Chat now with support
Chat with Support

Directory Sync Pro for Active Directory 20.11 - Requirements and Installation Guide

Section 1. Introduction Section 2. Directory Sync Pro Prerequisites Section 3. Directory Sync Pro for Active Directory Advanced Network Requirements Section 4. Migrator Pro for Active Directory Prerequisites Section 5. Requirements for Both Directory Sync Pro for Active Directory and Migrator Pro for Active Directory Section 6. Installing Directory Sync Pro for Active Directory and Migrator Pro for Active Directory Section 7. Upgrading Directory Sync Pro for Active Directory and Migrator Pro for Active Directory Section 8. Modifying, Repairing and Uninstalling Directory Sync Pro for Active Directory and Migrator Pro for Active Directory Section 9. Migrator Pro for Active Directory Agent Installation Section 10. Troubleshooting Appendix A: Configuring Directory Sync Pro for Active Directory in a Non-English Active Directory Environment Appendix B. Installing and Configuring SQL Server Reporting Services Appendix C. STIG Environments Appendix D. Deployment in FIPS Environment

Prerequisites

External to Directory Sync Pro for Active Directory, the following server configurations are necessary to set up the environment for FIPS Mode.

  1. Windows Server 2012 R2 or later must be installed and up to date.

  2. The following group policies must be enabled:

    1. System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.

      1. Ensure this policy is enabled.

    2. Network Security: Configure encryption types allowed for Kerberos.

      1. Ensure the “AES128_HMAC_SHA1” and “AES256_HMAC_SHA1” values are selected.

      2. NOTE: Authentication of target accounts with synchronized passwords requires Kerberos encryption type “RC4_HMAC_MD5” to be allowed for participating devices.

  3. Insecure SCHANNEL Server protocols must be disabled.

    1. SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1

  4. SSL certificate for Web Hosting issued by a trusted certificate authority.

Installation and operation

For environments with existing Directory Sync Pro for Active Directory installations, the installation must be upgraded to version 20.11 or later. If the existing installation is configured with fail-over nodes, each node must also be upgraded to version 20.11 or later.

For new installations, Directory Sync Pro for Active Directory 20.11 enforces all FIPS mode requirements, no additional steps are required.

Website SSL Certificate Installation

  1. Ensure the certificate and CA certificate chain has been installed on the server.

  2. Open Internet Information Services (IIS) Manager.

  3. Expand the Sites node in the Connections pane.

  4. Right-click the “DirSync” website node and choose “Edit Bindings…”.

    1. If the site has an “https” binding, select it and click “Edit…”

    2. If the site does not have an “https” binding, click “Add…”

      1. From the “Type” drop-down, select “https”.

    3. From the “SSL certificate” drop-down, select the appropriate certificate.

    4. Click OK.

    5. Remove the “http” binding.

  5. In the IIS Manager Features View pane, double-click “SSL Settings”.

    1. Check the “Require SSL” checkbox and click “Apply” in the Actions pane.

  6. Validate the website can be accessed and the bowers is indicating the certificate is valid and trusted.

References

System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

Network security: Configure encryption types for Kerberos

Windows Server SCHANNEL Protocol Settings

Internet Information Services (IIS) 7.0 Set Up SSL Certificates

Internet Information Services (IIS) 8.0 Centralized SSL Certificates

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating