Manually Configuring Parent and Child Domains

If you want to manage users spread across multiple domains, then, all domains, except the eG manager’s domain (which can be auto-discovered), will have to be manually configured using the eG administrative interface.

Follow the steps below to manually add parent and child domains:

  1. Click on the global Domain(s) node in the tree structure in the left panel, and then click the Add a new domain button in the right panel.
  2. Figure 1 then appears displaying the parameters to be configured for creating a new domain.

    manual add domain-new

    Figure 1 : Manually configuring a domain

  3. In the right panel of Figure 1, specify the following to create a parent domain:

    • Provide a Display Name for the new domain.
    • To manually configure the IP address and port number of the domain server, set the Discover DNS flag to Manual.
    • Next, specify the fully-qualified Domain Name.

      Note:

      eG Enterprise disallows Domain Name duplication- i.e., you cannot assign the domain name of an existing parent/child domain to a new domain.

    • If the domain has an alias name in the target environment, you can set the Does domain have an alias? flag t Yes. By default, this flag is set to No. If there exists an alias name, then, you can specify the other name of the domain in the Domain Alias Name text box.
    • To add a parent domain, set the Parent Domain parameter to None.
    • Since auto-discovery of DNS is disabled, you need to manually specify the Domain IP and Port No of the AD server.
    • To connect to the AD server and access the domain user information stored within, the eG manager requires a domain user’s privileges. To facilitate this connection, provide a valid domain user’s name and password against Domain User and Domain User's Password.
    • Then, indicate whether the AD server is SSL-enabled or not, by setting the ssl flag to Yes or No, as the case may be. If the ssl flag is set to Yes, then you will have to follow the procedure discussed in the Appendix below to ensure that the eG manager is able to communicate with the AD server over SSL.
    • Next, indicate how accesses to the AD server are to be authenticated - using Kerberos or LDAP. Kerberos is a computer network authentication protocol which works on the basis of "tickets" to allow nodes communicating over a network to prove their identity to one another in a secure manner. Kerberos is ideal for AD environments with high security considerations. The Lightweight Directory Access Protocol on the other hand, is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. The LDAP authentication mechanism is best suited for environments with not very high security constraints.
    • Next, indicate whether the Domain User's Password that you have provided here for enabling the eG manager to connect to the AD server, should be saved in eG Enterprise or not. To save the password, set the Save Domain User Password in eG Enterprise? flag to Yes. If this is done, then, the specified Domain User's Password will be automatically encrypted and saved to the eg_authenticate.ini file, which will be available in the <EG_MANAGER_INSTALL_DIR>\manager\config directory. On the other hand, if the Save Domain User Password flag is set to No instead, the password will not be saved to the eg_authenticate.ini file. If the password is not saved, then every time the eG manager attempts to connect to the AD server - say, when validating/registering domain user profiles configured on the eG manager (using the add user page) with the AD server - you will be prompted for the Domain User's Password.
    • Also, indicate whether/not the domain being configured should be set as the default domain at the time of login. To set the new domain as the default domain, set the Set as default domain for login? flag to Yes. If this is done, then the next time a user attempts to log into the eG management console by typing his/her user name in the login page, the Domain selection will instantly change from Local to the domain that you have set as the default. This capability is most useful in environments where the eG manager integrates with only one domain. By setting this domain as the default, administrators can save users the trouble of selecting a Domain every time he/she tries to login. 
    • Next, indicate whether you wish to discover and display specific details of a user (for e.g., location, address etc) who is part of the domain in the eG monitoring console. To discover and display the user information in the eG monitoring console, set the Discover User Details from AD flag to Yes. By default, this flag is set to No.
    • Then, to verify the correctness of your specifications, click the Validate button. Figure 2 will then appear indicating whether/not the Display Name, Domain Name, Domain IP, Port No, Domain User, and Domain User Password values that you have provided are indeed valid.

      Figure 2 : Validating the specifications of a domain that has been manually configured

    • Click the Update button to add the new domain.
    • Once the parent domain is added to the eG Enterprise system, a message to that effect will appear (see Figure 3). The tree in the left panel will also change to reflect the addition of the parent domain.

      Figure 3 : The tree structure indicating that another parent domain has been added

  4. A parent domain that is created manually can be viewed or modified the same way as an auto-discovered parent domain. Therefore, follow the procedure described in steps 5 – 9 in Automatically Discovering Parent and Child Domains above to know how to view/edit the details of a parent domain. To know how to delete a manually configured parent domain, follow the same procedure described in step 13 of Automatically Discovering Parent and Child Domains above.  
  5. For all parent domains that are created manually, sub-domains also need to be manually created. To do so, follow the steps given below:

    • Right-click on the node representing the manually configured parent domain in the domain(s) tree, and pick the Add Sub-domain option from the What would you like to do? list in the right panel (see Figure 4) .

      manual add sub domain1-new

      Figure 4 : Selecting the ‘Add Sub-domain’ option

    • When Figure 5 appears, first provide a Display Name for the sub-domain.

      manual add subdomain-new

      Figure 5 : Manually adding a child domain

    • Set the Discover DNS flag to Manual.

      Note:

      Note that if a parent domain is configured manually, then its sub-domains cannot be auto-discovered - i.e., you should not set the Discover DNS flag to Auto while configuring such a sub-domain.

    • Provide the fully-qualified Domain Name.
    • Next, from the Parent Domain list, select the parent domain under which this sub-domain is to be created.
    • Since auto-discovery of DNS is disabled, you need to manually specify the Domain IP and Port No of the AD server.
    • To connect to the AD server and access the domain user information stored within, the eG manager requires a domain user’s privileges. To faciliate this connection, provide a valid domain user's name and password against Domain User and Domain User Password.
    • Then, indicate whether the AD server is SSL-enabled or not, by setting the ssl flag to Yes or No, as the case may be. If the ssl flag is set to Yes, then you will have to follow the procedure discussed in the Appendix below to ensure that the eG manager is able to communicate with the AD server over SSL.
    • Next, indicate how accesses to the AD server are to be authenticated - using Kerberos or LDAP. Kerberos is a computer network authentication protocol which works on the basis of "tickets" to allow nodes communicating over a network to prove their identity to one another in a secure manner. Kerberos is ideal for AD environments with high security considerations. The Lightweight Directory Access Protocol on the other hand, is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. The LDAP authentication mechanism is best suited for environments with not very high security constraints.
    • Next, indicate whether the Domain User Password that you have provided here for enabling the eG manager to connect to the AD server, should be saved or not. To save the password, set the Save Domain User Password in eG Enterprise?  flag to Yes. If this is done, then, the specified Domain User Password will be automatically encrypted and saved to the eg_authenticate.ini file, which will be available in the <eg_manager_install_dir>\manager\config directory. On the other hand, if the Save Domain User Password in eG Enterprise? flag is set to No instead, the password will not be saved to the eg_authenticate.ini file. If the password is not saved, then every time the eG manager attempts to connect to the AD server - say, when validating the domain configuration using the eG manager or when validating/registering domain user profiles configured on the eG manager (using the add user page) with the AD server -  you will be prompted for the Domain User Password.
    • Also, indicate whether/not the domain being configured should be set as the default domain at the time of login. To set the new domain as the default domain, set the Set as default domain for login? flag to Yes. If this is done, then the next time a user attempts to log into the eG management console by typing his/her user name in the login page, the Domain selection will instantly change from Local to the domain that you have set as the default. This capability is most useful in environments where the eG manager integrates with only one domain. By setting this domain as the default, administrators can save users the trouble of selecting a Domain every time he/she tries to login. 
    • In virtual environments where LDAP is used to authenticate access to the AD server, administrators may want to keep track on specific user information for e.g., location, vendor etc of the users accessing their environment through the AD server. For example, in addition to viewing the user experience with their virtual environment, if administrators are able to view the location of the user, it would help them troubleshoot location specific issues at the earliest. This approach would definitely help administrators improve the overall performance of their environment. To view such user specific information in the eG monitoring console, administrators should do the following:

      • First, set the Discover User Details from AD flag to Yes. By default, this flag is set to No.

        Once this flag is set to Yes, the user specific information will automatically be populated in the ADUserDetails.ini file that is located in the <EG_INSTALL_DIR>/manager/config location.

        If the Discover User Details from AD flag is set to Yes, then an additional Update User Details from AD option will appear in the What would you like to do? list in the right panel as shown in Figure 10. Clicking the Update button will immediately integrate the user information from the domain to the ADUserDetails.ini file available in the <EG_INSTALL_DIR>\manager\config directory.

        Note:

        By default, the user information available in the domain will be integrated with the ADUserDetails.ini file once in 7 days. If you wish to override this default, setting, then you can do the following:

        • Edit the eg_services.ini file (in the <EG_INSTALL_DIR>\manager\config directory).
        • Set the ThreadFrequency parameter in the [ADUserDetails_Thread_Settings] section of the file to a frequency  of your choice.
        • By default, the information will be integrated every Sunday. If you wish to override this default day, then you can change the DayToRun parameter to the day of your choice.
        • Save the file.

        The user specific information so updated can be viewed in the eG monitoring console in the following features offered by the eG Enterprise Suite:

        • User Experience Dashboard
        • Current Alarms
        • Layer model page of the tests where users are the descriptors of the tests
    • Then, to verify the correctness of your specifications, click the Validate button.
    • Once the specifications are validated, click the Update button to add the new domain.
    • Once a sub-domain is manually added, a message to that effect will appear. The tree will also change to reflect the addition of the sub-domain.

      Figure 6 : A message indicating that the sub-domain has been successfully created

  6. Similarly, you can add multiple child domains to a parent domain. In fact, you can even add sub-domains to a child domain.
  7. Also, unlike an auto-discovered sub-domain where changes cannot be made to domain details, you can modify a manually-configured sub-domain. For this, select the node representing the sub-domain from the domain(s) tree, and choose the Modify domain details option from the What would you like to do? list in the right panel.

    Note:

    Whenever the configuration of a parent / child domain is modified or deleted, make sure that you restart the eG manager.

  8. Also, you have the option of deleting a sub-domain. For this, select the sub-domain node from the domain(s) tree, and pick the Delete domain option from the What would you like to do? list (see Figure 7).

    delete subdomain-new

    Figure 7 : The menu list displaying the Delete option

  9. A message box depicted by Figure 8 will appear requesting your confirmation to delete the chosen sub-domain. Click the ok button to proceed with the deletion.

    Figure 8 : Confirming the deletion of a manually created sub-domain

    Note:

    Ensure that the eG manager is restarted after deleting a parent/child domain.

  10. To simply view the names and current configuration of the parent and child domains that have been created using the eG administrative interface, just click on the global Domain(s) node in the tree-structure. Figure 9 will appear.

    Figure 9 : Viewing the names and current configuration of all domains

  11. You can delete all displayed domains at one shot by simply clicking on the Delete all domains button in the right panel of Figure 9.

    Note:

    Discovery of AD and KDCs is an on-going process - a configurable time period is used to determine for how long discovered AD/KDC information is cached by the eG manager. The default period is 15 minutes. To override this default setting, do the following:

    • Edit the eg_services.ini file (in the <EG_INSTALL_DIR>\manager\config directory)
    • Set the ADRediscovery parameter in the [misc_args] section of the file to a duration (in minutes) of your choice.
    • Save the file
  12. If the Discover User Details from AD flag is set to Yes, then an additional Update User Details from AD option will appear in the What would you like to do? list in the right panel as shown in Figure 10. Clicking the Update button will immediately integrate the user information from the domain to the ADUserDetails.ini file available in the <EG_INSTALL_DIR>\manager\config directory.

    By default, the user information available in the domain will be integrated with the ADUserDetails.ini file once in 7 days. If you wish to override this default, setting, then you can do the following:

    • Edit the eg_services.ini file (in the <EG_INSTALL_DIR>\manager\config directory)
    • Set the ThreadFrequency parameter in the [ADUserDetails_Thread_Settings] section of the file to a frequency  of your choice.
    • By default, the information will be integrated on every Sunday. If you wish to override this default, day, then you can change the DayToRun parameter to the day of your choice.
    • Save the file.