Trend Micro™ Hosted Email Security Active Directory

Trend Micro™ Hosted Email Security Active Directory
Trend Micro Incorporated reserves the right to make changes to this document and to
the product described herein without notice. Before installing and using the product,
review the readme files, release notes, and/or the latest version of the applicable
documentation, which are available from the Trend Micro website at:
http://docs.trendmicro.com/en-us/smb/hosted-email-security.aspx
Trend Micro, the Trend Micro t-ball logo, Trend Micro Antivirus, TrendLabs,
TrendEdge, and Smart Protection Network are trademarks or registered trademarks of
Trend Micro Incorporated. All other product or company names may be trademarks or
registered trademarks of their owners.
Copyright © 2015. Trend Micro Incorporated. All rights reserved.
Document Part No.: APEM26478/140919
Release Date: December 2015
Protected by U.S. Patent No.: Patents pending.
This documentation introduces the main features of the product and/or provides
installation instructions for a production environment. Read through the documentation
before installing or using the product.
Detailed information about how to use specific features within the product may be
available at the Trend Micro Online Help Center and/or the Trend Micro Knowledge
Base.
Trend Micro always seeks to improve its documentation. If you have questions,
comments, or suggestions about this or any Trend Micro document, please contact us at
[email protected]
Evaluate this documentation on the following site:
http://www.trendmicro.com/download/documentation/rating.asp
Table of Contents
Preface
Preface ................................................................................................................. iii
Documentation .................................................................................................. iv
Audience ............................................................................................................. iv
Document Conventions .................................................................................... v
Chapter 1: Introduction
About Trend Micro Hosted Email Security ............................................... 1-2
About Active Directory Synchronization Tool .......................................... 1-2
Chapter 2: Installing Active Directory Synchronization Tool
System Requirements ..................................................................................... 2-2
Downloading Active Directory Synchronization Tool Installation
Program ............................................................................................................ 2-2
Enabling Hosted Email Security Web Services .......................................... 2-3
Installing Active Directory Synchronization Tool ..................................... 2-4
Updating Active Directory Synchronization Tool ..................................... 2-5
Chapter 3: Using Active Directory Synchronization Tool
Configuring Active Directory Synchronization Tool ................................ 3-2
Configuring Service Settings ................................................................. 3-2
Configuring Source Directory .............................................................. 3-3
Removing Source Directory ................................................................. 3-6
Updating Source Directory ................................................................... 3-7
Testing Synchronization Locally ................................................................... 3-7
Synchronizing Groups and Email Accounts .............................................. 3-8
Viewing Synchronization History ................................................................ 3-9
i
Active Directory Synchronization Tool User Guide
Configuring Hosted Email Security Server .............................................. 3-10
Appendix A: Troubleshooting Active Directory
Synchronization Tool
Diagnostic Logs in Active Directory Synchronization Tool ................... A-2
Troubleshooting Active Directory Synchronization Tool ....................... A-2
Index
Index .............................................................................................................. IN-1
ii
Preface
Preface
Welcome to the Trend Micro™ Hosted Email Security Active Directory
Synchronization Tool User Guide. This guide introduces the Active Directory
Synchronization Tool and explains how to use the Active Directory Synchronization
Tool to synchronize groups and email accounts from Active Directory to the Hosted
Email Security server.
This section includes the following topics:
•
Documentation on page iv
•
Audience on page iv
•
Document Conventions on page v
iii
Active Directory Synchronization Tool User Guide
Documentation
The documentation set for Hosted Email Security includes the following:
Table 1. Product Documentation
Document
Description
Administrator Guide
The Administrator Guide contains information about
Hosted Email Security and provides instructions on how to
configure Hosted Email Security to protect your network
from spam, phishing and malware before they reach your
network.
