SECUDRIVE File Server 6.0 UserGuide DFS en
SECUDRIVE File Server Installing SECUDRIVE FS in the DFS Environment
Software Version 6.0
Foreword Thank you for purchasing SECUDRIVE File Server (SECUDRIVE FS). SECUDRIVE FS is a Windows-based file server security solution which allows organizations to maintain file server security and monitor user tasks.
Foreword
2
Copyright The information in this manual is assured by Brainzsquare, Inc. The contents and specifications in this manual are subject to change without prior notice. Brainzsquare, Inc. holds the intellectual property rights and copyright for this manual. Use of this manual without the permission of Brainzsquare, Inc. infringes these rights. Copying, distributing, or disclosing this manual to third parties is strictly forbidden. Copyright ⓒ 2015 Brainzsquare, Inc. All rights reserved.
Foreword
3
Notations in this Manual The following notations are used in this manual for better understanding.
Cautions and reference Matters which need to be highlighted in particular or items for reference are marked as follows: NOTE
Clicking Next without connecting the master token to the computer, the trial version of the program will be installed.
Description of figures No text is written on figures directly. Instead, a number is inserted on certain areas of the figure with the relevant explanation provided below the figure.
GUI GUI is indicated in bold type. When it is necessary to click a number of menus in regular sequence, ">" is inserted in between the menus: Monitoring>Status>Server
Foreword
4
Revision History
Foreword
Date of revision
Version
Details
2015.04.20
1.0
Initial Draft
5
Table of Contents FOREWORD .................................................................................................................. 2 Copyright ............................................................................................................................. 3 Notations in this Manual ..................................................................................................... 4 Revision History ................................................................................................................... 5
TABLE OF CONTENTS ..................................................................................................... 6 OVERVIEW .................................................................................................................... 7 Configuration Diagram......................................................................................................... 7 Precautions .......................................................................................................................... 8 Server Configuration ............................................................................................................ 8
PRIMARY POLICY SERVER .............................................................................................. 9 Installing Manager Program ................................................................................................ 9 Using Manager Program .................................................................................................... 11
SECONDARY POLICY SERVER ....................................................................................... 17 Installing Manager Program .............................................................................................. 17 Using Manager Program .................................................................................................... 22
SECUDRIVE FS PC CLIENT ............................................................................................. 27 Installing PC Client Program............................................................................................... 27 Running PC Client Program ................................................................................................ 28 Connecting to DFS Without Running PC Client Program ................................................... 29 Connecting to DFS After Running PC Client Program ........................................................ 30
Table of Contents
6
1 OVERVIEW This installation manual explains how to install SECUDRIVE File Server (FS) in a DFS environment. For any SECUDRIVE FS features not described in this manual, please see the SECUDRIVE File Server User Manual.
Configuration Diagram This manual explains how to install SECUDRIVE FS in the DFS environment as illustrated below.
Component Domain Controller
This is the domain controller server.
Namespace Server
This is the namespace server of the DFS. This server contains the namespace and namespace folder settings.
Data Storage Server
This server stores the actual files. This server contains the shared folders which are target folders of namespace folders.
Share_xyz Primary Policy FS Secondary Policy FS DS3-DS#
OVERVIEW
Description
These are shared folders configured in the Data Storage Server. The SECUDRIVE FS program has been installed as the Primary Policy. The SECUDRIVE FS program has been installed as the Secondary Policy. These are Data Storage Servers participating in the DFS.
7
The DFS path in this configuration is \\secudrive.co.kr\fsroot. The namespace named fsroot has a folder named archives, whose target folders are c:\share_DS1 shared on the DS1.secudrive.co.kr server and c:\share_DS2 shared on the DS2.secudrive.co.kr server.
Precautions Please note the following when installing the SECUDRIVE FS program in the DFS environment.
The DFS should be configured as domain-based namespaces or independent namespace.
SECUDRIVE FS Manager should be installed on the Data Storage Server, not the Namespace server.
The SECUDRIVE FS Manager program should be installed on all Data Storage Servers participating in the DFS.
SECUDRIVE FS should be installed on the Primary Policy Master or the Secondary Policy Master depending on the server role.
The same Policy Server priority should be set on the Secondary Policy Server.
Once the SECUDRIVE FS program is installed on the Data Storage Server, the DFS server cannot be accessed from PCs not installed with PC Client.
To configure target folder settings and replication settings on the DFS configuration page, Namespace Server and Data storage Server IP addresses must be registered as unrestricted IP addresses.
Any PC using PC Client should be joined to the AD domain and logged in with an AD account.
Server Configuration Depending on the installation method, SECUDRIVE FS can be configured as follows:
Primary Policy Server
Acts as the policy server. Configures security policy user rights and settings. Records users' real-time events and logs.
Secondary Policy Server When the Primary Policy Server fails, the Secondary Policy Server automatically resumes the role as the policy server, allowing the PCs to continue using the file servers. Security policy user rights and settings cannot be configured on the Secondary Policy Server.
User rights and settings configured on the Primary Policy Server are automatically synchronized with the Secondary Policy Server. Depending on the environment, multiple Secondary Policy Servers may be set up. Note
OVERVIEW
The Primary Policy Server and the Secondary Policy Server are installed with the SECUDRIVE FS Policy service and the SECUDRIVE FS Access Control service.
8
2 PRIMARY POLICY SERVER This section explains how to install and configure the SECUDRIVE FS program as the Primary Policy Server. The Primary Policy Server is installed on one of the Data Storage Servers within the DFS.
Installing Manager Program To install the SECUDRIVE FS program as the Primary Policy Server, follow the steps below. 1. Run SECUDRIVE FS Manager Install.exe. 2. Start the installation process by following the instructions. 3. Select the Muti-Server option on the installation environment selection page and click Next.
4. Select "Use secure web folder" and "Install Relay Server", then continue by following the instructions. a. If the "Do not use secure web folder" option is selected, the Policy Service shown on the following page must be installed.
PRIMARY POLICY SERVER
9
5. When the installation is complete, click Finish.
6. After the installation is completed, run the import certificate program, enter the certification and key files, and input the password.
PRIMARY POLICY SERVER
10
Using Manager Program Run the SECUDRIVE FS Manager program by selecting it from the Start menu. Depending on DFS environment installed with FS Manager, enter the following information.
For domain-based DFS, select the domain with the DFS installed or enter the domain name directly.
For independent DFS, enter the hostname of the namespace server directly.
Note
This selection window appears only when FS Manager is run for the first time.
On the Manager program running as the Primary Policy Server, you can manage user rights, file operation logs, etc.
Monitoring > Events and Logs
PRIMARY POLICY SERVER
11
All user events and logs are stored together on the Primary Policy Server. Events and logs are not stored on the Secondary Policy Server. Only when the Primary Policy Server fails and the Secondary Policy Server takes up the role of the policy server are events and logs stored on the Secondary Policy Server.
Security Policies > Shared Folders > DFS Folders View namespace information and folder information configured on the DFS.
Namespaces of the DFS can be managed using the DFS management page provided by the OS.
PRIMARY POLICY SERVER
12
Security Policies > User Rights Configure leak control rights for each user.
Security Policies > User Rights > Location Location shows domain controllers of the AD.
PRIMARY POLICY SERVER
13
Image 1. Security Policies on Admin Page of Manager Program: User Rights NOTE
If there are multiple domain controllers in the AD, you can select another domain controller by clicking the list by Location.
From the Location list, select a domain controller server containing the account you wish to apply with security permissions. User accounts configured in the domain controller, which is selected in Location, are listed. You can turn leak control on/off and configure copy, print, capture, and network access permissions for each user.
Environment > Unrestricted IP
PRIMARY POLICY SERVER
14
Register Namespace Server and Data Storage Server IP addresses. To manage namespaces and shared folders on the DSF management page, Namespace Server and Data Storage Server addresses must be registered to the unrestricted IP address list.
Environment > Server and Client > Policy Server Policy Server shows IP addresses of file servers with the Policy service installed.
Note
PRIMARY POLICY SERVER
After installing the Secondary Policy Master Server, add the Secondary Policy Master Server's IP address to the list.
15
PRIMARY POLICY SERVER
16
2 Secondary Policy Server This section explains how to install and configure the SECUDRIVE FS program as the Secondary Policy Server. The Secondary Policy Server should be installed after the Primary Policy Server is installed. The Secondary Policy Server is installed on Data Storage Servers in the DFS. Depending on the environment, multiple Secondary Policy Servers may be set up.
Installing Manager Program To install the SECUDRIVE FS program as the Secondary Policy Server, follow the steps below. 1. Run SECUDRIVE FS Manager Install.exe. 2. Start the installation process by following the instructions. 3. Select the Multi-Server option in the installation environment selection page and click Next.
4. Select "Use secure folder" and "Install Relay Server," then continue by following the instructions. a. If the "Do not use secure folder" option is selected, the Policy Service shown on the following page must be installed.
Secondary Policy Server
17
5. When the installation is complete, click Finish.
6. After the installation is completed, run the import certificate program, enter the certification and key files, and enter the password.
Secondary Policy Server
18
7. Run the SECUDRIVE FS Manager program by selecting it from the Start menu. 8. Depending on DFS environment installed with FS Manager, enter the following information. b. For domain-based DFS, select the domain with DFS installed or enter the domain name directly. c. For independent DFS, enter the hostname of the namespace server directly.
Note
This selection window appears only when FS Manager is run for the first time.
9. When SECUDRIVE FS Manager is launched, go to Environment > Server and Client. 10. On the Policy Server list, click the Add button.
Secondary Policy Server
19
11. When the Add Policy Server window appears, select a server installed as the Primary Policy Server or enter its IP address.
12. Select the registered Primary Policy Server and move it up to the top so that it has the highest priority.
Secondary Policy Server
20
13. If there are multiple Secondary Policy Servers, continue adding their IP addresses by clicking the Add button. NOTE
If installing multiple Secondary Policy Servers, configure all Secondary Policy Servers to have the same priority on the Policy Server list.
14. Select the "Select Synchronize policy data from connected policy server" option.
NOTE
When the "Select Synchronize policy data from connected policy server" option is selected, the SECUDRIVE FS service restarts and the currently running SECUDRIVE FS Manager program also restarts.
15. When the SECUDRIVE FS Manager program restarts, it runs as the Secondary Policy Server.
Secondary Policy Server
21
16. After installing the Secondary Master Server, go to Environment > Server and Client on the Primary Master Server and add the Secondary Master Server to the Policy Server list as well.
Using Manager Program User rights and settings for security policies cannot be changed on the Secondary Policy Server. Instead, changes made to the settings on the Primary Policy Server are automatically synchronized with all secondary servers.
Monitoring > Events and Logs All user events and logs are stored together on the Primary Policy Server. Events and logs are not stored on the Secondary Policy Server. Only when the Primary Policy Server fails and the Secondary Policy Server takes up the role of the policy server are the events and logs stored on the Secondary Policy Server.
Secondary Policy Server
22
Security Policies > Shared Folders > DFS Folders View namespace information and folder information configured in the DFS.
Namespaces of the DFS can be managed using the DFS management page provided by the OS.
Secondary Policy Server
23
Security Policies > User Rights View leak control rights for each user. User rights must be configured on the Primary Policy Server. On the Secondary Policy Server, user rights can only be viewed.
Security Policies > User Rights > Location
Secondary Policy Server
24
Location shows domain controllers of the AD.
NOTE
If there are multiple domain controllers in the AD, select another domain controller by the list by Location.
Environment > Unrestricted IP On the Unrestricted IP list, register Namespace Server and Data Storage Server IP addresses. To manage namespaces and shared folders on the DSF management page, IP addresses of all Namespace Servers and Data Storage Servers must be registered to the unrestricted IP address list.
