Professional Documents
Culture Documents
1 - Administration Guide
i
Wallix AdminBastion 3.1 - Administration Guide
ii
Wallix AdminBastion 3.1 - Administration Guide
Table of Contents
1. Introduction ............................................................................................................................. 1
1.1. Preamble ....................................................................................................................... 1
1.2. Copyright, Licences ....................................................................................................... 1
1.3. Legend ......................................................................................................................... 1
1.4. About this document ...................................................................................................... 1
2. Concepts ................................................................................................................................. 3
2.1. General information ....................................................................................................... 3
2.2. Positioning of the WAB in the network infrastructure ......................................................... 3
2.3. The concept of WAB ACLs ............................................................................................ 4
2.4. Roll-out ........................................................................................................................ 4
3. Administration interface ............................................................................................................ 6
3.1. Initial logon .................................................................................................................. 6
3.2. Menu tree structure ........................................................................................................ 7
3.3. My preferences .............................................................................................................. 9
3.4. My authorisations .......................................................................................................... 9
3.5. WAB audit .................................................................................................................. 10
3.5.1. Current connections ........................................................................................... 10
3.5.2. View sessions in real time .................................................................................. 11
3.5.3. Connection history ............................................................................................. 12
3.5.4. View session recording ...................................................................................... 14
3.5.5. Authentication history ........................................................................................ 15
3.5.6. Connection statistics .......................................................................................... 17
3.6. System audit ................................................................................................................ 18
3.6.1. System status .................................................................................................... 18
3.6.2. System logs ...................................................................................................... 19
3.7. Users .......................................................................................................................... 19
3.7.1. Accounts .......................................................................................................... 20
3.7.2. Groups (of users) ............................................................................................... 24
3.7.3. Import (users) ................................................................................................... 27
3.8. Resources and accounts ................................................................................................ 31
3.8.1. Devices ............................................................................................................ 31
3.8.2. Target accounts ................................................................................................. 34
3.8.3. Device admin credentials .................................................................................... 37
3.8.4. Groups (of target accounts) ................................................................................. 40
3.8.5. Authentication mechanisms ................................................................................. 43
3.8.6. Import (target devices and target accounts) ........................................................... 44
3.9. Manage authorisations .................................................................................................. 46
3.9.1. Add an authorisation .......................................................................................... 46
3.9.2. Delete an authorisation ....................................................................................... 48
3.9.3. Import authorisations from CSV .......................................................................... 48
3.10. User profiles .............................................................................................................. 48
3.10.1. Default profiles ................................................................................................ 49
3.10.2. Add a user profile ............................................................................................ 49
3.10.3. Edit a user profile ............................................................................................ 50
3.10.4. Delete a user profile ......................................................................................... 50
3.11. WAB configuration .................................................................................................... 50
3.11.1. Time frames .................................................................................................... 50
3.11.2. External authentications .................................................................................... 52
3.11.3. Notifications .................................................................................................... 54
3.11.4. Password policy ............................................................................................... 57
3.11.5. Secondary passwords ........................................................................................ 58
iii
Wallix AdminBastion 3.1 - Administration Guide
iv
Wallix AdminBastion 3.1 - Administration Guide
List of Figures
2.1. Wallix AdminBastion in the network infrastructure .................................................................... 4
3.1. WAB logon screen ................................................................................................................. 6
3.2. WAB home page (administrator profile) ................................................................................... 7
3.3. 'My preferences' page ............................................................................................................. 9
3.4. User's authorisations ............................................................................................................. 10
3.5. Close an SSH connection ...................................................................................................... 11
3.6. View RDP sessions in real time ............................................................................................. 12
3.7. Connection history ............................................................................................................... 13
3.8. Connection history filters ...................................................................................................... 14
3.9. View an RDP recording with OCR ........................................................................................ 15
3.10. Authentication history ......................................................................................................... 16
3.11. Connection statistics ........................................................................................................... 17
3.12. Sample statistical graph ....................................................................................................... 18
3.13. System status ..................................................................................................................... 19
3.14. List of users ...................................................................................................................... 20
3.15. Add user form ................................................................................................................... 22
3.16. Delete users ....................................................................................................................... 23
3.17. List of devices accessible by a user ...................................................................................... 24
3.18. List of user groups ............................................................................................................. 25
3.19. Add user group form .......................................................................................................... 26
3.20. List of users in a group ....................................................................................................... 27
3.21. Import users page ............................................................................................................... 28
3.22. Summary of user import from a CSV file .............................................................................. 29
3.23. Import users from a directory .............................................................................................. 31
3.24. List of target devices .......................................................................................................... 32
3.25. Add device form ................................................................................................................ 33
3.26. List of all target accounts for a device .................................................................................. 35
3.27. List of target accounts for a service ...................................................................................... 36
3.28. Add target account form ..................................................................................................... 37
3.29. Device admin credentials .................................................................................................... 38
3.30. Admin credentials on a Linux/Unix device ............................................................................ 39
3.31. Admin credentials on a Windows device ............................................................................... 39
3.32. Admin credentials on a Cisco device .................................................................................... 40
3.33. List of target account groups ............................................................................................... 41
3.34. Add a target account group form .......................................................................................... 42
3.35. Authentication mechanisms ................................................................................................. 43
3.36. List of authorisations .......................................................................................................... 46
3.37. Add authorisation form ....................................................................................................... 47
3.38. Add user profile form ......................................................................................................... 50
3.39. List of time frames ............................................................................................................. 51
3.40. Add time frame form .......................................................................................................... 52
3.41. Add LDAP authentication form ........................................................................................... 54
3.42. Add notification form ......................................................................................................... 56
3.43. 'Password policy' page ........................................................................................................ 58
3.44. 'Secondary password' page .................................................................................................. 59
3.45. 'Secondary password' page .................................................................................................. 61
3.46. 'Logon settings' page .......................................................................................................... 62
3.47. Network configuration ........................................................................................................ 63
3.48. Time service configuration .................................................................................................. 64
3.49. Configuring remote storage ................................................................................................. 65
3.50. Configuring syslog routing .................................................................................................. 66
v
Wallix AdminBastion 3.1 - Administration Guide
vi
Wallix AdminBastion 3.1 - Administration Guide
Chapter 1. Introduction
1.1. Preamble
Thank you for choosing Wallix AdminBastion, also called WAB.
WAB is marketed in the form of a dedicated, ready-to-use server or as a virtual device for the
VMWare ESX 4.x and 5.x environments.
This product has been engineered with the greatest of care by our teams at Wallix and we trust
that it will deliver complete satisfaction.
All the product or company names mentioned herein are the registered trademarks of their respec-
tive owners.
Wallix AdminBastion is based on free software. The list and source code of GPL and LGPL licenced
software used by Wallix AdminBastion are available from Wallix. Please send your request by email
to: wabsupport@rt.wallix.com or in writing to:
Wallix
Service Support
118, rue de Tocqueville
75017 Paris
France
1.3. Legend
prompt $ command to input
command output
on one or more lines
prompt $
Wallix provides dedicated guides covering the configuration and use of the WAB for the following
functionalities:
• Administration console
• X509 authentication
• HA (High Availability)
With in addition:
1
Wallix AdminBastion 3.1 - Administration Guide
2
Wallix AdminBastion 3.1 - Administration Guide
Chapter 2. Concepts
2.1. General information
WAB has been developed for the technical teams that administer IT infrastructure (servers, network
and security devices, etc.). Designed to meet the access control and traceability needs of system
administrators,
Wallix AdminBastion features access control lists (ACLs) and traceability functions. It constitutes a
security buffer for administrators who wish to log on to devices by:
The WAB also allows you to automate logons to target devices to enhance the security of the
information system by preventing disclosure of server authentication details.
The WAB has a graphic Web interface, validated using Firefox 3, Internet Explorer 7 and Internet
Explorer 8, to monitor activity and connections and to configure its component parts.
The high trust domain is represented by the devices isolated by the AdminBastion.
These devices and their related accounts are called 'target accounts' in WAB terminology.
The low trust domain is represented by the population with direct access to the Bastion:
For users of the solution, access to the target accounts (high trust domain) is only possible through
the WAB.
3
Wallix AdminBastion 3.1 - Administration Guide
In the WAB, access to a target account by a user depends on an authorisation profile. Authorisations
are declared between a group of users and a group of target accounts (which means that each target
account must belong to a target account group, and that each user must belong to a user group).
The authorisation allows users in group X to access target accounts in group Y, via protocols A,
B, or C.
You can also define a number of different WAB administrator profiles, with rights limited, for exam-
ple, to audit, adding users, system administration, authorisations, etc.
2.4. Roll-out
The WAB includes a set of import tools to facilitate roll-out.