Restricting administrative access in multi-tenant deployments
Overview
The multi-tenant edition of the Verba Recording System support restricting of access to the administrative environment of the recording system based on the HTTP(S) port the system is accessed through. Using this feature, end-users can be directed to a port that does not support system administration, while administrators and use a dedicated port.
This will only increase your platform security if your properly configure corresponding firewall rules that prevent regular users from accessing the administrative port.
Configuration steps
Here are the steps to configure the port restricted administrative access to your Verba Web Application (the steps below assume that you have installed the product in the default folder):
Step 1 - Create a backup of C:\Program Files\Verba\tomcat\conf\server.xml
Step 2 - Duplicate either the HTTP or the HTTPS Connector description (see example) in your server.xml file and change the port attribute to configure a new port (e.g. port 81 or 444 for HTTPS)
For HTTP duplicate this part:
For HTTPS duplicate this part:
You can only use one of the above. Restricted access is not supported for both HTTP and HTTPS at the same time. If your system is behind an HTTPS accelerator use HTTP, if not use HTTPS for best security.
Step 3 - Create the following parameters in registry (the values are under HKEY_LOCAL_MACHINE\Software\Verba\Verba on 32 bit Windows systems)
Registry Value | Type | Value | Description |
---|---|---|---|
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Verba\Web\PortsForReferenceTenant | String | e.g. "444" | port of the administrative tenant (reference environment) |
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Verba\Web\PortsForOtherTenants | String | e.g. "443" | port of regular end-users |
Step 4 - Restart the Verba Web Application service in the Windows service manager