PortAuthority User s Guide Revision 1.1.10.15.2012
Technical Support See the support Web site for technical updates, additional warranty information and documentation, and software revisions: Web Email: http://www.clearcube.com/support/ support@clearcube.com Phone: (512) 652-3400 (866) 652-3400 (United States) ClearCube Technology Corporate Headquarters The ClearCube Building 3700 W Parmer Lane Austin, Texas 78727 E-mail info@clearcube.com Main Phone: (512) 652-3500 or call toll free (866) 652-3500 (United States) Main Fax: (512) 652-3501 Or contact your local ClearCube Reseller or Authorized Service Provider Copyrights 2012 by ClearCube Technology, Inc. All rights reserved. Under copyright laws, this publication may not be reproduced or transmitted in any form, electronic or mechanical, including photocopying, recording, storing in an information retrieval system, or translating, in whole or in part, without the prior written consent of ClearCube Technology, Inc. This information is subject to change without notice and ClearCube shall not be liable for any direct, indirect, special, incidental or consequential damages in connection with the use of this material. Trademarks ClearCube, Sentral, Blade Switching BackPack, PC Blade, C/Port, and I/Port are trademarks of ClearCube Technology Inc. Teradici and PCoIP are registered trademarks of Teradici Corporation in the United States and/or other countries. Windows and Windows Vista are registered trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are the property of their respective owners. Patents The ClearCube Architecture and its components described in this user manual are protected by numerous granted and pending U.S. and international patents. Granted patents include: US05926172, US05966056, US05994952, US06012101, US06020839, US06037884, US06038616, US06119146, US06148182, US06167241, US06385666, US06421393, US06426970, US06633934, US06708247, US06735658, and US06886055. Patents pending include: US S/N 09/755378, US S/N 10/279475, US S/N 10/198719, US S/N 10/198650, US S/N 10/409219, US S/N 09/728667, US S/N 09/728669, US S/N 10/411804, US S/N 10/411908, US S/N 10/458853, US S/N 10/364584, US S/N 10/301536, US S/N 60/411066, US S/N 10/662933, US S/N 10/662889, US S/N 10/662932, US S/N 10/662968, US S/N 10/301563, US S/N 10/662936, US S/N 10/301518, US S/N 10/662955 and US S/N 10/662954. Inquiries regarding patented technology should be directed to ClearCube Corporate Headquarters
Contents 1.0 Overview and Key Features... 1 2.0 Operating system and software support... 3 3.0 Prerequisites and PortAuthority installation... 3 3.1 Installing prerequisite components... 3 3.1.1 Installing Microsoft.NET Framework 4.0.... 3 3.1.2 Setting up Microsoft Internet Information Services (IIS)... 4 3.1.3 Installing a database server... 5 3.2 Installing PortAuthority... 5 3.2.1 Installing PortAuthority Server... 5 3.2.2 Installing PortAuthority Client... 6 4.0 Logging in to PortAuthority... 8 5.0 Overview of basic tasks... 9 5.1 The Discovery tab... 9 5.1.1 Discovering clients... 9 5.1.2 Discovering subnets... 10 5.1.3 Specifying client attributes to display... 10 5.1.4 Manually adding a client... 11 5.2 The Policies tab... 11 5.2.1 Create new policy... 11 5.2.2 Manage policies... 13 5.2.3 Manage priorities... 14 5.3 The Logs tab... 14 6.0 PortAuthority user accounts... 14 6.1 Create and edit PortAuthority users... 14 6.2 Change current user s password... 15 7.0 Product updates... 15 8.0 Setting PortAuthority Server poll interval... 15 9.0 Policy sync time... 15 10.0 Changing console theme... 15 11.0 Contacting Support... 15 iii
iv This Page Is Intentionally Blank
1.0 Overview and Key Features 1.0 Overview and Key Features ClearCube PortAuthority enables administrators to apply a variety of policies for mass storage lockout (MSL) on remote computing devices (clients) after installing PortAuthority agent on the client. The list below shows key features of PortAuthority. Client Discovery PortAuthority provides multiple ways to easily and automatically discover clients over LANs and WANs. Discovery methods are categorized as: Client-side discovery Client machines can discover the PortAuthority Server through a DHCP Server, through UDP packet broadcast, and using a configuration file. Server-side discovery Alternatively, administrators can run a discovery from PortAuthority Server. Using the server interface, you can run a discovery on the subnet that the server is installed on, run a discovery on multiple subnet ranges at the same time, or add individual clients to the discovery database. Policies PortAuthority enables administrators to create, edit, delete, enable, and disable policies on the go. Create and apply a policy to selected clients or to all discovered clients at the same time. Create New Policy On the server interface, this tab shows all policies that can be managed in PortAuthority. The list below shows all policies that you can use to manage MSL on a network. o Identity-based policy Detect a particular user account logging in and disable or enable MSL for that account. o IP-address-based policy Disable/enable MSL for a specified IP address. o Subnet-based policy Disable/enable MSL for a specified subnet range. o Time-based policy Disable/enable MSL at a particular time of the day. o Mass storage size-based policy Disable/enable MSL for a specified size of USB storage device. 1
