Configure Password Safe on the U-Series Appliance

To set up Password Safe on the U-Series Appliance, you must turn on the Password Safe role.

If you use Password Safe, all credentials are stored in the database using an AES-256 block cipher by RijndaelManaged. When FIPS is used, all U-Series Appliance credentials stored in the database are encrypted using Triple DES.

For more information, please see Password Safe Web Portal Role.

Upload SSL Certificate

  1. From the Maintenance menu, select Security Settings.

Upload Certificate dialog

  1. Under Upload Certificate, drag the certificate file into the drop area or click the button to browse.

 

  1. Enter the password.
  2. To update the bindings in IIS, click the Bind to HTTPS on update toggle to the on setting.
  3. To enable this certificate for multiple U-Series Appliances, toggle the Use for High Availability switch to the on setting .
  4. Click Upload Certificate.

To generate an SSL certificate to match the U-Series Appliance name:

  1. From the Maintenance menu, select Security Settings.
  2. To regenerate the SSL certificate to match the U-Series Appliance network name, click Generate Certificate.

This certificate will not be trusted by the client browser.

  1. To export the client certificate, enter the password for the certificate and then click Export Certificate.

Archive Password Safe Session Monitoring Events

To make more disk space available on the U-Series Appliance, you can transfer session monitoring files from the U-Series Appliance to another server for storage. You can view these archived files in Password Safe.

There are three types of remote hosts that can be used to store session archive files:

  • Remote Network share. We recommend that you use a secure network share which requires authentication.
  • Network File System (NFS) share.
  • Run the Configure Repository Installer on a remote server which creates an IIS site and enables Background Intelligent Transfer Service (BITS). This uses BITS to transfer files.

Session monitoring files are archived in one of two ways:

  • Automatically by the U-Series Appliance. Automatic archives occur in the following cases:
    • When the file reaches the configured age.
    • When free space on the U-Series Appliance hard drive is below the configured threshold.
  • Manually through Password Safe. Archive files are never deleted.
For more information, please see the following:

Password Safe Administration Guide

Set Up the Repository Host

Set Up the Repository Host

  • Windows 2008 or later.
  • Port 443 open.
  • IIS 7.5 or later.
  • ASP.NET 4.5
  • Setup Session Monitoring Repository tool, located at C:\Appliance\Tools\ConfigureRepository.exe.

In Server Manager, install and enable BITS. Activating BITS ensures prerequisites are installed regardless of OS or IIS version installed.

If you are using IIS 7.5 and the ASP.NET 4.5 role did not install automatically:
  1. Install the ASP.NET role.
  2. Run the command C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -i.

ISAPI and CGI Restrictions

  1. Log in to Server Manager and select the IIS instance.
  2. Double-click ISAPI and CGI Restrictions.
  3. Ensure that ASP.NET 4.0 is set to Allowed.

 

The repository configuration tool creates a certificate on the host computer.

  1. Run the repository configuration tool.
  2. Click the Create Certificate button.
  3. Enter a password for the exported certificate.
  4. Click Export Certificate and choose a location for the file with the exported certificate.
  5. Copy the exported certificate to a location that can be accessed by the U-Series Appliance. You must import the certificate using the Diagnostics web site.

Set Up the U-Series Appliance

If using the installed repository, you must register the certificate on the U-Series Appliance. Optionally, you can change the archive settings, such as the number of days that should pass before the files are archived.

  1. From the Maintenance menu, select Security Settings.
  2. Upload the certificate that you created on the host, and then click Upload Certificate.
  3. Select Roles Editor from the menu.
  4. Click Password Safe Web Portal.
  5. Check the Enable Session Monitoring Archiving box.

Select Protocol

  1. Select the way to store the archive files:
    • BITS: Enter the name of the repository computer and the name of the certificate. These are the same name.
    • Windows File Sharing: Enter the name of the share and credentials to access the share. Windows file sharing is the preferred method.

 

  1. Optionally, change the archive settings:
    • Maximum Age (in Days): Enter the number of days that pass before the files are archived. The default value is 90 days.
    • Archive when available storage becomes less than: This value applies to the storage available on the U-Series Appliance. Enter the amount of storage remaining on the U-Series Appliance before the file transfer occurs. The transfer of files will free up the disk space when the value is reached.
    • Max File Transfer Time: This value is the maximum time to wait for a file transfer to occur before the transfer times out.
  2. Click Test Session Monitoring Settings to ensure the repository computer is set up correctly and can communicate with the U-Series Appliance computer.
  3. Click Apply Changes to save the settings.