iManager Configuration - Part 1
Novell Cool Solutions: Feature
Digg This -
Posted: 26 Oct 2005
Novell iManager Overview
iManager is designed for both end users and administrators. The common experience for both these types of users is logging on to a web site and having the proper identity, authentication and security provided via eDirectory.
For the end user, the Console interface shows specific tasks, such as creating users, changing passwords, and various other delegated tasks.
For the administrator, the Console interface shows additional specific tasks, such as setting up groups, defining Roles and Tasks, and directory-specific administration tasks.
Summary of Customer Benefits
Here are some of the customer benefits that Novell iManager provides:
- Strengthens the business value of Novell products and solutions by providing a unified management interface
- Reduces customer barriers to adoption of Novell products and solutions
- Reduces customer administration and training costs via a web-based access to network resources
- Increases overall console quality via focused effort
- Developer-friendly - administration interfaces can be easily created, with little or no development experience
- Flexible - it goes beyond Novell-only usage, and it provides support for partner offerings
Other value propositions for iManager include:
- Role based services for delegation of administrative tasks
- Object selector
- Common look and feel
- Multi-platform installation of a web environment
- Leveraged Authentication
- Model-view-controller architecture
- Easy plug-in deployment
The diagram below shows the basic architecture for iManager:
Figure 1 - iManager architecture
iManager Access ModesiManager executes under three access modes:
- Assigned Access
- Collection Owner
The current mode is displayed in the upper left hand corner of iManager and on the home page.
Unrestricted Access Mode
This is the default mode before RBS is configured. Role and task information is read from the file system, and all roles and tasks are visible in this mode. The authenticated user will still need the necessary rights assignments to use the tasks.
Assigned Access Mode
This mode displays only the roles and tasks assigned to the authenticated user. A role may be assigned to a user directly or indirectly through an organization or an organizational unit, a group, an organizational role, a dynamic group, or any object that has had the dynamic group auxiliary class attached.
The authenticated user will have all necessary rights assignments to use the assigned tasks. This mode takes full advantage of the Role Based Services (RBS) technology.
Collection Owner Access Mode
This mode displays all the roles and tasks in the collection for which the authenticated user is an owner. The authenticated user will still need the necessary rights assignments to use the tasks. This mode also displays any other roles and tasks assigned to the authenticated user. RBS must be configured in order to use this mode.
What's New in iManager 2.5Below are some of the improvements made in iManager 2.5:
- Better installation, including installation of Plug-in Modules
- Removed dependency on Novell Portal Services
- General defect fixes
- New Categories for Plug-in modules
- Improved user interface for configuring Role-based Services
- New reporting capabilities for Role-bases Services
- Ability to customize colors and graphics (create skins) to leverage corporate branding
- Mobile iManager
As shown below, there are new categories available in iManager 2.5.
Figure 2 - iManager 2.5 categories
The category selector is new in iManager 2.5.
Figure 3 - Category selector
The category selector provides groups of roles and tasks specific to a particular function. The 'All Categories' selection displays all available roles and tasks. 14 default categories are shipped with iManager 2.5.
All Novell-based content is assigned to a particular category; you may create new categories and assign roles and tasks to them as needed.
Basic Configuration of iManager 2.5
The configucration for iManager 2.5 adds several improvements:
- Mobile iManager is now available.
Configuration information is now stored in the file system.
iManager Views are available.
Installation of plug-in modules has improved:
Figure 4 - Installation of plug-in modules
Logging configuration has also improved:
Figure 5 - Configuration for logging
Novell Plug-in Modules
NPM files are special .ZIP files containing the plug-ins library, JSP, and control files. The MANIFEST.MF from the NPM is compared against the MANIFEST.MF in /nps/WEBINF/ modules/<plug-in dir>/META-INF directory to determine if this plug-in module needs to be installed or updated.
Installed Plug-in Modules can be easily uninstalled. Note that you must be an iManager Authorized User to install plug-in modules. If you are, and new plugin modules exist in the packages directory, you will be informed that new iManager modules are available to install on the iManager homepage. Also, you must restart Tomcat after installing new plug-in modules.
Figure 6 - List of installed plug-in modules
iManager Server Configuration
The iManager server configuration affects all users of this iManager server. Settings are only for this installation of iManager and are not automatically updated between iManager servers. The settings are stored on the filesystem of the iManager Server in config.xml or configiman.properties. Some settings may require re-login in to take effect.
To configure the iManager server,
- Access iManager.
- Select the Configure View.
- Choose iManager Server > Configure iManager from the left-hand frame.
Figure 7 - Configuring the iManager server
You can configure options on the following tabs: Security, Look and Feel, Logging, Authentication, RBS, and Miscellaneous. You can either save as you go to each tab or click Save once after you have made all your changes on the various tabbed pages.
Figure 8 - Configuration tab - Security
Enabling Novell Audit
To enable Novell Audit, you need an eDirectory server running Linux, NetWare, Solaris, or Windows, with Novell Audit 1.03.
The Audit Platform Agent is installed on the iManager Web server or Mobile iManager desktop and configured to point to the Audit secure logging server. Note that Audit must be configured with the IMAN_EN.LSC file from TOMCAT_HOME/webapps/nps/support/audit via the NSure Audit plugin.
The following events will be logged:
- iManager System Startup
- iManager System Shutdown
- User Login
- User Logout
- User Login Failure
- iManager Module Installation
Authorized users are users who can run various administrative tasks, such as Configure iManager Server and Module (NPM) Installation. The user name must be the full DN including the tree name. The names are saved in TOMCAT_HOME/webapps/nps/WEBINF/ configiman.properties. The installing administrators name is added by default. To designate all users as authorized users, type AllUsers (the default setting with Mobile iManager).
There are two Logging Level Options available:
- No logging, Errors, Errors and Warnings
- Errors, Warnings, and Debug Information
These options replace the former High, Medium, and Low options.
The Logging Output Options are:
- Standard Error, Standard Out, or Debug.html file
- View the log file location and view the log file
- Clear the log file contents
With Debug logging turned on, the iManager log file will continue to grow fairly rapidly. It needs to be manually cleared.
Authentication configuration affects the iManager Login Page. There are several configuration options to set:
- Remember Login credentials. If checked, this remembers the Username and Tree name. These fields can still be changed at login time. This does not remember the password, and it is not the same as the browser form history.
- Use Secure LDAP when auto connect. This determines how iManager, which is acting as an LDAP client, tries to connect to the eDirectory LDAP Server. Note that some plugins require LDAP connections (dynamic group, simple password, NMAS).
- Allow Tree selection on Login Page. This determines if the Tree field will appear on the Login page. If not checked, the Default Tree Name field must be filled in.
- Default Tree Name. This is the initial value for the tree name field on the login page. It can still be changed at login time.
Contextless Login allows users to login with only the simple username and password. They do not need to know their entire user object context. To use Contextless Login, enable its checkbox.
The default behavior is to search from the root of the tree using "Public" access. The following settings are unique per tree:
- Tree Name
- Containers to Search
- Public User name ? for search credentials, if set
- Public User Password - for search credentials, if set
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com