Issuu on Google+

NetIQ速 Cloud Security Services Connector 1.5 for Exchange Guide January 2013


Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU. For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions. This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data. This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time. U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government’s rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement. © 2013 NetIQ Corporation and its affiliates. All Rights Reserved. For information about NetIQ trademarks, see https://www.netiq.com/company/legal/.


Contents About this Book and the Library About NetIQ Corporation

5 7

1 Installing and Configuring the Connector for Exchange 1.1

1.2

1.3 1.4

9

Installing the Connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1.1.1 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1.1.2 Configuring Active Directory for the Connector for Exchange . . . . . . . . . . . . . . . . . . . . . . . 11 1.1.3 Configuring the Exchange Server for the Connector for Exchange . . . . . . . . . . . . . . . . . . . 12 1.1.4 Downloading the Connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 1.1.5 Creating and Importing the Connector for Exchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Configuring the Connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 1.2.1 Assigning the Connector to a Customer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 1.2.2 Configuring the Connector for Exchange Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 1.2.3 Logging In to Exchange by Using the Outlook Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 1.2.4 Logging into Exchange by Using an Android Phone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 1.2.5 Logging into Exchange by Using an iPod or iOS Device . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Reinstalling the Connector for Exchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Changing the Director Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Contents

3


4

NetIQ Cloud Security Services Connector 1.5 for Exchange Guide


About this Book and the Library The NetIQ速 Cloud Security Services Connector for Exchange Guide provides installation and configuration information for the Connector for Exchange.

Intended Audience This guide provides information for provider administrators who are responsible for configuring and managing the Connector for Exchange and for customer administrators who are responsible for configuring the Connector for Exchange.

Other Information in the Library The library provides the following information resources: Installation Guide Provides detailed planning and installation information for Cloud Security Services. Provider Administration Guide Provides step-by-step guidance for the many tasks a provider performs for their customers. This guide also provides an overview of the interfaces the provider uses. Customer Administration Guide Provides step-by-step guidance for the tasks a customer performs. This guide also provides an overview of the interfaces the customer uses. Connector Guides Provide detailed installation and configuration information for each connector available with Cloud Security Services. Integration Guides Provide developer level information about how to create your own custom connectors for Cloud Security Services. Help Provides context-sensitive information and step-by-step guidance for common tasks.

About this Book and the Library

5


6

NetIQ Cloud Security Services Connector 1.5 for Exchange Guide


About NetIQ Corporation NetIQ, an Attachmate business, is a global leader in systems and security management. With more than 12,000 customers in over 60 countries, NetIQ solutions maximize technology investments and enable IT process improvements to achieve measurable cost savings. The company’s portfolio includes award-winning management products for IT Process Automation, Systems Management, Security Management, Configuration Audit and Control, Enterprise Administration, and Unified Communications Management. For more information, please visit www.netiq.com.

Contacting Sales Support For questions about products, pricing, and capabilities, please contact your local partner. If you cannot contact your partner, please contact our Sales Support team. Worldwide:

www.netiq.com/about_netiq/officelocations.asp

United States and Canada:

888-323-6768

Email:

info@netiq.com

Web Site:

www.netiq.com

.

Contacting Technical Support For specific product issues, please contact our Technical Support team. Worldwide:

www.netiq.com/Support/contactinfo.asp

North and South America:

1-713-418-5555

Europe, Middle East, and Africa:

+353 (0) 91-782 677

Email:

support@netiq.com

Web Site:

www.netiq.com/support

Contacting Documentation Support Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, click Add Comment at the bottom of any page in the HTML versions of the documentation posted at www.netiq.com/documentation. You can also email DocumentationFeedback@netiq.com. We value your input and look forward to hearing from you.

About NetIQ Corporation

7


Contacting the Online User Community Qmunity, the NetIQ online community, is a collaborative network connecting you to your peers and NetIQ experts. By providing more immediate information, useful links to helpful resources, and access to NetIQ experts, Qmunity helps ensure you are mastering the knowledge you need to realize the full potential of IT investments upon which you rely. For more information, please visit http:// community.netiq.com.

