Dell Secure Remote Services Virtual Edition allows you to securely connect to and manage your remote devices from anywhere, at any time.
Secure Remote Services Policy Manager 7.1
Install Guide for Linux
December 2021
Rev. 001
Copyright
© 2016 - 2021 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its
subsidiaries. Other trademarks may be trademarks of their respective owners.
Preface......................................................................................................................................... 4
Chapter 1: Introduction................................................................................................................. 6
Policy Manager.....................................................................................................................................................................6
Specifications....................................................................................................................................................................... 6
VMware.................................................................................................................................................................................. 7
Chapter 2: Policy Manager Installation - Linux...............................................................................9
Prerequisite........................................................................................................................................................................... 9
Export user information from OpenDS directory server............................................................................................ 9
Install OpenDJ directory server...................................................................................................................................... 10
Create default user groups and administrator account.............................................................................................11
Installing Policy Manager on a 64-Bit Linux system.................................................................................................. 12
Import user information to OpenDJ directory server............................................................................................... 22
Configuring Default Policies............................................................................................................................................22
Configuring Email template for Notification............................................................................................................... 23
Configuring/Adding Users.............................................................................................................................................. 25
Appendix A: Implementation of LDAPS/SSL for Linux.................................................................. 27
Contents
Contents 3
As part of an effort to improve and enhance the performance and capabilities of its product line, Dell EMC from time to time
releases revisions of its hardware and software. Therefore, some functions described in this guide may not be supported by all
revisions of the software or hardware currently in use. For the most up-to-date information on product features, refer to your
product release notes.
If a product does not function properly or does not function as described in this guide, contact your Dell EMC representative.
Audience
This guide is a part of the Secure Remote Services documentation set and is intended for use by device administrators.
Related documentation
Related Secure Remote Services documents include:
SRS 3.x
●Secure Remote Services Technical Description
●Secure Remote Services Pre-Site Checklist
●Secure Remote Services Site Planning Guide
●Secure Remote Services Port Requirements
●Secure Remote Services Operations Guide
●Secure Remote Services Release Notes
Special notice conventions used in this document
Dell EMC uses the following conventions for special notices:
NOTE: Indicates a hazardous situation which, if not avoided, will result in death or serious injury.
WARNING: Indicates a hazardous situation which, if not avoided, could result in death or serious injury.
CAUTION: Indicates a hazardous situation which, if not avoided, could result in minor or moderate injury.
NOTE: Addresses practices not related to personal injury.
NOTE: Presents information that is important, but not hazard-related.
Typographical conventions
EMC uses the following type style conventions in this document:
Table 1. Typographical conventions
Bold Used for names of interface elements, such as names of windows, dialog boxes, buttons,
fields, tab names, key names, and menu paths (what the user specifically selects or clicks)
italic Used for full titles of publications referenced in text
Monospace Used for:
●System code
●System output, such as an error message or script
Preface
4 Preface
Table 1. Typographical conventions (continued)
●Pathnames, filenames, prompts, and syntax
●Commands and options
Monospace italic Used for variables
Monospace bold Used for user input
[ ] Square brackets enclose optional values
| Vertical bar indicates alternate selections - the bar means "or"
{ } Braces enclose content that the user must specify, such as x or y or z
... Ellipses indicate nonessential information omitted from the example
Where to get help
Dell EMC support, product, and licensing information can be obtained as follows:
Product information
For documentation, release notes, software updates, or information about Dell EMC products, go to Dell EMC Online Support at
https://www.dell.com/support/.
Technical support
Go to Dell EMC Online Support and click Contact Support. You will see several options for contacting Dell EMC Technical
Support. Note that to open a service request, you must have a valid support agreement. Contact your Dell EMC sales
representative for details about obtaining a valid support agreement or with questions about your account.
Online communities
Visit Dell EMC Community Network at https://www.dell.com/community for peer contacts, conversations, and content on
product support and solutions. Interactively engage online with customers, partners, and certified professionals for all Dell EMC
products.
Your comments
Your suggestions will help us continue to improve the accuracy, organization, and overall quality of the user publications. Send
your opinions of this document to [email protected].
Preface 5
Introduction
This document introduces the Secure Remote Services (SRS) Policy Manager, version 7.1, which enforces the rules for
customer-controlled SRS site access and activity.
Topics:
•Policy Manager
•Specifications
•VMware
Policy Manager
The Policy Manager allows you to set permissions for devices that are being managed by the SRS Clients. The SRS Client polls
the Policy Manager every 5 minutes and receives the current policies, which it then caches locally. Due of this polling time
interval, policy updates may take up to 5 minutes before being applied.
During the periodic poll, the SRS Client posts all requests and actions that have occurred which are then written to local log
files and the Policy Manager database. When a remote access request arrives at the SRS Client for device access, the access is
controlled by the SRS Client enforcing the policy set by the Policy Manager.
The Policy Manager software may be on another application server (for example, a Dell EMC Navisphere ® Management
station) or co-located on a non-high-availability SRS Client server.
NOTE: Once installed on your server, the Policy Manager application is inaccessible by third parties, including Dell EMC.
NOTE: Due to internal database changes, version 6.8 onwards requires a fresh install and does not support upgrades or
migrations from previous Policy Manager versions.
What is New, Fixed, and Improved
The following describes what is new, fixed, and improved with Secure Remote Services Policy Manager 7.1:
●Fixed CVE-2021-44228 and CVE-2021-45105 log4j vulnerability issues.
●Masked the failed passwords attempts by users in logs.
●Rebranded Axeda Policy Server as ThingWorx Policy Server.
●Replaced OpenDS with OpenDJ directory server.
NOTE: OpenDJ directory server must be manually installed before installing Policy Manager.
●Added support for Java JRE.
Specifications
The table below shows the minimum configuration of the required hardware and application software.
Type Requirements Dell EMC
provided
software
Notes
Policy Manager
Server (Optional)
Processor—One or more processors, each 2.1 GHz or
better.
Free Memory -Minimum 2 GB RAM, preferred 3 GB
RAM.
Policy
Manager
A Policy Manager is optional, but
highly recommended.
Policy Manager requires a site-
supplied server.
1
6 Introduction
Type Requirements Dell EMC
provided
software
Notes
Minimum 4 GB recommend for 64-bit operating
systems.
Network Interface Cards (NIC) -One 10/100
Ethernet adapters (NIC cards) are recommended (1
GB preferred). You may choose to use a third NIC card
for data backups.
Free Disk Space—Minimum 2 GB available (preferably
on a storage device of 80 GB or larger)
Microsoft.NET Framework—
●Version 2.0 SP1 (minimum)
●Microsoft.NET Framework 3.5 SP1 in Windows
2012
NOTE: Microsoft.NET Framework 4.0 is not
compatible currently.
Operating System—US English only supported, as
follows:
●RedHat 7/8 64 bit
●CentOS 7/8 64 bit
●SuSE 11 64 bit
●Windows 8/10 64 bit
●Windows 2012 R2
●Windows 2016
●Windows 2019
Web Browser:
●Microsoft Internet Explorer 10+
●Google Chrome
●Mozilla Firefox
Java Runtime Environment:
●Java 1.8.x
●Supports Amazon Corretto 1.8.x
●Oracle Java, OpenJDK
Policy Manager supports up to
three Gateway Client servers or
pairs.
One Policy Manager server can
support up to 750 devices.
Managed Devices Secure Remote Services products - Support
products -You must provide required networking (or
VLAN) from the managed devices to the SRS Clients
(Gateway and Embedded device Clients) and the
Policy Manager servers. See the EMC Secure Remote
Services Site Planning Guide.
NOTE: If you have Policy Manager prior to version 7.0 and it has stopped working, it is due to end-of-life of Flash player
support from Adobe. You can learn more by visiting this link: Adobe Flash Player EOL General Information Page
NOTE: Windows Server 2012 Foundation or Standard requires that the .NET3.5 SP1 feature is enabled in order to comply
with the Microsoft .NET Framework Version 2.0 SP1 (minimum). It is NOT enabled by default. Microsoft .NET Framework
3.5 is required if you are using the Customer Environment Check Tool (CECT) to validate that the Policy Manager server is
set up correctly to install the PM software.
VMware
SRS is qualified to run on a VMware or Hyper-V virtual machine. VMware/Hyper-V support allows customers to leverage
their existing VMware/Hyper-V infrastructure to benefit from the security features of SRS without adding hardware. VMware
Introduction 7
VMotion functionality also allows the Policy Manager, when installed on a virtual machine, to be moved from one physical server
to another with no impact to remote support.
The following are the absolute minimum requirements for VMware support:
●All supported versions of VMware ESXi. For more information, see https://lifecycle.vmware.com/#/.
●15 GB partition
●2.2 GHz virtual CPU
●1 GB memory allocated minimum 2 GB preferred
●SMB modules optional
●VMotion functionality optional is supported for the Policy Manager components
●Operating Systems are the same as for physical hardware
WARNING: Do not place VMware or Hyper-V images or storage files on Dell EMC devices managed and
monitored by SRS. Loss of connectivity to the storage results in SRS components becoming unavailable and
impact the ability to support the deployed devices.
NOTE: Installation and configuration of the VM or Hyper-V instance and operating system are the customer's responsibility.
NOTE: It is recommended that the VM/Hyper-V instance be configured to meet or exceed physical hardware requirements.
NOTE: Virtual environments other than those defined above that fully support the qualified operating systems are
permitted but have NOT been tested. The Customer is entirely responsible for the virtual environment, it is maintenance,
security, compatibility, and operation.
8 Introduction
Policy Manager Installation - Linux
This chapter describes the process of installing the SRS Policy Manager for Linux. The Policy Manager consists of three
components:
●Policy Server
●HSQL database
●Active Directory or an internal directory server such as OpenDJ
If you want to install Policy Manager using OpenDJ directory server, you must manually install the OpenDJ server and then
configure your users and groups or migrate the user information from the earlier Policy Manager version.
Topics:
•Prerequisite
•Export user information from OpenDS directory server
•Install OpenDJ directory server
•Create default user groups and administrator account
•Installing Policy Manager on a 64-Bit Linux system
•Import user information to OpenDJ directory server
•Configuring Default Policies
•Configuring Email template for Notification
•Configuring/Adding Users
Prerequisite
●Installable file: EMCPolicyManager.bin and OpenDJ.zip
●JDK/JRE 8: Supports Amazon Coretto, OpenJDK, Oracle Java
●Set environment variable for JDK
●Two groups created in Active Directory
○APSUsers - Group for users to be managed by roles/profiles
○APSAdmins - Group for users with full administrative rights
NOTE: These group names can be customized, the above are default names.
Export user information from OpenDS directory
server
This is applicable if you had installed OpenDS local directory server with the earlier version of Policy Manager.
Prerequisites
OpenDS local directory server must be installed with the earlier version of Policy Manager.
About this task
If you choose to install OpenDJ directory server for Policy Manager 7.1, you can reuse information about the users, groups,
and roles from an earlier version of Policy Manager. To reuse the information, you must export the user information from the
OpenDS directory server and then import the information to the new OpenDJ directory server.
Steps
1. Go to PolicyServer/OpenDS-1.0.0/bin/.
2
Policy Manager Installation - Linux 9
2. Open command prompt as an administrator or root user.
3. Run the following command to export the user information:
export-ldif --includeBranch dc=axeda,dc=com --bindDN "ou=admin" --bindPassword
<Password> --backendId userRoot --ldifFile <path>/exportUsers.ldif
NOTE: Bind password is defined during the Policy Manager installation.
Install OpenDJ directory server
Prerequisites
Extract the opendj folder from OpenDJ.zip in the Policy Manager installation package.
About this task
If you want a local directory server in place of an existing active directory, you must install the OpenDJ directory server before
installing Policy Manager 7.1.
NOTE: OpenDJ directory server must be installed on the same server on which you want to install Policy Manager.
Steps
1. Move the opendj folder in the location in which you want to install the OpenDJ directory server.
2. Run chmod +x -R opendj to change the execution permission for the opendj folder.
3. Go to the opendj folder and run ./setup --cli to start the installation process.
4. Enter ou=admin as the initial root user DN.
5. Enter the password for the initial root user.
6. Press Enter.
7. Enter the LDAP ports and press Enter. The default port through which the directory server accepts connections from LDAP
clients is 389. The default ports through which the administrator connector accepts connections is 4444.
8. Perform the following steps to create base DNs in the directory server:
a. Enter yes to create base DN.
b. Select JE Backend as the backend type.
c. Enter dc=axeda,dc=com for the base DN.