Active Directory
Synchronization Tool User
Guide
The Active Directory Synchronization Tool User Guide is a
PDF document that introduces Hosted Email Security
Active Directory Synchronization Tool and explains how to
use the Active Directory Synchronization Tool to
synchronize groups and email accounts from Active
Directory to the Hosted Email Security server.
Support Portal
The Support Portal is an online database of problemsolving and troubleshooting information. It provides the
latest information about known product issues. To access
the Support Portal, go to the following website:
http://esupport.trendmicro.com
View and download the documentation at:
http://docs.trendmicro.com/en-us/smb/hosted-email-security.aspx
Audience
The Hosted Email Security documentation is written for IT administrators and security
analysts. The documentation assumes that the reader has an in-depth knowledge of
networking and information security, including the following topics:
iv
•
Network topologies
•
Active Directory management
Preface
•
Policy management and enforcement
The documentation does not assume the reader has any knowledge of threat event
correlation.
Document Conventions
The documentation uses the following conventions:
Table 2. Document Conventions
Convention
Description
UPPER CASE
Acronyms, abbreviations, and names of certain
commands and keys on the keyboard
Bold
Menus and menu commands, command buttons, tabs,
and options
Italics
References to other documents
Monospace
Sample command lines, program code, web URLs, file
names, and program output
Navigation > Path
The navigation path to reach a particular screen
For example, File > Save means, click File and then click
Save on the interface
Note
Tip
Important
Configuration notes
Recommendations or suggestions
Information regarding required or default configuration
settings and product limitations
v
Active Directory Synchronization Tool User Guide
Convention
WARNING!
vi
Description
Critical actions and configuration options
Chapter 1
Introduction
This section provides a brief introduction about Trend Micro™ Hosted Email Security
and Hosted Email Security Active Directory Synchronization Tool.
This section includes the following topics:
•
About Trend Micro Hosted Email Security on page 1-2
•
About Active Directory Synchronization Tool on page 1-2
1-1
Active Directory Synchronization Tool User Guide
About Trend Micro Hosted Email Security
Trend Micro™ Hosted Email Security is a no-maintenance solution that delivers
continuously updated protection to stop spam, phishing, and malware before they reach
your network.
Using Trend Micro Hosted Email Security, mail administrators can set up rules to
remove detected viruses and other malware from incoming messages before they reach
the corporate network. Administrators can quarantine detected spam and other
inappropriate messages. Then, intended message recipients or mail administrators can
choose to release or delete the quarantined messages.
About Active Directory Synchronization Tool
The Hosted Email Security Active Directory Synchronization Tool is a Microsoft Active
Directory connector, installed in your environment and has access to your Hosted Email
Security. It can synchronize the user email accounts and the group members email
accounts from the Active Directory server to the Hosted Email Security server.
Synchronizing email accounts enables the Hosted Email Security server to verify each
email message by performing a valid recipient check. Synchronizing user groups enables
you to define policies for user groups in Hosted Email Security.
1-2
Chapter 2
Installing Active Directory
Synchronization Tool
This section includes the following topics:
•
System Requirements on page 2-2
•
Downloading Active Directory Synchronization Tool Installation Program on page 2-2
•
Enabling Hosted Email Security Web Services on page 2-3
•
Installing Active Directory Synchronization Tool on page 2-4
•
Updating Active Directory Synchronization Tool on page 2-5
2-1
Active Directory Synchronization Tool User Guide
System Requirements
Review the following requirements before installing Hosted Email Security Active
Directory Synchronization Tool.
Table 2-1. System Requirements for Active Directory Synchronization Tool
Component
Requirements
Operating System
Microsoft Windows Server 2008 or 2012
Memory
Minimum 2-GB
Hard disk
Minimum 1-GB available for installation and processing
data
Others
•
Internet access
•
Support for Microsoft Active Directory 2003, 2008 or
2012
•
Microsoft .NET Framework 3.5
Downloading Active Directory Synchronization
Tool Installation Program
Procedure
1.
