Configure the DNS server. Secure communications for both the application server and the meeting server (HTTP and RTMP).

Similar documents
Stunnel Guide for Trevance 19 April 2017

Stunnel Guide for CN!Express 3 April 2017

System Setup. Accessing the Administration Interface CHAPTER

How to Set Up External CA VPN Certificates

How to Configure Guest Access with the Ticketing System

GlobalForms SSL Installation Tech Brief

Genesys Administrator Extension Migration Guide. Prerequisites

Microsoft Exchange Server 2013 and 2016 Deployment

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Load Balancing Nginx Web Servers with OWASP Top 10 WAF in AWS

FieldView. Management Suite

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Load Balancing Web Servers with OWASP Top 10 WAF in AWS

Load Balancing Nginx Web Servers with OWASP Top 10 WAF in Azure

Load Balancing Web Servers with OWASP Top 10 WAF in Azure

LDAP Directory Integration

Mitel MiVoice Connect Security Certificates

PowerSchool Student Information System

Installing nginx for DME Server

IceWarp SSL Certificate Process

User guide NotifySCM Installer

Getting Started. Overview CHAPTER

How to Configure the Sakai Integration - Admin

Configuration of Microsoft Live Communications Server for Partitioned Intradomain Federation

Getting Started. Overview CHAPTER

VMware Horizon View Deployment

Bitnami JFrog Artifactory for Huawei Enterprise Cloud

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

PKI Cert Creation via Good Control: Reference Implementation

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

CounterACT DNS Enforce Plugin

Advanced Integration TLS Certificate on the NotifySCM Server

LDAP Directory Integration

Elastic Load Balancing. User Guide. Date

Best Practices for Security Certificates w/ Connect

Example - Reverse Proxy for Exchange Services

Prescription Monitoring Program Information Exchange. RxCheck State Routing Service. SRS Installation & Setup Guide

Horizon DaaS Platform 6.1 Patch 2

Configure the IM and Presence Service to Integrate with the Microsoft Exchange Server


VMware Content Gateway to Unified Access Gateway Migration Guide

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

TestsDumps. Latest Test Dumps for IT Exam Certification

Privileged Remote Access Appliance Interface (/appliance)

Load Balancing Microsoft IIS. Deployment Guide v Copyright Loadbalancer.org

SAML-Based SSO Configuration

Elastic Load Balance. User Guide. Issue 01 Date HUAWEI TECHNOLOGIES CO., LTD.

new world ERP Server Migration Checklist New World ERP TMS

Appliance Interface Guide (/appliance) Base 5.x

Android Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.

Certificates for Live Data

Convio Data Sync Connector 3 Installation Guide

Highwinds CDN Content Protection Products. August 2009

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

10972: ADMINISTERING THE WEB SERVER (IIS) ROLE OF WINDOWS SERVER

This post documents the basic steps that should be performed after installing Exchange I perform the following steps:

ForeScout CounterACT. Configuration Guide. Version 1.2

Load Balancing Censornet USS Gateway. Deployment Guide v Copyright Loadbalancer.org

Remote Support Appliance Interface (/appliance)

App Orchestration 2.6

SAML-Based SSO Configuration

Creating an authorized SSL certificate

Secure IIS Web Server with SSL

Running Intellicus under SSL. Version: 16.0

Configuring Cisco Unified MeetingPlace Web Conferencing Security Features

Uniform Resource Locators (URL)

Configuring WebConnect

(Document Insight Evaluation Title) Quick Start Guide (Product Version 10.0

ZENworks Mobile Workspace Installation Guide. September 2017

Intel Small Business Extended Access. Deployment Guide

Upgrade Instructions. NetBrain Integrated Edition 7.1. Two-Server Deployment

GroupWise Messenger 18 Installation Guide. November 2017

Web Interface Installation Guide. Version 8.2

Configuring Cisco Unified Presence for Integration with Microsoft Exchange Server

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

Table of Contents. Installing the AD FS Running the PowerShell Script 16. Troubleshooting log in issues 19

Certificates for Live Data Standalone

Installing VMR with V2PC

How to configure the UTM Web Application Firewall for Microsoft Lync Web Services connectivity

akkadian Global Directory 3.0 System Administration Guide

XMediusFAX Sharp OSA Connector Administration Guide

ENABLING RPC OVER HTTPS CONNECTIONS TO M-FILES SERVER

McAfee epo Deep Command

Configuring Cisco Mobility Express controller

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

Cloud Access Manager Security and Best Practices Guide

Installing VMR with V2PC

Managing Certificates

Step-by-step installation guide for monitoring untrusted servers using Operations Manager

Advanced Web Scanner Service

Building Block Installation - Admins

SCCM Plug-in User Guide. Version 3.0

Use a class C setting for maximum security. The class C setting is Click RoomWizard Setup.

Adding Report Folders to Entuity

Setting Up the Server

Forescout. Configuration Guide. Version 1.3

Setting Up Resources in VMware Identity Manager

Setting up the Sophos Mobile Control External EAS Proxy

Module 1: Understanding and Installing Internet Information Services

ENTRUST CONNECTOR Installation and Configuration Guide Version April 21, 2017

Transcription:

Configure software-based SSL When you configure software-based SSL, you can secure network connections to the web application server (HTTPS protocol), the meeting server (RTMPS protocol), or both. No matter which configuration you choose, you must create DNS records for your Connect servers first. HTTP is the protocol with which the Adobe Connect application server is accessed. This includes the Connect Central administration pages for managing your Connect instance, Connect user login, and the Connect web services. Securing the application server by using HTTPS is important to prevent unauthorized access of your Connect service. RTMP is the protocol which the Adobe Connect meeting server uses. RTMP connections contain media data such as video and audio streams from your Connect meetings, as well as data from the meeting rooms such as participant names and chat text. Securing the meeting server is important if you have sensitive information being exchanged in your Connect meetings. Configure the DNS server Create DNS entries that define addresses for the Fully Qualified Domain Name (FQDN) of each secured service. If you intend to secure traffic for both the application server and the meeting server, you must have a separate IP address for each service. The domain name for the Central application server is the address with which your end users will access Adobe Connect with. Enter this domain name as the Connect Host value on the Server Settings page in the Application Management Console. For example, a good value is connect.yourcompany.com. End users do not see the FQDN(s) for the meeting server(s). However, you must define a unique domain name for each meeting server if you want to conduct meetings over a secure connection. Enter this FQDN in the External Name box on the Server Settings page in the Application Management Console. For example, a good value is fms.yourcompany.com. Note: In a cluster of servers, all the application servers can share an SSL certificate, but each meeting server must have its own SSL certificate. On a single server, to secure both the HTTP (application server) and RTMP (meeting server) connections, you must have a total of two IP addresses, two FQDNs and two SSL certificates (one for each protocol). (You may also get a single, wildcard SSL certificate that can be used for multiple hosts in the same subdomain, e.g. *.yourcompany.com. This is simpler to manage, but typically costs more than a single domain name certificate.) Secure communications for both the application server and the meeting server (HTTP and RTMP). 1 Locate your installation media for Adobe Connect 9 and browse to \Connect\9.0.0.1\Merge_Modules\stunnel- 4.53.zip 2 Extract the stunnel-4.5.3.zip file to a new folder named stunnel under your Adobe Connect installation folder, as follows: [root_install_dir]\stunnel 2 Under the newly-created stunnel folder, open stunnel.conf and replace the following code (replace the code in italic with your own values): ; Protocol version (all, SSLv2, SSLv3, TLSv1) sslversion = all fips = no ; Some performance tunings socket = l:tcp_nodelay=1

socket = r:tcp_nodelay=1 TIMEOUTclose=0 options = DONT_INSERT_EMPTY_FRAGMENTS [https vip] ; incoming vip for https (This is to secure Web) ; ip address that resolves to the ConnectProHost (Web App FQDN). ; listens on port 443 accept = 123.123.123.1:443 ; When stunnel is on the same box, leave the below IP address as 127.0.0.1 ; send the unencrypted request to port 8443 connect = 127.0.0.1:8443 ; Certificate information for Connect. cert = AppServer CertificateNameHere.pem key = AppServer CerificateKeyNameHere.pem [rtmps vip] ; incoming vip for fms (This is to secure Meeting) IP address that resolves to meeting FQDN accept = 123.123.123.2:443 ; When stunnel is on the same box, leave the IP address as 127.0.0.1 ; Send unencrypted request to 1935 connect =127.0.0.1:1935 ; Certificate information for Connect Meetings. cert = Meeting Server CertificateNameHere.pem key = Meeting Server CerificateKeyNameHere.pem You must have two certificate files for each secure connection: one for the public SSL certificate and one for the private key belonging to the certificate. Specify the location of the public SSL certificate in the cert property. Specify the location of the private key in the key property. The server sends the public SSL certificate to clients. The private key remains on the server. 4 Open the custom.ini file located in the root installation directory and save a backup copy to another location. 5 Insert the following code in the custom.ini file without replacing or deleting any existing text: ADMIN_PROTOCOL=https:// SSL_ONLY=yes RTMP_SEQUENCE=rtmps://external-host:443/?rtmp://localhost:8506/ Note: The custom.ini file is case sensitive use capital letters for parameter names and lowercase letters for values.

6 Save the custom.ini file. 7Open /appserv/conf/server.xml and uncomment the following section: <Connector port="8443" protocol="http/1.1" executor="httpsthreadpool" enablelookups="false" acceptcount="250" connectiontimeout="20000" SSLEnabled="false" scheme="https" secure="true" proxyport="443" URIEncoding="utf-8"/> 8 Restart Adobe Connect Server: a) Choose Start > Programs > Adobe Connect Server > Stop Adobe Connect Application Server b) Choose Start > Programs > Adobe Connect Server > Stop Adobe Connect Meeting Server c) Choose Start > Programs > Adobe Connect Server > Start Adobe Connect Meeting Server d) Choose Start > Programs > Adobe Connect Server > Start Adobe Connect Application Server e) Start stunnel.exe from [root_install_directory]\stunnel 9 Open the Application Management Console (http://localhost:8510/console or Start > Programs > Adobe Connect Server > Configure Connect Server 10 On the Application Settings screen, select Server Settings and do the following: a) Enter the FQDN for your Adobe Connect account in the Connect Host box. This FQDN is the URL end users use to connect to Adobe Connect. b) Enter the FQDN for the Connect meeting server in the Host Mappings External Name box. The server uses this value internally. Secure the web application server (HTTP) only 1 Locate your installation media for Adobe Connect 9 and browse to \Connect\9.0.0.1\Merge_Modules\stunnel- 4.53.zip 2 Extract the stunnel-4.5.3.zip file to a new folder named stunnel under your Adobe Connect installation folder, as follows: [root_install_dir]\stunnel 3 Under the newly-created stunnel folder, open stunnel.conf and replace the following code (replace the code in italic with your own values): ; Protocol version (all, SSLv2, SSLv3, TLSv1) sslversion = all fips = no ; Some performance tunings socket = l:tcp_nodelay=1 socket = r:tcp_nodelay=1 TIMEOUTclose=0

