group container (Global Root or Personal Root) or the group name that you want to be the parent of the new unit group. 4. Click Add. The Add Unit Group window will open. 5. Type a 1-64 character name for the unit group. The name must be unique within the parent group.
Chapter 7 Grouping Units 4. Type a new 1-64 character name in the Group field. The name must be unique within the parent group. For example, two groups can be named “development” but they cannot both be members of the unit group “Huntsville.” (This unique name restriction does not apply to personal unit groups that are owned by different users.) 5.
Chapter 7 Grouping Units • To remove one or more users or user groups, select the user(s) or user group(s) from the List to Update list, then click Remove. The users and user groups will be moved to the Available list. (Inherited users and user groups can only be removed from the first unit group that specified any access rights other than inherit.) b. Click OK. The Unit Access Rights window will display the current list of users and/or user groups.
Chapter 8 Authentication Services 8 Authentication Services Users must be authenticated before they may access or perform any tasks in the DTX Control system. When users log in, they will be prompted for a username and password. The DTX Control system will look up the login, determine the authentication service to use and forward the login credentials to the appropriate authentication service for verification. All authentication is performed over an HTTPS (SSL) encrypted link.
Chapter 8 Authentication Services 3. Check the checkbox to the left of the authentication service(s) to delete. To delete all external authentication services on the page, check the checkbox to the left of Name at the top of the list. 4. Click Delete. A confirmation dialog box will appear. 5. Confirm or cancel the deletion. 8.1.1 DTX Control internal authentication service To change the DTX Control internal authentication service account policies: 1. Click the Users tab. 2.
Chapter 8 Authentication Services 4. Click Custom Field Labels in the side navigation bar. The Authentication Service User Account Custom Field Labels - Internal window will open. 5. Type the text that you wish to appear in each of the six custom field labels. 6. Click Save and then click Close. The User Authentication Services window will open.
Chapter 8 Authentication Services A Partial Pre-Windows 2000 username is specified as username. This option may only be configured for new authentication servers; it cannot be modified. Existing authentication servers are set to the Partial Windows 2000 Username type for compatibility. e. Specify a Secure Socket Layer (SSL) encryption mode: • Click Do Not Use SSL to have authentication performed using unencrypted clear text instead of SSL encryption. This method is the least secure.
Chapter 8 Authentication Services 6. The DTX Control server will try to find a server that has a trusted certificate chain. If no trusted certificate chain is found, then the Accept Certificate window will open and list all servers that belong to the domain. It will also list the reasons for rejection of the certificate chain. 7. Click Next to accept the certificate. 8. The Select Browsing Method window will open.
Chapter 8 Authentication Services • Click Use SSL in Trust All Mode to use SSL encryption for data transmission. All server certificates will be trusted and automatically accepted by the DTX Control system for transmitting data. This SSL method provides medium security. This encryption mode is not recommended for wide area networks (WANs). • Click Use SSL in Certificate-based Trust Mode to use SSL encryption for data transmission.
Chapter 8 Authentication Services a. To select one or more certificates, click the checkbox to the left of the server IP addresses. To select all certificates on the page, click the checkbox to the left of the IP Address heading. b. Click Register above the IP Address list to register the certificates. The Accept SSL Certificate window will open. c. Click Save to store the certificate values to the DTX Control database on the host or click Close if you do not wish to save the certificate values.
Chapter 8 Authentication Services b. Select Windows NT Domain from the menu. c. Click Next. 5. The Specify Windows NT Connection Settings window will open. Type the Windows NT domain name you wish to add in the Domain Name field, and then click Next. 6. The Select Browsing Method window will open. Click Browse Anonymously to browse users on the external Windows NT authentication server.
Chapter 8 Authentication Services 8.1.4 LDAP external authentication service To add an LDAP external authentication service: 1. Click the Users tab. 2. Click Authentication Services in the top navigation bar. The User Authentication Services window will open. 3. Click Add. The Add Authentication Service Wizard will appear. 4. The Provide Authentication Service Name and Type window will open. a. Type a name for the external authentication service. b. Select LDAP from the Type menu. c. Click Next. 5.
Chapter 8 Authentication Services c. Type the object class. The default value is person. d. Type the full name attribute. The default value is surname (sn). e. Click Next. 9. The Specify LDAP Group Schema window will open. a. Type the Base distinguished name (DN) from which to begin searches. This is a required field unless the Directory Service has been configured to allow anonymous search. Each Search DN value must be separated by a comma. b. Type the object class. The default value is group. c.
