立即与支持人员聊天
与支持团队交流

Active Roles 8.1.1 - Quick Start Guide

Introduction Active Roles Setup package Active Roles uninstallation System Requirements Deploying the Administration Service Deploying user interfaces Installing additional components Upgrade of an earlier version Performing a pilot deployment Deployment considerations Silent installation of Active Roles components Configuring Active Roles to Manage Hybrid Active Directory Objects Active Roles on Windows Azure VM

Steps to install the console

The Active Roles console can be installed on any computer that meets the system requirements and has a reliable network connection to a computer running the Administration Service. It can also be installed on the Administration Service computer.

To install the Active Roles console

  1. Log on with a user account that has administrator rights on the computer.
  2. Navigate to the location of the Active Roles distribution package, and start the Setup wizard by double-clicking ActiveRoles.exe.
  3. Follow the instructions in the Setup wizard.
  4. On the Component Selection page, ensure that the Console (MMC Interface) component is selected, and click Next.

    By default, all components are selected. If you only want to install the console, clear the check boxes that denote unwanted components.

  1. On the Ready to Install page, click Install to perform installation.
  2. On the Completion page click Finish.

Once you have installed the console, you can start it by selecting Active Roles 8.1.1 Console on the Apps page or Start menu, depending upon the version of your Windows operating system.

Deploying the Web Interface

You can install the Active Roles Web Interface on any computer that meets the product system requirements and is running Internet Information Services (IIS) 7.5 or later. For more information on the software and hardware requirements, see System Requirements in the Active Roles Release Notes.

NOTE: You do not need to install the Web Interface component on the same computer that runs the Active Roles Administration Service. However, the computer (or computers) hosting the Web Interface must have a reliable network connection to the computer (or computers) running the Administration Service component.

Prerequisites

Before you begin installing and configuring the Web Interface component, make sure you meet the following requirements on the computer(s) where you will install the component:

Table 5: Web Interface requirements
Requirement type Description
Operating system

You can install the Active Roles Web Interface component on the following operating systems:

  • Windows Server 2022

  • Windows Server 2019

  • Windows Server 2016

Internet Services

Make sure that the computer where the Web Interface is installed has the Web Server (IIS) server role installed, with the following role services:

  • Web Server/Common HTTP Features/
    • Default Document
    • HTTP Errors
    • Static Content
    • HTTP Redirection
  • Web Server/Security/
    • Request Filtering
    • Basic Authentication
    • Windows Authentication
  • Web Server/Application Development/
    • .NET Extensibility
    • ASP
    • ASP.NET
    • ISAPI Extensions
    • ISAPI Filters
  • Management Tools/IIS 6 Management Compatibility/
    • IIS 6 Metabase Compatibility

NOTE: The Active Roles installer automatically configures the Web Server (IIS) server role when installing the Web Interface component.

To verify that the server role is configured properly on the computer, use the native Server Manager tool of the operating system after the Web Interface is installed.

Feature delegation

Make sure that Internet Information Services (IIS) provides Read/Write delegation for the following features:

  • Handler Mappings
  • Modules

To confirm that these features have the Read/Write delegation configured, use the Feature Delegation option of the native Internet Information Services (IIS) Manager tool of the operating system.

.NET Trust Levels

Make sure that the .NET Trust Level is set to Full (internal) on every computer where the Web Interface component will be installed.

To configure this setting:

  1. In the native Internet Information Services (IIS) Manager tool, under Connections, expand the node of the computer, and navigate to Sites > Default Web Site.

  2. On the Default Web Site Home page, double-click .NET Trust Levels.

  3. Under Trust level, select Full (internal).

NOTE: Setting the .NET Trust Level to any other value will result in a failure when attempting to load any of the configured Active Roles Web Interface sites.

