2.7

ManualsBrandsVMware ManualsComputer equipmentACE

Table Of Contents

ACE Management Server Administrator’s Manual

ACE Management Server Administrator’s Manual

34 VMware, Inc.

Ifyouareupgradingtheserverfromthepreviousrelease,thedatabaseschemaisupgradedautomaticallyand

youdonotloseyourpreviousdata.Theupgradeisperformedonthefirststartoftheupgradedserver,even

ifyoudonotrerunthesetupapplication.

Ifyoumakechangestothe

informationontheDatabasetab,youmustclickApplyorCancelbeforeyoucan

navigatetoanothertab.

Creating Access Control

OntheAccessControltab,youcancreatealocalAdministratorroleandHelpDeskroleoruseActive

Directoryforauthenticatinguserswiththeseroles.

BeforeyoucanconfiguretheACEManagementServertouseadomainaccountforauthentication,youmust

createusersandgroupssothatACEManagement

ServercanconnecttotheLDAPserver.See“CreateUsers

andGroupsforIntegrationwithActiveDirectory”onpage 27.

Usethefollowinginformationtohelpyoucompletethefieldsforauthentication:

 Localaccount–IfyouspecifyapasswordfortheAdministratorroleandforgetorloseit,youmustdelete

theserverconfigurationfile.Deletingthisfilesetstheserverbacktoitsinitialstate.Youmustreconfigure

theserverandsettheadministratorpasswordagain.

See“DeletetheServerConfiguration

FileandSetaNewAdministratorPassword”onpage 50.

 Domainaccount(LDAP)–TouseActiveDirectoryforauthentication,specifythehostandcredentials

thattheACEManagementServerusestoconnecttoandquerythedomaincontroller:

 HostName–Enterafullyqualifieddomainname(forexample,ldap.vmware.com)insteadofanIP

addressorhostnamewithnoparentdomainname(forexample,ldap).

 QueryUsersAMAcountNameandQueryUserPassword–Usethepasswordandshortnamefor

theuseraccountyoucreatedforthispurposeinActiveDirectory.

 QueryUserDomain–ThedomainmustbethedomainforwhichtheLDAPhostisadomain

controller.

 AdminGroupDNandHelpDeskGroupDN–(Optional)Enterthedistinguishednameforthese

groups,whichyoucreatedforthispurposeinActiveDirectory(forexample,

cn=Users,dc=simplecorp,dc=com).

Ifthisoptionisnotenabled,anyonewhologsintotheHelpDeskapplicationmustbeamemberof

theACE

Administratorsgroup.

 HelpDeskRoleorGroupDN–CreatingaHelpDeskroleallowsyoutopermitcertainuserstoperform

HelpDesktasksfromtheHelpDeskapplication.Usersinthisrolecannotaccessotheradministrative

tools.YoucanstilllogintotheHelpDeskWebapplicationwithyouradministrative

LDAPcredentialsor

localAdministratorpassword.

IfyoumakechangestotheinformationontheAccessControltab,youmustclickApplyorCancelbeforeyou

cannavigatetoanothertab.

Uploading Custom SSL Certificates

TohaveACEManagementServerusecustomSSLcertificates,eitheryourownself‐signedcertificatesorthose

ofathird‐partyorinternalCA(certificateauthority),usetheCustomSSLCertificatestabtouploadthe

PEM‐encodedfiles.

BeforeyoucanuploadcustomSSLcertificates,youmustcreateandrenamethe

certificatefiles.See“Prepare

CustomSecurityCertificates”onpage 32.