2-2
Log on to the Hosted Email Security administration console by navigating to one
of the following URLs:
•
European region: https://ui.hes.trendmicro.eu
•
Other regions: https://ui.hes.trendmicro.com
2.
Go to Administration > Web Services.
3.
Under the Downloads section on the Web Services screen, click
the Active Directory Synchronization Tool.
to download
Installing Active Directory Synchronization Tool
Enabling Hosted Email Security Web Services
Web services programs in Hosted Email Security are disabled for your email domains by
default. Enable Web services to allow the Active Directory Synchronization Tool to
communicate and synchronize directory data from Active Directory to Hosted Email
Security.
Procedure
1.
Go to Administration > Web Services.
2.
Make sure that you have a Service Authentication Key. If no Authentication Key is
generated before, click Generate New Key.
The Active Directory Synchronization Tool uses the Authentication Key to
authenticate the communication. If an Authentication Key is already generated on
your administrative console, copy and paste the Authentication Key to the Active
Directory Synchronization Tool. Without the Authentication Key, the Active
Directory Synchronization Tool will be unable to communicate with Hosted Email
Security Web services.
Note
For added security, you may choose to periodically generate a new Authentication
Key by clicking Generate New Key. You will then update your Active Directory
Synchronization Tool to use the new Authentication Key. Note that once a new
Authentication Key is generated, the old key becomes obsolete.
3.
Click the disabled
icon on the right to enable Applications. This allows your
Active Directory Synchronization Tool to communicate with Hosted Email
Security Web services.
2-3
Active Directory Synchronization Tool User Guide
Figure 2-1. Web Services screen
Installing Active Directory Synchronization
Tool
Note
Before installing the Active Directory Synchronization Tool, make sure that the computer
where you want to install the tool meets the system requirements mentioned under the
section System Requirements on page 2-2.
Note
Trend Micro recommends installing this tool on a separate computer than where the Active
Directory is installed.
2-4
Installing Active Directory Synchronization Tool
Procedure
1.
Run the HESActiveDirectorySynchronizationTool.msi application package to
start the installation program.
The welcome screen appears.
2.
Click Next.
The End-User License Agreement screen displays.
3.
Accept the license agreement and click Next.
The Destination Folder screen displays.
4.
Select the location where you want to install the tool, and then click Next.
The Ready to Install screen displays.
5.
Click Install.
The Installing screen displays.
Note
If the User Account Control is enabled on your operating system, a pop-up appears
requiring you to provide the administrator's access. Click Yes on the User Account
Control pop-up to allow the installation.
6.
Click Finish on the screen that appears after the installation completes.
Updating Active Directory Synchronization
Tool
If your Active Directory Synchronization Tool is outdated or a new version is available
in Hosted Email Security, you can update the Synchronization Tool by uninstalling the
current program and then installing the latest version.
2-5
Active Directory Synchronization Tool User Guide
Procedure
1.
•
clientconf.xml
•
sources.xml
2.
Download the latest version of Active Directory Synchronization Tool form the
Hosted Email Security server. See Downloading Active Directory Synchronization Tool
Installation Program on page 2-2 for the procedure.
3.
Uninstall the current version of Active Directory Synchronization Tool on your
computer.
4.
Install the latest version of Active Directory Synchronization Tool you downloaded
in Step 2 of this procedure, into the same folder where you installed the previous
version. See Installing Active Directory Synchronization Tool on page 2-4 for the
procedure.
5.
Copy the following files that you had backed up in Step 1 of this procedure to your
installation folder:
6.
2-6
Navigate to the location on your computer where the Active Directory
Synchronization Tool is installed, and backup the following files:
•
clientconf.xml
•
sources.xml
Start the Active Directory Synchronization Tool to review your settings.
Chapter 3
Using Active Directory
Synchronization Tool
This section includes the following topics:
•
Configuring Active Directory Synchronization Tool on page 3-2
•
Synchronizing Groups and Email Accounts on page 3-8
•
Testing Synchronization Locally on page 3-7
•
Viewing Synchronization History on page 3-9
3-1
Active Directory Synchronization Tool User Guide
Configuring Active Directory Synchronization
Tool
Configuring Service Settings
You can configure your Hosted Email Security connection settings on Service Settings
tab.
Procedure
1.
Start the Active Directory Synchronization Tool application.
2.
On the Service Settings tab, configure the following:
•
Under Hosted Email Security Administrator Logon Account section:
•
Account Name: Your administrator account name you use to log on to
Hosted Email Security administration console.
•
Service Auth Key: Your service authentication key for Hosted Email
Security server.
Note
You can find your service authentication key on the Web Services screen
(Administration > Web Services) on Hosted Email Security
administration console.
•
3-2
Under Proxy Settings section:
•
Do not use a proxy: If your network does not require a proxy, select
this option to disable this setting.
•
Automatically detect proxy settings: Select this option to let Active
Directory Synchronization Tool automatically detect your network proxy
settings.
Using Active Directory Synchronization Tool
•
Manually set the proxy (HTTP): Select this option to manually set the
proxy Server and Port settings for your proxy server. If required, also
type the proxy User Name and Password.
Note
Active Directory Synchronization Tool currently supports HTTP proxy
only.
•
Synchronize every x hours: Select this option and specify the duration in
hours, if you want the Active Directory Synchronization Tool to automatically
synchronize the user groups and email accounts from Active Directory to
Hosted Email Security on a recurrent basis.
Note
This setting requires you to synchronize data manually for the first time. Later
on, the Active Directory Synchronization Tool automatically synchronizes data
according to your setting.
3.
Click Apply.
Configuring Source Directory
You can configure your Active Directory connection settings and synchronization
source on Source Directory tab.
Note
If your network includes multiple Active Directory sources, configure all of these sources
on the Source Directory tab, to enable Active Directory Synchronization Tool to
synchronize directory data from all of the sources.
Procedure
1.
Start the Active Directory Synchronization Tool application.
3-3
Active Directory Synchronization Tool User Guide
2.
3-4
On the Source Directory tab, configure the following under Synchronization
Source Setting section:
•
Source Name: The name of the Active Directory source directory from
where users and groups are imported to Hosted Email Security server.
•
Source Type: The type of directory that you are connecting that hosts users
and groups. Select Microsoft Active Directory or Microsoft AD Global
Catalog from the drop-down list.
•
Host Name: The host name or IP address of the Active Directory server.
•
Port: The port number used by Active Directory server.
•
Use SSL: If your Active Directory requires an encrypted connection, select
this option.
•
User Name and Password: The user name and password that Active
Directory Synchronization Tool will use to bind to Active Directory.
•
Base DN: The base distinguished name of the Active Directory server. If
your source type is Microsoft AD Global Catalog, you can leave this field
blank.
•
Sync Type: The items (Valid recipients or Groups) to synchronize from
Active Directory server to Hosted Email Security server.
3.
Click Add to add the source to the List of Source Directories to Sync at the
bottom of the screen.
4.
Click the text Click here to manage groups under Sync Groups column, or the
group count under Group Count column to manage groups that you want to
synchronize to the Hosted Email Security server.
Using Active Directory Synchronization Tool
Figure 3-1. Source Directory tab
The Manage Groups to Sync window appears.
5.
From the Available Groups in Directory list on the left side of the screen, select
the groups that you want to synchronize, and then click the >> button to move the
3-5
Active Directory Synchronization Tool User Guide
selected groups to the Groups to Sync list on the right. You can use the search
box at the top of the list to find groups from the list.
To remove groups, that you do not want to synchronize, from the Groups to Sync
list, select the groups that you want to remove and then click << button to move
the selected groups to the Available Groups in Directory list. You can use the
search box at the top of the list to find groups from the list.