Installing and configuring the Web Interface

Deploying the Web Interface component has two main steps:

  1. Installing the component via the Active Roles installer.

  2. Using the Active Roles Configuration Center to configure the Web Interface service.

To install the Web Interface component

  1. Login with an administrator account to the computer where you want to install the Web Interface component.

  2. Mount the Active Roles .iso file, and start the setup wizard by double-clicking ActiveRoles.exe.

  3. In the Component Selection step, select Web Interface, then click Next.

  4. In the Ready to Install step, review the installation settings, install any of the prerequisites if needed, then click Install.

  5. In the Completion step, make sure that I want to perform configuration is selected, and click Finish.

Once the installation completes, to configure the Web Interface service, use the Active Roles Configuration Center. This procedure has two main stages:

  • Initial configuration: During this stage, the Administration Service creates the three default Web Interface sites (Self-Service, Helpdesk and Admin), based on the default configuration templates.

  • Additional configuration: During this stage, you can create additional sites, and modify or delete existing sites.

Initial configuration

During initial configuration, you must configure the Administration Service instance in the Active Roles Configuration Center that the Web Interface component will use. You can configure the Web Interface to use:

  • The Administration Service instance that runs on the same computer as the Web Interface.

  • An Administration Service instance running on a specific computer.

  • Any available Administration Service instance in a specified replication group.

Before performing the initial configuration of the Web Interface, ensure that the Administration Service instance you want to use is configured and started. Otherwise, the configuration will fail in the Active Roles Configuration Center.

TIP: To check the state of the Administration Service, in the computer where the process is running, launch Active Roles Configuration Center, then open the Administration Service page. The page must indicate the process in a Ready for use state.

To perform the initial configuration of the Web Interface

  1. Login with an administrator account to the computer where you want to configure the Web Interface component.

  2. Open the Active Roles Configuration Center.

    NOTE: If you select I want to perform configuration in the Completion page of the setup wizard, the Configuration Center opens automatically.

    To manually open the Configuration Center later, search the Active Roles 8.1.1 Configuration Center component in the Windows search bar or the Start menu of the operating system.

  3. In the Configuration Center, open the Web Interface page and click Configure.

  4. In the Administration Service step, specify the Administration Service instance to use:

    • Administration Service on the computer running the Web Interface: When selected, the Web Interface component will use the Administration Service instance running on the same computer where the Web Interface is running.

    • Administration Service on this computer: When selected, you can specify an Administration Service instance running on a specific computer. To specify the computer, use its fully qualified domain name.

    • Any Administration Service of the same configuration as this one: When selected, you can specify an Administration Service instance with the desired configuration. To specify the computer, use its fully qualified domain name.

      NOTE: If your organization uses Active Roles replication to synchronize configuration data, use this setting to specify an Administration Service instance whose database server acts as the Publisher of the configuration database.

  5. To start the configuration process, click Configure. Then, wait for the configuration to finish.

The Active Roles Configuration Center then creates three Web Interface sites based on the following configuration templates:

  • Default Site for Administrators: Creates the default Administration Site. This site supports a broad range of tasks, including the management of directory objects and computer resources.
  • Default Site for Help Desk: Creates the default Helpdesk Site. This site supports performing tasks typical to the duties of Helpdesk operators, such as enabling/disabling accounts, resetting passwords, and modifying select properties of users and groups.
  • Default Site for Self-Administration: Creates the default Self-Service Site. This site provides the User Profile Editor, allowing end-users to manage their personal or emergency data through a simple-to-use Web Interface.

Each configuration template provides an individual set of commands installed by default. Once a Web Interface site is created, you can customize its configuration by adding or removing commands, and by modifying web pages (forms) associated with those commands. For more information, see Customizing the Web Interface in the Active Roles Web Interface Administration Guide.

Additional configuration

After the initial configuration is complete, you can modify the Web Interface configuration further with the Active Roles Configuration Center. This includes creating new Web Interface sites, modifying an existing site (for example, changing the web application alias), or deleting sites.

