Chat now with support
Chat mit Support

KACE Systems Deployment Appliance 8.1 Common Documents - Administrator Guide

About the KACE Systems Deployment Appliance Getting started Using the Dashboard Configuring the appliance Setting up user accounts and user authentication Configuring security settings Preparing for deployment Managing device inventory Using labels Creating a Windows or Linux Boot Environment Managing drivers Capturing images Capturing user states Creating scripted installations Creating a task sequence Automating deployments Performing manual deployments Managing custom deployments Imaging Mac devices About the Remote Site Appliance Importing and exporting appliance components Managing disk space Troubleshooting appliance issues Updating appliance software Glossary About us Legal notices

Configuring security settings

You can enable SSH to allow the Quest KACE Technical Support team to access your appliance for remote support. Other security settings include enabling SNMP to allow remote monitoring, and enabling Offboard Database Access to allow the appliance database to be available to external programs, which can be useful for reporting. Enabling SSL provides a secure web browser to run the appliance.

Enable SNMP monitoring

Enable SNMP monitoring

The SNMP agent on the appliance enables remote monitoring of the appliance.

The internal SNMP agent uses the standard UDP port 161 and cannot be configured using TRAP and INFORM methods. If you have a primary SNMP agent configured on a different device, it can send GET, GETNEXT, and GETBULK requests to the appliance and have the appliance return the requested information.

1.
On the left navigation pane, click Settings to display the Control Panel, then click Security to display the Security Settings page.
2.
Click Enable SNMP Monitoring to display the SNMP Community String field.
NOTE: In versions prior to 7.0, the community string is set to public by default. If you upgrade from a pre-7.0 version, and SNMP monitoring is disabled, the community string changes from public to KaceSDA. If SNMP monitoring is enabled, the community string stays set to public, you should update it to prevent security issues. Warnings appear on the Dashboard and on the Security Settings page, alerting you to update the community string.
4.
Click Save.

Enable SSL using an existing certificate

Enable SSL using an existing certificate

By default, SSL is disabled. You can use an existing SSL certificate, an intermediate certificate, or a self-signed certificate to run your appliance on a secure web browser. Using an existing certificate requires having an SSL private key and ensuring that port 80 is open.

1.
On the left navigation pane, click Settings to display the Control Panel, then click Security to display the Security Settings page.
2.
Click Enable SSL and click I already have an SSL certificate, Can I use it?
3.
Click Use My Certificate.
4.
Under Optional SSL Settings, select one of the following certificate types:

The secure web browser using https is available.

Generate private key for new SSL certificate

Generate private key for new SSL certificate

By default, SSL is disabled. You can generate a private key to enable SSL after you generate a new certificate. You can use a valid self-signed certificate if you have a private key or a PKCS-12 file, and the private key and certificate were generated from the same Certificate Signing Request (CSR).

1.
On the left navigation pane, click Settings to display the Control Panel, then click Security to display the Security Settings page.
2.
Click Enable SSL to use a new certificate or a valid self-signed SSL certificate. Note that Quest KACE does not recommend using a self-signed certificate.
1.
Click Get New SSL Certificate to display the SDA Advanced SSL Settings wizard.
Click Can I use a self-signed certificate instead?, then click Save and Restart Apache.
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen