How To Install The Argent Ninja Behind A Firewall


Overview

In situations where the Argent Ninja has to be accessed from the public network and customers have a security policy that defines public accessible web sites must be in a secure DMZ, the following article describes how the Argent Ninja and associated infrastructure components must be configured.

Technical Background

The Argent Extended Technology Main Engine is installed on a server in the internal LAN, the database for the Argent Extended Technology installation resides on a SQL server on the internal LAN.

A Windows IIS server is installed in the DMZ it is configured with Windows IIS server, the Argent Console GUI and the Argent Ninja Web site.

How To Install

  1. Open the following ports between the IIS Server, Argent MAIN Engine and SQL Server
    Source Destination Dest Port Function

     

     

     

     

    IIS Server

    Argent MAIN Engine

    3100

    AAC Console

    IIS Server

    MS SQL Server

    1433 (MS SQL)

    Database Records

    IIS Server

    Argent MAIN Engine

    445 (SMB over TCP)

    Argent MAPS & Config

    IIS Server

    Argent MAIN Engine

    ICMP PING (echo Request)

    Check MAIN Engine Online

    Public

    IIS Server

    80 (HTTP)

    Argent Ninja Web Site
  2. Setup a Local Administrator account on the IIS server – that has the same username and Password as the Argent Console MAIN Engine service Account.

  3. Install the Argent Console Client GUI

    Check the checkbox – Install The Client GUI Only For Main Engine and enter the IP Address of the Argent MAIN Engine.


    NOTE:

    You can use the name of the Argent MAIN Engine but it must be resolvable from the IIS Server

  4. Install the Argent Ninja – do not use Allow Anonymous Access

    The Argent Console Service Account Details

    Server Name: Argent Console MAIN Engine

    User Name & Password: These will match the details of the Argent Console service credentials of the service on the Argent MAIN Engine


    NOTE:

    Customer will need to provide Public DNS name and IP Address for access to the Argent Ninja Web Site.

  5. Setting Up Security – From the Argent Console GUI Client on the IIS Server – Go to Administration – Security Manager

    Set the field First Browse Users And Groups Of to LOCAL COMPUTER

    This will allow the use of Windows Groups from the IIS Server to secure the Argent Ninja Views.

    Now use the Node Security Setting as shown below to secure access to the Argent Ninja.

    Default Node Policy if set to Deny All then by default no one will see anything in the Argent Ninja

    Select New

    Populate with required security.

    Example:

    Above will allow users who are members of W2K3TEST\Ninja Group to View all events for servers in the &MG_ALL_SERVERS monitoring Group.

    Test User Against The Security Setting – will allow you to see what a particular user will be allowed access to.

See Also:

How To Secure The Argent Ninja

Example Of The Argent Ninja Security