Controlling Access to the Stratusphere Web UI

Overview

Stratusphere Hub appliance hosts the management Web UI as well as the registration module of the CID Key agents. Some organizations might want to restrict access to the Web UI to internal usage only, yet allow the CID Keys to register as usual. This document provides instructions on controlling access to the Stratusphere Web UI. These instructions apply to Stratusphere version 6.1.3 and higher.

Preparation

  1. Procure any change controls required to make changes to your Stratusphere Hub appliance.
  2. Acquire credentials of the friend and root users to access the console of the Stratusphere Hub appliance.
  3. Procure access to the local console of the Stratusphere Hub Appliance depending on the hypervisor on which the Hub is housed. Alternatively, any SSH client such as PuTTY can also be used to access the Hub provided SSH (TCP/22) is allowed.
  4. Determine the IPs addresses, CIDRs, or subnets that need to be granted access to the Stratusphere Web UI.

Instructions for Stratusphere Hub Appliance

  1. On the Stratusphere Hub appliance local console or in an SSH client like PuTTy, log in using the following credentials
  2. User ID: friend
  3. Password: sspassword
  4. Switch to root user using the following command: sudo bash
  5. Enter the default password when prompted: sspassword
  6. To set allowed IP addresses, enter the following on the command prompt:
  7. /opt/tnt/bin/tntdbconf UICIDR “10.10.2.45 10.10.3.0/24”
  8. Where 10.10.2.45 is a specific IP address that gets access and all 255 IP addresses within 10.10.3.0/24 get access to the Web UI. Replace these values with your specific addresses.
  9. Copy the following command and right-click within the PuTTy window to paste it:
  10. rm -f /opt/lwl/var/.mgmtip && /opt/lwl/bin/create_httpd_conf.sh
  11. Enter the lwl command to launch the Stratusphere Hub Appliance Menu and then type S for Software Services and A for Restart All Services. Type Q twice to exit the menu. This will restart the Web server and enforce the access control from that point forward.
  12. Press CTRL+D twice to log out and exit the session.
  13. Access the Stratusphere Web UI from any supported browser to test access control from within the allowed subnet IP address and from the areas that you want to deny access.