Secondary Policy Server
25
Environment > Server and Client > Policy Server Configure Primary Policy Server and Secondary Policy Server settings.
Priority of policy servers registered must be configured the same on all Secondary Policy Servers. When a policy server is added or its priority is changed, the same settings must be configured on all remaining Secondary Policy Servers as well. If the Primary Policy Server fails and goes offline, the Secondary Policy Server acts as the policy server instead. When the Secondary Policy Server starts acting as the policy server, the events and logs are collected on the Secondary Policy Server.
NOTE
In a situation where the Primary Policy Server failed, you have to set the Secondary Policy Server as the Primary Policy Server by following the steps below.
Deselect the "Synchronize policy data from connected policy server" option.
Remove the Primary Policy Server which is marked offline. NOTE
Secondary Policy Server
If there are multiple Secondary Policy Servers, remove the Primary Policy Server marked offline from all other servers as well.
The Secondary Policy Server now acts as the Primary Policy Server.
26
3 SECUDRIVE FS PC Client The PC running PC Client must be joined to the AD domain server and the user must log in using a domain account.
Installing PC Client Program To install PC Client, the two installation files SECUDRIVE FS PC Client Install.msi and SECUDRIVE FS PC Client Install.ini must be in the same folder. Configure installation mode of PC Client in SECUDRIVE FS PC Client Install.ini as shown below. 1. Open SECUDRIVE FS PC Client Install.ini in Notepad.
2. RunMode a. 0: When the PC Client program is launched for the first time, the user can register the server manually using the Initial Setup wizard. b. 1: When the PC Client program is launched, DFS server is automatically registered. NOTE
The automatic server registration function can only be used on PCs logged in with an AD account.
3. DFS Name c. Enter the DFS name. d. For domain-based DFS, enter the domain name configured with the DFS. e. For independent DFS, enter the hostname of the Namespace server. NOTE
SECUDRIVE FS PC Client
For details on configuring WebDAV settings, see the SECUDRIVE FS User Guide.
27
After configuring the SECUDRIVE FS PC Client Install.ini file, click the SECUDRIVE FS PC Client Install.msi file to install the program.
The MSI installation file can be distributed using the GPO feature of AD.
Running PC Client Program Run the PC Client program by selecting Start > Programs > SECUDRIVE FS > SECUDRIVE FS PC Client. Once the PC Client has been launched, it can be opened by double-clicking the PC Client program icon in the Windows system tray.
If the PC Client program is installed using the automatic DFS server registration feature, the DFS server is automatically registered. The domain account and password used for logging into the PC are used as the DFS user account and password.
SECUDRIVE FS PC Client
28
If the automatic DFS server registration feature is not used, you can register the DFS server manually using the Initial Setup wizard when launching the PC Client program.
Connecting to DFS without Running the PC Client Program Without running the PC Client program, go to the DFS path.
Although the DFS namespace folder name appears, the Data Storage Server containing the actual files cannot be accessed.
SECUDRIVE FS PC Client
29
Direct access to any paths of the Data Storage Server is also denied.
Connecting to DFS after Running PC Client Program Connecting the PC Client program to the DFS server Connect the PC Client program and the DFS server by following the steps below. 1. Run the PC Client program. 2. Click the Connect button for the DFS server.
SECUDRIVE FS PC Client
30
3. Check that the DFS server is connected. Once the DFS server is connected, its security policy can be viewed.
Accessing the DFS server Access the DFS server using the DFS path. Click the DFS namespace folder name.
SECUDRIVE FS PC Client
31
You can view the list of the files stored and edit them.
Security features are active according to the security policy settings.
While the PC Client is running, you may access the Data Storage Server directly with the security features still active.
SECUDRIVE FS PC Client
32
SECUDRIVE FS PC Client
33
@2015 Brainzsquare Co., Ltd. All rights reserved. Korea
North America
Tel: (82)2-2205-6001
Tel: (1)408-613-2561
www.secudrive.co.kr
www.secudrives.com
Software Version 6.0
Foreword Thank you for purchasing SECUDRIVE File Server (SECUDRIVE FS). SECUDRIVE FS is a Windows-based file server security solution which allows organizations to maintain file server security and monitor user tasks.
Foreword
2
Copyright The information in this manual is assured by Brainzsquare, Inc. The contents and specifications in this manual are subject to change without prior notice. Brainzsquare, Inc. holds the intellectual property rights and copyright for this manual. Use of this manual without the permission of Brainzsquare, Inc. infringes these rights. Copying, distributing, or disclosing this manual to third parties is strictly forbidden. Copyright ⓒ 2015 Brainzsquare, Inc. All rights reserved.
Foreword
3
Notations in this Manual The following notations are used in this manual for better understanding.
Cautions and reference Matters which need to be highlighted in particular or items for reference are marked as follows: NOTE
Clicking Next without connecting the master token to the computer, the trial version of the program will be installed.
Description of figures No text is written on figures directly. Instead, a number is inserted on certain areas of the figure with the relevant explanation provided below the figure.
GUI GUI is indicated in bold type. When it is necessary to click a number of menus in regular sequence, ">" is inserted in between the menus: Monitoring>Status>Server
Foreword
4
Revision History
Foreword
Date of revision
Version
Details
2015.04.20
1.0
Initial Draft
5
Table of Contents FOREWORD .................................................................................................................. 2 Copyright ............................................................................................................................. 3 Notations in this Manual ..................................................................................................... 4 Revision History ................................................................................................................... 5
TABLE OF CONTENTS ..................................................................................................... 6 OVERVIEW .................................................................................................................... 7 Configuration Diagram......................................................................................................... 7 Precautions .......................................................................................................................... 8 Server Configuration ............................................................................................................ 8
PRIMARY POLICY SERVER .............................................................................................. 9 Installing Manager Program ................................................................................................ 9 Using Manager Program .................................................................................................... 11
SECONDARY POLICY SERVER ....................................................................................... 17 Installing Manager Program .............................................................................................. 17 Using Manager Program .................................................................................................... 22
SECUDRIVE FS PC CLIENT ............................................................................................. 27 Installing PC Client Program............................................................................................... 27 Running PC Client Program ................................................................................................ 28 Connecting to DFS Without Running PC Client Program ................................................... 29 Connecting to DFS After Running PC Client Program ........................................................ 30
Table of Contents
6
1 OVERVIEW This installation manual explains how to install SECUDRIVE File Server (FS) in a DFS environment. For any SECUDRIVE FS features not described in this manual, please see the SECUDRIVE File Server User Manual.
Configuration Diagram This manual explains how to install SECUDRIVE FS in the DFS environment as illustrated below.
Component Domain Controller
This is the domain controller server.
Namespace Server
This is the namespace server of the DFS. This server contains the namespace and namespace folder settings.
Data Storage Server
This server stores the actual files. This server contains the shared folders which are target folders of namespace folders.
Share_xyz Primary Policy FS Secondary Policy FS DS3-DS#
OVERVIEW
Description
These are shared folders configured in the Data Storage Server. The SECUDRIVE FS program has been installed as the Primary Policy. The SECUDRIVE FS program has been installed as the Secondary Policy. These are Data Storage Servers participating in the DFS.
7
The DFS path in this configuration is \\secudrive.co.kr\fsroot. The namespace named fsroot has a folder named archives, whose target folders are c:\share_DS1 shared on the DS1.secudrive.co.kr server and c:\share_DS2 shared on the DS2.secudrive.co.kr server.
Precautions Please note the following when installing the SECUDRIVE FS program in the DFS environment.
The DFS should be configured as domain-based namespaces or independent namespace.
SECUDRIVE FS Manager should be installed on the Data Storage Server, not the Namespace server.
The SECUDRIVE FS Manager program should be installed on all Data Storage Servers participating in the DFS.