8

NetIQ Cloud Security Services Connector 1.5 for Exchange Guide


1

Installing and Configuring the Connector for Exchange

1

Cloud Security Services provides different types of connectors. Some connectors require software to be installed and integrated with the application to set up a trusted relationship. Other connectors use SAML or WS-Federation to set up a trusted identity provider relationship between the Cloud Security Services and the application. The Connector for Exchange is a connector that allows customers to access an Exchange server for their mail server while authentication and access is controlled locally through their enterprise LDAP servers.  Section 1.1, “Installing the Connector,” on page 9  Section 1.2, “Configuring the Connector,” on page 15  Section 1.3, “Reinstalling the Connector for Exchange,” on page 19  Section 1.4, “Changing the Director Certificate,” on page 19

1.1

Installing the Connector  Section 1.1.1, “Requirements,” on page 9  Section 1.1.2, “Configuring Active Directory for the Connector for Exchange,” on page 11  Section 1.1.3, “Configuring the Exchange Server for the Connector for Exchange,” on page 12  Section 1.1.4, “Downloading the Connector,” on page 14  Section 1.1.5, “Creating and Importing the Connector for Exchange,” on page 14

1.1.1

Requirements  An Active Directory server.  An Exchange server with Outlook Anywhere enabled.  An IIS server with RPC Proxy enabled.  Outlook clients.  Mobile clients, such as users with Android phones.  A Cloud Security Services deployment with at least a Director, an Identity Broker, and a customer with a Secure Bridge and an Identity Store.

 A Cloud Security Services image to be used for the Connector for Exchange. (This is a separate image from the images you used to create the Director and the Identity Broker.)

 The Connector for Exchange file download to the Cloud Security Services image.

Installing and Configuring the Connector for Exchange

9


The figure below illustrates a typical deployment of these machines. Firewall LDAP Server

Secure Bridge

Director Active Directory

Identity Broker

Connector for Exchange

Exchange Server

IIS Server with RPC Proxy

Provider

Customer Private

Mobile Client

Outlook Client

The Secure Bridge sets up a secure tunnel between the Identity Broker and the LDAP server, which allows them to safely exchange confidential information. The Director pushes configuration information to both the Identity Broker and the Connector for Exchange, which allows them to set up a communication channel. The Connector for Exchange sets up communication channels with the IIS server and with the Active Directory server. The IIS server enables HTTP communication over RPC to the Exchange server.

10

NetIQ Cloud Security Services Connector 1.5 for Exchange Guide


The figure below illustrates the tasks these machines perform when a client requests access to the Exchange server. Active Directory

LDAP Server

Connector for Exchange

4

7

5

3 Identity Broker

6

IIS Server

2

Exchange Server

1

Client

1. The client (Outlook or mobile) requests access to an email account on the Exchange server by sending a request to the Connector for Exchange. 2. The Connector for Exchange obtains the user’s name and a password from the client. 3. The Connector for Exchange sends the name and password to the Identity Broker. 4. The Identity Broker sends the credentials to the customer’s LDAP server for verification. 5. If the credentials are valid, the user is granted access to the Exchange server. 6. The Connector for Exchange queries the Active Directory server to see if the LDAP password matches what is stored on the Active Directory server.  If the passwords match, the connector resets the time on the randomize password command.  If the passwords don’t match, the connector synchronizes the password to the Active Director server and queues a randomize password command. 7. When the time on the randomize password command expires, the connector logs in to Active Directory as an administrator and sets the user’s password to a random value.

1.1.2

Configuring Active Directory for the Connector for Exchange You need to create containers for the email domains the Connector for Exchange is going to support and change the default password policy. You need a domain for each customer that is going to use the Connector for Exchange. 1 Log in to the Active Directory server as the administrator and open the Server Manager console. 2 Expand Roles > Active Directory Domain Services > Active Directory Users and Computers. 3 Add an email container for each customer.

Installing and Configuring the Connector for Exchange

11


The following instructions have you create a parent container for the email domains, then create a container for each email domain in the parent container. This is one possible way to configure the system. 3a Right-click the domain name of your server, then select New > Organization Unit. 3b Specify a name for the parent container, then click OK. 3c Right-click the name of your parent container, then select New > Organization Unit. 3d Specify a name for a customer email domain, then click OK. 3e Repeat Step 3c and Step 3d to add an email domain for each customer. 4 Add the customer’s email domain as an Alternative UPN suffix: 4a Click Start > Administrative Tools > Active Directory Domains and Trusts. 4b In the left panel, right-click Active Directory Domains and Trusts, then select Properties. 4c In the Alternative UPN suffixes text box, specify the customer’s email domain, then click

Add > OK. 5 Modify the password policy: 5a Open the Group Policy Management console by clicking Start > Administrative Tools >

Group Policy Management. 5b Expand Domains, then expand your domain. 5c Right-click Default Domain Policy, then click Edit. 5d In the Group Policy Management Editor, expand Computer Configuration > Policies >

Windows Settings > Security Settings > Account Policies. 5e Select Password Policy and set the following options:

Minimum password length: Double-click this option, set it to 0, then click OK. Password must meet complexity requirements: Double-click this option, select Disabled, then click OK. 6 Continue with “Configuring the Exchange Server for the Connector for Exchange” on page 12.

1.1.3

Configuring the Exchange Server for the Connector for Exchange You must configure the Exchange server to work with the Connector for Exchange. 1 Log in to the Exchange server as the administrator and open the Exchange Management console. 2 Enable Outlook Anywhere: 2a Expand Server Configuration. 2b Select Client Access, then in the Mail panel, select Enable Outlook Anywhere. 2c Specify the external hostname, select Basic authentication, then click Enable. 3 Add an accepted domain for a customer: 3a Expand Organization Configuration. 3b Click Hub Transport > Accepted Domains. 3c In the Actions panel, click New Accepted Domain. 3d Fill in the New Accepted Domain form:

Name: Specify a name for the domain. This is usually the name of the organization or business, such as netiq.

12

NetIQ Cloud Security Services Connector 1.5 for Exchange Guide


Accepted Domain: Specify the domain name that this organization or business will use for email addresses, such as netiq.com. 3e Make sure that Authoritative Domain is selected, then click New > Finish. 4 Configure an email address policy for the customer’s domain: 4a Click the Email Address Policies tab. 4b In the Actions panel, click New Email Address Policy. 4c Fill in the New Email Address Policy form:

Name: Specify a name for the policy. This can be the name of the organization or business that is using the email domain. Select the recipient container where you want to apply the filter: Click Browse, expand the parent email container, select the customer’s email container, then click OK. 4d Make sure All recipient types is selected, then click Next. 4e Click Next to accept the defaults for conditions. 4f In the Email Addresses panel, click Add. 4g For the Email address local part option, select the option that matches the name format that

the customer uses for its users in email addresses. 4h For the Select the accepted domain for the email address option, click Browse, select the

domain for the customer, click OK twice, then click Next. 4i Click Next to accept the defaults for Schedule, then click New > Finish. 5 Add mailboxes for each of the customer’s users.

The customer needs to supply you with a list of users to add, along with the required information such as first name, last name, and name. 5a Expand Recipient Configuration, then click Mailbox. 5b In the Actions panel, click New mailbox. 5c Select User Mailbox for the type, then click Next. 5d Select New user, then click Next. 5e Fill in the User Information form:

Fill in the form according to the information supplied by the customer. For the Connector for Exchange, you must configure the following fields: Specify the organization unit rather than using a default one: Enable this option, click Browse, expand the parent email container, select the customer’s email domain, then click OK. First name, Initials, Last name, Name: Specify the user’s information that the customer has supplied. User logon name (User Principal Name): Specify the name the user uses for logging in, then select the user’s email domain from the drop-down list. Password: Specify a random password for the user and confirm the password. The user never needs to know this password, but the password preserves the safety of the mailbox until the user logs in for the first time. User must change password at next logon: Make sure this option is not enabled. 5f Click Next to accept the defaults for Mailbox Settings and Archive Settings, then click

New > Finish. 5g Repeat Step 5b through Step 5f for each user that the customer has supplied information

for.

