Logging on to the webGUI for the First Time
Contents
- Introduction
- An Overview of the webGUI
- Toggle Tips
- Form-based help
- Status information
- Viewing and Managing Alerts
- Informative links to the HyTrust website
- Session Timeout
Introduction
Administration of the HyTrust KeyControl cluster is through a standard web browser (Firefox, Safari, Chrome and IE). Communication between the UI and the KeyControl cluster is over HTTPS. It is recommended, although not required, that DNS entries are set up for each node in the KeyControl cluster.
An Overview of the webGUI
Access to the HyTrust system is through any standard browser. To access the system, simply enter the URL containing either the IP address or hostname of any KeyControl appliance in the cluster. Some examples of URLs:
https://192.168.140.151 https://kc-1.ht.int https://kc-cluster.ht.int
DNS entries should be set up appropriately for every KeyControl appliance and DataControl agent in the system. Once access is made to one of the KeyControl appliances in the cluster, the following screen is displayed:
During install, a single administrator is created called secroot with a password of secroot. After logging in for the first time, you will be presented with the EULA (one time only).
Once you accept the EULA, you will be prompted to change the default secroot user password. A minimum of 8 characters is required for the password. You will also enter an email address for this user if you wish to have email alerts enabled.
See the section Default Settings for changing password defaults and other default settings.
In the most common case the KeyControl cluster relies on email to send out alerts, pieces of the Admin key, etc. Note that we do support cases where there is no email access available. In this case just check the No email access box and leave all fields blank apart from typing old/new passwords. If you do check this box, admin key parts will be sent as alerts which you can view by clicking the Alerts link at the top right of the screen. We describe handling of admin key parts in the section KeyControl Backup and Restore.
If you have email access it is important that you ensure that you are able to receive email sent out by the KeyControl. Several ISPs and email service providers will reject email from improperly configured hosts. In order to ensure that email is reliably sent out, we recommend that you use an SMTP mail relay host (Ask your email administrator if you do not know the identity of your corporate email relay host). Examples for public mail systems include:
- smtp.gmail.com - Google Gmail- port can be 25 (or 587)
- smtp.live.com - Hotmail - (SSL enabled, port 587)
- smtp.mail.yahoo.com - Yahoo mail - (SSL enabled, port 995)
For a more extensive list, please refer to http://www.emailaddressmanager.com/tips/mail-settings.html
Some ISPs block port # 25 in order to cut down spam. Check if this is the case with your ISP. If so, try using port 587 which most mail servers now support. Check the SEND TEST EMAIL button to verify that it works for you.
To change the mail settings at a later date, refer to the Changing Default Settings in the Security Administration chapter.
Once you click Apply you will receive an Admin Key part in email within a minute or so. Be sure that this arrives in your specified mailbox. Keep this email safe since this key will be needed to restore the KeyControl appliance from backups.
For further details about distributing the Admin Key parts, see the section KeyControl Backup and Restore for further details.
Toggle Tips
Each screen in the HyTrust webGUI has an information bar with a yellow background that displays help information related to the screen that you are currently viewing.
Clicking on Hide tips will hide the tips window from all screens in the webGUI for this session. For example:
Note that a Show tips link now appears, also on every screen. You can bring the tips bar back by clicking on Show tips.
Form-based help
On all screens that require users to enter information and on many other screens where additional information is displayed, a question mark in a circle appears. For example:
By holding the mouse over the ?, additional information is displayed about the field in question.
Status information
Status information is displayed at the top of each screen:
These fields displayed are:
- User Info, providing the name of the logged-in user
- A link to update Account information (*)
- A link to Logout (*)
- A link to view Alerts (*)
- A link to view the Audit log (*)
- A link to to view the Administration Guide through online Help (*)
- The Status of the KeyControl cluster (Healthy or Degraded)
- The software Version number
- A link to the License screen (only for Security Administrators) (*)
- A Support link that allows you to automatically upload logs to HyTrust support (*)
(*) Fields that are clickable.
Viewing and Managing Alerts
Alerts are posted to administrative groups in response to various actions. Examples of alerts are:
- Logon disallowed for a user after typing the password incorrectly up to the maximum number of tries (that number is configured by you, the administrator)
- Attempting to add a new KeyControl appliance or DataControl agent fails due to license checks
- You hit space usage thresholds on the DataControl agent
Below is the User Alerts screen for the secroot user:
Alerts can be deleted by clicking the X icon and then clicking DELETE SELECTED ALERTS. To delete all alerts select the box to the right of Date and then click DELETE SELECTED ALERTS.
Even though alerts are posted to all members of a group, the alerts reside in each user's alert mailbox. Thus, deleting an alert will only delete the alert for that user. Alerts are also sent to the Admin's email address.
Informative links to the HyTrust website
There are links to the HyTrust website at the bottom-right of each screen in the webGUI.
Click on one of the links to open a new tab in the browser that takes you to the appropriate HyTrust web page.
Session Timeout
When logged on, if there is no activity for 30 minutes, your session will time out and you will be required to log on once again.
