Configuring Remote Settings
The remote settings page allows the administrator to configure web administration access, and remote Application Programming Interface (API) access to Cerberus FTP Server. Cerberus allows remote access to the server administrator using a web browser, or through the desktop Cerberus FTP Server Graphical User Interface (GUI) when logged into the server.
Cerberus exposes several APIs for controlling all aspects of the server using SOAP web services for software developers.
There is always a primary admin account, with full permissions to all server functions. The primary admin account is highlighted in green lettering in the administrator list.
|Primary Admin Username||The username used to access the web administration page. This username is also used for basic authentication when using the SOAP web services API to access the server.|
|Primary Admin Password||The password used to access the web administration page. This password is also used for basic authentication when using the SOAP web services API to access the server.
NOTE: This is also the username and password used when accessing Cerberus as a Windows Service from the Cerberus GUI. Normally, administrators won’t be prompted for this password and the GUI will automatically connect to the service whenever it is started.
The administrator can also control the server through web administration. The web administration feature has nearly the same capabilities as the desktop user interface. Most server functions can be controlled through web administration. We will be adding more features with every minor release until web administration mirrors the local graphical user interface.
NOTE for administrators upgrading from 8.0 or earlier
Web administration and SOAP access no longer share the same protocol and port for access.
Previous releases of Cerberus FTP Server used the same HTTP/S engine to provide web administration and SOAP API access.
In version 9.0 we switched web administration to the custom HTTPS engine we’ve been using for years for our HTTPS web client. The new HTTPS engine is fast, flexible, and secure.
SOAP remote administration runs on the same port and in the same way that it always has. Nothing has changed for SOAP access.
Web administration will simply require adding a new HTTPS Admin or HTTP Admin listener on any IP and port you wish to enable web administration on again. It will have to be on a different port than SOAP access now.
To add a new HTTPS web admin listener:
- Open the Server Manager (Select the Configure tab on the Cerberus Admin Portal).
- Select the Listeners (Interfaces) page.
- Press the New button to add a new listener. The Add New Listener dialog will appear.
- Select the IP address you want the web administration listener to be on.
- Select either HTTPS Admin or HTTP Admin as the listener type to add a new listener on the selected IP address using either HTTPS or HTTP.
- Press the Add button to add the new listener.
- Press the Save button on the Server Manager to save the new addition and activate the listener.
Secondary Web Administration Accounts
You can also assign additional web administration users, and limit their access to different aspects of the server like user management, reporting, etc.
Secondary web administration users can be managed on the Remote page.
Press the New button to create new admin users.
The New Administrator button on the Remote page
Fill in the admin user's information in the New Cerberus Admin Account dialog that appears.
The New Cerberus Admin Account Dialog in the Server Manager
There are two types of administrators to choose from on the Administrator Type drop down:
- Native Admin creates an admin account whose details and credentials are managed entirely within Cerberus FTP Server.
- Directory Admin type. This admin type allows you to extend Cerberus Administration rights to Active Directory users and groups.
Directory Administrator Options
This window for Directory Admin displays all the options you’ll need to grant Web Admin rights to directory-based users and groups:
The domain of the user/group to receive Admin access. The pull-down lists contains only AD Admin Connections. All Admin Connections appear in the pull-down, but most deployments will need only one.
- Object Type
Admin User grants access to a single domain user.
Admin Group grants access to all members of the group. Nested groups (and their members) also inherit the assigned permissions.
- Distinguished Name
The DN of the user or group, for example, “CN=DirAdmin,CN=Users,DC=mydomain,DC=com”
It is best to copy and paste from an AD administration tool like Active Directory Users and Groups or PowerShell cmdlets Get-ADUser and Get-ADGroup
The remaining options are common to both Native Admins and Directory Admins, and control two-factor policy and fine-grained administrative rights:
- Allow 2 Factor, Require 2 Factor
Allow or Require users and groups to setup two-factor authentication.
Admin roles allowed to this user or group.
Admin access that can be granted to a user or group.
|This permission...||...grants access to:|
|Allow Server Control||
|Allow Configure Server||
|Allow User Management||
|Allow IP Control||
|Allow Event Management||
|Allow Report Generation||
Please note that secondary web administration users cannot access the SOAP API. Only the primary admin user can use the SOAP API at this time.
General SOAP Settings
The remote access settings control HTTP and HTTPS web administration and SOAP API access to Cerberus FTP Server.
When Cerberus is running as a Windows Service, the GUI connects to and communicates with, the Cerberus Windows Service through a remote access API called SOAP. The Cerberus Windows Service listens for SOAP connections on the Port specified under the Remote Settings page. That port must be available for Cerberus to listen on, or the GUI will be unable to connect to the service.
|HTTP Port||The port that the SOAP service and web administration pages will be served from.|
|Use Secure HTTP (HTTPS)||Select this option to allow only secure HTTPS connections for the web administration and SOAP access. A restart of the underlying Cerberus FTP Server Windows Service is required after changing this parameter.|
|Allow Remote SOAP Access||Enable SOAP-based remote access. SOAP is an API for connecting programmatically to the server. When this setting is enabled, applications can make SOAP calls to the server from outside the local machine (subject to authentication).
NOTE: Local SOAP access is always enabled. The Cerberus UI requires SOAP access to enable communication between the UI and the underlying Cerberus Windows Service.
SOAP TLS Settings
You can control what SSL protocols are supported, as well as what ciphers to allow for SOAP-based SSL connections. Changes to these settings require a service restart.