How to Configure and Manage Cerberus via a Browser

As well as the desktop Administration Console, Cerberus allows remote access to the server administrator console using a web browser. The Remote Settings page allows the Primary Administrator to configure 'secondary' web administrator accounts. Access for these accounts can be limited to just parts of the application

HTTPS Admin/HTTP Admin Listener

To activate remote access to the server administrator using a web browser, you must have a 'HTTPS Admin' or 'HTTP Admin' listener active. While the listeners use ports 8443 and 8080 by default, any available ports can be configured.

Cerberus may configure 'HTTP Admin' and 'HTTPS Admin' listeners when you install the software. If you don't have one however and wish to add one:

• Navigate to Server Manager>Listeners
• Select the New button in the top right corner to add a new interface.

• The Add New Listener dialog box will appear to ask for the interface details (interface IP, type, and port combination).

  

• Select the IP address that you want to listen for connections on.
• Select the interface type (HTTPS Admin for web administration access).
• Enter the port you wish to listen on. Cerberus will automatically pre-populate the port with the default port for the type of listener you are adding. Web Admin is typically on port 8443.
• Press the Add button to add the listener.
• The listener should now be added to the Interfaces list. Press Save to close the Server Manager and save your changes.

About the Primary Administrator Account

There is always a primary admin account, with full permissions to all server functions. The primary admin account is highlighted in green lettering in the administrator list.

• Primary Admin Username The username used to access the web administration page. This is the ONLY administrator user authorized to use the desktop administration console. This username is also used for basic authentication when using the SOAP web services API to access the server.
• Primary Admin Password The password used to access the web administration page. This password is also used for basic authentication when using the SOAP web services API to access the server.

The administrator can also control the server through web administration. The web administration feature has nearly the same capabilities as the desktop user interface. Most server functions can be controlled through web administration. Secondary Web Administrations accounts CANNOT create, edit or delete administrator accounts. Only the Primary Administration Account can do that.

Adding Secondary Web Administration Accounts

You can add additional web administration users, and limit their access to different aspects of the server like user management, reporting, etc.

Secondary web administration users are managed on the Remote Admin Settings page of the Remote tab. Only the Primary Administrator account has access to this page.

Press the New button to create a new admin user.

The Cerberus Admin Account Dialog in the Server Manager

There are two types of administrators to choose from on the Administrator Type drop-down:

• Native Admin creates an admin account whose details and credentials are managed entirely within Cerberus FTP Server.
• Directory Admin type This admin type allows you to extend Cerberus Administration rights to Active Directory users and groups. In order to add AD users as admins, you must first add an Administrators Users domain in AD Users. See Web Administration Using Active Directory Accounts.

Select the Administrator Type you want to create, then fill in the admin user's information in the New Cerberus Admin Account dialog that appears.

Directory Administrator Options

Selecting Directory Admin displays all the options you’ll need to grant Web Admin rights to directory-based users and groups:

• Source The domain of the user/group to receive Admin access. The pull-down lists contain only AD Admin Connections. All Admin Connections appear in the pull-down, but most deployments will need only one.
• Object Type Admin User grants access to a single domain user.
• Admin Group grants access to all members of the group. Nested groups (and their members) also inherit the assigned permissions.
• Distinguished Name The DN of the user or group, for example, “CN=DirAdmin,CN=Users,DC=mydomain,DC=com”

It is best to copy and paste from an AD administration tool like Active Directory Users and Groups or PowerShell cmdlets Get-ADUser and Get-ADGroup

The remaining options are common to both Native Admins and Directory Admins, and control two-factor policy and fine-grained administrative rights:

• Allow 2 Factor, Require 2 Factor Allow or Require users and groups to set up two-factor authentication.
• Permissions Admin roles allowed to this user or group.

Admin Access for Users or Groups