Installing and Configuring the Connector for Exchange

13


6 For each customer, complete Step 3, Step 4, and Step 5. 7 Continue with “Creating and Importing the Connector for Exchange” on page 14.

1.1.4

Downloading the Connector You must download the Connector for Exchange from the Access Connectors HQ Web site at https:// www.netiq.com/products/accessconnectorhq/index.html (https://www.netiq.com/products/ accessconnectorhq/index.html). The Connector for Exchange is not included with Cloud Security Services.

1.1.5

Creating and Importing the Connector for Exchange The following instructions assume that you have installed the Cloud Security Services image for the Connector for Exchange. If you have not completed this task, see “Loading the Cloud Security Services VM on a VM Server” (http://www.netiq.com/documentation/cloudsecurityservice/install/ data/bq5tbix.html) in the Cloud Security Services Installation Guide (http://www.netiq.com/ documentation/cloudsecurityservice/install/data/bookinfo.html). The installation script converts the image into the Connector for Exchange and imports it into the Director. You need to know the following information to run the script:

 DNS name of the connector machine  DNS name of the Director machine  Super administrator name and password for the Provider Console  DNS name and IP address of the IIS RPC proxy server  DNS name or IP address of the Active Director server used by the Exchange server  DN and password of an Active Directory administrator  A key pair for the connector. You can use a key pair signed by a well-known certificate authority or the installation script generates a self-signed key pair. To install and import the Connector for Exchange: 1 Log in to the Cloud Security Services image as the root user. 2 Download the connector file: 2a Download the connector ZIP file. 2b Copy the file to a directory that you can specify during the installation program. 3 Change to the /usr/share/ncss directory. 4 Enter the following command: ./install.sh -a 5 Use the following information to complete the installation:

Display name: Specify a display name for the connector. The Provider Console and the Customer Console display the name specified. DNS name for this connector: Specify the DNS name of this connector machine. Path to template: Specify the path to the Connector for Exchange downloaded file. For example: /root/ncss-exchange-connector-1.0.zip

14

NetIQ Cloud Security Services Connector 1.5 for Exchange Guide


DNS name of the Director: Specify the DNS name of the Director for your Cloud Security Services implementation. Provider administrator: Specify the username of the Super Admin for the Provider Console. Provider password: Specify the password of the Super Admin. DNS name of the IIS RPC proxy server: Specify the DNS name of the IIS proxy server. IP address of the IIS RPC proxy server: Specify the IP address of the IIS proxy server. Active Directory server: Specify the IP address or the DNS name of the Active Directory server. Active Directory administrator: Specify the fully qualified DN of the administrator of the Active Directory server. For example: cn=Administrator,cn=users,dc=netiq,dc=com

Active Directory administrator password: Specify the password of the Active Directory administrator. Session timeout in minutes (5-140): Specify the session timeout for the inactive users in minutes. Randomized user’s password: Specify whether you want the user’s password randomized in Active Directory:  Answer Yes if you want to prevent the user from using the password in Active Directory to log directly into the Exchange server. This also ensures that disabled or deleted users in the Identity Store cannot log in to the Active Directory server because Cloud Security Services randomizes the password and the password is unknown to the user.  Answer No if you want the user to be able to log in to the Exchange server using the password in Active Directory or the password in the Identity Store. Delay interval for password modification: (Conditional) If you answered Yes to the prompt to randomize passwords, specify a delay interval for modifying the password in Active Directory. Valid values are 3 minutes to 60 minutes. The default is 3 minutes. This value determines how long the connector waits after a user logs in, before the connector randomizes the user’s password on the Active Directory server. This ensures that the user’s password only lives for a short time on the Active Directory server. Path to the SSL key pair: Specify the path with the filename for the key pair you want to use for the connector, or press Enter to create a self-signed key pair.  If you have purchased a key pair for the Connector for Exchange, specify the path and filename to the key pair.  If you do not have a purchased key pair, press Enter and the installation script creates a selfsigned key pair for the connector. You can replace this key pair later. 6 (Optional) Check the /tmp/ncss.install.log file for errors. 7 Continue with “Configuring the Connector” on page 15.

