• No results found

Automatic Deployment and Authentication Guide

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Automatic Deployment and Authentication Guide"

Copied!
11
0
0

Loading.... (view fulltext now)

Download now ( 11 Page )

Full text

(1)

Automatic Deployment and Authentication Guide

www.druva.com

Table of Contents

Contents

Introduction ... 3

This document gives administrators an overview of automatically deploying inSync.

(2)

Page 2

inSyncConfig.ini File Composition ... 3

Druva Automatic Deployment Package ... 4

The Process ... 5

Server.conf : INI creation Modes ... 5

Group/Profile Mapping ... 6 Binaries Location ... 6 Edit MASSDS.bat ... 7 Edit SI.bat ... 7 GPO Setup ... 8

Help ... 10

Disclaimer ... 11

(3)

Page 3

Introduction

Druva inSync has the ability to allow an organization to automate the Account Creation, Deployment, and authentication of inSync Agents.

The process relies on the creation of an “ini” file on the target machine which contains the information needed to create and assign the account to the correct inSync Server, Storage and Profile, and also the target users’ credentials.

The auto installation of client feature helps to install the inSync client package on the client computer and loads the authentication key without user’s intervention. After the successful installation of inSync client, the user is created on the inSync server without manual Administrator input

An organization can create their own scripting methods to create and save this information, or use the Automatic Deployment package provided by Druva to assist in is process.

The Druva Automatic Deployment package can integrate with AD, or a CSV file to create the required ini files

inSyncConfig.ini File Composition

The INI file contains the following information for the MSI installer to read after installation This allows the account to be configured on the inSync server, and the users account to be authenticated.

ADDRESS = 'IP Address of inSync Server:6061' STORAGE = 'Name of Target Storage'

PROFILE = 'Name of Target Profile' ADUSERNAME = 'AD UserName of user'

USERNAME = 'Name of User for inSync Account' MAIL = 'email address of user'

WINUSERNAME = 'Windows UserName of user' WINUSERDOMAIN = 'Windows UserDomain of user'

The ini file should be created in the following location on the target device • C:\Windows\temp

(4)

Page 4

Druva Automatic Deployment Package

This article describes how to use the Microsoft Active Directory Group Policy to automatically distribute and deploy the inSync Client installable (MSI) across domain computers or users and to authenticate them automatically as well.

Note: The method used for MS Active Directory Group policy can be used with other third party tools such as SCCM, LANDesk etc.

Currently, auto installation feature supports only Windows and Macintosh client versions. Note: The mass deployment of inSync clients support new client installation only and does not support upgrade to the existing inSync clients.

Before you begin the auto installation of Windows client, make sure you have installed the latest inSync server and configured the user profile and storage.

Following is the block diagram of inSync client auto-installation process for Microsoft Windows operating system.

Download INI creator ZIP and Unzip to a file share

accessible to all users

Edit server.conf to reflect the deployment method

& enter details

Edit MASSDS.bat script to reflect new file share path

Setup MASSDS.bat under GPO to execute as User

Log on Script Generate Mass

Deployment Token from inSync Server console

Setup SI.bat under GPO to execute as Windows

Startup Script Edit SI.bat for MSI in file share, Mass deployment token and INI file path

(5)

Page 5

The Process

To automate the entire process we need to execute two steps using GPO • Create an %username%.INI file

• Deploy MSI using Mass deployment token

You can download the package from here www.druva.com/hotfix/tools/Auto-Depv1.2.zip

Auto-Depv1.2.zip: This package has some libs and binaries which help creating the inSync INI file.

There are some editable files for customizing the package to your environment

1. Server.conf : Allows us to set Server address, default storage and profile, and select INI creation mode (AD or CSV).

2. MASSDS.bat: This is a batch script which is responsible for invoking the inSync INI creator exe. Hence it is executed using User log on scripts via GPO.

3. SI.bat: This is again a batch script which is executed a machine startup script and it executes using parameters like TOKEN and INIFILE.

