Advanced Networking Services Guide
Table Of Contents
- vCloud Air Advanced Networking Services Guide
- Contents
- Preface
- Introducing Advanced Networking Services for vCloud Air
- Advanced Routing for vCloud Air
- Certificate and Security Group Management
- Network Security and Isolation
- Load Balancing
- Secure Access Using Virtual Private Networks
- IP Service Management: NAT and DHCP
- Index
Add an Authentication Server
Instead of a local user, you can add an external authentication server (AD, LDAP, RADIUS, or RSA) which
is bound to the SSL gateway. All users with accounts on the bound authentication server will be
authenticated.
The maximum time to authenticate over SSL VPN is 3 minutes. This maximum is set because the non-
authentication timeout is 3 minutes; the non-authentication timeout value is not configurable.
NOTE Users will not be authenticated when either of the following conditions occur:
n
The AD authentication timeout is set to more than 3 minutes.
n
The environment has multiple authentication servers in chain authorization and user authentication
takes more than 3 minutes.
Procedure
1 Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI.
See “Log In and Navigate to Advanced Networking Services,” on page 9 for information.
2 Click the SSL VPN-Plus tab and Authentication.
3
Click the Add (
) icon.
The Add Authentication Server dialog box appears.
4 Select the type of authentication server—AD, LDAP, RADIUS, RSA-ACE, or LOCAL.
5 Depending on the type of authentication server you selected, complete the following fields.
n
AD and LDAP authentication servers
Table 6‑1. AD and LDAP Authentication Server Options
Option Description
Enable SSL Establishes an encrypted link between a Web server and a browser.
IP Address The IP address of the authentication server.
Port Displays the default port name. Edit if required.
Timeout The time in seconds within which the AD server must respond.
Status Enables or disables the server.
Search base Part of the external directory tree to search. The search base can be equivalent to the
organization, group, or domain name (AD) of the external directory.
Bind DN Permits users on the external AD server to search the AD within the defined search
base. Typically, the bind DN option permits users to search the entire directory. The
bind DN option allows users to query the directory using the query filter and search
base for the DN (distinguished name) of authenticating AD users. When the DN is
returned, the DN and password are used to authenticate the AD user.
Bind Password The password to authenticate the AD user.
Retype Bind
Password
Verifies the password to authenticate the AD user.
Login Attribute
Name
The name against which the user ID entered by the remote user is matched. For Active
Directory, the login attribute name is sAMAccountName.
Search Filter Filters the values used to limit the search. The search filter format is attribute operator
value.
vCloud Air Advanced Networking Services Guide
54 VMware, Inc.