PortAuthority User s Guide o Connectivity-based policy Disable/enable MSL when Internet connectivity is available or unavailable. o Process-based policy Disable/enable MSL when a particular process or application is running. o Approved device list Disable/enable MSL based on approved device list. Manage Policies On the server interface, this tab shows all the policies that the currently-logged-in administrator has created. The administrator can enable or disable selected policies, edit them, or remove them from the list. The administrator can also filter policies by entering keywords in the search box. Manage Priorities This policy submenu shows the priority that administrators can apply to policies. Policy priority ensures that PortAuthority takes appropriate action if conflicting policies are applied to a client. For example, administrators can select whether to enable or disable MSL when there is a conflict or can give highest priority to an identity -based policy. Logs PortAuthority maintains logs of administrator activities, including policy creation and client discoveries. The interface displays logs in a tabular form that is easily read and filterable. User Management PortAuthority has a user management interface that requires integration with Microsoft Active Directory (AD). The management interface stores administrator passwords in an encrypted format. Automatic updates PortAuthority notifies administrators of available updates and can perform PortAuthority updates. Database Configuration PortAuthority supports Microsoft SQL Server and MySQL databases. Skins/Themes PortAuthority includes four skins, allowing each administrator to specify the skin displayed when they log in. 2
3.0 Operating system and software support 2.0 Operating system and software support The table below shows the operating systems and software components that ClearCube PortAuthority supports. Component PortAuthority Client PortAuthority Server OS PortAuthority Web Server Framework (for server and client devices) Database Supported Microsoft Windows 7 (32- and 64-bit) Microsoft Windows 7 (32- and 64-bit), Microsoft Server Windows 2008 R2 (64-bit) Internet Information Services (IIS) 6.0 Microsoft.NET Framework 4.0 MySQL 5.5 (tested on Windows 7 Enterprise 64-bit) OR Microsoft SQL Server 2008 3.0 Prerequisites and PortAuthority installation PortAuthority consists of PortAuthority Server Web server (IIS) Database PortAuthority Client, and Microsoft.NET Framework 4.0 (installation required on server and on client devices). The sections below show how to install prerequisites and how to install PortAuthority components. 3.1 Installing prerequisite components This section shows how to install the components required for PortAuthority. 3.1.1 Installing Microsoft.NET Framework 4.0. Be sure to install Microsoft.NET Framework on PortAuthority Server and on PortAuthority Client devices. 1. Start the installer. From the dialog box, click Run. 2. From the dialog box, accept the license terms and click Install. 3
PortAuthority User s Guide 3. From the Installation Is Complete dialog box, click Finish. 4. Restart the computer. Next step: configure IIS. 3.1.2 Setting up Microsoft Internet Information Services (IIS) 1. Click Start > Control Panel > Programs and Features. Result: The Uninstall or change a program window is displayed. 2. Click Turn Windows features on or off. Result: The Windows Features dialog box is displayed. 3. Ensure that the following are selected (including all lower-level components): IIS 6 Management Compatibility o IIS 6 Management Console o IIS 6 Scripting Tools o WMI Compatibility o IIS Metabase and IIS 6 configuration compatibility World Wide Web Services (including all lower-level components) 4. Restart the computer. 5. Before continuing, ensure that the Web server is working by entering http://localhost in the address bar. Result: An IIS welcome page is displayed. Next step: install a supported database. 4
3.0 Prerequisites and PortAuthority installation 3.1.3 Installing a database server Install one of the following database servers: MySQL 5.5 OR Microsoft SQL Server 2008 Ensure that you have administrator privileges on the computer on which you are installing the database server. If you encounter any issues during database server installation, see the product s online help about installing the database server on Windows operating systems. 3.2 Installing PortAuthority The sections below show how to install PortAuthority components. 3.2.1 Installing PortAuthority Server Ensure that you have installed the prerequisites cited above (IIS, database, and.net). The steps below show how to install PortAuthority Server. NOTE: Ensure that IIS is running before starting PortAuthority Server installation. 1. Double-click serversetup.exe to start PortAuthority Server installation and display the InstallShield Wizard. Click Next. Result: the License Agreement dialog box is displayed. 2. Read the license agreement and click Yes to continue. Result: the Database Configuration dialog box is displayed. 3. Enter information for the database you installed in 3.1.3 Installing a database server above. See the text at the bottom of the dialog box for additional information. 5