9. Enter 1 to leave the database empty.
10 Policy Manager Installation - Linux
10. Optionally, configure SSL for the directory server.
11. Enter yes to initiate server configuration.
12. Verify the configured settings and enter 1 to proceed.
A success message is displayed after the directory server is configured and initiated.
Create default user groups and administrator account
About this task
Before you install Policy Manager 7.1 with OpenDJ directory server and do not want to reuse the user information from an earlier
Policy Manager version, you must create the administrator account and the following user groups before you access the Policy
Manager 7.1 user interface:
●APSUsers
●APSAdmins
●APSLdapAdmins
Steps
1. Go to opendj/scripts folder.
Policy Manager Installation - Linux 11
2. Run ./import.sh.
3. Enter the path of the folder in which OpenDJ directory server is installed, for example, /opt/EMC/ESRS/
PolicyManager/opendj.
4. Press Enter.
5. Enter the password configured for the administrator account during OpenDJ server installation.
6. Press Enter.
An administrator account is created, and a success message is displayed.
The username and password for the administrator account are Administrator and changeit respectively.
NOTE: You must change the default password when you log in to the Policy Manager for the first time.
7. Close the command prompt window.
Installing Policy Manager on a 64-Bit Linux system
This document describes the process of installing SRS Policy Manager (PM) 7.1 on a 64-bit Red Hat Enterprise Linux (RHEL)
system. This new software does have the capability to install on various flavors of 64-Bit Linux and Windows systems. The steps
follow the path of getting the software on the system through post installation and verification of application functionality.
NOTE: On Linux hosts, the bit type (32 or 64 bit) MUST match the operating system Bit type (32 or 64 bit). The install
process is the same. This PM version is 64 bit so the operating system must match that.
The first step is to get the SRS Policy Manager 7.1 software on the system that you are configuring. In this use case, we are
using RHEL as on Operating System. Assumptions are that the system is an already functioning host on the customer's network
and that the SSHD daemon has been started.
You configure WINSCP to log in as root; there are other methods to accomplish this task like scp at the CLI level. And if this
is a virtual environment, you can also use a USB to move files. The source directory is whatever directory on the local system
that the SRS bin file is stored. The destination is whatever directory on the RHEL host that you want to store the bin file and
perform the installation from. In this example, the /tmp directory was chosen.
12 Policy Manager Installation - Linux
1. Once the file has been copied to the destination system, you should verify that it exists in the directory where you copied it.
There are various ls commands at the Linux level to verify directory contents. The command that is run in this example is ls
-lrt:
[root@localhost]# ls -lrt
total 48352
-rw-r--r--. 1 root root 49512429 Dec 12 22:07 EMCPolicyManager.bin
2. You notice that in the previous example, the file exists in the destination directory. However, it is not in the executable
format that is needed to run a successful install in Linux. To make the file in exe format, please run the command that is
listed here. If you are using a 64-bit bin file, the proper file name would must be referenced when running the command.
[root@localhost]# chmod +x EMCPolicyManager.bin
3. Once the command has been run, you should verify that it is proper executable format.
rwxr-xr--. 1 root 90361344 Dec 12 22:07 EMCPolicyManager.bin
4. The binary can be installed in two ways:
●Without SSL: Go to step 5.
●With SSL: Follow the steps below.
a. Open the terminal window.
b. Create a directory as defined: /opt/EMC/ESRS/PolicyManager/
c. Change to the directory you created: cd /opt/EMC/ESRS/PolicyManager/
d. Type the command below and press Enter to create a keystore file:
keytool -genkey -alias sl-ssl -keyalg RSA -keystore esrskeystore.jks -validity
3650
NOTE:
○If the keytool command is not working, and then sets your JAVA environment variable and try again.
○Remember the password that you have provided. You need this password during Policy Manager installation.
○Do not use special characters in password. You can use alphanumeric.
5. Once it has been verified that the file exists in the remote directory and is in executable, you are ready to perform the
installation. Before proceeding with the installation, you should have the IP address available from the interface that will be
accessing the application. Note the command that initiates the procedure. What will follow at this point is a screen by screen
procedure of the process. Also, putty was used in this example. There are some operating systems that have desktops. If you
are running this installation on desktop, the same file is used but in a graphical format.
[root@localhost]# ./EMCPolicyManager.bin
Preparing to install
Extracting the installation resources from the installer archive...
Configuring the installer for the system's environment...
Launching installer...
