Manual / Using Conseal Server / Administration

This page is reachable by clicking the "Admin" tab at the top of the page when logged in as an administrator. It allows an administrative user to configure specific server options such as where it is served from and what features are available. Generally, once Conseal Server has been installed there should be no need to make any changes to its configuration files. All configuration is available via the web to specific privileged users.

This page is split into sections as follows:

Address and Port

This section configures the server's bind-to address and port (i.e., where it is served from). The IP address is selected from the drop-down list and a selection of "All Available" indicates that the chosen port will be bound to on every IP in which it is not already taken. The port number is specified in the box below. Note that the default port for HTTP is 80 and HTTPS is 443.

Conseal can be configured to automatically choose a valid IP address / port if the selected one is not available. This is enabled by default so that Conseal Server works "out of the box"; however, once an address/port has been chosen and the server put into production, it would be prudent to disable this. To do so, uncheck "automatically select a different port...".

Finally, Conseal Server can serve all its pages via HTTPS. This is strongly recommended for production environments as it prevents password snooping via wiretapping. For more information on enabling HTTPS, see Configuring HTTPS. Enabling HTTPS is achieved by checking the HTTPS checkbox.

Once any change has been made to this section, click the "Save Address Settings" button. The changes made, if valid, will take effect immediately. Note that the very nature of some of the options in this section means that you may have to browse to a different address and/or log back in after the change has been made.

Licensing

This section provides an overview of your current Conseal Server license, indicating expiry dates where relevant. For a more in-depth understanding of the features available with your license, or to apply or activate a license key, click View or apply new license.

Server Features and Options

This section controls other miscellaneous settings relating to Conseal Server's operation. They are:

Allow devices to be shared — uncheck this option to prevent device owners and administrators from allowing other users control over their device. If unchecked, only device administrators and the user who originally Consealed a device will be permitted to administrate the device.

Enable password resetting — when checked, adds a "forgot password?" link to the home page. This link allows users enter their user name and a new password is sent to them. For this to work, either Conseal Server must be set up so that users log on using their email address, or the SMTP server given below must recognise the Conseal Server username as a mailbox. Note that password resetting is not available for Active Directory users, as the password is stored and managed by the Active Directory server and not Conseal Server.

Timezone — selects the time zone in which this server lies. This affects the times shown in all device history logs as well as the time zone to which the time based access rules apply.

Proxy servers — this option is present to prevent IP spoofing in device history logs. By default, Conseal Server will record the IP address of the connecting machine in its device usage logs (and when determining whether an unlock attempt meets configured network access rules). Note that this expressly ignores any IP address given in X-Forwarded-For headers (described in Forwarded HTTP Extension), as these could be used for IP spoofing. However if there is a known proxy server for which such headers are valid, enter its address here. Conseal Server will then record the addresses given in the headers for connections from those IP addresses only. This option is helpful if Conseal Server sits behind a back-facing proxy server in your environment.

Database Server

Conseal Server uses a MySQL database to store information on users, devices, usage logs and settings. This allows it to take advantage of MySQL's vast scalability as well as providing its entire database in a common format, thereby allowing scripted access to its contents. This section controls which database server is used.

The controls are:

Server address / port — specify the IP address and port of the MySQL server.

Database name - specify the name of the database on the given server which Conseal Server should use

Username / password — the credentials required for full access to the given database on the given server. The user should be permitted to read and write data as well as add tables or columns.

To create an entirely new Conseal database, click the create a new database link.

Email Configuration

Specify here the details of an SMTP server which Conseal Server can use to send alert emails and password reset notifications.

Server address / port — the address of the SMTP server (either hostname or IP) and its port

Username / password — if the server requires authentication, enter the username and password here. Otherwise, leave blank.

Active Directory Integration

This section details how many Active Directory domains this server is linked with. To add or remove Active Directory domains, click Configure Active Directory integration. This will take you to the Active Directory domains page.

Contents

Frequently Asked Questions

Installation

Using Conseal Server

Conseal Server Concepts