SECUDRIVE FS should be installed on the Primary Policy Master or the Secondary Policy Master depending on the server role.
The same Policy Server priority should be set on the Secondary Policy Server.
Once the SECUDRIVE FS program is installed on the Data Storage Server, the DFS server cannot be accessed from PCs not installed with PC Client.
To configure target folder settings and replication settings on the DFS configuration page, Namespace Server and Data storage Server IP addresses must be registered as unrestricted IP addresses.
Any PC using PC Client should be joined to the AD domain and logged in with an AD account.
Server Configuration Depending on the installation method, SECUDRIVE FS can be configured as follows:
Primary Policy Server
Acts as the policy server. Configures security policy user rights and settings. Records users' real-time events and logs.
Secondary Policy Server When the Primary Policy Server fails, the Secondary Policy Server automatically resumes the role as the policy server, allowing the PCs to continue using the file servers. Security policy user rights and settings cannot be configured on the Secondary Policy Server.
User rights and settings configured on the Primary Policy Server are automatically synchronized with the Secondary Policy Server. Depending on the environment, multiple Secondary Policy Servers may be set up. Note
OVERVIEW
The Primary Policy Server and the Secondary Policy Server are installed with the SECUDRIVE FS Policy service and the SECUDRIVE FS Access Control service.
8
2 PRIMARY POLICY SERVER This section explains how to install and configure the SECUDRIVE FS program as the Primary Policy Server. The Primary Policy Server is installed on one of the Data Storage Servers within the DFS.
Installing Manager Program To install the SECUDRIVE FS program as the Primary Policy Server, follow the steps below. 1. Run SECUDRIVE FS Manager Install.exe. 2. Start the installation process by following the instructions. 3. Select the Muti-Server option on the installation environment selection page and click Next.
4. Select "Use secure web folder" and "Install Relay Server", then continue by following the instructions. a. If the "Do not use secure web folder" option is selected, the Policy Service shown on the following page must be installed.
PRIMARY POLICY SERVER
9
5. When the installation is complete, click Finish.
6. After the installation is completed, run the import certificate program, enter the certification and key files, and input the password.
PRIMARY POLICY SERVER
10
Using Manager Program Run the SECUDRIVE FS Manager program by selecting it from the Start menu. Depending on DFS environment installed with FS Manager, enter the following information.
For domain-based DFS, select the domain with the DFS installed or enter the domain name directly.
For independent DFS, enter the hostname of the namespace server directly.
Note
This selection window appears only when FS Manager is run for the first time.
On the Manager program running as the Primary Policy Server, you can manage user rights, file operation logs, etc.
Monitoring > Events and Logs
PRIMARY POLICY SERVER
11
All user events and logs are stored together on the Primary Policy Server. Events and logs are not stored on the Secondary Policy Server. Only when the Primary Policy Server fails and the Secondary Policy Server takes up the role of the policy server are events and logs stored on the Secondary Policy Server.
Security Policies > Shared Folders > DFS Folders View namespace information and folder information configured on the DFS.
Namespaces of the DFS can be managed using the DFS management page provided by the OS.
PRIMARY POLICY SERVER
12
Security Policies > User Rights Configure leak control rights for each user.
Security Policies > User Rights > Location Location shows domain controllers of the AD.
PRIMARY POLICY SERVER
13
Image 1. Security Policies on Admin Page of Manager Program: User Rights NOTE
If there are multiple domain controllers in the AD, you can select another domain controller by clicking the list by Location.
From the Location list, select a domain controller server containing the account you wish to apply with security permissions. User accounts configured in the domain controller, which is selected in Location, are listed. You can turn leak control on/off and configure copy, print, capture, and network access permissions for each user.
Environment > Unrestricted IP
PRIMARY POLICY SERVER
14
Register Namespace Server and Data Storage Server IP addresses. To manage namespaces and shared folders on the DSF management page, Namespace Server and Data Storage Server addresses must be registered to the unrestricted IP address list.
Environment > Server and Client > Policy Server Policy Server shows IP addresses of file servers with the Policy service installed.
Note
PRIMARY POLICY SERVER
After installing the Secondary Policy Master Server, add the Secondary Policy Master Server's IP address to the list.
15
PRIMARY POLICY SERVER
16
2 Secondary Policy Server This section explains how to install and configure the SECUDRIVE FS program as the Secondary Policy Server. The Secondary Policy Server should be installed after the Primary Policy Server is installed. The Secondary Policy Server is installed on Data Storage Servers in the DFS. Depending on the environment, multiple Secondary Policy Servers may be set up.
Installing Manager Program To install the SECUDRIVE FS program as the Secondary Policy Server, follow the steps below. 1. Run SECUDRIVE FS Manager Install.exe. 2. Start the installation process by following the instructions. 3. Select the Multi-Server option in the installation environment selection page and click Next.
4. Select "Use secure folder" and "Install Relay Server," then continue by following the instructions. a. If the "Do not use secure folder" option is selected, the Policy Service shown on the following page must be installed.
Secondary Policy Server
17
5. When the installation is complete, click Finish.
6. After the installation is completed, run the import certificate program, enter the certification and key files, and enter the password.
Secondary Policy Server
18
7. Run the SECUDRIVE FS Manager program by selecting it from the Start menu. 8. Depending on DFS environment installed with FS Manager, enter the following information. b. For domain-based DFS, select the domain with DFS installed or enter the domain name directly. c. For independent DFS, enter the hostname of the namespace server directly.
Note
This selection window appears only when FS Manager is run for the first time.
9. When SECUDRIVE FS Manager is launched, go to Environment > Server and Client. 10. On the Policy Server list, click the Add button.
Secondary Policy Server
19
11. When the Add Policy Server window appears, select a server installed as the Primary Policy Server or enter its IP address.
12. Select the registered Primary Policy Server and move it up to the top so that it has the highest priority.
Secondary Policy Server
20
13. If there are multiple Secondary Policy Servers, continue adding their IP addresses by clicking the Add button. NOTE
If installing multiple Secondary Policy Servers, configure all Secondary Policy Servers to have the same priority on the Policy Server list.
14. Select the "Select Synchronize policy data from connected policy server" option.
NOTE
When the "Select Synchronize policy data from connected policy server" option is selected, the SECUDRIVE FS service restarts and the currently running SECUDRIVE FS Manager program also restarts.
15. When the SECUDRIVE FS Manager program restarts, it runs as the Secondary Policy Server.
Secondary Policy Server
21
16. After installing the Secondary Master Server, go to Environment > Server and Client on the Primary Master Server and add the Secondary Master Server to the Policy Server list as well.
Using Manager Program User rights and settings for security policies cannot be changed on the Secondary Policy Server. Instead, changes made to the settings on the Primary Policy Server are automatically synchronized with all secondary servers.
Monitoring > Events and Logs All user events and logs are stored together on the Primary Policy Server. Events and logs are not stored on the Secondary Policy Server. Only when the Primary Policy Server fails and the Secondary Policy Server takes up the role of the policy server are the events and logs stored on the Secondary Policy Server.
Secondary Policy Server
22
Security Policies > Shared Folders > DFS Folders View namespace information and folder information configured in the DFS.
Namespaces of the DFS can be managed using the DFS management page provided by the OS.
Secondary Policy Server
23
Security Policies > User Rights View leak control rights for each user. User rights must be configured on the Primary Policy Server. On the Secondary Policy Server, user rights can only be viewed.
Security Policies > User Rights > Location
Secondary Policy Server
24
Location shows domain controllers of the AD.
NOTE
If there are multiple domain controllers in the AD, select another domain controller by the list by Location.
Environment > Unrestricted IP On the Unrestricted IP list, register Namespace Server and Data Storage Server IP addresses. To manage namespaces and shared folders on the DSF management page, IP addresses of all Namespace Servers and Data Storage Servers must be registered to the unrestricted IP address list.
