2.5
Table Of Contents
- ACE Management Server Administrator’s Manual
- Contents
- About This Book
- Introduction
- Planning an ACE Management Server Deployment
- Installing and Configuring ACE Management Server
- Configuration Options for ACE Management Server
- Prerequisites for Configuring the Server
- Starting ACE Management Server Configuration
- Viewing and Changing Licensing Information
- Using an External Database
- Creating Access Control
- Uploading Custom SSL Certificates
- Logging Events
- Applying Configuration Settings
- Load-Balancing Multiple ACE Management Server Instances
- Typical Setup Using Load-Balanced ACE Management Server Instances
- Install the Required Services for Load Balancing
- Use the Same SSL Certificate on All Servers
- Create New SSL Certificates and Keys for Each Server
- Installing and Configuring the Load Balancer
- Verify That ACE Instances Are Using the Load Balancer
- Managing ACE Instances
- Viewing ACE Instances That the Server Manages
- Search for an Instance
- Sort by Column Heading and Change Column Width
- Show, Hide, and Move Columns in the Instance View
- Create or Delete Custom Columns in the Instance View
- View Instance Details
- Reactivate, Deactivate, or Delete an ACE Instance
- Change a Copy Protection ID
- Reset the Authentication Password
- Add Information for Custom Columns
- Troubleshooting and Maintenance
- Appendix: Database Schema and Audit Event Log Data
- Glossary
- Index
ACE Management Server Administrator’s Manual
10 VMware, Inc.
InformationaboutWindowsdomainuseraccountstatesisprovidedinclearand
usefulmessages.Reasonsforloginfailuresarepresentedas“lockedout”or
“passwordexpired.”
ACEManagementServeractsasanActiveDirectorypasswordchangeproxy.
YoucanusetheinstancecustomizationfeatureinACEwithyourownestablished
namingconventionstoassociateuserswithmachines.
Securityfeaturesincludethefollowing:
EncryptedcommunicationsbetweenserverandclientstraveloverHTTPStraffic.
Passwordsarestoredsecurelyinhashedforminthebackingstore.
FlexibledatabaseoptionsallowuseofanembeddeddatabaseorexternalRDBMS
tostoreACEinstancedataandpolicies.
ACEManagementServeriseasytoinstallandconfigure.Clienttrafficcanbeproxied
byeasilyavailableproducts.Theserveruseseasilyavailablesoftwarecomponents:
ApacheWebserver2.0
ThedefaultSQLitedatabasestore
Theserversetupusesindustry‐standardprotocols:
HTTPSandLDAP
XML‐RPCformessageencapsulation
ACEManagementServeroffersextensibilityandavailability:
YoucancreateandusemorethanoneACEManagementServer.Whenyouuse
morethanoneserver,youcansettheserversupsothattheysharethesame
databaseforloadbalancingorincreasedfaulttolerance.
AWindowsACEManagementServercanbeonthesamesystemasWorkstation.
YoucandesignateasingleACEManagementServername,suchas
https://ace.policyserver.company.com,anduseDNSlookuptotranslate
thehostnametoanaddress.TheaddressiscachedifaDNSserverisnotavailable.
Additionally,youcanusedifferentACEManagementServerinstancesifusers
travelbetweenofficesin
differentgeographiclocations.
N
OTEYourservernamemustbeeitherthemachinenameinEnglishorthe
IP address.Internationalcharactersarenotsupported.