6. This is an informational screen describing the features that will be installed.
Policy Manager Installation - Linux 13
7. Once you have viewed the features that will be installed when the process is complete, you have to review the SRS
SLA(Software License Agreement). The next few screens are License Agreement. The last screen asks you to Accept the
terms of this License Agreement by choosing (Y/N). If you Agree type Y and then enter.
8. Choose Install Folder and press Enter.
9. Next, you are prompted for the JDK/JRE install directory.
10. Select the components that must be installed and press Enter.
11. Once the components have been selected, you are prompted for the Database Host Name. Press Enter to accept
localhost or enter the local server's IP address.
12. The port number is the port that the Database listens on. This should not be modified from the default.
14 Policy Manager Installation - Linux
13. The default schema name is public.
14. Enter the admin information.
15. Enter the password for the database user in the following screen. Password must be minimum eight characters and at least
have one capital, one lowercase, one number and, one special character.
16. In the next screen, select the database initialization. Select option 1 - Create database during installation
17. Select the required directory server type.
18. If you selected Active Directory as the directory server type, configure the details as per the prompts below:
Policy Manager Installation - Linux 15
FQDN of the Active Directory server
389/3268 *3268 recommended (AD Catalog port)
Full DN of the bind account for AD
19. If you selected OpenDJ LDAP as the directory server type, configure the details as per the prompts below:
CAUTION: Do not update the Username Attribute, User from Name Filter, and Group from Name Filter values.
16 Policy Manager Installation - Linux
20. Next, provide the Directory Server Principal Password
21. Continue with providing further details of the LDAP server as prompted:
DN of the OU to start searching for users (if using port 3268 enter dc= portion of DN)
DN of the OU that contains the two AD groups (default is APSUsers/APSAdmins) must manage the Policy Manager (if
using port 3268 enter dc= portion of DN)
In the Static group name attribute screen, press Enter to choose the default option.
Policy Manager Installation - Linux 17
In the User from name filter screen, press Enter to choose the default option.
In the Group from name filter screen, press Enter to choose the default option.
22. Next, select option 2 - Manage roles from database when prompted for Role Management.
NOTE: Managing roles from directory server would require write access to Active Directory, it is not supported.
23. Next, set the error message frequency.
24. Enter the email server configuration.
25. Configure the System Error notification settings.
18 Policy Manager Installation - Linux
NOTE: Best Practice recommends adding the Hostname or IP address to the subject field of the Notification email. This
is especially important if you have more than one Policy Manager in your environment as it permits you to identify the
Policy Manager that is sending you the notification of an issue with the Policy Manager. You must retype the line and
add the hostname/IP address as it will NOT be appended to the existing entry.
26. When configuring Notification Settings is complete, the next section will determine whether you will use SSL when
communicating from the Gateway to the Policy Manager. The next three screens show Policy Manager configuration not
using SSL. Dell EMC highly recommends the default use of SSL. If you do not want to use SSL type in 2 and then press
Enter.
27. You can use localhost but the recommendation is to use the server FQDN.
28. Enter the port that the Policy Manager listens on. The default is 8443, and this should not be changed. The only time this
should be modified is when a decision has been made to use SSL.
Policy Manager Installation - Linux 19
29. In the screen below, enter the full path to the keystore created in step 4
Next, Enter password used for keystore
Reenter password used for keystore.
30. Install the Policy Manager server by entering 1 and pressing enter
NOTE: If the installer detects SystemD an additional notice will be displayed.
20 Policy Manager Installation - Linux
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
-
1
-
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
Dell Secure Remote Services Owner's manual
- Type
- Owner's manual
- This manual is also suitable for
Dell Secure Remote Services Virtual Edition allows you to securely connect to and manage your remote devices from anywhere, at any time.
Ask a question and I''ll find the answer in the document
Finding information in a document is now easier with AI
Related papers
-
Dell PowerProtect Data Protection Software Installation guide
-
-
-
-
-
-
-
-
-
Other documents
-
Poly Security - Firewall Traversal User guide
-
-
Polycom 3725-76302-001LI User manual
-
Novell ZENworks 7.3 Linux Management User guide
-
-
Fujitsu J2X1-7611-03ENZ0 User manual
-
-
Polycom 7000 User manual
-
VMware vRealize vRealize Operations Manager 6.3 Configuration Guide
-