Installing the SKI Connector
About the SKI Connector
The SKI Connector is a protocol for exchanging information in a decentralized, distributed environment.
It provides an open methodology for application-to-application communication known as Web Services and works with a variety of existing Internet protocols and formats including HTTP, HTTPS, SMTP, and MIME.
You must install this connector to issue and manage devices that allow the holders to access resources (for example, computers, networks) protected by the AAA Server 6.3 or later.
The SKI Connector allows access to several features of the AAA Server:
- Manage users and devices.
- Revoke, suspend, or resume an SKI credential (extension of the revoke/suspend/resume PKI credential).
- Fix logon problems (SKI out of sync issue).
By default, the connection between the SKI Connector and the Web Help Desk is secured using SSL. The certificates are automatically generated by the AAA Server setup.
Installation Guidelines
The SKI Connector is installed as part of the AAA Server setup.
There are two installation scenarios that require specific setup procedures:
- There is an existing installation of the AAA Server 6.8 and you must install the SKI Connector as an individual component.
- There is either no installation of the AAA Server or the current version is earlier than 6.3 and you must install the complete AAA Server solution, including the SKI Connector.
The setup procedures for both scenarios are outlined in the following sections.
Renewing Certificates
To renew self-signed certificates generated by AAA Server setup, you must first back up the databases and uninstall the AAA Server. Then re-install the AAA Server, re-using the databases, for the setup to generate new certificates.
SKI Connector TLS Security Policy
The SKI Connector relies on the Schannel library of the operating system for TLS.
AAA Server does not modify the default TLS policy of the system.
If you want to verify and/or change the default policy, refer to Microsoft SChannel documentation including (but not limited to) the following:
http://msdn.microsoft.com/en-us/library/windows/desktop/bb870930(v=vs.85).aspx
https://technet.microsoft.com/en-us/library/dn786419.aspx
https://support.microsoft.com/en-us/kb/2929781
Install the SKI Connector Separately
You must protect the existing AAA Server installation before installing the SKI Connector.
Either:
- Install the SKI Connector on a different machine and link the service to the AAA Administration databases via ODBC.
- OR -
- Take the necessary precautions to back up the existing AAA Administration and Server databases before you install the SKI Connector.
| Task | Procedure |
|---|---|
| 1. Back up the AAA Server databases if you are installing the SKI Connector on the same machine as an existing AAA Server installation. | See Upgrade |
| 2. Install SKI Connector as an individual component using the Custom setup of the AAA Server. | See Install the SKI Connector Separately |
| 3. Restore the AAA Server databases if you previously backed them up. | See Upgrade |
| 4. (Optional—only if installing on a different machine) Configure the ODBC connection to link the SKI Connector to the existing AAA Administration databases. | See Configuring the ActivID AAA SKI Connector |
| 5. (Optional—only if tracking activity from second application required.) Create an AAA Server console user that will be used by the second application to connect to the AAA Server services via the SKI Connector. | See Create a New Console User in the AAA Server (Optional) |
| 6. (Optional—only if using a secure connection.) Secure the SKI Connector connection with SSL. | See Securing the ActivID SKI Connector Service with SSL (Optional) |
| 7. Configure SKI Connector. | See Configure the SKI Connector |
Install the SKI Connector with the AAA Server
You must upgrade to AAA Server version 7.0 if there is a previous installation of the AAA Server (ActivPack).
You can then install the SKI Connector as a selected component during the AAA Server setup program.
| Task | Procedure |
|---|---|
| 1. Back up the AAA Server databases. | See Upgrade |
| 2. Install the SKI Connector during the Custom setup of the AAA Server. | See Install the AAA Server |
| 3. Restore the AAA Server databases if you previously backed them up. | See Upgrade |
| 4. (Optional—only if tracking activity from second application required.) Create an AAA Server console user that will be used by the second application to connect to the AAA Server services via the SKI Connector. | See Create a New Console User in the AAA Server (Optional) |
| 5. (Optional—only if using a secure connection.) Secure the SKI Connector connection with SSL. | See Securing the ActivID SKI Connector Service with SSL (Optional) |
| 6. Configure SKI Connector. | See Configure the SKI Connector |