Chapter 8 Authentication Services • Click Use SSL in Trust All Mode to use SSL encryption for data transmission. All server certificates will be trusted and automatically accepted by the DTX 5000-CTL Management Appliance for transmitting data. This SSL method provides medium security and automatically sets the Port Number field to a default port number of 636. This encryption mode is not recommended for wide area networks (WANs).
Chapter 8 Authentication Services To change group schema settings for the LDAP external authentication service: 1. Click the Users tab. 2. Click Authentication Services in the top navigation bar. The User Authentication Services window will open. 3. Click the name of the LDAP service. The side navigation bar will change to include the name of the LDAP service at the top and, below the name, the information you may define. 4. Click Schema in the side navigation bar, and then click Groups.
Chapter 8 Authentication Services a. Type a 1-64 character name for the RADIUS authentication service. b. Select RADIUS from the Type menu. c. Click Next. 6. The Specify RADIUS Connection Settings window will open. a. Type the address of the RADIUS host in dot notation format (xxx.xxx.xxx.xxx) or type the DNS host name in the Server Address field. b. Type the number of the port (from 1-65535) for connecting to the RADIUS host in the Port Number field. The default is port 1812. c. Click Next. 7.
Chapter 8 Authentication Services PAP - Password Authentication Protocol CHAP - Challenge Handshake Authentication Protocol (default) MS-CHAP - Microsoft Challenge Handshake Authentication Protocol MS-CHAP v2 - Microsoft Challenge Handshake Authentication Protocol Version 2 b. In the Shared Secret field, type the shared secret, which is a password protected field. Microsoft’s implementation allows up to 128 ASCII characters for the shared secret; other servers may have a different limit. c.
Chapter 8 Authentication Services PAP - Password Authentication Protocol CHAP - Challenge Handshake Authentication Protocol (default) MS-CHAP - Microsoft Challenge Handshake Authentication Protocol b. In the Shared Secret field, type the shared secret (configured on the TACACS+ server in step 1), which is a password protected field.
Chapter 8 Authentication Services 3. Click the name of the TACACS+ service. The side navigation bar will change to include the name of the TACACS+ service at the top and, below the name, the information you may define. 4. Click Connection in the side navigation bar. The Authentication Service Connection Settings - TACACS+ window will open. a. Type a 1-64 character name for the TACACS+ authentication service. b. Type the address of the TACACS+ host in dot notation format (xxx.xxx.xxx.
Chapter 8 Authentication Services validation results are then relayed to the user. The DTX 5000-CTL Management Appliance also supports new PIN operations, next tokencode operations, RSA Authentication Manager Replica functionality and name locking. The DTX 5000-CTL Management Appliance is the agent type Net OS Agent. For complete information about what is needed on the RSA server, see the RSA Secured Partner Solutions Directory on the RSA web site (rsasecurity.com).
Chapter 8 Authentication Services a. Click the checkbox to the left of the server name. To select all DTX Control servers on the page, click the checkbox to the left of Server at the top of the list. b. Click Clear Node Secret. A confirmation dialog box will appear. c. Confirm or cancel the operation. 7. To update the RSA configuration files used by one or more DTX Control servers to communicate with the RSA Authentication Manager software: a. Click the checkbox to the left of the server name.
Chapter 8 Authentication Services 724-746-5500 | blackbox.
Chapter 9 Managing User Accounts 9 Managing User Accounts This chapter describes how to manage user accounts.
Chapter 9 Managing User Accounts Table 9.1: User Status Icons Icon Authentication Status Method Face All Enabled - The user can log in and use the DTX Control software. Face with a red X Internal Disabled - The user cannot log in to the DTX Control software. See User account restrictions and expiration settings on page 80.
Chapter 9 Managing User Accounts • The user groups in which the user will be included. Each user group contains specific access rights that allow a user to perform specific actions. See User Groups on page 84. You must have DTX Control administrator or user administrator rights to add a user. To add a user account: 1. Click the Users tab. 2. Click Add. The Add User Account Wizard will appear. 3. The Select Authentication Service window will open.
Chapter 9 Managing User Accounts Usernames may contain up to 256 characters. Usernames may or may not be case sensitive, depending on the requirements of the external authentication server. • To find the user, enable the Find user on external authentication service radio button. The Select User from External Authentication Service window will open. If the list of users contains more than 5000 entries, a message will indicate that not all items are displayed.
Chapter 9 Managing User Accounts 2. Click the checkbox to the left of the user(s) to reset the password. 3. Click Reset Password. A confirmation dialog box will appear. 4. Confirm or cancel the reset. 9.
Chapter 9 Managing User Accounts 2. In a User Accounts window, click on a username. The User Name window will open. 3. Click Password in the side navigation bar. The User Password window will open. 4. Type the new password for the user and verify the new password. 5. Click Save and then click Close. 9.6.3 User account restrictions and expiration settings Account restriction and expiration settings may be changed only for internal authentication users.