Secondary Policy Server
25
Environment > Server and Client > Policy Server Configure Primary Policy Server and Secondary Policy Server settings.
Priority of policy servers registered must be configured the same on all Secondary Policy Servers. When a policy server is added or its priority is changed, the same settings must be configured on all remaining Secondary Policy Servers as well. If the Primary Policy Server fails and goes offline, the Secondary Policy Server acts as the policy server instead. When the Secondary Policy Server starts acting as the policy server, the events and logs are collected on the Secondary Policy Server.
NOTE
In a situation where the Primary Policy Server failed, you have to set the Secondary Policy Server as the Primary Policy Server by following the steps below.
Deselect the "Synchronize policy data from connected policy server" option.
Remove the Primary Policy Server which is marked offline. NOTE
Secondary Policy Server
If there are multiple Secondary Policy Servers, remove the Primary Policy Server marked offline from all other servers as well.
The Secondary Policy Server now acts as the Primary Policy Server.
26
3 SECUDRIVE FS PC Client The PC running PC Client must be joined to the AD domain server and the user must log in using a domain account.
Installing PC Client Program To install PC Client, the two installation files SECUDRIVE FS PC Client Install.msi and SECUDRIVE FS PC Client Install.ini must be in the same folder. Configure installation mode of PC Client in SECUDRIVE FS PC Client Install.ini as shown below. 1. Open SECUDRIVE FS PC Client Install.ini in Notepad.
2. RunMode a. 0: When the PC Client program is launched for the first time, the user can register the server manually using the Initial Setup wizard. b. 1: When the PC Client program is launched, DFS server is automatically registered. NOTE
The automatic server registration function can only be used on PCs logged in with an AD account.
3. DFS Name c. Enter the DFS name. d. For domain-based DFS, enter the domain name configured with the DFS. e. For independent DFS, enter the hostname of the Namespace server. NOTE
SECUDRIVE FS PC Client
For details on configuring WebDAV settings, see the SECUDRIVE FS User Guide.
27
After configuring the SECUDRIVE FS PC Client Install.ini file, click the SECUDRIVE FS PC Client Install.msi file to install the program.
The MSI installation file can be distributed using the GPO feature of AD.
Running PC Client Program Run the PC Client program by selecting Start > Programs > SECUDRIVE FS > SECUDRIVE FS PC Client. Once the PC Client has been launched, it can be opened by double-clicking the PC Client program icon in the Windows system tray.
If the PC Client program is installed using the automatic DFS server registration feature, the DFS server is automatically registered. The domain account and password used for logging into the PC are used as the DFS user account and password.
SECUDRIVE FS PC Client
28
If the automatic DFS server registration feature is not used, you can register the DFS server manually using the Initial Setup wizard when launching the PC Client program.
Connecting to DFS without Running the PC Client Program Without running the PC Client program, go to the DFS path.
Although the DFS namespace folder name appears, the Data Storage Server containing the actual files cannot be accessed.
SECUDRIVE FS PC Client
29
Direct access to any paths of the Data Storage Server is also denied.
Connecting to DFS after Running PC Client Program Connecting the PC Client program to the DFS server Connect the PC Client program and the DFS server by following the steps below. 1. Run the PC Client program. 2. Click the Connect button for the DFS server.
SECUDRIVE FS PC Client
30
3. Check that the DFS server is connected. Once the DFS server is connected, its security policy can be viewed.
Accessing the DFS server Access the DFS server using the DFS path. Click the DFS namespace folder name.
SECUDRIVE FS PC Client
31
You can view the list of the files stored and edit them.
Security features are active according to the security policy settings.
While the PC Client is running, you may access the Data Storage Server directly with the security features still active.
SECUDRIVE FS PC Client
32
SECUDRIVE FS PC Client
33
@2015 Brainzsquare Co., Ltd. All rights reserved. Korea
North America
Tel: (82)2-2205-6001
Tel: (1)408-613-2561
www.secudrive.co.kr
www.secudrives.com