PortAuthority User s Guide 4. Click Next. Result: the installer displays progress messages. 5. From the Choose Destination Location dialog box, accept the default installation directory, or specify a different location and click Next. Result: the Setup Status dialog box displays installation messages. 6. Click Finish and then restart the computer. 3.2.2 Installing PortAuthority Client Ensure that you have installed the prerequisite cited above (.NET) before installing PortAuthority Client on a device. 1. Double-click clientsetup.exe to start PortAuthority Client installation and display the InstallShield Wizard. Click Next. Result: the License Agreement dialog box is displayed. 2. Read the license agreement and click Yes to continue. Result: the Setup Type dialog box is displayed. 3. Select an installation type and click Next. Result: the InstallShield Wizard is displayed. 4. Click Next. Result: the installer displays installation messages. 6
1.0 Prerequisites and PortAuthority installation 5. Click Finish to complete installation. 6. Restart the computer. 7
PortAuthority User s Guide 4.0 Logging in to PortAuthority This section shows how to log in to PortAuthority. 1. From a Web browser, navigate to http://computer name/portauthority, where computer name is the IP address or computer name of the computer where PortAuthority Server is installed. Result: the Login PortAuthority screen is displayed. 2. Provide credentials to log in to PortAuthority. The default user name is administrator and the default password is clearcube. NOTE: Be sure to change the user name and password after logging in the first time. 8
5.0 Overview of basic tasks 5.0 Overview of basic tasks The following sections explain how to perform tasks in PortAuthority. The picture below shows the PortAuthority console a browser-based interface including the Discovery, Policies, and Logs tabs. Tabs PortAuthority Configuration Submenus Task Menu 5.1 The Discovery tab The Discovery tab is the default screen displayed after logging in. From this screen you can view details about discovered clients specify subnets on which to discover clients, and manually add clients to the list of discovered clients. Alternatively, you can set clients to discover PortAuthority Server. 5.1.1 Discovering clients The client discovery process runs in the background. Information about discovered clients is displayed in a grid with editable columns (for more information, see 5.1.3 Specifying client attributes to display ). 9
PortAuthority User s Guide PortAuthority performs live filtering, enabling administrators to type a keyword and have screen contents filtered as letters are typed. From the Discovery tab, administrators can also refresh client information view and edit client policies, and additional tasks. 5.1.2 Discovering subnets From the Discovery tab, click Scan by subnet to display the Enter a Subnet Range to Scan screen. When the dialog box is displayed, the From and To fields are automatically populated with the current subnet. Administrators can add any number of subnets to scan. 5.1.3 Specifying client attributes to display From the Discovery tab, click Edit columns to display the Show/Hide Columns dialog box. Use this dialog box to specify the columns to display for each client in the discovered clients screen. 10
5.0 Overview of basic tasks 5.1.4 Manually adding a client From the Discovery tab, click Add a client manually to display the dialog box shown below. Administrators can add individual clients to the list of discovered clients by entering any of the information requested in this dialog box. 5.2 The Policies tab The Policies tab enables administrators to set and manage MSL policies for each discovered client. 5.2.1 Create new policy Click the Policies tab and then click Create new policy to list all policy templates. Use these policy templates to create policies that you can apply and manage in PortAuthority. The table below shows and describes each policy. Policy Template Name Identity IP address Subnet Time Size Connectivity Process Approved device Description Implemented on the specified Windows user account and Domain. Note: When specifying an Identity-based policy, specify the domain and user name in the format: Domain name\user name Where Domain name is the appropriate Windows Domain and user name is the Windows user name. Implemented on the specified IP address. Implemented on the specified range of IP addresses. All fields are mandatory. Implemented on the specified date and time. Implemented on the specified size (in GB) of a USB device. Enable/disable USB based on network connectivity. Enable/disable USB if a specified process is running. Enable only approved types of USB devices. Note: You can apply this policy on USB disk drives when an OS registers the drive specifically as a USB mass storage device (Device with Removable Storage). If an OS registers the connected drive as a volume (Hard Disk Drive), you cannot apply an Approved device policy. 11
PortAuthority User s Guide To create a policy: 1. Click Policies > Create new policy. The picture below shows the list of all policy templates. 2. Click a Policy name on which to base your new policy. Result: a corresponding policy dialog box is displayed. The picture below shows an IP-based policy. 3. From the policy dialog box: a. Name the policy. b. Specify an appropriate policy-specific criterion or criteria (for example, a user name, an IP address, or a subnet range). Note: When specifying an Identity-based policy, specify the domain and user name in the format: Domain name\user name Where Domain name is the appropriate Windows Domain and user name is the Windows user name. 12
5.0 Overview of basic tasks c. Enter a description of the policy. d. Select Enable or Disable to specify the USB port state when the policy is applied. 4. Do one of the following: OR To save the policy but not apply it to a client, click Save. To save the policy and apply it to one or more clients: a. Click Save and apply. Result: All clients are displayed. b. Select one or more clients and click Apply policy. After creating a policy it is displayed in the Manage priorities screen. 5.2.2 Manage policies To manage policies, click Manage policies from the Policies tab. From the list of policies, administrators can Filter the view of policies. Enable and disable policies use the menu buttons here to enable or disable a policy. When a policy is enabled, it is in effect for all clients to which it is applied. The Status column shows that a policy is enabled or disabled. Note: policy status (enabled or disabled) pertains only to the application of the policy to clients, not to the state of USB devices. Edit policy attributes. Delete policies. 13
PortAuthority User s Guide 5.2.3 Manage priorities To set the default action PortAuthority performs if two or more policy settings conflict, click Manage priorities from the Policies tab. Click Save after changing an option. Note: the option specified here applies to all PortAuthority policies. Note: By default, Identity-based policies are given highest precedence and override all other policy types. To change this default, clear the Default option. 5.3 The Logs tab Logs provide an audit trail about discovery- and policy-related actions performed from the PortAuthority console. To view logs, click the Logs tab. Administrators can view All logs Discovery logs detail client discovery and client deletion Policy logs detail policy creation and policy deletion 6.0 PortAuthority user accounts To manage PortAuthority user accounts, click Configuration in the upper-right portion of the screen. 6.1 Create and edit PortAuthority users The table below shows how to create, to delete, and to edit user accounts. To Click And then Create a new user 1. Configuration in the upper-right portion of the screen. 2. From the Accounts portion of the screen, click Edit Users (located near the center of the screen). the user table. Delete a user Edit a user 1. Click Create new user and provide the account details. 2. Click Create. Result: the user is displayed in 1. Select one or more users from the user table. 2. Click Delete. Result: the user is deleted. 1. Select a user from the user table. 2. Click Edit. 3. Change any user attributes and click Save. 14
11.0 Product updates 6.2 Change current user s password To change your password from the Configuration screen: 1. From the Accounts portion of the screen, click Edit Password. Note: this feature pertains to the account that is currently logged in (displayed in the upperright portion of the screen as Logged in as: account name). 2. Enter the account details requested and click Save. Result: a saved message is displayed below the dialog box. You might need to close the dialog box. 7.0 Product updates This feature is reserved for future use. 8.0 Setting PortAuthority Server poll interval The server poll interval specifies how frequently clients poll the PortAuthority Server to indicate their status (online or offline). This setting is pushed to clients during client discovery. To change the server poll interval 1. From the upper-right portion of the screen, click Configuration. 2. In the Settings area, specify a value in the Poll Time minutes field and then click Save. 9.0 Policy sync time The policy synch time option in the Options > Settings area specifies the interval (in minutes) that client devices verify that policies are up-to-date. 10.0 Changing console theme Console themes set the color of user interface elements. To change themes from the Configuration screen, click the Configuration link in the upper-right portion of the screen. Then select a theme option from the Select Theme drop-down box. Theme changes are applied immediately. 11.0 Contacting Support Contact ClearCube Support in any of the following ways. Web http://www.clearcube.com Email support@clearcube.com Toll-free (866) 652-3400 15
PortAuthority User s Guide This Page Is Intentionally Blank 16
Rev 1.1.10.15.2012 P/N G0400168 clearcube.com