Adding a Remote Administration Station

If you have already set up a remote Administration Station with your Screen (and you want to add an additional Administration Station), you should have a Screen certificate and admin certificate group, so you can skip most of these steps and go directly to "To Inform the Screen About the New Remote Administration Station".

If this is the first remote Administration Station (Screen installed with local administration only), you need to create a certificate and admin certificate group before you add the remote Administration Station certificate. The following procedure explains how to accomplish this task.

To Set Up the Screen to Use the New Remote Administration Station

1. Generate a certificate for the Screen (see "To Generate SKIP UDHs Certificates" if you are using a SKIP certificate or "To Generate an IKE Certificate" if you are using an IKE certificate).

2. (SKIP only) Issue a skipd_restart command.

3. Add the certificate from remote Administration Station to the Screen (see "To Associate SKIP Certificate" if you are using a SKIP certificate or "To Associate an IKE Certificate" if you are using an IKE certificate).

4. Add a certificate group named admin with the Administration Station certificate as a member of this group (see "To Add a Certificate Group").

5. Add an Administrative Access rule for Remote Administration using the admin user, admin certificate group, and encryption parameters that match those of the remote Administration Station (see "To Add or Change an Administrative Access Rule for Remote Administration").

6. Save and activate the policy.

To Inform the Screen About the New Remote Administration Station

After installing the SunScreen administration software and certificates, follow the steps below to inform the Screen about the new remote Administration Station.

1. Choose the policy Initial in the Policies List page.

   

2. Click the Edit button.

   The Policy Rules page appears.

   

3. Select Certificate in the Type list.

   

4. Select Associate SKIP Certificate from the Add New list.

   The Certificate dialog box appears.

   

5. Type a name for the new remote Administration Station in the Name field.

6. Type the certificate number of the new remote Administration Station in the Certificate ID field.

   The Certificate ID begins with 0x.

7. Click the OK button.

8. Click the Administrative Access tab in the Policy Rules area.

   The Administrative Access area appears.

   

9. Click the Edit button below the Access Rules for Remote Administration table.

   The Remote Access Rules dialog box appears. Note the name in the Certificate Group field. In the following steps, you must add the certificate of the new remote Administration Station to this group.

   

10. Click the Cancel button.

11. Select Certificate in the Type list.

    

12. Click the Search button.

13. Select the Certificate Group name in the Results area that was displayed in the Certificate Group field of the Remote Access Rules dialog box, in Step 3 through Step 7.

14. Click the Edit button.

    The Certificate dialog box appears.

    

15. Select the certificate you created in Step 5 from the Available Certificates field.

16. Click the Add button.

17. Click the OK button.

18. Save and activate the policy.

To Set Up the Access Control List on the New Remote Administration Station

The last step is to add the Screen's certificate to the remote Administration Station.

See "Completing SKIP Setup on the Administration Station" in SunScreen Installation Guide for the procedures to get the Certificate ID from the Screen and to use the skiptool GUI to set up the Access Control List.

---

Note -

To administer SKIP directly or to gather data from any of the SKIP commands, you must log on to the Screen system

---