Adobe Primetime Adobe Primetime DRM On Premises Individualization Server Guide
|
|
- Lesley May
- 6 years ago
- Views:
Transcription
1 Adobe Primetime Adobe Primetime DRM On Premises Individualization Server Guide
2 Contents Adobe Primetime DRM On Premises Individualization Server Guide...3 Software Requirements...3 Code Delivery / Package Contents...3 Obtain Individualization Server Certificates...3 Server Configuration...4 Server Properties...4 Monitoring...12 Update the License Server WAR File...12 Generate the On Premises DRM Metadata...13 Client Integration...13 Sample Client Requests...13 FAQ...14 Copyright...15 Last updated 9/26/2016 Adobe Primetime DRM On Premises Individualization Server Guide
3 3 Adobe Primetime DRM On Premises Individualization Server Guide Software Requirements Tomcat 6 JDK 1.8 Code Delivery / Package Contents The Adobe Primetime DRM On Premises Individualization Server package contains the following: flashaccess.war - The Individualization Server flashaccess-kgs.war - The optional Key Generation Server /shared - Contains: adobe-flashaccess-certs.jar AdobeInitial.properties - Sample properties file thirdparty/ - Includes Crypto-J support as native libraries: libjsafe.so (Linux) jsafe.dll (Windows) adobe-flashaccess-i15n-setup.jar - A utility for encrypting server credential passwords ROOT - contains a crossdomain.xml file ECI cache files - Pre-downloaded addindivcert.py - A script for updating a License Server s root of trust to support On Premises individualizations CreateMetadata.jar - A utility for creating On Premises DRM Metadata client_sample/ - A folder with a client code snippet Release Notes - For any last minute additions to the documentation Obtain Individualization Server Certificates To use the On Premises Individualization Server, you must first obtain two digital credentials (certificates): Individualization Transport Credential - issued by Adobe Individualization CA Credential - issued by Symantec (VeriSign) To obtain these certificates: Please submit a request via Zendesk ticket to: Please note that these credentials are in addition to the credentials required for operating a Primetime DRM License Server.
4 4 Server Configuration Server Properties You must configure server properties to reflect your environment. You can do this using any of the following: flashaccess-i15n.properties - Samples included in each of the.war files AdobeInitial.properties - Sample located in the /shared folder on the DVD You can use this file to override the properties set in the WAR file as follows: 1. Set the overriding property values in AdobeInitial.properties 2. Place AdobeInitial.properties on the classpath. Note: Adobe recommends that you make use of the AdobeInitial.properties file, since this allows you to update your application WAR files without risking the loss of any previous property configuration setup you may have done in the flashaccess-i15n.properties file. The Java System property mechanism. Apply properties to server environments You can apply individual properties to these specific server environments: Development Staging Production With this capability, you can use the same WAR file for all server environments. To apply properties to specific environments, do the following: Append two underscore characters (' ') plus one of the following environment codes to the property name: DEV STAGE PROD For example, to set the log level to INFO for your production and staging servers, and to DEBUG for your development server: log.level=info log.level DEV=DEBUG The server employs this search order for properties: 1. propertyname_environment in AdobeInitial.properties 2. propertyname_environment in flashaccess-15n.properties 3. propertyname_environment in Java System properties 4. propertyname in AdobeInitial.properties 5. propertyname in flashaccess-15n.properties 6. propertyname in Java System properties
5 5 Note: You must specify the server s environment name as a Java System property when starting the server. For example, when starting Tomcat with catalina.bat, set the CATALINA_OPTS environment variable as follows: -DENVIRONMENT_NAME=[ DEV STAGE PROD ] Encrypt Passwords The properties files include several password values that you should not enter as plain text. Encrypt these values using the following command: java -jar adobe-flashaccess-i15n-setup.jar password This command will output an encrypted password, which you then use in the properties files. Note: This is not the utility used for encrypting License Server passwords. Server Properties Reference Table 1: Individualization Server Configuration Transport Credential Individualization CA Credential Individualization Encryption Credential Content Cache Description The transport credential is used to decrypt requests received from the client and sign the responses sent back. Be sure to configure the AdobeInitial.properties file appropriately with both the path to the transport credential file, as well as the encrypted PKCS12 password. The Individualization server uses the Individualization CA credential to sign the machine certificates that it issues. Be sure to configure the AdobeInitial.properties file appropriately with both the path to the I15N CA credential file, as well as the encrypted PKCS12 password. The Individualization server uses the Encryption credential to encrypt sensitive files that need to be transmitted to the Individualization servers. For example, this cert supports license migration and is also used to encrypt the DRM private keys for the Individualization servers. These settings control the location from which the Individualization server downloads content and where the content is cached on disk. The Individualization Example cert.i15n.transport.file = [PKCS12 file containing the Individualization Transport cert and key] cert.i15n.transport.password = [Encrypted password for PKCS12 file] cert.i15n.ica.file = [PKCS12 file containing the Individualization CA cert and key] cert.i15n.ica.password = [Encrypted password for PKCS12 file] cert.i15n.decryption.file=i15n_transport.pfx cert.i15n.decryption.password=password contentserver.localdirectory = [Directory in which to store local content (normally tomcat/temp)]
6 6 Configuration Individualization CA CRL Description server will check the content server for new content once at startup, then at the frequency/time specified by these properties. For the On Premises Individualization Server, we have included an initial set of content cache data. Be sure to copy the CONTENTS of the cache folder (not the cache folder itself) to the configured AdobeInitial.properties contentserver.localdirectory location. Example contentserver.server = [Web server to contact for ECI info (unsupported in this release)] contentserver.timeout = [Connection timeout, in seconds] contentserver.pollfrequency = [How frequently to poll the server, in days (minimum is 1 day)] contentserver.polltime = [Time of day to poll the server, in minutes since midnight] Please be sure to read the section CRL and ECI Files about keeping the cache up to date. This Certificate Revocation List (CRL) cert.machine.crldp = [CRL distribution point is included within each distribution point] machine certificate issued by the For example: Individualization server. During machine cert.machine.crldp DEV= certificate validation on the license server, the CRL will be downloaded from the CRL/onprem-individualization-ca.crl distribution point listed in the certificate The License Server should automatically (or read from the cache if already downloaded) and checked to be sure the certificate has not been revoked. It is recommended to perform this server configuration change after going through the process of creating and deploying the Individualization CA CRL. Restart the Individualization server after any configuration change. To set the URL for the CRL distribution point, you will need to set the AdobeInitial.properties cert.machine.crldp field. download this CRL, once a license request is handled. Note: This distribution point is not checked by Primetime DRM for validity. You must verify that this URL is valid. Errors resulting from an invalid URL will not appear until validation errors appear from the license server. Logging Configure the AdobeInitial.properties for logging as necessary. adobe.weblogs.loc = [Directory where log files will be created] log.level = [The lowest level of log messages which may appear in the logs [DEBUG INFO] ] log.filename = [Prefix for log files. Date/time and ".log" extension will be added to the filename] log.rollinterval = [Specifies how frequently the logs are rolled.]
