Defining the pulse security scheme
As of Pulse 5.1 or later, a new synchronization feature was added in order to empower the Pulse Administrators the unification of all the security between multiple Pulse instances by sharing a common repository for security definition.
One Pulse Server acts as the "Master Server" which will become source of all the users and the security settings to one or more "Dependent" server(s). Allowing the administrator to define an Automatic or Manual synchronization. The following image show this scheme:
In order to achieve this, Pulse provides the synchronization manager which could be accessed through Administration - Synchronisation Manager by an Administrator User:
There are four operations that can be performed through the Synchronization Manager:
- Automatic Synchronization: Allows the administrator to set the Master Server and a frequency to connect to this server and pull out the security settings.
- Synchronization on the fly: Import the security from a Master Server at any moment.
- Sync job Deactivation: Allows the user to deactivate the sync.
- Manual Synchronization: Export/Import the security settings through flat files from the Master Server to the Dependent servers.
These features will be explained in the following sections.
1. Open the Synchronisation Manager go to Administration - Synchronization Manager in the Dependent Server
2. Set the Pulse Master Server's URL, i.e http://yourserver:8099
3. Set a frequency for the synchronization
4. Click on Save Job Button and wait for the confirmation message that the job was saved
5. Now Pulse will synchronise the security according to the defined frequency.
Synchronization on the fly
1. Open the Synchronisation Manager go to Administration - Synchronisation Manager in the Dependent Server
2. Set the job details, if they have not already been set:
3. Click on the Synchronise button, a pop up window will ask to confirm the synchronisation, click OK to confirm.
4. Wait for the Security Imported message
5. The users have been imported automatically from the Master Server
Deactivating a Job
1. Open the Synchronisation Manager go to Administration - Synchronisation Manager in the Dependent server
2. Set the Job Frequency to zero:
3. Click in the Deactivate Sync button, a confirmation windows will pop up, click OK to confirm and wait for the Job Saved Message:
4. Now the job will not be synchronised from the Master Server until a frequency greater than zero is set and the sync re-saved.
1. Login as an Administrator in the defined Master Server and go to Administration - Synchronisation Manager
2. Under Manual Synchronisation click on Export Security:
Click OK in the confirmation message and wait for the Security Exported Successfully message:
3. The security files will be extracted under <Pulse installation Path>\Backup folder, 3 files will be found Users.csv, Groups.csv and GroupMembers.csv:
4. Copy the files and place them into the Pulse Dependent Server Backup folder.
6. Login in the Dependent server as an Administrator and open the Synchronization Manager
5. Click the Import Security button and click OK in the confirmation message:
6. Clients, Groups and Client - Group Memberships should have been loaded properly.
User Security after Sync
Every user in the Dependent Server(s) after the Sync, will be attached to the Master Server Name:
Note that no modifications/Deletions of the Synced users/Groups and roles is allowed, this should be performed in the Master Server
a) Server URL not reachable, this happens when either saving sync job or by performing a sync on the fly, this error states that the Master Server is not available:
The Master Server should be available in order to save the Job. This is important because Pulse registers the Name of the Host that will work as the security source for the Dependent Server(s) in the sync settings.
b) Missing Files on import: if any of the 3 security files (Users.csv, Groups.csv and GroupMembers.csv) are missing from the Backup directory in the Dependent Server(s) that is (are) performing the Manual Synchronization, the sync process will fail, throwing the following message:
d) Version Incompatibility: if the two server versions are different the synchronisation cannot be performed: