Configuring Remote Settings
The remote settings page allows the administrator to configure web administration access, and remote Application Programming Interface (API) access to Cerberus FTP Server. Cerberus allows remote access to the server administrator using a web browser, or through the desktop Cerberus FTP Server Graphical User Interface (GUI) when logged into the server.
To activate remote access to the server administrator using a web browser, you must have a 'HTTP Admin' listener active, usually on port 8443, but any available port can be used. To add a new HTTPS Admin listener:
- Open the Server Manager page
- Select the Listeners tab
- Select the button in the top right corner to add a new interface. The “Add New Listener” dialog box will appear to ask for the interface details (interface IP, type, and port combination)
- Select the IP address that you want to listen for connections on
- Select the interface type (HTTPS Admin for web administration access)
- Enter the port you wish to listen on. Cerberus will automatically pre-populate the port with the default port for the type of listener you are adding. Web Admin is typically on port 8443.
- Press the Add button to add the listener
- The listener should now be added to the Interfaces list. Press Save to close the Server Manager and save your changes.
Cerberus exposes several APIs for controlling many aspects of the server using SOAP web services for software developers.
Remote Admin Settings (Administrator Accounts)
There is always a primary admin account, with full permissions to all server functions. The primary admin account is highlighted in green lettering in the administrator list.
|Primary Admin Username
|The username used to access the web administration page. This username is also used for basic authentication when using the SOAP web services API to access the server.
|Primary Admin Password
|The password used to access the web administration page. This password is also used for basic authentication when using the SOAP web services API to access the server.
|NOTE: This is also the username and password used when accessing Cerberus as a Windows Service from the Cerberus GUI. Normally, administrators won’t be prompted for this password and the GUI will automatically connect to the service whenever it is started.
The administrator can also control the server through web administration. The web administration feature has nearly the same capabilities as the desktop user interface. Most server functions can be controlled through web administration. We will be adding more features with every minor release until web administration mirrors the local graphical user interface.
Secondary Web Administration Accounts
You can add additional web administration users, and limit their access to different aspects of the server like user management, reporting, etc.
Secondary web administration users can be managed on the Remote Admin Settings page of the Remote tab.
Press the New button to create a new admin user.
The New Administrator button on the Remote page
The Cerberus Admin Account Dialog in the Server Manager
There are two types of administrators to choose from on the Administrator Type drop-down:
- Native Admin creates an admin account whose details and credentials are managed entirely within Cerberus FTP Server.
- Directory Admin type. This admin type allows you to extend Cerberus Administration rights to Active Directory users and groups. In order to add AD users as admins, you must first add an 'Administrators Users' domain in 'AD Users. See Web Administration Using Active Directory Accounts
Select the Administrator Type you want to create, then fill in the admin user's information in the New Cerberus Admin Account dialog that appears.
Directory Administrator Options
Selecting Directory Admin displays all the options you’ll need to grant Web Admin rights to directory-based users and groups:
The domain of the user/group to receive Admin access. The pull-down lists contain only AD Admin Connections. All Admin Connections appear in the pull-down, but most deployments will need only one.
- Object Type
Admin User grants access to a single domain user.
Admin Group grants access to all members of the group. Nested groups (and their members) also inherit the assigned permissions.
- Distinguished Name
The DN of the user or group, for example, “CN=DirAdmin,CN=Users,DC=mydomain,DC=com”
It is best to copy and paste from an AD administration tool like Active Directory Users and Groups or PowerShell cmdlets Get-ADUser and Get-ADGroup
The remaining options are common to both Native Admins and Directory Admins, and control two-factor policy and fine-grained administrative rights:
- Allow 2 Factor, Require 2 Factor
Allow or Require users and groups to set up two-factor authentication.
Admin roles allowed to this user or group.
Admin access that can be granted to a user or group
|...grants access to:
|Allow Server Control
|Allow Configure Server
|Allow User Management
|Allow IP Control
|Allow Event Management
|Allow Report Generation
Please note that secondary web administration users cannot access the SOAP API. Only the primary admin user can use the SOAP API at this time.
General SOAP Settings
The remote access settings control HTTP and HTTPS web administration and SOAP API access to Cerberus FTP Server.
When Cerberus is running as a Windows Service, the GUI connects to, and communicates with, the Cerberus Windows Service through a remote access API called SOAP. The Cerberus Windows Service listens for SOAP connections on the Port specified under the Remote Settings page. That port must be available for Cerberus to listen on, or the GUI will be unable to connect to the service.
|The port that the SOAP service and web administration pages will be served from.
|Use Secure HTTPS
|Select this option to allow only secure HTTPS connections for Web Administration and SOAP access. A restart of the underlying Cerberus FTP Server Windows Service is required after changing this parameter.
|Allow Remote SOAP Access
|Enable SOAP-based remote access. SOAP is an API for connecting programmatically to the server. When this setting is enabled, applications can make SOAP calls to the server from outside the local machine (subject to authentication).
NOTE: Local SOAP access is always enabled. The Cerberus UI requires SOAP access to enable communication between the UI and the underlying Cerberus Windows Service.
SOAP TLS Settings
You can control what SSL protocols are supported, as well as what ciphers to allow for SOAP-based SSL connections. Changes to these settings require a service restart. See 'Advanced TLS' in Security Settings for details