options = DONT_INSERT_EMPTY_FRAGMENTS [https vip] ; incoming vip for https (This is to secure Web) ; ip address that resolves to the ConnectProHost (Web App FQDN). ; listens on port 443 accept = 123.123.123.1:443 ; When stunnel is on the same box, simply leave the below IP address as 127.0.0.1 ; send the unencrypted request to port 8443 connect = 127.0.0.1:8443 ; Certificate information for Connect. cert = AppServer CertificateNameHere.pem key = AppServer CerificateKeyNameHere.pem You must have two certificate files for each secure connection: one for the public SSL certificate and one for the private key belonging to the certificate. Specify the location of the public SSL certificate in the cert property. Specify the location of the private key in the key property. The server sends the public SSL certificate to clients. The private key remains on the server. 4 Open the custom.ini file located in the root installation directory (c:\connect, by default) and save a backup copy to another location. 5 Insert the following code in the custom.ini file without replacing or deleting any existing text: ADMIN_PROTOCOL=https:// SSL_ONLY=yes Note: The custom.ini file is case sensitive use capital letters for parameter names and lowercase letters for values. 6 Save the custom.ini file. 7 Open /appserv/conf/server.xml and uncomment the following section: <Connector port="8443" protocol="http/1.1" executor="httpsthreadpool" enablelookups="false" acceptcount="250" connectiontimeout="20000" SSLEnabled="false" scheme="https" secure="true" proxyport="443" URIEncoding="utf-8"/> 8 Restart Adobe Connect Server: a) Choose Start > Programs > Adobe Connect Server > Stop Adobe Connect Application Server. b) Choose Start > Programs > Adobe Connect Server > Start Adobe Connect Application Server. c) Start stunnel.exe from [root_install_directory]\stunnel

9 Open the Application Management Console (http://localhost:8510/console or Start > Programs > Adobe Connect Server > Configure Connect Server 10 On the Application Settings screen, select Server Settings and do the following: a) Enter the fully qualified domain name for your Adobe Connect account in the Connect Host box. This is the domain name end users use to connect to Adobe Connect. Secure the meeting server (RTMP) only 1 Locate your installation media for Adobe Connect 9 and browse to \Connect\9.0.0.1\Merge_Modules\stunnel- 4.53.zip 2 Extract the stunnel-4.5.3.zip file to a new folder named stunnel under your Adobe Connect installation folder, as follows: [root_install_dir]\stunnel 3 Under the newly-created stunnel folder, open stunnel.conf and replace the following code (replace the code in italic with your own values): ; Protocol version (all, SSLv2, SSLv3, TLSv1) sslversion = all fips = no ; Some performance tunings socket = l:tcp_nodelay=1 socket = r:tcp_nodelay=1 TIMEOUTclose=0 options = DONT_INSERT_EMPTY_FRAGMENTS [rtmps vip] ; incoming vip for fms (This is to secure Meeting) IP address that resolves to meeting FQDN accept = 123.123.123.2:443 ; When stunnel is on the same box, simply leave the below IP address as 127.0.0.1 ; Send unencrypted request to 1935 connect =127.0.0.1:1935 ; Certificate information for Connect Meetings. cert = MeetingServer CertificateNameHere.pem key = Meeting Server CerificateKeyNameHere.pem You must have two certificate files for each secure connection: one for the public SSL certificate and one for the private key belonging to the certificate. Specify the location of the public SSL certificate in the cert property. Specify the location of the private key in the key property. The server sends the public SSL certificate to clients. The private key remains on the server. 4 Open the custom.ini file located in the root installation directory (c:\connect, by default) and save a backup copy to another location. 5 Insert the following code in the custom.ini file without replacing or deleting any existing text: RTMP_SEQUENCE=rtmps://external-host:443/?rtmp://localhost:8506/

Note: The custom.ini file is case sensitive use capital letters for parameter names and lowercase letters for values. 6 Save the custom.ini file. 7 Restart Adobe Connect Server: a) Choose Start > Programs > Adobe Connect Server > Stop Adobe Connect Meeting Server b) Choose Start > Programs > Adobe Connect Server > Start Adobe Connect Meeting Server c) Start stunnel.exe from [root_install_directory]\stunnel 8 Open the Application Management Console (http://localhost:8510/console or Start > Programs > Adobe Connect Server > Configure Connect Server). 9 On the Application Settings screen, select Server Settings and do the following: a) Enter the fully qualified domain name for your Adobe Connect account in the Connect Host box. This is the domain name end users use to connect to Adobe Connect. b) Enter the fully qualified domain name for the Connect meeting server in the Host Mappings External Name box. The server uses this value internally. Secure communications for the Adobe Connect Edge Server This section describes how to configure software SSL with the optional Adobe Connect Edge Server product. It assumes that you have already configured your Adobe Connect server for SSL. It also assumes that you have purchased and installed the Adobe Connect Edge Server product and are now prepared to secure it with software SSL. The supported Adobe Connect Software SSL solution, STunnel, does not come packaged as part of the Adobe Connect Edge Server installer. First you will need to get a copy of the supported version of STunnel and install it on the server which hosts your Edge Server. 1 Locate your installation media for Adobe Connect 9 and browse to \Connect\9.0.0.1\Merge_Modules\stunnel- 4.53.zip 2 Extract the stunnel-4.5.3.zip file to a new folder named stunnel under your Adobe Connect installation folder, as follows: [root_install_dir]\stunnel 3 Under the newly-created stunnel folder, open stunnel.conf and replace the following code (replace the code in italic with your own values):; Protocol version (all, SSLv2, SSLv3, TLSv1) sslversion = all ; Some performance tunings socket = l:tcp_nodelay=1 socket = r:tcp_nodelay=1 TIMEOUTclose=0 options = DONT_INSERT_EMPTY_FRAGMENTS [https vip] ; incoming vip for https (This is to secure Web) ; ip address that resolves to the ConnectProHost (Web App FQDN). ; listens on port 443 accept = 123.123.123.1:443 ; When stunnel is on the same box, leave the below IP address as 127.0.0.1 ; send the unencrypted request to port 8443

connect = 127.0.0.1:8443 ; Certificate information for Connect. cert = AppServer CertificateNameHere.pem key = AppServer CerificateKeyNameHere.pem [rtmps vip] ; incoming vip for fms (This is to secure Meeting) IP address that resolves to meeting FQDN accept = 123.123.123.2:443 ; When stunnel is on the same box, leave the IP address as 127.0.0.1 ; Send unencrypted request to 1935 connect =127.0.0.1:1935 ; Certificate information for Connect Meetings. cert = Meeting Server CertificateNameHere.pem key = Meeting Server CerificateKeyNameHere.pem You must have two certificate files for each secure connection: one for the public SSL certificate and one for the private key belonging to the certificate. Specify the location of the public SSL certificate in the cert property. Specify the location of the private key in the key property. The server sends the public SSL certificate to clients. The private key remains on the server. 4 Change the DNS entry you are using to redirect Connect traffic to the Edge server to use the ip address of the httpsvip from the STunnel configuration file. 5 Open the custom.ini file located in the Adobe Connect root installation directory (c:\connect, by default) and save a backup copy to another location. 6 Configure the edge server to point to your main Connect server by inserting the following code in the custom.ini file: FCS_EDGE_REGISTER_HOST=connect.yourdomain.com:8443 FCS.HTTPCACHE_BREEZE_SERVER_SECURE_PORT= connect.yourdomain.com:443 Note: The custom.ini file is case sensitive use capital letters for parameter names and lowercase letters for values. 7 Save the custom.ini file. 8Open breeze\edgeserver\win32\conf\httpcache.xml. Edit the HostName tag and enter the FQDN for the FMS VIP of the Edge Server: <HostName>edge-fms.yourdomain.com</HostName> 9 Restart Adobe Connect Edge Server: d) Choose Start > Programs > Adobe Connect Edge Server > Stop Connect Edge Server. e) Choose Start > Programs > Adobe Connect Edge Server > Start Connect Edge Server. 10 Restart the STunnel service. 11 Go to your Adobe Connect server and open the Application Management Console (http://localhost:8510/console or Start > Programs > Adobe Connect Server > Configure Connect Server).

12 On the Application Settings screen, select Server Settings and verify that your edge server now appears listed under the Host Mappings heading. Test the configuration 1If you secured the application server, log in to Adobe Connect Central. You see a lock in your browser. 2If you secured the meeting server, enter an Adobe Connect meeting room. You see a lock in the connection light.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback