지금 지원 담당자와 채팅
지원 담당자와 채팅

Active Roles 7.4.1 - Quick Start Guide

Introduction Active Roles Setup package Active Roles uninstallation System Requirements Deploying the Administration Service Deploying user interfaces Installing additional components Upgrade of an earlier version Performing a pilot deployment Deployment considerations Silent installation of Active Roles components Configuring Active Roles to Manage Hybrid Active Directory Objects Active Roles on Windows Azure VM

Steps to deploy the Web Interface

The Active Roles Web Interface can be installed on any computer that meets the system requirements and is running Internet Information Services (IIS) 7.5 or later. It is not necessary to install the Web Interface on the computer running the Administration Service. However, the computer that hosts the Web Interface must have a reliable network connection to a computer running the Administration Service.

Checking Web Interface prerequisites

Windows Server 2012

On a Windows Server 2012 based computer, ensure that the Web Server (IIS) sever role is installed, including:

  • Web Server/Common HTTP Features/
    • Default Document
    • HTTP Errors
    • Static Content
    • HTTP Redirection
  • Web Server/Security/
    • Request Filtering
    • Basic Authentication
    • Windows Authentication
  • Web Server/Application Development/
    • .NET Extensibility 4.5
    • ASP
    • ASP.NET 4.5
    • ISAPI Extensions
    • ISAPI Filters
  • Management Tools/IIS 6 Management Compatibility/
    • IIS 6 Metabase Compatibility
Windows Server 2016 and Windows Server 2019

On a Windows Server 2016 or Windows Server 2019 based computer, ensure that the Web Server (IIS) sever role is installed, including:

  • Web Server/Common HTTP Features/
    • Default Document
    • HTTP Errors
    • Static Content
    • HTTP Redirection
  • Web Server/Security/
    • Request Filtering
    • Basic Authentication
    • Windows Authentication
  • Web Server/Application Development/
    • .NET Extensibility 4.7.2
    • ASP
    • ASP.NET 4.7.2
    • ISAPI Extensions
    • ISAPI Filters
  • Management Tools/IIS 6 Management Compatibility/
    • IIS 6 Metabase Compatibility

The Web Interface Setup program configures the Web Server (IIS) server role to meet the Web Interface requirements. You can use Server Manager to verify that the server role is configured properly.

Feature delegation

Web Interface requires Internet Information Services to provide Read/Write delegation for the following features:

  • Handler Mappings
  • Modules

Use Feature Delegation in the Internet Information Services (IIS) Manager tool to confirm that these features have delegation set to Read/Write.

Installing and configuring the Web Interface

When installing and initially configuring the Web Interface, you first use the Setup wizard to install the Web Interface files and then use Active Roles Configuration Center to choose the Administration Service and create the Web Interface sites.

To install the Web Interface files

  1. Log on with a user account that has administrator rights on the computer.
  2. Navigate to the location of the Active Roles distribution package, and start the Setup wizard by double-clicking ActiveRoles.exe.
  3. Follow the instructions in the Setup wizard.
  4. On the Component Selection page, ensure that the Web Interface component is selected, and click Next.

    By default, all components are selected. If you only want to install the Web Interface, clear the check boxes that denote unwanted components.

  1. On the Ready to Install page, click Install to perform installation.
  2. On the Completion page, verify that the I want to perform configuration check box is selected, and click Finish.

The Setup wizard only installs the files. After you have completed the Setup wizard, you need to configure the newly installed Web Interface by using Active Roles Configuration Center.

The procedure for configuring the Web Interface includes two stages:

Initial configuration

Configuration Center allows you to configure the Web Interface to use:

  • Administration Service that runs on the same computer as the Web Interface
  • Administration Service that runs on a specified computer
  • Any available Administration Service that belongs to a specified replication group

Before configuring the Web Interface, ensure that the Administration Service is configured and started. Otherwise, Configuration Center will fail to configure the Web Interface. You can view the state of the Administration Service on the Administration Service page in the Configuration Center main window.

To perform initial configuration of the Web Interface

  1. Log on with a user account that has administrator rights on the computer.
  2. Open Active Roles Configuration Center.

    Configuration Center opens automatically if you select the I want to perform configuration check box on the Completion page in the Setup wizard. Another way to open Configuration Center is by selecting Active Roles 7.4 Configuration Center on the Apps page or Start menu, depending upon the version of your Windows operating system.

  1. In the Configuration Center main window, under Web Interface, click Configure.

    This starts the wizard that will perform initial configuration of the Web Interface.

  1. On the Administration Service page, specify how you want the Web Interface to select the Active Roles Administration Service. You can choose from the following options:
    • Administration Service on the computer running the Web Interface
    • Administration Service on this computer
      Supply the fully qualified domain name of the computer running the desired Administration Service instance.
    • Any Administration Service of the same configuration as this one

    Specify any Administration Service whose database holds the desired configuration, by supplying in the fully qualified domain name of the computer running that Administration Service. If Active Roles replication is used to synchronize configuration data, this must be any Administration Service whose database server acts as the Publisher for the configuration database.

