Overview
Default IP address settings
The DD1000i is delivered with the following default IP address configuration:
| Port | IP address | Subnet mask |
|---|---|---|
| ADMIN (DATA IN section) | 192.168.0.100 | 255.255.255.0 |
| DATA IN | 192.168.1.100 | 255.255.255.0 |
| ADMIN (DATA OUT section) | 192.168.0.101 | 255.255.255.0 |
| DATA OUT | 192.168.1.101 | 255.255.255.0 |
All IP addresses can be reconfigured using Local admin.
Administration interfaces
The Upstream and Downstream DD Engines must be configured to be able to send data through the DD1000i. There are two different interfaces for configuring the device and its services:
- Local admin - a password protected console interface, requiring physical access to the DD1000i with a connected display and keyboard. It allows for basic configuration of the device, changing admin password and exporting logs. For more information see Local admin configuration.
- DD Manager - an administration web interface, requiring certificate verified access, that allows remote management of the DD1000i using HTTPS. It enables configuration of Services, Monitoring features and firmware. For more information see DD Manager configuration.
While HTTPS is used to interact with the DD Manager interface on each of the Upstream and Downstream DD Engines, the Local admin interface is used to interact directly with the operating system on each proxy.
LDAP Access control
DD Manager can be complemented with LDAP Access control. Access control enables the administrator to enforce authentication and authorization in the DD Manager web interface. Users can be given roles which possess different capabilities, controlled by the administrator.
Access control is enabled for the Upstream and Downstream DD Manager respectively.
Activating LDAP Access control requires Local admin and DD Manager configuration, as well as LDAP server configuration.
Prepare the LDAP user directory
The DD1000i supports integration with both Microsoft Active Directory and OpenLDAP servers. If any other user directory is to be used, please contact Advenica Customer Services. The affected users must be given memberships in the chosen groups. These groups will then be referred to in the DD Manager for authorization. The following is required of the user directory setup:
- The user directory must be set up with TLS v1.3 encrypted sessions.
- The user directory must be configured to return the
memberOfattribute for each user.
The connection between the DD Manager and the user directory is configured in Local admin.
Local admin Access control configuration
LDAP Access Control in DD Manager enables the administrator to enforce authentication and authorization. Users can be given roles which possess different capabilities, controlled by an administrator.
Activating LDAP Access control requires Local admin configuration.
Enter the parameters:
| Variable | Required | Description |
|---|---|---|
| Enable Access Control | false | Must be checked to enable the feature. |
| Server | true | The user directory address and port. |
| Bind Distinguished Name | true | The login DN (distinguished name) to bind to the server. |
| Bind Credentials | true | The login password, used for authentication together with Bind Distinguished Name. |
| Search Base | true | Location in the directory for where to search for a user. |
| Search Filter | false | Criteria for filtering the search for a user, defaults to sAMAccountName={{username}}. |
| CA Certificate | true | The CA used in the user directory. |
| Admin Group | true | Name for the user directory group which the initial admin user must be a member of. |
Once all parameters have been provided, click Confirm and wait for the configuration to be saved. In the Device Configuration menu, click Save and wait for the configuration to be applied.
- It is recommended that the Bind Distinguished Name user only has read rights.
- The LDAP server must be hosted on the Admin network.
DD Manager Access control configuration
Configure groups
Which capabilities each user group possess is configured from the DD Manager by an administrator.
Cookies must be enabled in the DD Manager browser when using Access control.
Capabilities
A capability is a predefined collection of actions within the DD Manager. Capabilities are given to user groups via the DD Manager. Users are added to user groups in the user directory. The following capabilities are available:
-
Observe:
- Observe all information.
-
Configure:
- Configure features and services.
- Start & stop services.
-
Administer:
- Add and delete services to the DD Manager.
- Upgrade firmware.
- Add, edit and delete user groups.
A group with Administer or Configure capabilities, also require the Observe capability.
Initial login to the DD Manager
- Access the DD Manager.
- Log in to the DD Manager as an administrator, user must be a member of the Admin Group previously configured in Local admin.
View user and group access
- Select in the navigation bar to view you user data.
View groups
- Select in the navigation bar to view currently configured groups.
Add group
- Click + Add to add a new group.
- Provide a group name and choose capabilities.
The group name must correlate to a group defined in the user directory.
- Click Submit to save group.
Edit group
- In the group table, click the to edit an existing group.
- Provide a group name and choose capabilities.
The group name must correlate to a group defined in the user directory.
- Click Submit to save group.
Delete group
- In the group table, click the to delete a group.
- Click Yes, delete to delete group.