2.5
Table Of Contents
- ACE Management Server Administrator’s Manual
- Contents
- About This Book
- Introduction
- Planning an ACE Management Server Deployment
- Installing and Configuring ACE Management Server
- Configuration Options for ACE Management Server
- Prerequisites for Configuring the Server
- Starting ACE Management Server Configuration
- Viewing and Changing Licensing Information
- Using an External Database
- Creating Access Control
- Uploading Custom SSL Certificates
- Logging Events
- Applying Configuration Settings
- Load-Balancing Multiple ACE Management Server Instances
- Typical Setup Using Load-Balanced ACE Management Server Instances
- Install the Required Services for Load Balancing
- Use the Same SSL Certificate on All Servers
- Create New SSL Certificates and Keys for Each Server
- Installing and Configuring the Load Balancer
- Verify That ACE Instances Are Using the Load Balancer
- Managing ACE Instances
- Viewing ACE Instances That the Server Manages
- Search for an Instance
- Sort by Column Heading and Change Column Width
- Show, Hide, and Move Columns in the Instance View
- Create or Delete Custom Columns in the Instance View
- View Instance Details
- Reactivate, Deactivate, or Delete an ACE Instance
- Change a Copy Protection ID
- Reset the Authentication Password
- Add Information for Custom Columns
- Troubleshooting and Maintenance
- Appendix: Database Schema and Audit Event Log Data
- Glossary
- Index
ACE Management Server Administrator’s Manual
48 VMware, Inc.
QueryUserDomain–ThedomainmustbethedomainforwhichtheLDAP
hostisadomaincontroller.
AdminGroupDNandHelpDeskGroupDN–(Optional)Enterthe
distinguishednameforthesegroups,whichyoucreatedforthispurposein
ActiveDirectory(forexample,cn=Users,dc=simplecorp,dc=com).
Ifthisoptionisnotenabled,anyonewhologsintotheHelpDeskapplication
mustbeamemberoftheACE
Administratorsgroup.
HelpDeskRoleorGroupDN–CreatingaHelpDeskroleallowsyoutopermit
certainuserstoperformHelpDesktasksfromtheHelpDeskapplication.Usersin
thisrolecannotaccessotheradministrativetools.YoucanstilllogintotheHelp
DeskWebapplicationwithyouradministrative
LDAPcredentialsorlocal
Administratorpassword.
IfyoumakechangestotheinformationontheAccessControltab,youmustclick
ApplyorCancelbeforeyoucannavigatetoanothertab.
Uploading Custom SSL Certificates
TohaveACEManagementServerusecustomSSLcertificates,eitheryourown
self‐signedcertificatesorthoseofathird‐partyorinternalCA(certificateauthority),
usetheCustomSSLCertificatestabtouploadthePEM‐encodedfiles.
BeforeyoucanuploadcustomSSLcertificates,youmustcreateandrenamethe
certificatefiles.See“PrepareCustomSecurityCertificates”onpage 44.
Bydefault,duringACEManagementServerinstallation,thefollowingtwofilesare
created:
server.key–ThisRSA1024‐bitkeyistheprivatekey.
server.crt–Thisself‐signedcertificateisvalidfor10yearsfromthedateandtime
atwhichtheserverisinstalled.Itssignatureisverifiedbythepublickey,whichis
embeddedinthecertificate.ThecertificatefileisencodedinPEMformat.
WhenyourunanACEinstance,
theVMwarePlayerapplicationusesthecomplete
certificationchainthatisincludedinitspackage,notonthehost,toverifyconnections
madetoACEManagementServer.Therefore,theuseofself‐signedcertificatesis
adequateformostsecurityneeds.FormoreinformationabouthowVMwareACEuses
securitycertificates,see
“UsingSSLCertificatesandProtocol”onpage 21.
WhenyouclickUploadcertificates,asummarypagedisplaysthefilesandlocations
youspecifyonthistab.Notethelocationofanybackupfiles.Youmightneedtousethe
backupifyoufindthatthenewfileisinv alidwhenyou
clickApply.See“Restorea
BackupCopyofanSSLCertificate”onpage 72.