1.2

Configuring the Connector After installing and creating the Connector for Exchange, you must configure the connector for it to work.  Section 1.2.1, “Assigning the Connector to a Customer,” on page 16  Section 1.2.2, “Configuring the Connector for Exchange Settings,” on page 16  Section 1.2.3, “Logging In to Exchange by Using the Outlook Client,” on page 17

Installing and Configuring the Connector for Exchange

15


 Section 1.2.4, “Logging into Exchange by Using an Android Phone,” on page 18  Section 1.2.5, “Logging into Exchange by Using an iPod or iOS Device,” on page 18

1.2.1

Assigning the Connector to a Customer A provider administrator must perform this task. 1 Log in to the Provider Console. 2 Click the Connectors navigation icon. 3 In the Connector List panel, select the Connector for Exchange that you want to assign to the

customer. 4 (Optional) Modify the display name for the connector. 5 In the Available Customers list, select the customer. 6 Use the arrow icon to move the customer to the Assigned Customers list. 7 Click Save. 8 Continue with “Configuring the Connector for Exchange Settings” on page 16.

1.2.2

Configuring the Connector for Exchange Settings A provider administrator or a customer administrator can perform this task. If you are a customer administrator, log in to the Customer Console, and start with Step 3. 1 Log in to the Provider Console, then click the Customers navigation icon. 2 Click the customer that is assigned to the Connector for Exchange. 3 Click the Connectors navigation icon. 4 Select the Connector for Exchange in the Connector List. 5 In the Settings tab, click Customer email Domain, specify the email domain for the customer.

The Customer Email Domain is the value you specified when you configured the Accepted Domain in the Exchange server (see Step 3d on page 12). 6 (Optional) Click the Authorization Policy tab to configure additional conditions the user must

match in order to access the application. 7 Click Save. 8 Send the configuration to the Identity Broker: 8a Click the Security Services navigation icon in the Customer Console. 8b In the Identity Brokers tab, click Send Configuration. 9 Continue with one or more of the following:

 “Logging In to Exchange by Using the Outlook Client” on page 17  “Logging into Exchange by Using an Android Phone” on page 18  “Logging into Exchange by Using an iPod or iOS Device” on page 18

16

NetIQ Cloud Security Services Connector 1.5 for Exchange Guide


1.2.3

Logging In to Exchange by Using the Outlook Client Each client machine must be configured to allow the user to log in.  “Configuring the Outlook Client to Trust the Connector for Exchange” on page 17  “Configuring the Outlook Client to Use the Connector for Exchange” on page 17  “Authenticating to the Exchange Server” on page 18

Configuring the Outlook Client to Trust the Connector for Exchange The Outlook client needs to trust the certificate of the Connector for Exchange.  If the connector was installed with the default self-signed key pair or with a key pair that was not signed by a well-known CA, then you need to configure the Outlook client machines to trust the Connector for Exchange certificate.  If the key pair is signed by a well-known CA, the Outlook client machines should already trust the CA that signed the key pair. The following instructions are for Internet Explorer 8 and for when the Connector for Exchange uses a self-signed key pair, but you can adapt them to other versions and other browsers. To configure the client machine to trust the Connector for Exchange certificate: 1 On the client machine, open Internet Explorer. 2 In the URL, enter the DNS name of the Connector for Exchange. 3 Click Continue to this website (not recommended). 4 If you are prompted to log in, click Cancel. 5 In the URL line, click Certificate Error > View certificates. 6 Click Install Certificate > Next. 7 Select Place all certificates in the following store, then click Browse, select Trusted Root

Certification Authorities, then click OK. 8 Click Next, then Finish. 9 View the Security Warning, then click Yes to install the certificate. 10 Click OK twice. 11 Continue with “Configuring the Outlook Client to Use the Connector for Exchange” on page 17.

Configuring the Outlook Client to Use the Connector for Exchange The client must install Outlook, not Outlook Express. 1 On the client machine, click Start > Control Panel, then click Mail. 2 Click the Email Accounts button, then click New. 3 Select Manually configure server settings or additional server types, then click Next. 4 Select Microsoft Exchange or compatible service, then click Next. 5 Fill in the Server Settings form:

Server: Specify the DNS name of the Exchange Server. User Name: Specify the user’s logon name, followed by the Exchange delimiter, followed by the customer’s email domain name. The name should look similar to the following:

Installing and Configuring the Connector for Exchange

17


jsmith@netiq.com 6 Click More Settings, then click the Connection tab. 7 Enable Connect to Microsoft Exchange using HTTP, then click Exchange Proxy Settings. 8 Fill in the form:

Use this URL to connect to my proxy server for Exchange: Specify the DNS name of the Connector for Exchange. On fast networks, connect using HTTP first: Enable this option. On slow networks, connect using HTTP first: Enable this option. Proxy authentication settings: Select Basic Authentication. 9 Click OK twice. 10 Click Check Name, specify the password for the user, then click OK.

Specify the password that the user specifies when authenticating to the Identity Store of the Cloud Security Services customer. If everything is configured correctly and the login is successful, the displayed username changes to the user’s email address. 11 Click Next > Finish, then click Close twice. 12 Continue with “Authenticating to the Exchange Server” on page 18.

Authenticating to the Exchange Server After configuring Outlook to use the Connector for Exchange, the user logs in as usual and is unaware that the Connector for Exchange establishes the connection. 1 From the client machine, start Microsoft Outlook. 2 When you are prompted, enter the password, then click OK.

1.2.4

Logging into Exchange by Using an Android Phone Use the following information to configure Android phones. 1 On the phone, click the Email icon, then click Email address. 2 Specify an email address that is valid for the Exchange server and the password for that account. 3 Click Manual setup, then click Exchange. 4 Specify the email address in the Domain\Username text box. 5 In the Server text box, specify the DNS name of the Exchange server. 6 Select the Accept all SSL certificates option, then click Next. 7 Click Automatic (Push), and select how often you want to receive mail. 8 Click Next, specify a name for the account, then click Done.

1.2.5

Logging into Exchange by Using an iPod or iOS Device To configure your iPod, iPad, or iPhone to use the Connector for Exchange, see iOS: Exchange ActiveSync Account Quick Setup Guide (http://support.apple.com/kb/ht2480). When specifying the server in Step 3, specify the DNS name of the Connector for Exchange.

18

NetIQ Cloud Security Services Connector 1.5 for Exchange Guide


1.3

Reinstalling the Connector for Exchange You can use the same install script to reinstall the Connector for Exchange. When the install script detects that the connector has already been installed, it displays the following prompt: This system is already configured as Access Gateway Connector. Would you like to re-install AG Connector [n/y]:

Answer Yes to this prompt, then follow the prompts to complete the installation.

1.4

Changing the Director Certificate If you have changed the Director key pair, you need re-establish the trust relationship with the connector by updating the connector trust stores: 1 Log in to the connector machine as the root user. 2 Run the following command: /usr/share/ncss/agconn/updatetrust.sh -i <Director_DNS> -a director_ssl

Replace <Director_DNS> with the DNS name of the Director. 3 In the screen output from this command, look for Certificate was added to keystore. 4 Replace the old DNS name of the Director with the new DNS name of the Director in the DirectorDNS variable property located in the /srv/tomcat6/webapps/agconn/WEB-INF/ config/current/profile.xml file. 5 Restart Tomcat: /etc/init.d/tomcat6 restart 6 Restart Apache: /etc/init.d/novell-apache2 restart

Installing and Configuring the Connector for Exchange

19


20

NetIQ Cloud Security Services Connector 1.5 for Exchange Guide


NetIQ® Cloud Security Services