TIP: You can apply existing site configurations when creating new Web Interface sites. This is useful, for example, if you need to deploy another instance of the Web Interface to another web server, but you already have a Web Interface site that meets the requirements of the new site.

Creating a new site based on an existing configuration saves time, as the newly-created site will contain the same set of menus, commands and pages right from the start as other existing sites based off the same configuration. For more information on how to create a site based on an existing configuration, see the following procedure.

To create, modify or delete a Web Interface site

  1. In the Active Roles Configuration Center, on the Dashboard page, click Web Interface > Manage Sites.

    Alternatively, on the side bar, click Web Interface.

  2. On the Web Interface page, click the applicable button:

    • To create a new site, click Create.

    • To modify an existing site, select it from the list, then click Modify.

    • To delete an existing site, select it from the list, then click Delete.

  3. (Optional) If you selected to Create or Modify a site, in the Web Application step, configure the following settings:

    • IIS Web site: Specifies the IIS website containing the web application that implements the Web Interface site. The list is populated from the websites defined on the web server.

    • Alias: Specifies the alias of the web application that implements the Web Interface site. The alias defines the virtual path used in the address of the Web Interface site on the web server.

  4. (Optional) If you selected to Create or Modify a site, in the Configuration step, specify how to set the configuration of the new website. The website configuration contains all customizable settings of the user interface elements, such as the website menus, commands, and web page forms that appear on the Web Interface.

    • Keep the current configuration: Uses the configuration currently assigned to the site. Select this option if you do not want to assign a different configuration to the site.

      NOTE: This setting is only available when modifying an existing site.

    • Create from a template: Creates a new configuration for the Web Interface site based on a template. When selected, you must specify a unique Configuration name and must also select a Template used as a baseline for the new configuration. Active Roles contains a default template for Administration, Helpdesk and Self-Service sites.

      TIP: Select this option if you want the Web Interface site to use a separate configuration that is initially populated with the default template data and settings.

    • Use an existing configuration: Assigns an existing configuration to the Web Interface site. When selected, you must specify the desired configuration from a list of saved configurations stored by the Administration Service.

      NOTE: The list includes configurations compatible with the currently installed Active Roles version only.

    • Import from an existing configuration: Creates a new configuration for the Web Interface site by importing data from an existing configuration. When selected, you must specify a unique Configuration name for the new configuration and must also select the desired Configuration to import from the list of supported configurations stored by the Administration Service.

      NOTE: The list includes configurations compatible with the currently installed Active Roles version only.

      TIP: Select this option if you want the Web Interface site to use a separate configuration that is:

      • Populated with data imported from the configuration of an earlier Active Roles version, or

      • Copied from an existing configuration of the current Active Roles version.

    • Import from a file: Creates a new configuration for the Web Interface site by importing data from an exported configuration file. When selected, you must specify a unique Configuration name for the new configuration and must also select the File to import.

      TIP: Select this option if you want the Web Interface site to use a separate configuration that is:

      • Populated with data imported from the exported configuration file of an earlier Active Roles version.

      • Copied from an existing exported configuration file of the current Active Roles version. You can export existing configurations with the Web Interface > Export Configuration option of the Configuration Center after selecting a web site.

  5. (Optional) To commit your changes when creating or modifying a site, click Create or Modify, respectively. The Configuration Center then performs the configured changes, and will indicate the results.

  6. (Optional) If you selected to Delete a site, in the Ready to Delete step, review the site data, then click Delete. The Configuration Center then performs the configured changes, and will indicate the results.

Once you configured a new site or modified an existing one, you can access it from your browser by using the specified web application alias in the following format:

http://<website>/<alias>

In this alias, <website> identifies the IIS website containing the web application that implements the Web Interface site, while <alias> is the alias of the web application as specified in the Configuration Center. For example, if the web application is contained in the default website, the address will be the following:

http://<computer>/<alias>

In this example, <computer> is the network name of the computer (web server) running the Web Interface.

