HP VPN Server Appliance sa3000 Series - Client Deployment Tool Getting Started Guide

ManualsBrandsHP ManualsServerHP VPN Server Appliance sa3150

hewlett-packard sa3000 series

vpn client deployment tool

getting started guide

Hewlett-Packard Company

HP: 5971-0888

P/N: A01447-003

March 2001

Summary of content (46 pages)

PAGE 1
hewlett-packard sa3000 series vpn client deployment tool getting started guide Hewlett-Packard Company HP: 5971-0888 P/N: A01447-003 March 2001
PAGE 2
ii
PAGE 3
Disclaimer 1 Information in this document is provided in connection with Hewlett-Packard Company products. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted by this document.
PAGE 4
iv
PAGE 5
Contents Disclaimer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii Getting Started Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 VPN Client Deployment Tool Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Installing the VPN Client Deployment Tool Before You Install the VPN Client Deployment Tool . . . . . . . . .
PAGE 6
vi Hewlett-Packard SA3000 Series VPN Client Deployment Tool Getting Started Guide
PAGE 7
Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1 VPN Client Deployment Tool Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 8
Getting Started Hewlett-Packard SA3000 Series VPN Client Deployment Tool Getting Started Guide
PAGE 9
Getting Started 1 Getting Started The HP SA3000 Series VPN Client Deployment Tool application allows you to deploy e-mail notifications that provide your end users with login credentials. When users access your Web server, they can download customized HP SA3000 Series VPN Client software and, after installing the client, they can access your network within minutes.
PAGE 10
Getting Started VPN Client Deployment Tool Components The VPN Client Deployment Tool consists of a manager, database, servlet, and report tool components.
PAGE 11
VPN Client Deployment Tool Components • • Report Tool Components Extracts information from the VPN Client Deployment Tool Database specific to the requesting remote user and creates the VPNCLIENT.INI and VPNUSER.INI configuration files. The configuration files are bundled with an installation or upgrade of the VPN Client into a self-extracting executable file. Downloads the self-extracting executable to the requesting remote user.
PAGE 12
Getting Started 1-4 Hewlett-Packard SA3000 Series VPN Client Deployment Tool Getting Started Guide
PAGE 13
Before You Install the VPN Client Deployment Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-1 Installing the VPN Client Deployment Tool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 14
Installing the VPN Client Deployment Tool Hewlett-Packard SA3000 Series VPN Client Deployment Tool Getting Started Guide
PAGE 15
Installing the VPN Client Deployment Tool 1 Before You Install the VPN Client Deployment Tool Before you can use the HP SA3000 Series VPN Client Deployment Tool on your Windows NT or Windows 2000 Server, you must install the following components: • VPN Client Deployment Tool Manager and Database • VPN Client Deployment Tool Servlet (The Servlet contains the necessary JRun components used by the VPN Client Deployment Tool to allow users to download HP SA3000 Series VPN Clients.
PAGE 16
Installing the VPN Client Deployment Tool 5. Ensure that the Local Path field points to the correct scripts directory. For example, c\:Inetpub\scripts. 6. Set Permissions to Execute (including script). Windows 2000 users: 1. Start the Internet Information Services by clicking Start and selecting Programs, Administrative Tools, Internet Services Manager, Internet Information Services. 2.
PAGE 17
Installing the VPN Client Deployment Tool Installing the VPN Client Deployment Tool Steps To install the VPN Client Deployment Tool: 1. Insert the VPN Client Deployment Tool CD-ROM into the CDROM drive. The VPN Client Deployment Tool installation program starts automatically. Note: If the installation program does not start automatically, select Run in the Start menu and enter :\splash.exe and click OK. The VPN Client Deployment Tool Welcome dialog box appears. 2.
PAGE 18
Installing the VPN Client Deployment Tool 5. Click Next. The Select Program Folder dialog box appears. 6. Confirm that you want the default name VPN Client Deployment Tool added to the Program Folders or change the name to one you prefer. 7. Select to install VCDT Manager. The VCDT Manager software installs. 8. If you elected to install both the VPN Client Deployment Tool Manager and VPN Client Deployment Tool Servlet consecutively, click Finish to complete the Manager portion of the installation.
PAGE 19
Installing the VPN Client Deployment Tool 8. Select the IIS Web Server Scripts directory that was created when you installed IIS. To select the default directory, click Next. The Enter Information dialog box appears. 9. Enter the IP address of the database server. If the database server is installed on the same computer as the VPN Client Deployment Tool Manager, use the default IP address. Otherwise, enter the Database server’s IP address here.
PAGE 20
Installing the VPN Client Deployment Tool 2-6 Hewlett-Packard SA3000 Series VPN Client Deployment Tool Getting Started Guide
PAGE 21
Installing the VPN Client Software Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 22
Installing the VPN Client Software Files Hewlett-Packard SA3000 Series VPN Client Deployment Tool Getting Started Guide
PAGE 23
Installing the VPN Client Software Files 1 Installing the VPN Client Software Files The HP SA3000 Series VPN Client software is shipped separately from the VPN Client Deployment Tool. If you want the VPN Client Deployment Tool to send customized VPN Clients to users, you must install the VPN Client software to your Windows NT or Windows 2000 Server.
PAGE 24
Installing the VPN Client Software Files New directories are created on your Windows NT or Windows 2000 Server and the VPN Client software files are installed. The VPN Client files are installed into subdirectories in the root directory of your IIS FTP server (default directory c:\Inetpub\ftproot). At least 6 MB of disk space is required for each VPN Client installed to your hard disk.
PAGE 25
Using the VPN Client Deployment Tool for the First Time . . . . . . . . . . . . . . . . . . . . . . 4-1 Creating an E-mail Template File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-2 Starting the VPN Client Deployment Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-4 Logging In to the VPN Client Deployment Tool Manager . . . . . . . . . . . . . . . . . . . . . . . .4-5 Adding a Corporation Entry . . . . . . . . . . . . . . . . . .
PAGE 26
Using the VPN Client Deployment Tool for the First Time Hewlett-Packard SA3000 Series VPN Client Deployment Tool Getting Started Guide
PAGE 27
Using the VPN Client Deployment Tool for the First Time 1 Using the VPN Client Deployment Tool for the First Time To use the HP SA3000 Series VPN Client Deployment Tool, you must first perform the following tasks: Tasks • • • • • • • • • Create an E-mail template file that contains a generic message to inform users that a new VPN Client configuration is available. See "Creating an E-mail Template File" (page 4-2). Start the VPN Client Deployment Tool Manager.
PAGE 28
Using the VPN Client Deployment Tool for the First Time Creating an E-mail Template File You can use an e-mail template file to change the format and wording of the default e-mail message that is sent to users to notify them of the deployment of a new VPN Client configuration. The template file is a text file that you create using an ASCII text editor. It contains a generic message informs users that a new VPN Client configuration is available on the VPN Client Deployment Tool Web server.
PAGE 29
Creating an E-mail Template File To get VPN Client Deployment Tool to deploy correctly, you must input not only the path, but also the template file name with an appropriate extension. For example, if you store your e-mail template files in the default C:\Program Files\HP SA3000 VPN\VPN Client Deployment Tool\Smdt\Servlet directory, and the file name is notification.txt, you should input C:\Program Files\HP SA3000 VPN\VPN Client Deployment Tool\Smdt\notification.txt into the Email Template File field. 4.
PAGE 30
Using the VPN Client Deployment Tool for the First Time Starting the VPN Client Deployment Tool You must start the VPN Client Deployment Tool Manager to use the VPN Client Deployment Tool. Prerequisites You must install all of the software components. See preceding sections in this document. Before you start the VPN Client Deployment Tool, ensure that IIS Admin Services are running.
PAGE 31
Logging In to the VPN Client Deployment Tool Manager Logging In to the VPN Client Deployment Tool Manager You must first log in to the VPN Client Deployment Tool Manager and select a corporation to use (if more than one exists). Prerequisite Ensure that the Adaptive Server Anywhere database service is running. Start the VPN Client Deployment Tool Manager. See “Starting the VPN Client Deployment Tool” in the previous section of this document for more information.
PAGE 32
Using the VPN Client Deployment Tool for the First Time Adding a Corporation Entry The first time you log in to the VPN Client Deployment Tool, the system requires that you create a corporation entry before you can do anything else. More corporation entries can be added later. When adding a corporation entry, you provide the corporation name, description, mail server, and Web server URL. Prerequisite Create an e-mail template text file. See “Creating an E-mail Template File” in the previous section.
PAGE 33
Adding a Corporation Entry 8. In the Email Template File field, enter the absolute path where the template file for e-mail notifications reside. 9. In the Web Server URL field, enter the corporation's Web server URL. This is the IIS Web server where the VPN Client Deployment Tool servlet is installed. Users who receive email notifications of updated VPN clients access this site to download the latest client. For example, http:///smdt/index.htm 10.
PAGE 34
Using the VPN Client Deployment Tool for the First Time Adding a Device Entry You must add a device entry that contains information such as the name and IP address of an HP VPN Server Appliance SA3110/ SA3400/SA3460 devices to be assigned to a user or group. You can also add device information by polling a device and extracting its configuration information. Steps To add a device entry: 1. In the left-hand navigation bar, click Devices. The Devices window appears. 2. Click Clear. 3.
PAGE 35
Adding a Tunnel Entry Adding a Tunnel Entry You must add tunnel information, including the device name, tunnel name, authentication type, tunnel protocol, and port number. If you have a large number of tunnels, use device polling to add the information to your corporation entry. See “Adding a Device Entry” earlier in this document for more information. Steps To add a tunnel entry: 1. In the left-hand side navigation bar, click Tunnels. The Tunnels window appears. 2. Click Clear. 3.
PAGE 36
Using the VPN Client Deployment Tool for the First Time 10. In the Port field, enter the port number you want to use in conjunction with the protocol defined in the Protocol Field. The default port number is 2233. Port numbers 1025 through 65,535 are available. 11. In the Group/Userid Name field, enter the name of the user or group defined for that tunnel. 12. In the Challenge Phrase field, enter the challenge phrase for the device. 13. Click Save.
PAGE 37
Creating a Client Profile Creating a Client Profile When you create a client profile, you are governing which attributes (tunnels, permissions, and so on) a group or user receives. These attributes are then set in the vpnclient.ini initialization file. This file determines how the VPN Client looks and acts after it is deployed. Each user or group can have multiple configurations, which is important because specific users or groups may require access to several areas of your network.
PAGE 38
Using the VPN Client Deployment Tool for the First Time The Tunnel Settings window appears. Note: The Connection Type area applies to both SST and IPSec tunnels. 10. Select the Logon to Network check box if you want the users or groups to automatically log onto the network every time a tunnel connects (for example, a Windows NT domain). 11. Select the AutoConnect check box if you want your users to automatically connect to a VPN device every time the VPN Client is started. 12.
PAGE 39
Creating a Product Profile Creating a Product Profile The Product Profiles tab is where you can create and edit a product profile that lets different groups or users get different versions of the VPN Client. Each user or group can now have multiple configurations as well. This is important because specific users or groups may require more access privileges to the VPN Client. Steps To create a product profile: 1. In the left-hand side navigation bar, click Profiles. The Profiles window appears. 2.
PAGE 40
Using the VPN Client Deployment Tool for the First Time 7. Select which type of access you want users to have to the configuration files. The following types are available: • readonly — This parameter indicates that the configuration files cannot be modified in any way by the user. • write — This parameter indicates that the configuration file can be modified by the user. This is the default mode. 8. Select whether you want the VPN Client to be minimized upon logon.
PAGE 41
Adding a User or Group Entry Adding a User or Group Entry You must create a user or group entry to send e-mail notifications. To add a user entry, you must provide the user name and e-mail address for each user. To add a group entry, you must first add a user and save the user as a group. Each user thereafter can be assigned to the group you just created.
PAGE 42
Using the VPN Client Deployment Tool for the First Time 6. In the Email Address field, enter the user's e-mail address. This field is grayed out if you are creating a group. 7. In the Key Pair Life (days) field, enter a value for the key life. The default value is 365. 8. If you want to use this entry as a group for other user configurations, select the Create Group check box. 9.
PAGE 43
Adding a User or Group Entry — In the CA IP Address field, enter the Certificate Authority IP Address. — In the CA Certificate Name fields enter 1, 2, or 3 Certificate Authority names. — In the CA Challenge Phrase field, enter the challenge phrase for the Certificate Authority. — In the CRL Update (hours) field, enter the number of days between updates. — The default value is 0. — In the Certificate Renewal (days) field, enter the certificate renewal period in hours. — The default value is 0.
PAGE 44
Using the VPN Client Deployment Tool for the First Time 4-18 Hewlett-Packard SA3000 Series VPN Client Deployment Tool Getting Started Guide
PAGE 45
Index Index IndexIndex A adding client profiles ................................ 4-11 corporations ................................... 4-6 devices........................................... 4-8 groups .......................................... 4-15 product profiles ............................. 4-13 tunnels ........................................... 4-9 users ............................................. 4-15 Audit Report Tool ................................. 1-3 B boot logon parameter .................
PAGE 46
U User Report Tool .................................. 1-3 users, adding ....................................... 4-15 1-2 1-2 1-2 1-2 4-4 4-1 Index V VPN Client Deployment Tool components ................................... database functions .......................... Manager functions .......................... Servlet functions ............................. starting .......................................... using for the first time .....................