test

SunScreen 3.1 Administration Guide

Chapter 9 Adding Remote Administration Stations After Installation

This chapter describes how to add a remote Administration Station after you have already installed SunScreen. To do this task, you need information found SunScreen Installation Guide.

There are three main steps to accomplish this task:

  1. Install the administration software on the new remote Administration Station

  2. Set up the Screen to use the new Administration Station

  3. Set up the Access Control List on the new remote Administration Station

Installing the Software on the New Remote Administration Station

Refer to the SunScreen Installation Guide for detailed information on how to install the SunScreen administration software and certificates on the additional remote Administration Station.

Overview

If you Have an Existing Remote Administration Station

If you have previously set up a remote Administration station with your Screen (and you want to add an additional Administration Station), you already have a Screen certificate and Admin certificate group. So, you can skip most of these steps and go directly to "To Inform the Screen About the New Remote Administration Station".

If This is the First Remote Administration Station (Screen Installed With Local Administration Only)

You need to create a certificate and admin certificate group before you add the remote Administration Station certificate. The following section explains how to accomplish this task.

To Set Up the Screen to Use the New Remote Administration Station

Perform the following steps:

  1. Generate a certificate for the Screen (see "To Generate Screen Certificates" on page 87).

  2. Add the certificate from Remote Administration Station to the Screen (see "To Associate Certificate IDs" on page 91).

  3. Add a certificate group named admin with the Administration Station certificate as a member of this group (see "To Add a Certificate Group" on page 93).

  4. Add an Administrative Access rule for Remote Administration using the admin user, admin certificate group, and encryption parameters that match those of the Remote Administration station (see "To Add an Administrative Access Rule for Remote Administration" on page 87).

  5. Save and activate the policy.

To Inform the Screen About the New Remote Administration Station

After installing the SunScreen administration software and certificates, follow the steps below to inform the Screen about the new remote administration station.

  1. From the Common Objects panel, select Certificate in the Type choice list.

  2. Select Associate MKID from the Add New choice list.

    The Certificate dialog window appears.

    Figure 9-1 Certificate Dialog Window

    Graphic

  3. Type a name for the new remote administration station in the Name field.

  4. Type the certificate number of the new remote administration station in the Certificate ID field.

    The Certificate ID begins with 0x.

  5. Click the OK button.

  6. Click on the Administrative Access tab in the Policy Rules area.

    The Administrative Access area appears.

  7. Select the Access Rules for Remote Administration table by highlighting the No. field next to the rule.

  8. Click the Edit... button below the Access Rules for Remote Administration table.

    The Remote Access Rules dialog window appears. Note the name in the Certificate Group field. In the following steps, you must add the certificate of the new remote Administration Station to this group.

  9. Click the Cancel button.

  10. Select Certificate in the Type choice list.

  11. Click the Search button.

  12. Select the Certificate Group name in the Results field that was displayed in the Certificate Group field of the Remote Access Rules dialog window, in Steps one through five.

  13. Click the Edit button.

    The Certificate dialog window appears.

  14. Select the certificate you created in Step 3 from the Available Certificates field.

  15. Click the Add>> button.

  16. Click the OK button.

  17. Save and Activate the policy.

Setting Up the Access Control List on the New Remote Administration Station

The last step is to add the Screen's certificate to the Remote administration Station. See Section  "Completing SKIP Setup on the Administration Station" on page 4-75 in the SunScreen Installation Guide for the procedure to get the Certificate ID from the Screen and to use the skiptool GUI to set up the Access Control List.

Note -

You must log on to the Screen system to directly administer SKIP or gather data from any of the SKIP commands.