Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - Authentication Manager Cluster Administration Guide

Preface Overview Administering Clusters From EAM Console Managing a Cluster from your Workstation Managing Session Delegation

Creating and Configuring a Cluster of Access Points

Subject

The following procedure explains how to create a new cluster of access points, and configure it:

  • You can authorize users to temporarily remove a computer from the cluster.
  • You can define a locking behavior for each computer of the cluster.
  • You can define reboot options for the cluster.
Before Starting
  • To perform the task described in this section, you must work in advanced administration mode, and your role must contain the following right: "Cluster: Creation/Modification".

    NOTE: For more information on administration modes, see One Identity EAM Console Administrator's Guide.

  • Make sure that none of the computer you want to place in the cluster is an EAM Controller.
  • Make sure all the computers you want to gather in a cluster are connected to each other, and configured according to your needs (automatic screen-saver launching, locking).
  • DNS resolution must work properly so that orders sent from the master can be easily transmitted to slaves.
  • Port 3644 must be open on all computers you want to gather in a cluster.
  • EAM must be configured in "manage-access-point" mode.
  • The "Cluster Server" license keys must be installed on the EAM Controller and the "Cluster Client" license keys must be installed on all EAM workstations on which you want to use the Cluster feature.
Procedure
 
  1. In EAM Console, in the tree structure of the Directory panel, right-click the Organizational Unit that must contain your Cluster of access points and select New\Cluster of access points.

    The Configuration tab appears.

  2. Fill in the Name field.
  3. Click the Add button to select the access points you want to add to the cluster.
    Use the Browse tab to browse the directory tree structure or use the Search tab to find the access point by typing its name.
  4. Define the cluster properties as explained in the following "Configuration" Tab Description section.
  5. Click Apply.

    The Cluster object is created and configured.

 

"Configuration" Tab Description

Figure 3: Configuration Tab

  • Allow users to temporarily withdraw a computer from the cluster check box

    If this check box is selected, users allowed to access one of the cluster computer will be able to temporarily exclude a computer from the cluster, from the Authentication Manager application module: see Removing Temporarily a Workstation from the Cluster for more details.

  • Lock the cluster after x minutes of inactivity

    This option allows you to define the period of inactivity after which all the computers of the cluster will be automatically locked.

    The computers are locked according to the locking behavior you have defined in the Cluster Lock Mode window: see Option button below.

    IMPORTANT: For this function to work properly, you must deactivate the Windows locking and screensaving mechanisms on all the computers of the cluster.

  • Allow the user to reboot the cluster check box

    Check box selected: users allowed to access one of the cluster computer can simultaneously restart all the computers of the cluster by launching a command menu from the Authentication Manager application module: see Managing the Cluster Composition.

    Check box cleared: users are not allowed to reboot all the computers of the cluster.

  • When a workstation shuts down, do not close the other workstations check box

    Check box selected: if a user restarts a computer of the cluster, the sessions of the other computers remain in the state their were before the reboot operation.

    Check box cleared: if a user restarts a computer of the cluster, the sessions of the other computers are closed.

  • Members table

    This area displays the list of access points that are part of the current cluster and their defined lock mode (see the following Option button).

    If you have authorized a list of users to add/remove access point of the current cluster to/from their own cluster (see Authorizing Users to Access Workstations of the Cluster), this area gives information on how authorized users have composed their own cluster (for more details, see Managing the Cluster Composition), by the use of colored icons:

    •  : the access point is not originally part of the cluster. It has been added to the cluster by an authorized user.
    •  : the access point is originally member of the cluster and has been separated from it by an authorized user who has included it in his/her own cluster.
    •  : the access point is originally member of the cluster and has not been separated from or added to it by a user.

  • Option button

    Gives access to the Cluster Lock Mode window.

    Figure 4: Cluster Lock Mode

    For each computer of the cluster, this button allows you to define its behavior as a slave in the following cases:

    • When it receives a locking order from the master computer.
    • When it is directly locked.
    • When it does not receive any order from the master for more than 30 seconds.
    • Transparent lock with logo

      The keyboard and mouse of the selected computer are disabled and a logo appears on top of the screen.
      Information displayed on screen remains visible.

      To modify the logo displayed on screen, save a WGLock.bmp file (500x72px) corresponding to the wanted logo in the EAM Client installation folder (the default folder is Program Files\One Identity\Enterprise Access Management).

      Pressing Ctrl+Alt+Del on this computer displays the standard unlock window.

    • Transparent lock

      The keyboard and mouse of the selected computer are disabled.
      Information displayed on screen remains visible.

      Pressing Ctrl+Alt+Del on this computer displays the standard unlock window.

    • Windows lock

      The selected computer is locked. The standard lock window appears on the screen.

  • Remove button

    Removes the selected computer from the cluster.

  • Add button

    Allows you to select the access points you want to add to the cluster.
    The Browse tab allows you to browse the directory tree structure and the Search tab allows you to find the access point by typing its name.

  • Information area

    This area displays the name of the last user who connected to the cluster of access points.

Managing Users’ Permissions on a Cluster

This section explains how to give more autonomy to users of clusters by allowing them to manage their own cluster: you can authorize them to add to their own cluster some access points that are originally part of another cluster.

If a user adds an access point to his/her own cluster, the access point stays linked to the original cluster. When the user decide to release the access point, it is automatically associated back to its original cluster.

For more details on the conditions under which a user can attach a new access point to its cluster, see Attaching a Workstation to Your Cluster

Authorizing Users to Access Workstations of the Cluster

Subject

You can authorize some users to add (and remove) access points to their own cluster (see Managing the Cluster Composition).

For that, you need to define the list of users allowed to appropriate access points of the cluster.

Procedure

 

  1. In the tree structure of the Directory panel, click the Cluster of access points that you want to make accessible to users of other clusters.
  2. Click the Administrators tab:

    Figure 5: Administrators tab

  3. Click the Add button and select the users that you want to authorize to extend their own cluster with the access points included in this cluster.
    Use the Browse tab to browse the directory tree structure or use the Search tab to find the user by typing its name.
  4. Click Apply.

    The list of users displayed in the tab is allowed to add the access points contained in the cluster into their own cluster.

 

Displaying the Cluster Composition Made by Authorized Users

Once you have authorized some users of other clusters to access workstations of the selected cluster, they are free to add or remove available access points to their own cluster (as described in Managing the Cluster Composition).

The Configuration tab allows you to visualize the user-made composition of the cluster. You cannot modify this temporary composition.

In this tab, the Members table displays the list of access points composing the cluster, and colored icons give information on their state. For more information on the meaning of colors, see Members table in Creating and Configuring a Cluster of Access Points.

Related Documents