Server.conf : INI creation Modes

The inSync INI creator package allows using two different modes to create INI file. These modes can be classified as below:

• Use LDAP: In this mode if the “server.conf” has variable “CSV = No” the exe will query the LDAP server to find the logged in user email ID. The server.conf here will look as below

[DETAILS] SERVER_IP = 192.168.51.77:6061,192.168.51.78:80 STORAGE = inSyncStore PROFILE = DEFAULT CSV = No BASEDN = DC=Scorpius,DC=Druva,DC=COM LDAP_IP = ldap://192.168.51.77:3268 LDAP_USERNAME = [email protected] LDAP_PASSWORD = p@ssw0rd USERDOMAIN = scorpius.druva.com

(6)

Page 6

GROUPMAPPING = Yes

[PROFILEMAPPINGS] Administrators = IT PROFILE1 = SALES

• Use CSV: In this mode if the “server.conf” has variable “CSV = Yes” the exe will try and parse through the users.csv file provided by the administrator. The users.csv format looks something like below: UserName,emailID,Storage,Profile test1,[email protected],inSyncStore,IT, test2,[email protected], inSyncStore,IT, test3,[email protected], inSyncStore,IT, test4,[email protected], inSyncStore,IT, test5,[email protected], inSyncStore,IT, test6,[email protected], inSyncStore,IT, test7,[email protected], inSyncStore,IT, test8,[email protected], inSyncStore,IT,

Group/Profile Mapping

The “server.conf” also has another section known as [PROFILEMAPPINGS]. This allows IT administrators to map their exiting AD group with inSync server user profile. For example: We can use an AD group as administrators and map it inSync user profile as IT. The parameters look as below

[PROFILEMAPPINGS] Administrators = IT

Note: Please note that INI creator will use the logged user accounts member group to execute the mappings if the user does not belong to mapped groups then the default profile will be used.

Binaries Location

The zip files of automatic deployment needs to be hosted on common accessible shares so that these are available to all the users to be executed. The path for share needs to be updated in MASSDS.bat as listed in next section.

(7)

Page 7

Edit MASSDS.bat

Once we have the file share and server.conf configured we can now edit MASSDS.bat to reflect latest paths. The file could look as below

@echo on

IF EXIST C:\inSyncAD goto CHECKINI mkdir C:\inSyncAD

cd C:\inSyncAD

copy "\\192.168.51.77\iMD\*.*" "C:\inSyncAD" > filecopy.log goto CHECKINI

:CHECKINI cd C:\inSyncAD

if EXIST "c:\inSyncAD\%username%.INI" goto END Mass_Dep.exe

:END

Edit SI.bat

Similarly we can now edit SI.bat to reflect new paths and MSI name along with new token value from inSync server web console  Management  Users  Import  Mass Deployment token

@echo on

copy "\\192.168.51.77\iMD\*.msi" "C:\inSyncAD" cd C:\

msiexec /qn /i C:\inSyncAD\inSync5.0.msi TOKEN="4-9eff6f87a64bb5a7614ce3f173c24e81" INIFILE="C:\inSyncAD\%USERNAME%.INI" /Lime C:\inSyncAD\MSIlog.txt

if exist "c:\program files (x86)" goto WIN7 goto XP

:WIN7

(8)

Page 8 inSyncGUI.exe goto END :XP cd "C:\Program Files\Druva\inSync" inSyncGUI.exe goto END :END

GPO Setup

Once we have the file shares configured along with server.conf file. We can now start executing the steps below to start the automatic deployment

• In GPO create a policy on user logon script to execute MASSDS.bat • In GPO create a policy on Windows startup script to execute SI.bat See the following screen shot.

(9)

Page 9

Note: For details on how to setup GPO policies please follow Microsoft KB article here http://support.microsoft.com/kb/816102

Note: The logs are created at C:\inSyncAD and Users temp directory. Sample log from inSync AD folder.

Filename: AD.log

2012-07-13 15:36:15,489 INFO Using LDAP Method ... 2012-07-13 15:36:15,505 INFO The logged in user is:[email protected]

2012-07-13 15:36:15,505 INFO Connected to the LDAP Server 2012-07-13 15:36:15,505 INFO ldap searching..

2012-07-13 15:36:15,505 INFO [('CN=Sirohi

Bhaskar,CN=Users,DC=Scorpius,DC=druva,DC=com', {'primaryGroupID': ['513'], 'cn': ['Sirohi Bhaskar'], 'objectClass': ['top', 'person', 'organizationalPerson', 'user'], 'userPrincipalName':

['[email protected]'], 'lastLogonTimestamp': ['129858174761464843'], 'instanceType': ['4'], 'distinguishedName': ['CN=Sirohi Bhaskar,CN=Users,DC=Scorpius,DC=druva,DC=com'], 'dSCorePropagationData': ['20120703202239.0Z', '16010101000000.0Z'], 'objectSid': ['\x01\x05\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00\xd3f\x01\x1aS\r\xe1 \xc1\xefr_\x03n\x04\x00\x00'], 'whenCreated': ['20120703174520.0Z'], 'uSNCreated': ['21918'], 'mail': ['[email protected]'],

(10)

Page 10

'sAMAccountName': ['sbhaskar'], 'objectCategory':

['CN=Person,CN=Schema,CN=Configuration,DC=Scorpius,DC=druva,DC=com'], 'objectGUID':

['\xed\x99\x06\x03\x8f\x1e0L\x9f\xf5]\x13%\xd3\xfa\xd0'], 'whenChanged': ['20120709125243.0Z'], 'displayName': ['Sirohi Bhaskar'], 'name': ['Sirohi Bhaskar'], 'memberOf':

['CN=Galaxy,OU=LEO,DC=Scorpius,DC=druva,DC=com', 'CN=PF,OU=Pre-Sales,DC=Scorpius,DC=druva,DC=com',

'CN=Administrators,CN=Builtin,DC=Scorpius,DC=druva,DC=com'], 'userAccountControl': ['66048'], 'sAMAccountType': ['805306368'], 'uSNChanged': ['24971'], 'sn': ['Bhaskar'], 'givenName': ['Sirohi']})] 2012-07-13 15:36:15,519 INFO Groupnames are ['Galaxy', 'PF',

'Administrators']

2012-07-13 15:36:15,519 INFO Could not find group mapping for groupname=Galaxy

2012-07-13 15:36:15,519 INFO Could not find group mapping for groupname=PF

2012-07-13 15:36:15,519 INFO Found group mapping for groupname=Administrators

2012-07-13 15:36:15,519 INFO Connection established with inSync server 2012-07-13 15:36:15,519 INFO Creating sbhaskar.ini file

2012-07-13 15:36:15,519 INFO sbhaskar.ini file created at:C:\inSyncAD\sbhaskar.INI

MSI Installation log:

=== Logging started: 7/13/2012 15:39:34 === Action start 15:39:34: INSTALL.

Action start 15:39:34:

SystemFolder.30729.01.Microsoft_VC90_CRT_x86.SP.D8D85FD0_537C_3A3A_9BE C_7A1B426637EC.

Action ended 15:39:48: INSTALL. Return value 1.

MSI (s) (10:50) [15:39:48:649]: Product: Druva inSync 5.0 -- Installation completed successfully.

=== Logging stopped: 7/13/2012 15:39:48 ===

Help

(11)

Page 11

Disclaimer

Druva Inc. shall not be liable for errors contained in this document and any damages in connection with this document.  Contact Support US: +1-855-349-4410 International: 800-334-30000 India: 1-800-209-3011 www.druva.com

References

Download now ( PDF - 11 Page - 459.00 KB )

Related documents

Reviving the United States' Commitment to Pakistan and Afghanistan

In addition to its internal political problems, Pakistan also faces the issue of al-Qaida and Taliban training camps positioned in its literal back yard, the Federally

TECHNICAL AND VOCATIONAL EDUCATION AND TRAINING (TVET) SYSTEM\ IN INDIA FOR SUSTAINABLE DEVELOPMENT

National Conference on Technical Vocational Education, Training and Skills Development: A Roadmap for Empowerment (Dec. 2008): Ministry of Human Resource Development, Department

Genesys Licensing Guide. System Level Guides 8.5.x 5/13/2020

Product Name Technical Licences Technical Licenses Required/ Optional GIS 8.0 Required GIS_INTERACTIONSERVICE 8.0 Required ics_custom_media_channel 8.0

Wells and welfare in the Ganga Basin: Public policy and private initiative in Eastern Uttar Pradesh, India

For the poorest farmers in eastern India, then, the benefits of groundwater irrigation have come through three routes: in large part, through purchased pump irrigation and, in a

Cirrhosis and HCC. Dr.Abonyi Margit PhD SE 1st.Medical Clinic

 HCC is developing in 85% in cirrhosis hepatis Chronic liver damage Hepatocita regeneration Cirrhosis Genetic changes

Surveying the Application of Iterative Learning Strategy in Uncalibrated Vision-Based Robot Manipulators Control

In Sections II the Application of Iterative Learning strategy in Uncalibrated Vision-Based Robot Manipulators Control shown .In Sections III, simulation results are

Consti Digest

Held: The 5 well-settled instances when a warrantless search and seizure of property is valid, are as follows: (1) warrantless search incidental to a lawful arrest recognized

Chasing the rainbow: pleasure, sex-based sociality and consumerism in navigating and exiting the Irish Chemsex scene

Four basic themes emerged from the analysis; social and cyber arrangements within the Dublin Chemsex scene; poly drug use and experiences of drug dependence; drug and sexual