Note
You can only select up to 50 groups from all the sources to synchronize.
6.
Click Apply.
Removing Source Directory
You can remove the source directory in Active Directory Synchronization Tool from the
Source Directory tab.
Important
Removing a directory source will also remove the policies applied to the groups from this
source while synchronizing directories the next time.
Procedure
3-6
1.
Start the Active Directory Synchronization Tool application.
2.
Click the Source Directory tab.
3.
Under the List of Source Directories to Sync section at the bottom of the screen,
click the Active Directory source you want to remove from the list, and then click
Remove at the bottom right of the screen.
Using Active Directory Synchronization Tool
Updating Source Directory
If you have already configured a source directory in Active Directory Synchronization
Tool, you can update its information to match the current settings.
Procedure
1.
Start the Active Directory Synchronization Tool application.
2.
Click the Source Directory tab.
3.
Under the List of Source Directories to Sync section at the bottom of the screen,
double-click the Active Directory source that you want to update.
All the fields under Synchronization Source Setting section populate with the
current source information.
4.
Modify the information as required, and then click Update to update and save the
source information.
Testing Synchronization Locally
The Active Directory Synchronization Tool enables you to test the synchronization on
the local computer before synchronizing with the Hosted Email Security server.
Procedure
1.
Start the Active Directory Synchronization Tool application.
2.
Click the Source Directory tab.
3.
Configure at least one source directory for Active Directory Synchronization Tool
to synchronize from. See Configuring Source Directory on page 3-3 for the procedure.
4.
Click Test Sync Locally, and select a folder on your local computer where you
want to save the directory data.
3-7
Active Directory Synchronization Tool User Guide
5.
The synchronization starts and creates the text (txt) files that contain groups
and/or email accounts, at your selected location.
6.
The synchronization starts and creates one or both of the following text (txt) files
after it completes:
•
Valid_recipients_yyyymmdd-hhmmss.txt: This file includes the email addresses
that are included in the source directory, and belong to the email domains that
are registered with Hosted Email Security.
•
Groups_yyyymmdd-hhmmss.txt: This file provides the association of each email
address with the groups in Active Directory, and includes the following
information:
•
The number of email addresses that are included in each group.
•
The group names that include a certain email address.
Note
The Active Directory Synchronization Tool will only create these files if the related
sync type is selected, and the directory sources contain the related data.
Synchronizing Groups and Email Accounts
The Active Directory Synchronization Tool synchronizes groups and email accounts
from the Active Directory to the Hosted Email Security server.
Note
Trend Micro recommends testing the synchronization locally before synchronizing the
groups and email accounts from Active Directory to the Hosted Email Security server. See
Testing Synchronization Locally on page 3-7 for the procedure.
3-8
Using Active Directory Synchronization Tool
Important
You can only use one Active Directory Synchronization Tool application to synchronize
data. If you use Active Directory Synchronization Tool application installed on another
location, the data synchronized from the last tool will be overwritten.
Procedure
1.
Start the Active Directory Synchronization Tool application.
2.
Configure the Hosted Email Security service settings. See Configuring Service Settings
on page 3-2 for the procedure.
3.
Configure at least one source directory for Active Directory Synchronization Tool
to synchronize from. See Configuring Source Directory on page 3-3 for the procedure.
4.
On the Service Settings tab, click Synchronize Now.
The synchronization starts and, displays the status on the Synchronization
History tab.
Viewing Synchronization History
The Active Directory Synchronization Tool keeps the synchronization history and
displays the last seven (7) days of history on the Synchronization History tab.
Procedure
1.
Start the Active Directory Synchronization Tool application.
2.
Click the Synchronization History tab to view the history.
The logs includes the following statuses:
•
Synchronization started
•
Synchronizing data…
3-9
Active Directory Synchronization Tool User Guide
•
Synchronization successful
•
Synchronization unsuccessful
Configuring Hosted Email Security Server
After synchronizing groups and email accounts from Active Directory to Hosted Email
Security server, you can perform the following:
•
Configure policies on the Hosted Email Security server for the newly imported
groups.
See Configuring a Policy topic in Hosted Email Security Administrator’s Guide for the
configuration details and procedure.
•
Enable Hosted Email Security to perform the valid recipient check on Directory
Management screen (Administrator > Directory Management).
See About Directory Management topic in Hosted Email Security Administrator’s Guide
for the configuration details.
3-10
Appendix A
Troubleshooting Active Directory
Synchronization Tool
This section includes the following topics:
•
Diagnostic Logs in Active Directory Synchronization Tool on page A-2
•
Troubleshooting Active Directory Synchronization Tool on page A-2
A-1
Active Directory Synchronization Tool User Guide
Diagnostic Logs in Active Directory
Synchronization Tool
In case you encounter any problem in using Hosted Email Security Active Directory
Synchronization Tool, you can collect diagnostic logs and send them to for analysis to
provide any solution.
The diagnostic log files are located at the following directory:
…\Trend Micro\HES Directory Sync Client\logs\
The Active Directory Synchronization Tool creates the following three types of logs:
•
dsaconfig.log: Contains the UI configuration log details.
•
dsaservice.log: Contains synchronization tool service log details.
•
dsamonitor.log: Contains monitor log details.
Troubleshooting Active Directory
Synchronization Tool
If the Hosted Email Security Active Directory Synchronization Tool in unable to
synchronize groups and email accounts from Active Directory to Hosted Email Security
server, go through the following steps to troubleshoot the problem:
Procedure
1.
Navigate to the Synchronization History tab to view the reason mentioned in the
Details column for the latest unsuccessful attempt.
2.
Check the connection with Hosted Email Security server:
•
Go to the Service Settings tab, and click Apply.
The Active Directory Synchronization Tool attempts to connect to the
Hosted Email Security server, and verifies your account name and service
authentication key. This step also verifies if the Web Services are enabled on
A-2
Troubleshooting Active Directory Synchronization Tool
the Hosted Email Security server to allow the Active Directory
Synchronization Tool to synchronize data to the Hosted Email Security
server.
3.
If the Active Directory Synchronization Tool is outdated, or the new version of the
tool is available on the Hosted Email Security server, download and install the
latest version.
4.
If the Active Directory Synchronization Tool uploads the synchronization result to
the Hosted Email Security server, but the Hosted Email Security server still does
not update the directory data, then wait for some time, and try again.
5.
If the problem persists, contact Trend Micro Technical Support for help. Before
contacting Trend Micro Technical Support, make sure that you have the diagnostic
logs available with you that you can send to the Technical Support representative, if
required. See Diagnostic Logs in Active Directory Synchronization Tool on page A-2 for the
details on diagnostic logs.
A-3
Index
Symbols
.NET Framework, 2-2
A
about
Active Directory Synchronization Tool,
1-2
Hosted Email Security, 1-2
Active Directory connector, 1-2
administration console
European region, 2-2
other regions, 2-2
authentication key, 2-3, 3-2
generate, 2-3
automatic synchronization, 3-3
D
diagnostic logs, A-2
E
email accounts, 1-2, 3-4, 3-8
service, 3-2
source directory, 3-3
setup file, 2-5
system requirements, 2-2, 2-4
T
technical support, A-3
testing synchronization, 3-7, 3-8
troubleshoot, A-2
U
user groups, 1-2, 3-4, 3-8
V
valid recipient check, 1-2, 3-8
W
Web services, 2-2
authentication key, 2-3
download, 2-2
enable, 2-3
I
installation package, 2-5
Internet access, 2-2
L
log files, A-2
logs, 3-9, A-2
S
service authentication key, 2-3, 3-2
generate, 2-3
settings
proxy, 3-2
server, 3-10
IN-1
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement