Encryption & Single sign on - Calyx NetAdmin
Remote Aministration Console
Netadmin allows you to centrally deploy and configure Calyx
SSO as well as the Prim'X ZoneCentral encryption software. It also
enables you to centrally mange user's smartcards, USB keys and
biometric information.
Netadmin is made up of 3 elements:
- An administration console. This software
allows the administrator to set up a deployment and configuration
strategy from the central console. Whilst it is installed on
the NetAdmin server by default the console may also be installed on
any number of workstations.
- A server. Its role is to store the
installation programs of the Calyx products in a library for
central deployment. It also receives and stores the logs from all
the Calyx installations on the network for centralised security
reporting.
- An agent is installed on each workstation to
administer. It role is to communicate to the Netadmin server
and pull in software updates and configuration changes.
The communication between the Calyx NetAdmin agent and server
ensures Calyx isn't constrained by domain and NTFS rights
enabling the NetAdmin software to work effectively across
multiple domains.
The ability to install the administration console apart
from the Netadmin server lets you share the network management
between different users in the IT security department.
After the installation of the agent, the administration console
allows to display the different products of the Calyx Suite already
installed on the workstation, to update it and apply the strategies
defined by the administrator through the administration
console.
The Netadmin Server - Description
The server is made up of 2 elements: a web server and a
database. These two elements can be installed together on a single
server or installed separately on two servers.
- Database: the database is used to store the
security strategy settings defined by the it security
officer. The database also stores workstation and user
inormation along with their encryption keys. Finally it is a store
for the security log files the workstations send back. The
database can be either an SQL Server (not provided with
Netadmin) or an MSDE database (provided with Netadmin)
- Web Server: the Web server is a proprietary
server which acts as a communication interface between the
workstation agents and the database. When the agent contacts the
server, it retranscribes the received requests
The Netadmin Agent - Description
The agent is a service executed under the system account that
allows to perform the administrator's defined operations thanks to
the administration console. It is in charge of the installation,
the update and the uninstallation of the Calyx Suite's products,
but also of the configuration and the collection of informations
concerning the workstation and the Calyx Softwares installed on
it.
Communication Principles
Two communication methods are defined in Netadmin:
- Agent - Server Netadmin Communication
The communication between agents and server lays on the http
protocol in a periodical manner. The agents wake up periodically
and contacts the server on a port defined at the time of the
installation of Netadmin. However, it might be necessary in certain
situations to wake up the agent without waiting the end of its
reconnection delay : for that, each one of the agents is listening
on a port defined during the installation of Netadmin server. The
administration console uses that port to contact the agent and
obliges it to wake up.
- Console - Server NetAdmin Communication the
communication between an administration console and the netadmin
server is performed through an ODBC link.
New Functions and Features
- Client - Server communication mechanism - http server
and SQL database : the principle of use of a shared
resource as the mechanism's heart is abandoned to the benefits of
an http communication and the storage of informations in an SQL
database.
- Agent / Console dissociation : the
administration console and the agent are now completely
dissociated. The console is an independent application and its
installation is performed by the administrator on the workstations
they wish to use for the configuration.
- Agent and installation program format : the
Netadmin works now as a service and uses the system account, so
simplifying its installation and its maintenance. The installation
program is a unique executable file allowing its displacement and
its storage on other resources. Besides it is possible to generate
some installation programs containing an NT administration account
thus allowing a user without rights to perform the
installation.
- Management of the products previously installed
: at the time of its installation, the agent is able to
detect a pre-installed Calyx Suite on the workstation and to take
the configuration on its account. ( available functionality from
the 5.4 version of Calyx Suite)
- Configuration and configuration inheritance :
the inheritance of the products configuration is not operated in a
global manner. It is now possible not to keep the inheritance of
the rights uniquely for a software or a part of a software, the
rest of the other parameters being inherited.
- Calyx users management : it is now possible to
assign up to 5 badges to a user. These badges may be of different
types or not.
- LDAP Synchronisation : the Calyx users
management is now possible thanks to a synchronisation with an LDAP
directory. If a user is created by importation from an LDAP
directory, then its disappearance is emphasized in the
Administration console.
Profiles dynamic download : that functionality
allows to download a profile from an LDAP directory at the time of
session opening with a badge. It allows to avoid the overload of a
workstation with profiles when it has to be reachable by any person
owning an authorized badge.
Acknowledgements and Copyrights
Open Seas (UK) Ltd provides local sales and support
services to our Calyx SSO users in the UK and Ireland.
This site is owned and managed by Open Seas (UK) Ltd with Calyx SSO
content recreated with the express authorisation of Oikialog. Open Seas is an official
Oikialog partner for the UK and Ireland.
