In the previous blog (/ blogs / 2011/11/04 / NetScaler -Commande- center-5-0-extended-authentication-support-part-2-dual-mode-smooth authentication configuration /) we discussed the importance of smooth double authentication medium mode. Now let's move to the second part of the authentication extension in Command Center 5.0, which is adapted from Active Directory group level control.
level control of Active Directory custom group
Creating Groups AD:
- Step 1: Go authentication Settings under administrations
- Step2: Enter any AD server credentials and allow the extraction of group
- Step 3: Go to the groups under administration
- Step4: Click Add groups
- Step5 Select Browse and enter the credentials
- Step6: Select the groups you want to authenticate access to the CC functions and click OK
- Step7: Select the write-read run levels for the features you want CC for groups and click OK
- Step8: now you AD have created groups that are allowed to perform some level of CC appliance functions on
AD once these groups are created on the CC unit, the authentication and authorization process simplified.
Now, let's dig into the details on the impacts of the extraction of the AD Group the command center:
first, everything from the time a user enters user credentials to access the command center, until the time he has access to the command center, this is distinct for authentication and authorization
Reason1 :. Simplifies the work of the directors
It eradicates the manual process of assigning a specific group to a particular user from the active directory, every time a user accesses the external AD Command Center .
the flow of execution in NetScaler Command Center 4.1:
for more access to the user level on the functionality of the command center, admin had to manually assign users to all the different groups to the specific access level !!
now is a tedious job !!
The flow of execution in NetScaler Command Center 5.0 beta:
With this process, the administrator has not to specifically authorize each single external AD user who logs. authorization is done automatically when the user belongs to a particular AD group! J
Note that the AD server is just responsible for authentication. The authorization functions Command Centers is done by the control center only
REASON2 :. Restricted users without level permissions of read-write-execute
in CC 4.1, the default 'users' group for each AD user who logs in, used to finish by reading the operations command center. It was the same when the "User" group definition has no read-write performance of any level functions.
CC With 5.0, we can not absolutely deny the user access to all types of resources and operations until and unless it belongs to a group configured on the AD Command Center. means absolutely no read operation as well! If a user attempts to connect that exists in the current directory, but not on any of the AD groups Command Center, the user will be denied access, then.
REASON3 :. user convenience
With the AD Group extraction, users will be able to view details of the AD group on the CC unit
with this, we end part of the extended authentication support 3 blog and continue to blog with NetScaler Command Center 5.0 other key improvements next week.
0 Komentar