  1. Click the Configure button to start the configuration process.
  2. Wait while the wizard completes the configuration.

Configuration Center creates three Web Interface sites based on the following configuration templates:

  • Default Site for Administrators  Supports a broad range of tasks, including the management of directory objects and computer resources.
  • Default Site for Help Desk  Handles typical tasks performed by Help Desk operators, such as enabling/disabling accounts, resetting passwords, and modifying select properties of users and groups.
  • Default Site for Self-Administration  Provides User Profile Editor, allowing end users to manage personal or emergency data through a simple-to-use Web interface.

Each configuration template provides an individual set of commands installed by default. Once a Web Interface site has been created, you can customize its configuration by adding or removing commands, and by modifying Web pages (forms) associated with commands. The customization procedures are covered in the Active Roles Web Interface Administration Guide.

After initial configuration, you can modify Web Interface site parameters, such as the Web application alias, create new Web Interface sites, or delete existing Web Interface sites.

Additional configuration

After initial configuration, you can use Configuration Center to create additional Web Interface sites, as well as modify or delete existing Web Interface sites.

When creating Web Interface sites, you have the option to apply the configuration of an existing Web Interface site to the newly created one. If you have the Web Interface site tailored to meet your requirements, and need to deploy its instance on another Web server, this option ensures that the new Web Interface site has the same set of menus, commands and pages as the existing one.

To create, modify or delete a Web Interface site

  1. Open Configuration Center.

    You can open Configuration Center by selecting Active Roles Active Roles Configuration Center on the Apps page or Start menu, depending upon the version of your Windows operating system.

  1. In the Configuration Center main window, under Web Interface, click Manage Sites.
  2. On the Sites page, do one of the following:
    • To create a new site, click Create.
    • To modify an existing site, select the site from the list and click Modify.
    • To delete a site, select the site from the list and click Delete.
  3. View or change the following settings in the wizard that appears if click Create or Modify:
    • IIS Web site Specifies the IIS Web site containing the Web application that implements the Web Interface site. You can select the desired Web site from a list of all Web sites defined on the Web server.
    • Alias  Specifies the alias of the Web application that implements the Web Interface site. The alias defines the virtual path used in the address of the Web Interface site on the Web server.
    • Configuration  Specifies customizable settings of user interface elements, such as menus, commands, and Web pages (forms), displayed by the Web Interface. The configuration of each Web Interface site is stored by the Active Roles Administration Service. Multiple sites may use the same configuration. You can choose from the following options:
      • Keep the current configuration  Choose this option when modifying an existing Web Interface site if you do not want to assign a different configuration to that site.
      • Create from a template  Create a new configuration for the Web Interface site based on a template. With this option, you need to supply a unique name for the new configuration and select the desired template.

    Choose this option if you want the Web Interface site to use a separate configuration that is initially populated with the template data.

  • Use an existing configuration  Assign an existing configuration to the Web Interface site. With this option, you need to select the desired configuration from a list of configurations found on the Administration Service. The list includes the configurations of the current Active Roles version only.

    Choose this option if you want the Web Interface site to share its configuration with other Web Interface sites. For example, when creating a new instance of a given site for load balancing, you should assign the configuration of that site to the new Web Interface site.

  • Import from an existing configuration  Create a new configuration for the Web Interface site by importing data from an existing configuration. With this option, you need to supply a unique name for the new configuration and select the desired existing configuration from a list of all supported configurations found on the Administration Service. The list includes the configurations of both the current and earlier Active Roles versions.

    Choose this option if you want the Web Interface site to use a separate configuration that is populated with the data imported from a configuration of an earlier Active Roles version or copied from a configuration of the current Active Roles version.

  • Import from a file  Create a new configuration for the Web Interface site by importing data from an export file. With this option, you need to supply a unique name for the new configuration and select the export file. This can be an export file created by the current Active Roles version or an earlier, supported Active Roles version.

    Choose this option if you want the Web Interface site to use a separate configuration that is populated with the data found in an export file. You could create an export file from the Web Interface page in Configuration Center, by selecting a site and then selecting Export Configuration. Earlier Active Roles versions used the Web Interface Sites Configuration wizard to export Web Interface site configuration data.

Each Web Interface site can be accessed from a Web browser using the address based the Web application alias:

http://<WebSite>/<Alias>

Here, <WebSite> identifies the IIS Web site containing the Web application that implements the Web Interface site and <Alias> stands for the alias of that Web application, as specified in Configuration Center. For example, if the Web application is contained in the default Web site, the address is http://<Computer>/<Alias>, where <Computer> stands for the network name of the computer (Web server) running the Web Interface.

By default, Web Interface users connect to the Web Interface using a HTTPs transport, which encrypts the data transferred from a Web browser to the Web Interface. If your business process does not require a secure transport for passing data to the Web interface, you can disable the HTTPs option using the Configuration Center and use the HTTP transport.

The secure hypertext transfer protocol (HTTPS) uses Secure Sockets Layer (SSL) provided by the Web server for data encryption. For instructions on how to enable SSL on your Web server, see “Configuring Secure Sockets Layer in IIS 7” at http://go.microsoft.com/fwlink/?LinkID=108544.

Configure Web interface for secure communication

By default, Active Roles users connect to the Web interface using a HTTP protocol, which does not encrypt the data during communication. However, it is recommended to use a HTTPS protocol to transfer data securely over the web. You can use the Force SSL Redirection option in the Configuration Center to enable secure communication over HTTPS for the Web interface on local or remote servers.

To configure the Web interface for secure communication for the first time

  1. In the Configuration Center main window, click Web Interface.

    The Web Interface page lists all the Web interface sites that are deployed on the Web server running the Web interface.

  2. To modify the secure communication settings for the sites, click Force SSL Redirection.

    The Manage Force SSL Redirection Settings for sites window is displayed.

  3. In the Available Websites field, select the required web site from the drop-down list.

    The configuration status of the website is displayed.

  1. To enable the force SSL redirection, switch between the Enable Force SSL Redirection states. Turn it on.

    NOTE:

    • If the website is not configured earlier for secure communication, the Enable Force SSL Redirection option is not selected by default and the HTTPS configuration status is shown as Not configured.
    • If the website is configured earlier for secure communication, then the Enable Force SSL Redirection option is selected by default and the HTTPS configuration status shows as Configured.
    • If the website is configured earlier for secure communication, and the SSL bindings was deleted in the IIS site, the Enable Force SSL Redirection option is selected by default. The status Binding Deleted is displayed. In this case, the secure communication must be configured again for the web site.

    The Available HTTPS Bindings field is enabled and displays the list of HTTPS bindings configured for the selected web site in the format: <IP adress, Port, Host name>.

    NOTE:

    • If the selected web site does not have any binding configured, then the Available HTTPS Bindings field remains disabled and a message is displayed indicating that HTTPS bindings are not available and the need to configure the Force SSL Redirection to a valid binding. In this case, HTTPS bindings must be configured for the selected web site from the IIS site before initiating the configuration of secure communication for the web site in Active Roles.
    • If the binding for a configured web site is deleted externally on the IIS site, the Available HTTPS Bindings field is enabled without any binding displayed, and a message is displayed indicating that HTTPS binding is deleted and the Force SSL redirection setting must be reconfigured.
  1. In the Available HTTPS Bindings field, click the drop-down list and select the required binding for the web site.
  2. Click Modify.

    After successful completion of configuration changes, in the Web Interface window, the Force SSL Redirection configuration state for the selected web site is displayed as green and enabled.

  1. Click Finish.

    NOTE: The browser cache must be cleared after any changes are made to SSL settings.

    For the configured web site, any HTTP communication is now redirected to HTTPS automatically.

Disabling secure communication for Web interface sites

Disabling secure communication for Web interface sites

By default, Active Roles users connect to the Web interface using a HTTP protocol, which does not encrypt the data during communication. However, it is recommended to use a HTTPS protocol to transfer data securely over the web. You can use the Force SSL Redirection option in the Configuration Center to enable secure communication over HTTPS for Web interface on local or remote servers.

In case you do not want a secure communication enabled for transferring data over the web, you can disable the HTTPS option using the Force SSL Redirection option in the Configuration Center.

To disable the secure communication for Web interface sites

  1. In the Configuration Center main window, click Web Interface.

    The Web Interface page displays all the Web interface sites that are deployed on the Web server running the Web interface.

  2. To modify the secure communication settings for the sites, click Force SSL Redirection.

    The Manage Force SSL Redirection Settings for sites window is displayed. The Enable Force SSL Redirection option is enabled after HTTPS configuration.

  3. In the IIS Web site field, select the required web site from the drop-down list.

  4. To disable the force SSL redirection, switch between the Enable Force SSL Redirection states. Turn it off.

  5. Click Modify , and then Finish.

    NOTE: The browser cache must be cleared after any changes are made to the SSL settings.

    After successful completion of the configuration changes, in the Web Interface window, the Force SSL Redirection configuration state for the selected web site is displayed as not configured.

    After disabling the Force SSL Redirection, all communication is now redirected to HTTP.

For more information on secure communication and Federated Authentication, see Working with Federated Authentication.

 

Installing additional components

In addition to the Administration Service, MMC Interface and Web Interface, Active Roles allows you to install the following components:

  • Active Roles Management Shell  Provides commands based on the Windows PowerShell platform for managing users, group, computers and other objects in Active Directory via Active Roles; administering certain Active Roles objects; and configuring Active Roles Administration Service instances and Web Interface sites.
  • ADSI Provider  Enables custom applications and scripts to access directory data via Active Roles by using standard COM interfaces. Documentation for ADSI Provider can be found in the Active Roles SDK.
  • Active Roles SDK  Provides developers with documentation and samples to help them customize Active Roles by creating custom client applications and user interfaces, and implementing business rules and policies based on custom scripts.
  • Collector  Gathers data required for reporting. Retrieves data from specified data sources through the Administration Service, and stores the data on SQL Server.
  • Report Pack  A comprehensive suite of report definitions that cover various administrative actions available in Active Roles.
관련 문서