By default, you can connect to Web Interface sites via the HTTPS protocol, which encrypts the data transferred from the web browser to the Web Interface. If your organization does not require a secure protocol for accessing the Web Interface sites, you can disable using the HTTPS protocol in the Active Roles Configuration Center.

The HTTPS protocol uses SSL protection provided by the web server for data encryption. For more information on how to enable SSL on your web server, see Configuring Secure Sockets Layer in IIS 7 in the Microsoft Windows Server documentation.

Configure Web interface for secure communication

By default, Active Roles users connect to the Web interface using a HTTP protocol, which does not encrypt the data during communication. However, it is recommended to use a HTTPS protocol to transfer data securely over the web. You can use the Force SSL Redirection option in the Configuration Center to enable secure communication over HTTPS for the Web interface on local or remote servers.

To configure the Web interface for secure communication for the first time

  1. In the Configuration Center main window, click Web Interface.

    The Web Interface page lists all the Web interface sites that are deployed on the Web server running the Web interface.

  2. To modify the secure communication settings for the sites, click Force SSL Redirection.

    The Manage Force SSL Redirection Settings for sites window is displayed.

  3. In the Available Websites field, select the required web site from the drop-down list.

    The configuration status of the website is displayed.

  1. To enable the force SSL redirection, switch between the Enable Force SSL Redirection states. Turn it on.

    NOTE:

    • If the website is not configured earlier for secure communication, the Enable Force SSL Redirection option is not selected by default and the HTTPS configuration status is shown as Not configured.
    • If the website is configured earlier for secure communication, then the Enable Force SSL Redirection option is selected by default and the HTTPS configuration status shows as Configured.
    • If the website is configured earlier for secure communication, and the SSL bindings was deleted in the IIS site, the Enable Force SSL Redirection option is selected by default. The status Binding Deleted is displayed. In this case, the secure communication must be configured again for the web site.
  1. In the Available HTTPS Bindings field, click the drop-down list and select the required binding for the web site.
  2. Click Modify.

    After successful completion of configuration changes, in the Web Interface window, the Force SSL Redirection configuration state for the selected web site is displayed as green and enabled.

  1. Click Finish.

    NOTE: The browser cache must be cleared after any changes are made to SSL settings.

    For the configured web site, any HTTP communication is now redirected to HTTPS automatically.

Disabling secure communication for Web interface sites

Disabling secure communication for Web interface sites

By default, Active Roles users connect to the Web interface using a HTTP protocol, which does not encrypt the data during communication. However, it is recommended to use a HTTPS protocol to transfer data securely over the web. You can use the Force SSL Redirection option in the Configuration Center to enable secure communication over HTTPS for Web interface on local or remote servers.

In case you do not want a secure communication enabled for transferring data over the web, you can disable the HTTPS option using the Force SSL Redirection option in the Configuration Center.

To disable the secure communication for Web interface sites

  1. In the Configuration Center main window, click Web Interface.

    The Web Interface page displays all the Web interface sites that are deployed on the Web server running the Web interface.

  2. To modify the secure communication settings for the sites, click Force SSL Redirection.

    The Manage Force SSL Redirection Settings for sites window is displayed. The Enable Force SSL Redirection option is enabled after HTTPS configuration.

  3. In the IIS Web site field, select the required web site from the drop-down list.

  4. To disable the force SSL redirection, switch between the Enable Force SSL Redirection states. Turn it off.

  5. Click Modify , and then Finish.

    NOTE: The browser cache must be cleared after any changes are made to the SSL settings.

    After successful completion of the configuration changes, in the Web Interface window, the Force SSL Redirection configuration state for the selected web site is displayed as not configured.

    After disabling the Force SSL Redirection, all communication is now redirected to HTTP.

For more information on secure communication and Federated Authentication, see Working with federated authentication.

 

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级