Restricting administrative access in multi-tenant deployments

Overview

The multi-tenant edition of the Verba Recording System support restricting of access to the administrative environment of the recording system based on the HTTP(S) port the system is accessed through. Using this feature, end-users can be directed to a port that does not support system administration, while administrators and use a dedicated port.

This will only increase your platform security if your properly configure corresponding firewall rules that prevent regular users from accessing the administrative port.

Configuration steps

Here are the steps to configure the port restricted administrative access to your Verba Web Application (the steps below assume that you have installed the product in the default folder):

Step 1 - Create a backup of C:\Program Files\Verba\tomcat\conf\server.xml

Step 2 - Duplicate either the HTTP or the HTTPS Connector description (see example) in your server.xml file and change the port attribute to configure a new port (e.g. port 81 or 444 for HTTPS)

For HTTP duplicate this part:

<Connector port="80" maxHttpHeaderSize="8192"
  maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
  enableLookups="false" redirectPort="8443" acceptCount="100"
  connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8" compression="on"
  compressionMinSize="2048" noCompressionUserAgents="gozilla, traviata"
  compressableMimeType="text/html,text/xml"/>

For HTTPS duplicate this part:

<Connector port="443" maxHttpHeaderSize="8192"
  maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
  enableLookups="false" disableUploadTimeout="true"
  acceptCount="100" scheme="https" secure="true"
  clientAuth="false" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11AprProtocol" SSLEnabled="true"
  sslProtocol="TLS"
  SSLPassword="your_password_here"
  SSLCertificateFile="c:\Verba.crt"
  SSLCertificateKeyFile="c:\Verba.key"
  compression="on" compressionMinSize="2048" noCompressionUserAgents="gozilla, traviata"
  compressableMimeType="text/html,text/xml"/>

You can only use one of the above. Restricted access is not supported for both HTTP and HTTPS at the same time. If your system is behind an HTTPS accelerator use HTTP, if not use HTTPS for best security.

Step 3 - Create the following parameters in registry (the values are under HKEY_LOCAL_MACHINE\Software\Verba\Verba on 32 bit Windows systems)

Registry ValueTypeValueDescription
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Verba\Web\PortsForReferenceTenantStringe.g. "444"port of the administrative tenant (reference environment)
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Verba\Web\PortsForOtherTenantsStringe.g. "443"port of regular end-users

Step 4 - Restart the Verba Web Application service in the Windows service manager