DualShield Installation Guide (Version 5.7) Copyright 2013 Deepnet Security Limited Copyright 2013, Deepnet Security. All Rights Reserved. Page 1
Trademarks Deepnet Unified Authentication, MobileID, QuickID, PocketID, SafeID, GridID, FlashID, SmartID, TypeSense, VoiceSense, DevicePass, RemotePass and Site Stamp are trademarks of Deepnet Security Limited. All other brand names and product names are trademarks or registered trademarks of their respective owners. Copyrights Under the international copyright law, neither the Deepnet Security software or documentation may be copied, reproduced, translated or reduced to any electronic medium or machine readable form, in whole or in part, without the prior written consent of Deepnet Security. Licence Conditions Please read your licence agreement with Deepnet carefully and make sure you understand the exact terms of usage. In particular, for which projects, on which platforms and at which sites, you are allowed to use the product. You are not allowed to make any modifications to the product. If you feel the need for any modifications, please contact Deepnet Security. Disclaimer This document is provided as is without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the document. Deepnet Security may make improvements of and/or changes to the product described in this document at any time. Contact If you wish to obtain further information on this product or any other Deepnet Security products, you are always welcome to contact us. Deepnet Security Limited Building 3 North London Business Park Oakleigh Road South London N11 1GN United Kingdom Tel: +44(0)20 3668 1580 Fax: +44(0)20 8446 3182 Web: www.deepnetsecurity.com Email: support@deepnetsecurity.com Copyright 2013, Deepnet Security. All Rights Reserved. Page 2
Contents Prerequisites... 4 Preparation... 5 Installation... 6 Configuration... 11 Create Application... 11 Publish Application... 12 Finish Installation... 13 Copyright 2013, Deepnet Security. All Rights Reserved. Page 3
Prerequisites DualShield is a bridge that connects DualShield Windows Logon clients and the DualShield Authentication Server. The Logon Agent can be installed on any Windows server machine in the network. Before you run the setup wizard, you must have your DualShield Authentication Server installed and operating, and make sure that the computer on which you are going to install the meets the following minimum hardware and software requirements: A Windows 2003, 2008 or 2012 Server with the latest service pack installed. TCP/IP Networking TCP port 14282 must be available on the Windows server for use by the DualShield. TCP port 14283 must be available on every desktop machine for use by the DualShield Windows Logon Client. Copyright 2013, Deepnet Security. All Rights Reserved. Page 4
Preparation The DualShield is a DualShield authentication agent. For an authentication agent to be able to connect to the authentication server, the agent must be registered in your authentication server. For security purpose, the agent registration function is disabled by default. You need to enable the Agent Auto Registration function in your DualShield authentication server. In the DualShield Management Console, select Authentication Agents and press the Auto Registration button on the toolbar: You may want to enable the Check IP option for extra security. If this option is enabled, then in the IP Address field you must enter the IP address of the machine where the is to be installed. Copyright 2013, Deepnet Security. All Rights Reserved. Page 5
Installation To install the DualShield, launch the installer SetupDSAgent.xxxx.exe and go through the following steps: Step 1: Step 2: Step 3: Step 4: Step 5: Step 6: Step 7: Step 8: Welcome Licensing Agreement Installation Path Install Gina or Credential Provider Import Agent Configure File Installing Connect to Authentication Server Installation Completed Copyright 2013, Deepnet Security. All Rights Reserved. Page 6
Step 1: Welcome Step 2: Licensing Agreements Copyright 2013, Deepnet Security. All Rights Reserved. Page 7
Step 3: Installation Path Step 4: Install GINA or Credential Provider Enable the option: Enable multi-factor authentication o this machine only if you wish to protect the server machine on which the is being installed. Otherwise, do not check this option. Enable the option: Protect local computer logon with multi-factor authentication only if the server machine on which the is being installed is a terminal server and you want to add two-factor authentication to the logon to the local machine. Copyright 2013, Deepnet Security. All Rights Reserved. Page 8
Step 5: Agent Registration Check the FQDN and Port number of your DualShield Server. Change them if necessary. The default port of DualShield server is 8071. Step 6: Installing Copyright 2013, Deepnet Security. All Rights Reserved. Page 9
Step 7: Connect to Authentication Server Upon the successful installation, the installer launches the DualShield Windows Logon Manager which enables you to connect the agent to the authentication server. In the Application field, it displays Click here to select. At this point, the agent has been successfully installed and registered with the DualShield server. It is waiting for an application to be published on this agent. The next step is to publish a Windows application on this agent. Copyright 2013, Deepnet Security. All Rights Reserved. Page 10
Configuration Switch to the Management Console of your DualShield Server, you will find the newly installed : This new agent is not yet associated with an application. Create Application If you already have an application for Windows logon, then skip to the next section: Publish Application. Otherwise, follow the instruction below to create an application. An application in DualShield has following dependencies: Logon Procedure Realm Domain Identity Source The document below describes two ways of creating an application and its dependant items: DualShield Authentication Platform Quick Start Guide.PDF You can use the Application Wizard to quickly create an application and all of its dependant items, or you can follow the Tutorial to manually create all items one by one. In the process of creating an application for Window Logon and its dependant items, please note the following important points: 1. You will need to create a Logon Procedure with its type set to Windows 2. During the creation of a domain, make sure that the DNS Name matches the domain name of your Windows network and the NetBIOS name is correctly set to the NetBIOS name of your domain controller. Copyright 2013, Deepnet Security. All Rights Reserved. Page 11
Publish Application If you used the Application Wizard to create a new application, then you can skip to the next section: Finish Installation. Once you have created the application, click the Agent s context menu icon and select Application. A list of applications will be displayed: Now, select the application you wish to publish on the Agent. Click Save. Copyright 2013, Deepnet Security. All Rights Reserved. Page 12
Finish Installation Switch back to Windows Logon Manager on the Agent machine. Click the Application dropdown list and select the application to be connected. Select File Save or click the save button in the toolbar to saving the settings. Finally, select File Exit to exit the Windows Logon Manager. Copyright 2013, Deepnet Security. All Rights Reserved. Page 13
Step 8: Installation Completed Once the server is rebooted, you shall notice that the Windows logon screen (GINA) has been replaced by the Deepnet s logon screen. If a user is not required to logon with two-factor authentication, the Authenticator field will be disabled and the user can continue to logon as usual by entering only the user name and AD password. To enable users with two-factor authentication, please refer to the Windows Logon Implementation Guide. Copyright 2013, Deepnet Security. All Rights Reserved. Page 14