This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2008-05-28 07:18 PM

Windows Configuration on enVision appliance

Hello,

 

I'm new to using enVision and have a question in relation to how the Windows side is configured on the appliance. From what I can see the SiteName provided is also used to create a Windows Domain in its own Windows Forest. The appliance is used as a Global Catalog server and runs its own DNS namespace. Does any one know why the appliance is setup this way and if its possible to have Windows not create it owns Domain but to join an existing Domain? Also is there any technical documentation that references how Windows is setup?

 

Thanks,

Message Edited by isaali on05-29-200806:50 PM
0 Likes
Reply
5 Replies
RSAAdmin
Beginner
Beginner
‎2008-05-29 06:12 PM

Hello Isaali,

 

The appliance is set up that way because of some historical support issues.

 

Some years ago, it was indeed possible to edit the domain.  The problem was that once that occurred, everyone wanted to push their own policies down to the appliance OS.  This, in a large number of cases, resulted in programs being installed and settings being changed that would either cripple the performance of the appliance, or prevent enVision from functioning altogether.  In the end, there were a number of systems out in the field that no longer resembled what was originally shipped - and it bacame a nightmare trying to sift through all the updated settings to try to fix simple problems.

 

Keep in mind that RSA enVision is an APPLIANCE solution;  I know - it says Windows 2003 Server.  It looks like Windows, it feels like Windows, and if you lick the monitor it probably tastes like Windows, too.  Underneath, though, it's a delicately tweaked balance of settings to help the software, OS, and hardware work as harmoniously as possible.  A lot of things are locked down and/or disabled to help the performance, security, and stability of the system.  The OS should not be modified except under the direction of Support or Professional Services.

 

Best Regards,

 

 

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2008-05-29 06:28 PM

Thanks for the reply its much appreciated.

 

So from what I can see when the appliance is configured The SiteName is also used to create the Windows Domain in it own Forest and it has its own DNS name space. Correct? In which case this is completely in depended from your own Windows Forest and does not require any interaction from the existing Domain Forest.

 

Thanks again.

 
0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2008-06-02 11:33 AM

Yes, you are correct.

 

The Domain Name is derived from the Site Name

and

The Host Name is derived from a combination of the Site Name and the Applaince Type (ES/AS/DS/LC/RC)

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2009-03-06 12:19 AM

Hi Guys,

 

hope you don't mind if I barge in..  :smileyhappy:

 

is it possible to join the <sitename>.nic domain of enVision to, say for example an existing domain forest? will there be any issues like policy inheritance, etc.?

 

<Entire Directory>

          |

          |

Domain Controllers

          |

          |

? <SiteName-ES>.nic ?   <-- enVision's own domain

 

 

reason i asked this is because we've been trying to make the CIFS sharing to enVision work.

(enVision's local disk is running out of space and we need to maximize their network drives to be mapped to envision)

 

according to RSA, you only need to create a user (the Local NIC_System and NIC_sshd on envision) on the CIFS server for this to work. however, our client has a security policy that states: only a domain user has the right to access network drives. another solution would be to install an NFS client to envision so that the CIFS will allow the drive mapping by only registering the ip address of envision without having any "domain user" requirement. but we all know that envision is a hardened window appliance. so installing any un-certified client software is a no-no. 

from there, we've just hit the brick wall. end of the line.

 

i just thought to post this question here because of the relevance with the "domain issue" thing. as this is the only solution that i could think of that would help us.

 

Hope someone has done this or have some info about this. 

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2009-03-11 06:11 AM

No, the appliance is set up so that it runs in it's own domain space.  You can't join it to another domain.
0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.