ADManager Plus Deployment Scenarios



Enable SSL for Secure Communication over the Internet:

 

You will need to enable SSL for enhanced security and secure communication by ADManager Plus over the Internet. To enable SSL on ADManager Plus kindly follow the below steps:

This will enable SSL and a secure communication by ADManager Plus over the internet is possible. A valid SSL certificate is to be applied for enabling SSL.

 

 

Configuring ADManager Plus to Securely Function in a De-militarized Zone (DMZ)

 

For ADManager Plus to be installed in the DMZ (Demilitarized Zone), Port "389" (to communicate with the LDAP Protocol) and Port "135" (to communicate with RPC) are to be opened up in the Firewall along with other dynamic ports.

 

Section: "Find all Dynamic Ports" highlights the steps for identifying dynamic ports that needs to be opened up in the firewall. We strongly recommend you to run ADManager Plus application in Secure Socket Layer (SSL) mode for a DMZ Server Installation. Check the above section on how to enable SSL.

 

 

Open -up selective Firewall Ports to facilitate access over the Internet :

 

(i) When ADManager Plus is installed on your local area network with the url accessible across internet :

DMZ

 

 

(ii) When ADManager Plus is installed in the DMZ, open the following ports in the Firewall:

DMZ

 

Protocols and Ports Used

 

ADManager Plus uses Windows ADSI (Active Directory Service Interfaces) to interact with the Active Directory, which in turn uses LDAP (for querying and modifying directory services running over TCP/IP) Protocol on Port   389.

 

Right now, ADManager Plus communicates with the Active Directory using normal LDAP connection. And we have planned to use secured LDAP connections.

 

 

Finding / Identifying Dynamic Ports:

 

ADManager Plus uses several other ports which are dynamic. It is required by an administrator to identify all available dynamic ports and open them up in the Firewall.   In-order to open-up dynamic firewall ports one can follow the below steps.

 

Step 1: Open a command prompt in the Domain Controller.

Step 2: Type the following command and execute it in the command prompt.

 

portqry -n "<Your_Domain_Controller_Name>" -e 135 -l resultPorts.txt

 

In case you use different port for RPC, use the Port Number in which your RPC is running by replacing 135 in the above command.

Step 3: After executing the above command, open the "resultPorts.txt" from where the command is executed.

Step 4: Find for all the "_tcp" in the "resultPorts.txt" (Ex : ncacn_ip_tcp:100.190.1.2[1142])

Step 5 : The value in the Square Brackets[ ] are the ports which needs to be opened. Make a note of these ports.   (Ex: in the above result, 1142 is the port that needs to be opened).

Step 6: Continue with the search until the file ends and open all the identified ports.



Copyright © 2014, ZOHO Corp.All Rights Reserved.