SSH Tectia

SSH Tectia® Manager 6.1

Administrator Manual

Tectia Corporation

This software is protected by international copyright laws. All rights reserved. Tectia® and ssh® are registered trademarks of Tectia Corporation in the United States and in certain other jurisdictions. The Tectia and SSH logos are trademarks of Tectia Corporation and may be registered in certain jurisdictions. All other names and marks are property of their respective owners.

No part of this publication may be reproduced, published, stored in an electronic database, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, for any purpose, without the prior written permission of Tectia Corporation.

THERE IS NO WARRANTY OF ANY KIND FOR THE ACCURACY OR USEFULNESS OF THIS INFORMATION EXCEPT AS REQUIRED BY APPLICABLE LAW OR EXPRESSLY AGREED IN WRITING.

For Open Source Software acknowledgements, see appendix Open Source Software License Acknowledgements in the Product Description.

15 April 2011


Table of Contents

1. About This Document
Component Terminology
Documentation Conventions
Operating System Names
Directory Paths
Customer Support
2. Installing Management Server
Planning the Management Server Installation
System Requirements of Management Server
Security Precautions
Preparing for Installation
Installing the Management Server Software
Installing on Linux
Installing on Solaris
Using an Oracle Database
Initial Configuration for Management Server
Directory Structure of the Management Server
Files Created during Installation
Files Created during Initial Configuration
SSH Tectia Manager Configuration File
Using Custom Certificate for Administration Interface
Defining Login Banner Message for Administration Interface
Upgrading SSH Tectia Manager
Upgrading SSH Tectia Manager with Sybase Database
Upgrading SSH Tectia Manager with Oracle Database
Upgrading SSH Tectia Manager with SSH Tectia MFT Auditor Functionality
Removing the Management Server
Removing from Linux
Removing from Solaris
3. Getting Started with SSH Tectia Manager
Using the Administration Interface
Logging In as Superuser
Changing the Superuser Password
Changing the Superuser Timezone
Logging Out
Creating Host Views
Creating Host Groups
4. Managing Administrators
Managing Admin Accounts
Creating a New Admin Account
Editing an Admin Account
Deleting an Admin Account
Changing the Administrator Passwords
Changing the Administrator Timezones
Managing Admin Groups and Permissions
System Permissions
Host-Group Management Rights
Creating a New Admin Group
Editing an Admin Group
Deleting an Admin Group
Configuring Extended Admin Authentication
Configuring LDAP Authentication Parameters
Configuring Certificate Authentication Parameters
Configuring Authentication Settings
Viewing the Audit Logs on Admininistrator Actions
5. Installing Management Agents
Planning the Management Agent Installation
System Requirements of the Management Agent
Installation Options
After Installation
Managing Initial Configuration Blocks (ICBs)
Creating ICBs
Downloading ICBs
Editing ICBs
Expiring ICBs Manually
Installing Management Agents
Installing Manually on Linux
Installing Manually on Solaris
Installing Manually on AIX
Installing Manually on HP-UX
Installing Manually on Windows
Using Third-Party Software Deployment Tools
Upgrading Management Agents Remotely
Directory Structure of the Management Agent
Unix Platforms
Windows
Removing the Management Agent Manually
Removing from Linux
Removing from Solaris
Removing from AIX
Removing from HP-UX
Removing from Windows
6. Distributed Environment
Managing a Distribution Server hierarchy
Deploying a Distribution Server hierarchy
Adding a Distribution Server
Distribution Server settings
7. Managing Hosts
Managing Host Views
Creating Host Views
Renaming Host Views
Deleting Host Views
Managing Host Groups
Creating Host Groups
Renaming Host Groups
Moving Host Groups
Deleting Host Groups
Host Grouping
Managing Auto-Assign Rules
Managing the Host Groupings Manually
Advanced Host Search
Viewing Host Info
Logs
Configuring the Syslog Facility for Management Agent (Unix)
Collecting and Viewing SSH Tectia Server Logs
Viewing the Event Logs
Viewing the Audit Logs
Reports
Viewing Reports
Viewing System Statistics
Viewing Host Summary Reports
Viewing Application Connection License Usage
8. Installing SSH Tectia on the Managed Hosts
Importing SSH Tectia Packages into SSH Tectia Manager
Importing SSH Tectia Installation Disk Contents
Importing a Single SSH Tectia Installation Package
Importing Downloaded Update and Upgrade Packages
Importing SSH Tectia Connector Application Connection Licenses
Installing SSH Tectia Remotely via SSH Tectia Manager
Installing SSH Tectia Client via SSH Tectia Manager
Installing SSH Tectia ConnectSecure via SSH Tectia Manager
Installing SSH Tectia Server via SSH Tectia Manager
Installing SSH Tectia Connector via SSH Tectia Manager
Upgrading SSH Tectia Remotely via SSH Tectia Manager
Upgrading SSH Tectia Client and Server from 4.x to 5.x-6.x
Removing SSH Tectia Remotely via SSH Tectia Manager
9. Configuring SSH Tectia Product Settings
Configuring SSH Tectia
Configuration Options
Configuration Task Flow
SSH Tectia Configuration Commands
Advanced XML Configuration
Configuring SSH Tectia Connector 5.3
Global Tunneling Settings
Tunneling Parameters
Application Definitions
Tunneling Policy Rules
SSH Tectia Connector Configuration File
Configuring Management Agent
Viewing and Comparing Configurations
Assigning Configurations per Group
Deploying Configurations
Configuring Authentication Settings
Configuring PKI Settings for CA
Managing Host Authentication
User Certificate Authentication
Other Host Management Options
Stopping and Starting Secure Shell Servers Remotely
10. Maintaining Management Server
Viewing the Server License
Backing Up Configuration Data and Database Files
Creating a Backup
Restoring a Backup
Managing Logs
Configuring the Syslog Facility for Management Server
Deleting or Downloading Logs
Recreating Superusers
Changing External Database Password
Exporting Information from Database
Changing Management Server DNS Address
11. Troubleshooting
Troubleshooting Management Server and Management Agent
Problems with Management Server
Problems with Management Agents
Problems with LDAP Authentication
A. Advanced Information
SSH Tectia Manager Components
Management Server
Management Agent on Unix
Management Agent on Windows
Management Server Log Collection Process
Host Key Distribution Process
Default Ports
Automatic Initial Deployment
Activating Automatic Initial Deployment
Installing Remotely
B. Supported Configuration Options
SSH Tectia Configuration Options
Client
Server
Client XML
Server XML
Management Agent
SSH Tectia Connector
Policy rules
Application definitions
Tunneling Parameters
Global Settings
C. Log Messages
Index