Embed Size (px)
Citation preview
TORNABORATE
Installation Guide
ID Audit Tracker
Release: 1.2.0
Date: August 2014
Installation Guide
Release 1.2 Page 2 www.tornaborate.net
1 Contents
2 ID Audit Tracker framework ................................................................................................................. 3
3 System Requirements and Limitation .................................................................................................. 4
4 Appliance import .................................................................................................................................. 5
5 Initial setup ........................................................................................................................................... 8
5.1 Configure an IP address ................................................................................................................ 8
5.2 First WEB setup configuration ...................................................................................................... 9
5.3 IDE SOAP configuration .............................................................................................................. 11
5.4 License Management ................................................................................................................. 13
5.5 Support Request ......................................................................................................................... 14
Installation Guide
Release 1.2 Page 3 www.tornaborate.net
2 ID Audit Tracker framework
The ID Audit Tracker is designed to collect Syslog messages from Avaya Ignition server by extracting rel-
evant information and storing into a relational data base.
The user can access the IDAT by WEB access . The login credentials are validated against the Ignition
server. The WEB interface is based on Ajax and requires a state-of-the-art browser.
A dynamic MAC address insertion to the Ignition server is offered if a failed authentication is recognized.
Remark: Any file import and export is encrypted and uses file integrity. If you provide a password, it
will be used in addition to protect the content.
Installation Guide
Release 1.2 Page 4 www.tornaborate.net
3 System Requirements and Limitation
The product is designed to be hosted under VMware ESXi 5.x server and above only. Other hypervisor
may work as well but official support is considered based on customer demand.
Hypervisor: VMware ESXi 5.x
VMware Workstation 9.x and above (for demo and testing propose only)
Virtual Box 4.x (for demo and testing propose only)
Virtual Machine requirements
* 2 GB RAM
* 2x 16 GB virtual HDD
* 1 Network adapter
Ignition: Avaya Ignition Server release 8.x and 9.x
Browser: Firefox 21.x and above
Internet Explorer 10 and above
Chrome 33.x and above
Safari 5.x and above
Opera 12.x and above
Java Script support required
Installation Guide
Release 1.2 Page 5 www.tornaborate.net
4 Appliance import
The ID Audit Tracker (IDAT) appliance is packaged for ESXi 5.x hypervisor platform for VMware and will
be delivered as single Open Virtual Appliance (OVA) file called ID-Audit-Tracker_1.2.0.ova. It can be
downloaded from the WEB site http://www.tornaborate.net/IDAT/ID-Audit-Tracker_1.2.0.ova.
With the vSpeher client from VMware you connect to your ESX(i) server or vCenter environment. As
next you have to start the appliance import by selecting the menu entry File and then Deploy OVF Tem-
plate list entry in the pull down menu.
By clicking on this menu entry a wizard starts to guide you through the import of the appliance. The first
step is to select the OFV file of the appliance set. Going forward with Next button shows you a short
summary of the appliance as well as information concerning the of disk space utilization.
Installation Guide
Release 1.2 Page 6 www.tornaborate.net
After pressing again Next button you have to read carefully the End User License Agreement(EULA) and
press the Accept button if you in line with the legal requirements. Provide a clear and unique name for
the Virtual Machine (VM).
The next wizard dialog is asking to set the VM to the right place in the resource pool hierarchy. If you are
not sure, put the VM to the top without using a pool assignment. The second screenshot shows the
choice of data store where the VM file will be hosted. Take care that enough free space is available. The
appliance requires less than 30 GB in total.
Installation Guide
Release 1.2 Page 7 www.tornaborate.net
Virtual hard disk can be used in two up to three styles of operation. We recommend to use one of the
thick provision, because thin provisioning can badly impact the performance behavior of the VM. In the
network mapping dialog you have to select the right port group where the IDAT should be connected to.
Finally you will get a summary of all settings. If you are in confidence that all is well-defined, you can
start the import process by pressing the Finish button. A small process bar appears to show the import
status.
Installation Guide
Release 1.2 Page 8 www.tornaborate.net
5 Initial setup
Once the import process is completed, you can power on the VM by selecting the VM and symbol .
You should see the boot up process on the console by selecting the Console tab.
5.1 Configure an IP address
The VM is configured without IP address. It have to be configured manually by connecting to the console
of the VM. With the login admin and password admin you get a menu. Its required to setup all red
marked menu entries. Please change as well the admin password to make your IDAT save. Don't forget
to apply the changes with 8 before you leave the menu with 9!
Installation Guide
Release 1.2 Page 9 www.tornaborate.net
5.2 First WEB setup configuration
Just calling the IP address will redirect you to an HTTPs connection with a warning that the connection is
untrusted. The reason for this is a self signed certificate from the IDAT. Please use the Understand the
Risk option to add an exception for this WEB site. Login with the default user name admin with pass-
word admin. This is the only one which provides local access without Radius authentication. Go to the
Setup section to make the required initial configuration.
In the System setup area you have to update the admin password for security reasons. Take care that
the new password is complex and unique.
Please note, the password of the super admin account cannot be recovered
and would require a new installation of IDAT in case of loss!
Installation Guide
Release 1.2 Page 10 www.tornaborate.net
Provide as next an NTP server and use the test button to validate whether the time synchronization
works properly. The Radius server IP and shared secret is required to fully support IDAT user login via
Radius.
IDAT user accounts need to be setup in the Radius server, The permission level is determinate by the
Service-Type attribute. The values are mapped to following authorization level:
7 Read only access (see the events and statistics)
6 Administrative access (enabled to change system settings)
5 Super user access (full access)
All other values will fail and the respective user won't access to the IDAT WEB interface. The user name
will be displayed in specific color to give you an indication which access level is granted to the user.
Each user can select his preferred language for the web
site. Initial language is the browser default language, but it
can be overwritten by the user choice.
As well is the user able to choose the preferred skin too.
This settings are stored for each particular user.
Installation Guide
Release 1.2 Page 11 www.tornaborate.net
5.3 IDE SOAP configuration
For the support of MAC address registration it is required to setup the SOAP interconnect with the
Avaya Ignition server. An Avaya Guest Manager license is required to activate the feature on Ignition
server. Please enter the IP address of the SOAP service on Ignition server is bonded. Often Radius server
IP will also used for the SOAP service.
The following figure shows the Dashboard from the Avaya Ignition Server where you have to enable and
configure the service.
If the SOAP interface enabled is required to fully configured the Guest Manger. Please be referred to the
Avaya Guest Manager Configuration guide.
Installation Guide
Release 1.2 Page 12 www.tornaborate.net
Please make sure that a local provisioner account exists which is entitled to create device (MAC ad-
dresses) records. Provisioner accounts based on backend databases like Active Directory are not sup-
ported in this release.
The test button will help you to validate if all settings work well against the Ignition server.
Installation Guide
Release 1.2 Page 13 www.tornaborate.net
5.4 License Management
Finally you have to provide a license to be entitled to use the IDAT VM and get the right support. The
Universal Unique Identifier (UUID) identifies your IDAT VM and is the reference for the license. To re-
quest a license, please ask you partner or contact [email protected].
Right after starting the IDAT the first time, you will find a built-in 30 day trail license with all enabled
capabilities. You can apply you personalized license at any time. If the evaluation license expires, IDAT
will still log all information into the database but will not show it in the WEB interface any more until a
valid license is applied.
If you get a license, please don't modify the content, because it would corrupt the license. It could not
be imported any more. The loading procedure can be triggered by pushing the Load new license file
button.
As result you should see the licenses listed like this:
Installation Guide
Release 1.2 Page 14 www.tornaborate.net
5.5 Support Request
If you are in trouble with your IDAT system you are able to create a support file, which will collect rele-
vant system status information as well as internal LOG files.
In addition it can be useful to take a data base backup. Providing a password makes sure that only the
vendor can decrypt the content. You should choose an independent or secure channel to transfer the
password.