Chapter 9 Managing User Accounts The DTX 5000-CTL Management Appliance obtains external group membership and external user information when a user logs in. If a user’s group membership changes or the user is deleted externally, the DTX Control appliance will not see those changes until the next time that user logs in. 9.6.5 Address The user address may be changed only for internal authentication users. To specify address information for a user: 1. Click the Users tab. 2. Click on a username.
Chapter 9 Managing User Accounts 4. Type any information you wish. 5. Click Save and then click Close. 9.6.9 Custom field properties You may specify any information you wish in the six custom fields. Custom field properties may be changed only for internal authentication users. To change the custom fields: 1. Click the Users tab. 2. Click on a username. 3. Click Custom Fields in the side navigation bar. The User Custom Fields window will open. 4. Type information in the fields. 5.
Chapter 9 Managing User Accounts To add or remove access rights through a user account: 1. Click the Users tab. 2. Click on a username. 3. Click Access Rights in the side navigation bar. The User Access Rights window will open. 4. To add or remove a unit or unit group from the Unit and Unit Groups list, click Edit List. The User Access Rights Unit Selection window will open. • To add one or more units/unit groups, select the units/groups in the Available list, then click Add.
Chapter 10 User Groups 10 User Groups Users that have been added to the DTX Control system may be added to the following two types of user groups: • Built-In - The DTX 5000-CTL Management Appliance is delivered with six predefined user groups: Appliance Administrators, Auditors, DTX Control administrators, Everyone, User Administrators and Users. All users are automatically included in the Everyone user group when they are added to the DTX Control system. Users may be added to any of the other user groups.
Chapter 10 User Groups 10.1 Built-in User Groups When a user account is added to the DTX Control system, the user may be assigned to any of the following built-in user groups: • Server administrators • Appliance administrators • User administrators • Auditors • Users Table 10.1 lists the operations allowed for the built-in user groups. Page 85 724-746-5500 | blackbox.
Chapter 10 User Groups Table 10.
Chapter 10 User Groups • If you selected Internal as the authentication service, go to step 4. • If you selected any other type of authentication service, go to step 5. NOTE: If you are adding a group to the TACACS+ authentication service, see TACACS+ external authentication services on page 87 for more information. 4. The Type in Internal Group Name window will open. Type the name for the new user group you wish to create. Userdefined user group names may contain up to 256 characters.
Chapter 10 User Groups Select a privilege level from the list. The DTX Control server will assign a group name based on the privilege level you select. For example, if you choose level 7, the group name will be Privilege Level 7. Click Next. -orIf the TACACS+ service you selected is configured to use the group name custom attribute method, the Specify External Group Name window will open and display a Name field. Type the name for the external user group on the external authentication service.
Chapter 10 User Groups 10.5 Changing User Group Members When users are created, they may be assigned to one or more built-in or user-defined user groups. You may add or remove users to or from the built-in and user-defined user groups. To add or remove user group members: NOTE: Members may only be assigned to or removed from user groups defined on the internal DTX Control authentication service. 1. Click the Users tab. 2. Click Groups in the top navigation bar.
Chapter 10 User Groups 4. Click Effective Rights in the side navigation bar and then click All Units, Target Devices or Appliances. The Target Devices Effective Rights window or Appliance Effective Rights window will open. Columns indicate the available actions for the unit.
Chapter 11 Events and Event Logs 11 Events and Event Logs When an enabled, defined event occurs in the DTX Control software system, it is saved in the event log. You may display the event log content, view details about an individual event log entry or delete an event log entry. You may have an email notification sent to one or more addresses when an event occurs. You may change the event log’s retention period and export the event log’s content.
Chapter 11 Events and Event Logs • To add one or more unit groups, select the unit group(s) from the Available Unit Groups list, then click Add. The unit group(s) will be moved to the Selected Unit Groups list. • To remove one or more unit groups, select the unit group(s) from the Selected Unit Groups list, then click Remove. The unit group(s) will be moved to the Available Unit Groups list. Click Next. 7. The Completed Successful window will open. Click Finish. To change an email notification: 1.
Chapter 11 Events and Event Logs 2. Click the checkbox to the left of the notifications to delete. To select all notifications on the page, click the checkbox to the left of Email Subject at the top of the list. 3. Click Delete. You will be prompted to confirm the deletion. 4. Confirm or cancel the deletion. 11.2 Changing the Event Log Retention Period By default, an event log is retained for seven days (one week). You may specify a retention period of up to 365 days (one year).
DTX5000-CTRL, rev.