7 7 Configuration Other Description Example log.rollsize = [Roll the logs when they reach this size (Logs will roll when either the RollInterval or RollSize is reached, whichever comes first)] log.reportlogging.enabled =[ [true false ] Specifies whether a separate file should be generated which contains data used by Adobe to generate Individualization reports.] log.reportlogging.filename = [Prefix for report log files. Date/time and.log extension will be added to the filename. The log.level property does not apply to this log file, but log.rollinterval and log.rollsize do.] deviceinfo.key = [Encrypted Base64 encoded key used to HMAC device info before including it in the machine token. The key can be different for the Dev/Staging/Production environments, but must be the same for all servers in a particular environment. ] keys.kgs.server = [Location of Key Gen Server (a single host/port, representing a pool of key servers) ] keys.minqueuesize = [Fetch another batch of keys from the KGS when there are this many keys left in the queue] status.timeout = [Status page will ping the KGS to determine if it can reach the server. It will time out if a response isn t received back in the specified amount of time.] Key Generation Server Configuration Key Generation Description Example kgs.threads = [Number of threads to use to generate keys (should equal the number of processors available on the machine)] kgs.batchsize = [Number of keys to generate per batch] kgs.keydirectory = [Directory in which to store key batch files] kgs.maxqueuesize = [Maximum number of key batch files to generate]
8 8 Configuration Logging Description Example adobe.weblogs.loc = [Directory where log files will be created] log.filename = [Prefix for log files. Date/time and.log extension will be added to the filename] log.level = [The lowest level of log messages which may appear in the logs] log.rollinterval = [Specifies how frequently the logs are rolled.] log.rollsize = [Roll the logs when they reach this size (Logs will roll when either the RollInterval or RollSize is reached, whichever comes first)] Create Individualization CA CRL This Certificate Revocation List (CRL) distribution point is included within each machine certificate issued by the individualization server. During machine certificate validation on the license server, this CRL will be downloaded from the distribution point listed in the certificate (or read from the cache if already downloaded) and checked to be sure the certificate has not been revoked. Note: To set the URL for the CRL distribution point, you will need to set the AdobeInitial.properties cert.machine.crldp field. This distribution point is not checked by Primetime DRM for validity. You must verify that this URL is valid. Errors resulting from an invalid URL will not become apparent until validation errors appear from the license server. Outlined below are simplified, sample instructions for using OpenSSL to create CRLs that your license server can consume. Adobe recommends that you perform these steps in a secure fashion and environment, once a Production Individualization CA credential has been obtained. 1. Change the working directory to the create_crl directory included in this distribution. 2. Copy your Individualization CA pfx to the same create_crl directory. The subsequent steps assume that the Individualization CA pfx is named i15n.pfx. Adjust as appropriate for your setup. 3. Extract the Individualization CA pfx file s private key. openssl pkcs12 -ini15n.pfx -nocerts -out i15n_priv.pem 4. Convert the private key to pksc8 format. openssl pkcs8 -topk8 -in i15n_priv.pem -inform pem -out i15n_pk8.pem -outform pem -nocrypt 5. Generate the CRL. openssl ca -keyform pem -keyfile./i15n_pk8.pem -cert i15n.pem -gencrl -out onprem-individualization -ca.crl This example creates a CRL with a default 1 month validity period. Use the -crldays and -crlhours options to override the default values. Generating a CRL uses the index and crlnumber file pointed to in your openssl.conf. By default, the democa location in the working directory is used. Sample index and crlnumber files are included in the supplied democa directory.
9 9 6. Deploy the CRL file generated in the previous step to a suitable location that is reachable by the license server (for example: individualization server ROOT). 7. Restart the license server, once the CRL is in place. Configure the Path and Classpath The flashaccess.war contains jsafewithnative.jar, which is the Crypto-J library. The latter requires an additional native library to perform crypto operations. 1. Add the native jsafe library to your path. Linux / libjsafe.so - The directory containing libjsafe.so must be on the Path (native Crypto-J libraries are also available for other platforms). For example, set libjsafe.so on LD_LIBRARY_PATH. Windows / jsafe.dll - The counterpart on Windows to libjsafe.so is the appropriate jsafe.dll. These libraries are available to you in the thirdparty library folder. 2. Put one of the adobe-flashaccess-certs jar files on the classpath. This JAR file is not included in the WAR file; you must add it explicitly to the classpath. Development servers - Should only use adobe-flashaccess-certs-prerelease.jar. Production servers - Should only use adobe-flashaccess- certs.jar. The disstribution includes a shared folder that includes both the jar file as well as a pre-configured AdobeInitial.properties file. Adobe recommends that you add these items to the common.loader via the catalina.properties file. For example: common.loader=<any Pre-Existing Values>,${catalina.home}/shared/classes,${catalina.home}/shared/lib/*.jar Configure Tomcat On the Individualization server, modify Tomcat s conf/server.xml file to include additional information in the access log. You can use this information for reporting purposes. 1. Locate the configuration for the AccessLogValve in server.xml and modify the pattern as shown here: <Valve classname="org.apache.catalina.valves.accesslogvalve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="%h %{x-forwarded-for}i %l %u %t "%r" %s %b %{request-id}r" resolvehosts="false"/> %{x-forwarded-for}i will record the value of the x-forwarded-for header. If you use an Apache reverse proxy to forward requests to the Tomcat server, this header will contain the original client's IP address, whereas %h records the Apache server s IP address. %{request-id}r will record the request identifier, which corresponds to the request ID contained in the Individualization application log. 2. Edit conf/server.xml and set the unpackwars property to false. For both the Individualization and Key Generation servers, it is a good idea to edit conf/server.xml and set the unpackwars property to false. Otherwise, when you update the WARs, you may have to clean out the unpacked WAR folders as well. Note: Future DRM clients will require you to enable and configure the CORS (Cross-Origin Resource Sharing) filter that is available for Tomcat. Currently, no DRM clients have this requirement.
10 10 Deploy the WAR files 1. Copy the WAR file to Tomcat s webapps directory. Individualization Server: flashaccess.war Key Generation Server: flashaccess-kgs.war 2. Copy the ROOT folder from the package provided by Adobe to the webapps directory. The Individualization server also needs to host the crossdomain.xml file. (The ROOT folder contains the crossdomain.xml file; ROOT must be in all caps.) The Key Generation server does not require this file. Firewall Rules To secure access to the Individualization server, only certain application paths need to be exposed. The Individualization server must accept requests from clients to these paths: /flashaccess/i15n/* /flashaccess/status /crossdomain.xml Service paths, such as /flashaccess/admin/* (i.e., status and admin pages) must only be accessible from within the firewall. No parts of the Key Generation Server should be accessed from outside the firewall. About CRL Files In order to properly function, Individualization and License servers need to have several Certificate Revocation List (CRL) files cached to disk on the running application server (e.g., Tomcat). New CRL files have to be downloaded and cached on disk on a regularly scheduled basis. If the validity period of CRL files on disk are allowed to lapse, the Individualization Server will refuse to individualize clients, and the License Server will refuse to issue licenses. The CRLs cached to disk must have file names that match the corresponding URLs. Special characters such as colons ':' and '/' slashes are converted to underscores '_' in the file names. The following is a list of externally hosted CRLs that are used by both the Individualization and License Servers: Intermediate CRL: URL: File: http crl2.adobe.com_adobe_flashaccessintermediateca.crl Validity: Good for approximately 12 months from creation Root CRL: URL: File: http crl2.adobe.com_adobe_flashaccessrootca.crl Validity: Good for approximately 5 years from creation Latest CRL: URL: File: http crl3.adobe.com_adobesystemsincorporatedflashaccessruntime_latestcrl.crl Validity: Good for approximately 3 months from creation The following are externally hosted CRLs that are used only by the License Servers:
11 11 URL: File: http crl2.adobe.com_adobe_flashaccessindividualizationca.crl Validity: Good for approximately 3 months from creation URL: File: http individualization-crl.primetime.adobe.com_flashaccessindividualizationca.crl Validity: Good for approximately 3 months from creation URL: File: http individualization-crl.s3-website-us-east-1.amazonaws.com_flashaccessindividualizationca.crl Validity: Good for approximately 3 months from creation In addition to the aforementioned CRLs, you must create and maintain an additional CRL. This is the Individualization CA CRL, as specified in the Create Individualization CA CRL section of this document. CRLs are scheduled to be updated 45 days before they are to expire. This should allow you adequate time to acquire and install newly generated CRLs from the Internet. You must take care to update CRL files before they are expired. About ECI Files In addition to the CRLs, you also need to periodically update Embedded Common Interface (ECI) files. Whenever Adobe adds support for a new Primetime DRM client platform (for example: ios, Android, Windows FlashPlayer, etc.), a new ECI record is created. In order to support the individualization of this client, a corresponding ECI record needs to be present on the Individualization Server. Since the release of new Primetime DRM clients is not very frequent, Adobe will be releasing updated ECI data on an as needed basis. Periodically, Adobe will collect ECI files and host them to the location below for distribution: The Latest.txt file will contain the URL to the most recent CRL distribution file. Adobe will create the ECI zip file in the manner described below: Folder Structure: ECI\* The contents of the folder will be zipped up recursively: zip -R ECI ECI.zip An OpenSSL SHA- 256 digest will be calculated of the zip file: openssl dgst -sha256 -hex ECI.zip The zip file will be renamed to contain the archive date as well as the SHA-256 digest: Rename ECI.zip to <DATE_SHA-256>.zip For example: _aea45bf06241f04fba2b310ff9a8066c6aba73c8d22387b e9cefc43e.zip
12 12 You should periodically check the location above for updated ECI files. Perform the following process for installation after download: 1. Note the SHA-256 digest and recalculate it using OpenSSL or an equivalent tool. 2. Compare it to the one specified in the file name. 3. Rename the file to ECI.zip. 4. Unzip the ECI directory. 5. Replace the old ECI directory with the new one. 6. Restart the Individualization server. Monitoring The Individualization server and Key Generation server each have a status page, which you can use to determine the health of the servers. Individualization status page: Reports Alive if the app server is running and the app can make a GET request to the Key Generation server The page reports either Alive or nothing. No info about the application is revealed, so this page could be used for monitoring from outside the firewall. Key Generation status page: Reports "Alive" if the app server is running All Key Generation URLs must only be accessible internally Individualization Statistics page: Includes statistics about the Individualization server, such as number of requests served and the number of keys available in the cache This page must only be accessible internally Key Generation Statistics page: Includes statistics about the Key Generation server, such as the number of requests served and the number of key files available on disk All Key Generation URLs must only be accessible internally Update the License Server WAR File In order to support clients that have individualized via an On Premises Individualization server, you must update the License Server s certificate root of trust to include the newly acquired Individualization CA credential. A Python script (addindivcert.py) is included in the update_license_server folder. Do the following to update the License Server: 1. Make a copy of the WAR files to be updated (examples: flashaccess.war, faxsks.war). 2. Make sure the WAR files are unlocked and have their permissions set so they can be modified. 3. Run the addindivcert.py Python script to update the License Server WAR files. The inputs for the script are as follows: cert: PKCS12 file containing the Individualization CA certificate
13 13 war: WAR file to be updated The output file is an updated WAR file../addindivcert.py cert NEW_IndivCA.cer -war flashaccess.war The WAR files will be modified in place. If necessary, you can edit the Python script to suit your particular needs. After you perform the updates, you can deploy the WAR files normally. Generate the On Premises DRM Metadata A CreateMetadata.jar utility is included in the create_metadata folder. The point of this utility is to create an On Premises DRM Metadata that will initiate the client into performing the individualization process against the specified On Premises Individualization Server. Update the Primetime DRM Reference Implementation - Command Line Tools with the following files: CreateMetadata.jar commons-cli-1.2.jar createmetadata.properties The two JAR files can reside in the Command Line Tools/libs folder. The createmetadata.properties file can reside next to the flashaccesstools.properties file. Included is an examplecreate.sh script that demonstrates a sample creation of metadata. Be sure to configure the License Server URL and Individualization Server URL in both the script and properties files before attempting to generate metadata. The inputs for the utility are as follows: createmetadata.properties - Properties file containing a default Policy, Certificate locations and passwords, etc. indivcert - PKCS12 file containing Individualization Transport certificate indivurl - URL of the On Premises Individualization Server The output file is an On Premises DRM Metadata file that will be consumed by the DRM client. For example: java -jar libs/createmetadata.jar -c createmetadata.properties -indivcert i15n_transport.cer -indivurl onpremdrm.metadata. Client Integration In order to direct the client into individualizing against the On Premises Individualization server (as opposed to the Adobe Hosted Global Individualization Server), the client should utilize the previously created On Premises DRM Metadata. Having an un-individualized client perform a license acquisition or initialize DRM, using the special metadata, will result in the client connecting to the custom Individualization Server URL. A sample code snippet is included in the client_sample folder. Sample Client Requests You can collect a library of sample client requests using tools such as Charles Proxy or Wireshark. You should capture client requests after the Individualization server has been set up, using the Individualization Transport credential. You can then send
14 14 these client requests (via curl or another tool) to the Individualization Server s end point to verify that the server is up and running properly. For example: curl -data > sample_client_response.ber You may also want to send these requests again after any server configuration changes or ECI / CRL updates. You should also update the Individualization Statistics page appropriately with successful individualization transactions. FAQ How often do ECI changes occur? Anytime a new Adobe DRM client is released, an ECI device record is added. How large are ECI files? They are typically less than 1 Kilobyte per device record. What happens if the server is missing an ECI device record? That particular class of clients will not be able to individualize against the On Premises Individualization Server and errors will be logged to the log files. What happens if a server s CRLs are expired? The server will stop functioning correctly and errors will be logged to the log files.
15 Copyright 15 Copyright 2017 Adobe Systems Incorporated. All rights reserved. Adobe Primetime DRM On Premises Individualization Guide Adobe and the Adobe logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. All other trademarks are the property of their respective owners. Adobe Systems Incorporated, 345 Park Avenue, San Jose, California 95110, USA.
How to Configure SSL Interception in the Firewall
Most applications encrypt outgoing connections with SSL or TLS. SSL Interception decrypts SSL-encrypted traffic to allow Application Control features (such as the Virus Scanner, ATD, URL Filter, Safe Search,
More informationGenesys Security Deployment Guide. What You Need
Genesys Security Deployment Guide What You Need 12/27/2017 Contents 1 What You Need 1.1 TLS Certificates 1.2 Generating Certificates using OpenSSL and Genesys Security Pack 1.3 Generating Certificates
More informationENTRUST CONNECTOR Installation and Configuration Guide Version April 21, 2017
ENTRUST CONNECTOR Installation and Configuration Guide Version 0.5.1 April 21, 2017 2017 CygnaCom Solutions, Inc. All rights reserved. Contents What is Entrust Connector... 4 Installation... 5 Prerequisites...
More informationPerceptive Data Transfer
Perceptive Data Transfer Installation and Setup Guide Version: 6.5.x Written by: Product Knowledge, R&D Date: May 2017 2017 Lexmark. All rights reserved. Lexmark is a trademark of Lexmark International,
More informationVMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway
VMware AirWatch Content Gateway for Linux VMware Workspace ONE UEM 1811 Unified Access Gateway You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationEntrust Connector (econnector) Venafi Trust Protection Platform
Entrust Connector (econnector) For Venafi Trust Protection Platform Installation and Configuration Guide Version 1.0.5 DATE: 17 November 2017 VERSION: 1.0.5 Copyright 2017. All rights reserved Table of
More informationCreate Import Data Connection to SAP BPC MS
Create Import Data Connection to SAP BPC MS You can create a connection that allows you to import data and models from an SAP Business Planning and Consolidation (BPC) system. Prerequisites SAP BPC for
More informationPKI Cert Creation via Good Control: Reference Implementation
PKI Cert Creation via Good Control: Reference Implementation Legal Notice Copyright 2016 BlackBerry Limited. All rights reserved. All use is subject to license terms posted at http://us.blackberry.com/legal/legal.html.
More informationConfiguring SSL. SSL Overview CHAPTER
7 CHAPTER This topic describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section are:
More informationConfiguring SSL CHAPTER
7 CHAPTER This chapter describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section
More informationJava SAML Consumer Value-Added Module (VAM) Deployment Guide
Java SAML Consumer Value-Added Module (VAM) Deployment Guide Copyright Information 2018. SecureAuth is a copyright of SecureAuth Corporation. SecureAuth s IdP software, appliances, and other products and
More informationVMware Identity Manager Connector Installation and Configuration (Legacy Mode)
VMware Identity Manager Connector Installation and Configuration (Legacy Mode) VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until
More informationVMware AirWatch Content Gateway Guide for Windows
VMware AirWatch Content Gateway Guide for Windows AirWatch v9.1 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com. This product
More informationVMware AirWatch Content Gateway for Windows. VMware Workspace ONE UEM 1811 Unified Access Gateway
VMware AirWatch Content Gateway for Windows VMware Workspace ONE UEM 1811 Unified Access Gateway You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationImport Data Connection from an SAP Universe
Import Data Connection from an SAP Universe SAP Analytics Cloud allows you to connect to SAP Universe and import your data. NOTE: It is recommended that the SAP Cloud Platform Cloud Connector (SAP CP CC)
More informationUser Manual. Admin Report Kit for IIS 7 (ARKIIS)
User Manual Admin Report Kit for IIS 7 (ARKIIS) Table of Contents 1 Admin Report Kit for IIS 7... 1 1.1 About ARKIIS... 1 1.2 Who can Use ARKIIS?... 1 1.3 System requirements... 2 1.4 Technical Support...
More informationConfiguring SSL. SSL Overview CHAPTER
CHAPTER 8 Date: 4/23/09 This topic describes the steps required to configure your ACE (both the ACE module and the ACE appliance) as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination.
More informationVIRTUAL GPU LICENSE SERVER VERSION , , AND 5.1.0
VIRTUAL GPU LICENSE SERVER VERSION 2018.10, 2018.06, AND 5.1.0 DU-07754-001 _v7.0 through 7.2 March 2019 User Guide TABLE OF CONTENTS Chapter 1. Introduction to the NVIDIA vgpu Software License Server...
More informationSCCM Plug-in User Guide. Version 3.0
SCCM Plug-in User Guide Version 3.0 JAMF Software, LLC 2012 JAMF Software, LLC. All rights reserved. JAMF Software has made all efforts to ensure that this guide is accurate. JAMF Software 301 4th Ave
More informationVMware AirWatch Content Gateway Guide for Windows
VMware AirWatch Content Gateway Guide for Windows Workspace ONE UEM v1810 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
More informationPKI Quick Installation Guide. for PacketFence version 7.4.0
PKI Quick Installation Guide for PacketFence version 7.4.0 PKI Quick Installation Guide by Inverse Inc. Version 7.4.0 - Jan 2018 Copyright 2015 Inverse inc. Permission is granted to copy, distribute and/or
More informationImport Data Connection to an SAP ERP System
Import Data Connection to an SAP ERP System SAP Analytics Cloud allows you to import data from supported versions SAP ERP Central Component. NOTE: It is recommended that the SAP Cloud Platform Cloud Connector
More informationImport Data Connection to an SAP BW System
Import Data Connection to an SAP BW System SAP Analytics Cloud allows you to import data from an SAP BW System. You must connect to an SAP BW system, version 7.3x or higher release. NOTE: It is recommended
More informationVMware AirWatch Content Gateway Guide for Windows
VMware AirWatch Content Gateway Guide for Windows AirWatch v9.2 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com. This product
More informationVMware AirWatch Content Gateway Guide for Linux For Linux
VMware AirWatch Content Gateway Guide for Linux For Linux Workspace ONE UEM v9.7 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
More informationPKI Trustpool Management
PKI Trustpool Management Last Updated: October 9, 2012 The PKI Trustpool Management feature is used to authenticate sessions, such as HTTPS, that occur between devices by using commonly recognized trusted
More informationVAM. Java SAML Consumer Value- Added Module (VAM) Deployment Guide
VAM Java SAML Consumer Value- Added Module (VAM) Deployment Guide Copyright Information 2018. SecureAuth is a registered trademark of SecureAuth Corporation. SecureAuth s IdP software, appliances, and
More informationManaging Certificates
CHAPTER 12 The Cisco Identity Services Engine (Cisco ISE) relies on public key infrastructure (PKI) to provide secure communication for the following: Client and server authentication for Transport Layer
More informationVMware AirWatch Content Gateway Guide for Windows
VMware AirWatch Content Gateway Guide for Windows AirWatch v9.3 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com. This product
More informationbbc Certificate Enrollment Guide Adobe Flash Access May 2010 Version 2.0
bbc Certificate Enrollment Guide Adobe Flash Access May 2010 Version 2.0 2010 Adobe Systems Incorporated. All rights reserved. Adobe Flash Access 2.0 Certificate Enrollment Guide This guide is protected
More informationGoogle Apps Integration
Google Apps Integration Contents 1 Using Swivel for Google Apps Authentication 2 Prerequisites 3 Google SSO 4 Swivel and Google Apps 5 User Experience 6 Install the Swivel Google software 7 Create private
More informationLive Data Connection to SAP Universes
Live Data Connection to SAP Universes You can create a Live Data Connection to SAP Universe using the SAP BusinessObjects Enterprise (BOE) Live Data Connector component deployed on your application server.
More informationbbc Secure Deployment Guidelines Adobe Flash Access May 2010 Version 2.0
bbc Secure Deployment Guidelines Adobe Flash Access May 2010 Version 2.0 2010 Adobe Systems Incorporated. All rights reserved. Adobe Flash Access 2.0 Secure Deployment Guidelines This guide is protected
More informationPRODUCT MANUAL. idashboards Reports Admin Manual. Version 9.1
PRODUCT MANUAL idashboards Reports Admin Manual Version 9.1 idashboards Reports Admin Manual Version 9.1 No part of the computer software or this document may be reproduced or transmitted in any form or
More informationUsing SSL to Secure Client/Server Connections
Using SSL to Secure Client/Server Connections Using SSL to Secure Client/Server Connections, page 1 Using SSL to Secure Client/Server Connections Introduction This chapter contains information on creating
More informationFUSION REGISTRY COMMUNITY EDITION SETUP GUIDE VERSION 9. Setup Guide. This guide explains how to install and configure the Fusion Registry.
FUSION REGISTRY COMMUNITY EDITION VERSION 9 Setup Guide This guide explains how to install and configure the Fusion Registry. FUSION REGISTRY COMMUNITY EDITION SETUP GUIDE Fusion Registry: 9.2.x Document
More informationConfiguring the Cisco APIC-EM Settings
Logging into the Cisco APIC-EM, page 1 Quick Tour of the APIC-EM Graphical User Interface (GUI), page 2 Configuring the Prime Infrastructure Settings, page 3 Discovery Credentials, page 4 Security, page
More informationTeradici PCoIP Connection Manager 1.8 and Security Gateway 1.14
Teradici PCoIP Connection Manager 1.8 and Security Gateway 1.14 TER1502010/A-1.8-1.14 Contents Document History 4 Who Should Read This Guide? 5 PCoIP Connection Manager and PCoIP Security Gateway Overview
More informationDeveloping and Deploying vsphere Solutions, vservices, and ESX Agents. 17 APR 2018 vsphere Web Services SDK 6.7 vcenter Server 6.7 VMware ESXi 6.
Developing and Deploying vsphere Solutions, vservices, and ESX Agents 17 APR 2018 vsphere Web Services SDK 6.7 vcenter Server 6.7 VMware ESXi 6.7 You can find the most up-to-date technical documentation
More information2 Oracle WebLogic Overview Prerequisites Baseline Architecture...6
Table of Contents 1 Oracle Access Manager Integration...1 1.1 Overview...1 1.2 Prerequisites...1 1.3 Deployment...1 1.4 Integration...1 1.5 Authentication Process...1 2 Oracle WebLogic...2 3 Overview...3
More informationFrequently Asked Questions about SAS Environment Manager on SAS 9.4
ABSTRACT Paper SAS0575-2017 Frequently Asked Questions about SAS Environment Manager on SAS 9.4 Zhiyong Li, SAS Institute Inc. SAS Environment Manager is the predominant tool for managing your SAS environment.
More informationWhite Paper. Fabasoft Folio Portlet. Fabasoft Folio 2017 R1 Update Rollup 1
White Paper Fabasoft Folio Portlet Fabasoft Folio 2017 R1 Update Rollup 1 Copyright Fabasoft R&D GmbH, Linz, Austria, 2018. All rights reserved. All hardware and software names used are registered trade
More informationWHITE PAPER. Authentication and Encryption Design
WHITE PAPER Authentication and Encryption Design Table of Contents Introduction Applications and Services Account Creation Two-step Verification Authentication Passphrase Management Email Message Encryption
More informationDeveloping and Deploying vsphere Solutions, vservices, and ESX Agents
Developing and Deploying vsphere Solutions, vservices, and ESX Agents Modified on 27 JUL 2017 vsphere Web Services SDK 6.5 vcenter Server 6.5 VMware ESXi 6.5 Developing and Deploying vsphere Solutions,
More informationSetting Up Resources in VMware Identity Manager
Setting Up Resources in VMware Identity Manager VMware Identity Manager 2.7 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationVMware AirWatch Content Gateway Guide For Linux
VMware AirWatch Content Gateway Guide For Linux AirWatch v9.2 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com. This product
More informationAndroid Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.
Android Mobile Single Sign-On to VMware Workspace ONE SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on the VMware
More informationManage Certificates. Certificates Overview
Certificates Overview, page 1 Show Certificates, page 3 Download Certificates, page 4 Install Intermediate Certificates, page 4 Delete a Trust Certificate, page 5 Regenerate a Certificate, page 6 Upload
More informationVMware Content Gateway to Unified Access Gateway Migration Guide
VMware Content Gateway to Unified Access Gateway Migration Guide Workspace ONE UEM v9.7 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
More informationOCSP Client Tool V2.2 User Guide
Ascertia Limited 40 Occam Road Surrey Research Park Guildford Surrey GU2 7YG Tel: +44 1483 685500 Fax: +44 1483 573704 www.ascertia.com OCSP Client Tool V2.2 User Guide Document Version: 2.2.0.2 Document
More informationCreate Decryption Policies to Control HTTPS Traffic
Create Decryption Policies to Control HTTPS Traffic This chapter contains the following sections: Overview of Create Decryption Policies to Control HTTPS Traffic, page 1 Managing HTTPS Traffic through
More informationbbc Migrating and Sharing Secuity Settings: Using Security Settings Import/Export and FDF Files Acrobat and Adobe Reader PDF Creation Date:
bbc PDF Creation Date: September 5, 2008 Migrating and Sharing Secuity Settings: Using Security Settings Import/Export and FDF Files Acrobat and Adobe Reader Version 9.0 2008 Adobe Systems Incorporated.
More informationThe server performs full signature validation including path building and revocation checking, supporting both CRL and OCSP revocation checking
Krestfield EzSign Installation and Configuration Guide version 2.1 Copyright Krestfield 2017 Introduction The Krestfield EzSign suite enables applications to quickly generate and verify digital signatures
More informationPrepaid Online Vending System. XMLVend 2.1 Test Suite Setup Instructions
Prepaid Online Vending System XMLVend 2.1 Test Suite Setup Instructions Contents SOFTWARE REQUIRED... 5 SETUP JAVA JDK... 5 TOMCAT SETUP FOR XML... 6 INTERCEPTOR... 8 SETTING UP SSL... 9 SETTING UP THE
More informationDEVELOPER S GUIDE. Managed PKI v7.2. Certificate Validation Module
DEVELOPER S GUIDE Managed PKI v7.2 Certificate Validation Module VeriSign, Inc. March 10, 2008 Managed PKI Certificate Validation Module 2004-2008 VeriSign, Inc. All rights reserved. The information in
More informationServer Installation Guide
Server Installation Guide Server Installation Guide Legal notice Copyright 2018 LAVASTORM ANALYTICS, INC. ALL RIGHTS RESERVED. THIS DOCUMENT OR PARTS HEREOF MAY NOT BE REPRODUCED OR DISTRIBUTED IN ANY
More informationSUREedge MIGRATOR INSTALLATION GUIDE FOR HYPERV
SUREedge MIGRATOR INSTALLATION GUIDE 5.0.1 FOR HYPERV 2025 Gateway Place, Suite #480, San Jose, CA, 95110 Important Notice This document is provided "as is" without any representations or warranties, express
More informationOn-demand target, up and running
On-demand target, up and running ii On-demand target, up and running Contents Chapter 1. Assumptions........ 1 Chapter 2. Overview......... 3 Chapter 3. Component purpose.... 5 Chapter 5. Starting a session
More informationHave documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
VMware AirWatch Email Notification Service Installation Guide Providing real-time email notifications to ios devices with AirWatch Inbox and VMware Boxer AirWatch v9.1 Have documentation feedback? Submit
More informationSecurity and Certificates
Encryption, page 1 Voice and Video Encryption, page 6 Federal Information Processing Standards, page 6 Certificate Validation, page 6 Required Certificates for On-Premises Servers, page 7 Certificate Requirements
More informationRocket U2 Clients and APIs
Rocket U2 Clients and APIs U2 SSL Configuration Editor Version 4.52.0 October 2016 UCC-4520-SSL-UG-01 Notices Edition Publication date: October 2016 Book number: UCC-4520-SSL-UG-01 Product version: Version
More informationHTTPS File Transfer. Specification
HTTPS File Transfer Specification Version 1.4 5-Apr-2017 Date Version Description 30-Aug-2010 1.0 Original Version 30-Jun-2011 1.1 Added FAQ 29-Jun-2015 1.2 ilink administration added 1-Sep-2015 1.3 Updated
More informationHow to Enable Client Certificate Authentication on Avi
Page 1 of 11 How to Enable Client Certificate Authentication on Avi Vantage view online Overview This article explains how to enable client certificate authentication on an Avi Vantage. When client certificate
More informationDataFlux Secure 2.5. Administrator s Guide. Second Edition. SAS Documentation
DataFlux Secure 2.5 Administrator s Guide Second Edition SAS Documentation This page is intentionally blank DataFlux Secure 2.5 Administrator s Guide Second Edition Applies to: DataFlux Authentication
More informationPublic. Atos Trustcenter. Server Certificates + Codesigning Certificates. Version 1.2
Atos Trustcenter Server Certificates + Codesigning Certificates Version 1.2 20.11.2015 Content 1 Introduction... 3 2 The Atos Trustcenter Portfolio... 3 3 TrustedRoot PKI... 4 3.1 TrustedRoot Hierarchy...
More informationSECURE Gateway v4.7. TLS configuration guide
SECURE Email Gateway v4.7 TLS configuration guide November 2017 Copyright Published by Clearswift Ltd. 1995 2017 Clearswift Ltd. All rights reserved. The materials contained herein are the sole property
More informationHave documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
VMware AirWatch Email Notification Service Installation Guide Providing real-time email notifications to ios devices with AirWatch Inbox and VMware Boxer Workspace ONE UEM v9.7 Have documentation feedback?
More informationInstalling and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.
Installing and Configuring VMware Identity Manager Connector 2018.8.1.0 (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on
More informationDoD Common Access Card Authentication. Feature Description
DoD Common Access Card Authentication Feature Description UPDATED: 20 June 2018 Copyright Notices Copyright 2002-2018 KEMP Technologies, Inc. All rights reserved. KEMP Technologies and the KEMP Technologies
More informationCloudLink SecureVM. Administration Guide. Version 4.0 P/N REV 01
CloudLink SecureVM Version 4.0 Administration Guide P/N 302-002-056 REV 01 Copyright 2015 EMC Corporation. All rights reserved. Published June 2015 EMC believes the information in this publication is accurate
More informationBIG-IP System: SSL Administration. Version
BIG-IP System: SSL Administration Version 13.1.0 Table of Contents Table of Contents About SSL Administration on the BIG-IP System...7 About SSL administration on the BIG-IP system... 7 Device Certificate
More informationIWeb. Installation Guide. v5.16.5
IWeb Installation Guide v5.16.5 Connect with Us on Social Media Copyrights and Trademarks 2016 by Scientific Technologies Corporation (STC). All rights reserved. This documentation describes the following
More informationVMware AirWatch Cloud Connector Guide ACC Installation and Integration
VMware AirWatch Cloud Connector Guide ACC Installation and Integration Workspace ONE UEM v1810 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
More informationDisplaying SSL Configuration Information and Statistics
CHAPTER 7 Displaying SSL Configuration Information and Statistics This chapter describes the show commands available for displaying CSS SSL configuration information and statistics and an explanation of
More informationHave documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
VMware AirWatch Email Notification Service Installation Guide Providing real-time email notifications to ios devices with AirWatch Inbox and VMware Boxer Workspace ONE UEM v9.4 Have documentation feedback?
More informationJamf Pro Installation and Configuration Guide for Mac. Version
Jamf Pro Installation and Configuration Guide for Mac Version 10.5.0 copyright 2002-2018 Jamf. All rights reserved. Jamf has made all efforts to ensure that this guide is accurate. Jamf 100 Washington
More informationJamf Pro Installation and Configuration Guide for Mac. Version
Jamf Pro Installation and Configuration Guide for Mac Version 10.0 copyright 2002-2018 Jamf. All rights reserved. Jamf has made all efforts to ensure that this guide is accurate. Jamf 100 Washington Ave
More informationCisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at
Document Date: May 16, 2017 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL
More informationWorkspace ONE UEM Notification Service 2. VMware Workspace ONE UEM 1811
Workspace ONE UEM Email Notification Service 2 VMware Workspace ONE UEM 1811 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments
More informationADOBE DRIVE 4.2 USER GUIDE
ADOBE DRIVE 4.2 USER GUIDE 2 2013 Adobe Systems Incorporated. All rights reserved. Adobe Drive 4.2 User Guide Adobe, the Adobe logo, Creative Suite, Illustrator, InCopy, InDesign, and Photoshop are either
More informationRealPresence Access Director System Administrator s Guide
[Type the document title] Polycom RealPresence Access Director System Administrator s Guide 2.1.0 March 2013 3725-78703-001A Polycom Document Title 1 Trademark Information POLYCOM and the names and marks
More informationRelease 3.0. Delegated Admin Application Guide
Release 3.0 Delegated Admin Application Guide Notice PingDirectory Product Documentation Copyright 2004-2018 Ping Identity Corporation. All rights reserved. Trademarks Ping Identity, the Ping Identity
More informationSUREedge MIGRATOR INSTALLATION GUIDE FOR NUTANIX ACROPOLIS
SUREedge MIGRATOR INSTALLATION GUIDE 5.0.1 FOR NUTANIX ACROPOLIS 2025 Gateway Place, Suite #480, San Jose, CA, 95110 Important Notice This document is provided "as is" without any representations or warranties,
More informationNasuni Data API Nasuni Corporation Boston, MA
Nasuni Corporation Boston, MA Introduction The Nasuni API has been available in the Nasuni Filer since September 2012 (version 4.0.1) and is in use by hundreds of mobile clients worldwide. Previously,
More informationA10 Thunder ADC with Oracle E-Business Suite 12.2 DEPLOYMENT GUIDE
A10 Thunder ADC with Oracle E-Business Suite 12.2 DEPLOYMENT GUIDE Table of Contents 1. Introduction... 2 2 Deployment Prerequisites... 2 3 Oracle E-Business Topology... 3 4 Accessing the Thunder ADC Application
More informationOpenText StreamServe 5.6 Document Broker Plus
OpenText StreamServe 5.6 Document Broker Plus User Guide Rev A OpenText StreamServe 5.6 Document Broker Plus User Guide Rev A Open Text SA 40 Avenue Monterey, Luxembourg, Luxembourg L-2163 Tel: 35 2 264566
More informationCreating Application Definitions in Hana Cloud Platform Mobile Services
SAP Hana Cloud Platform Mobile Services How-To Guide Provided by SAP s Technology RIG Creating Application Definitions in Hana Cloud Platform Mobile Services Applicable Releases: Platform Mobile Services
More informationVMware Notification Service v2.0 Installation and Configuration Guide Configure ENS2 for cloud and on-premises deployments
VMware Email Notification Service v2.0 Installation and Configuration Guide Configure ENS2 for cloud and on-premises deployments Workspace ONE UEM v9.7 Have documentation feedback? Submit a Documentation
More informationPerceptive Experience Content Apps
Perceptive Experience Content Apps Installation and Setup Guide Written by: Product Knowledge, R&D Date: Thursday, September 15, 2016 2014-2016 Lexmark International Technology, S.A. All rights reserved.
More informationCertificate Renewal on Cisco Identity Services Engine Configuration Guide
Certificate Renewal on Cisco Identity Services Engine Configuration Guide Document ID: 116977 Contributed by Roger Nobel, Cisco TAC Engineer. Jun 26, 2015 Contents Introduction Prerequisites Requirements
More informationVMware Notification Service v2.0 Installation and Configuration Guide Configure ENS2 for cloud and on-premises deployments
VMware Email Notification Service v2.0 Installation and Configuration Guide Configure ENS2 for cloud and on-premises deployments Workspace ONE UEM v1810 Have documentation feedback? Submit a Documentation
More informationIntegrate HEAT Software with Bomgar Remote Support
Integrate HEAT Software with Bomgar Remote Support 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the
More informationNasuni Data API Nasuni Corporation Boston, MA
Nasuni Corporation Boston, MA Introduction The Nasuni API has been available in the Nasuni Filer since September 2012 (version 4.0.1) and is in use by hundreds of mobile clients worldwide. Previously,
More informationSetting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1
Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1 Setting Up Resources in VMware Identity Manager (On Premises) You can find the most up-to-date
More informationInstallation and Configuration Guide Simba Technologies Inc.
Simba ServiceNow ODBC Driver with SQL Connector Installation and Configuration Guide Simba Technologies Inc. Version 1.1.1 June 30, 2017 Copyright 2017 Simba Technologies Inc. All Rights Reserved. Information
More informationEntrust. Discovery 2.4. Administration Guide. Document issue: 3.0. Date of issue: June 2014
Entrust Discovery 2.4 Administration Guide Document issue: 3.0 Date of issue: June 2014 Copyright 2010-2014 Entrust. All rights reserved. Entrust is a trademark or a registered trademark of Entrust, Inc.
More informationDeveloping and Deploying vsphere Solutions, vservices, and ESX Agents
Developing and Deploying vsphere Solutions, vservices, and ESX Agents vsphere 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationManaging Certificates
Loading an Externally Generated SSL Certificate, page 1 Downloading Device Certificates, page 4 Uploading Device Certificates, page 6 Downloading CA Certificates, page 8 Uploading CA Certificates, page
More informationVMware Workspace ONE UEM VMware AirWatch Cloud Connector
VMware AirWatch Cloud Connector VMware Workspace ONE UEM 1811 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this
More informationVMware AirWatch Certificate Authentication for Cisco IPSec VPN
VMware AirWatch Certificate Authentication for Cisco IPSec VPN For VMware AirWatch Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
More information