background image

Capitalizing

 

on

 

new

 

profile-deployment

 

capabilities

 

to

 

ease

 

administration

 

Access

 

Connections

 

has

 

a

 

feature

 

to

 

make

 

location

 

profile

 

deployment

 

centrally

 

manageable.

 

Prior

 

to

 

having

 

this

 

capability,

 

all

 

client

 

users

 

were

 

required

 

to

 

set

 

up

 

their

 

own

 

location

 

profiles.

 

Although

 

Access

 

Connections

 

software

 

leads

 

you

 

through

 

the

 

steps

 

needed

 

to

 

create

 

a

 

profile,

 

the

 

entry

 

of

 

settings,

 

especially

 

settings

 

associated

 

with

 

security,

 

can

 

still

 

be

 

cumbersome.

 

Now

 

an

 

IT

 

administrator

 

can

 

do

 

the

 

following:

 

v

   

Create

 

location

 

profiles

 

and

 

distribute

 

them

 

as

 

part

 

of

 

a

 

hard

 

disk

 

image

 

or

 

send

 

the

 

profile

 

files

 

to

 

client

 

systems

 

that

 

have

 

already

 

been

 

deployed,

 

thereby

 

saving

 

users

 

from

 

spending

 

time

 

individually

 

setting

 

up

 

profiles.

 

v

   

Control

 

policies—such

 

as

 

whether

 

a

 

distributed

 

profile

 

can

 

be

 

modified

 

or

 

deleted—for

 

all

 

profiles

 

in

 

the

 

system,

 

which

 

could

 

prevent

 

users

 

from

 

inadvertently

 

modifying

 

or

 

deleting

 

a

 

profile

 

and

 

then

 

needing

 

help-desk

 

support.

 

v

   

Establish

 

rules

 

to

 

limit

 

users

 

who

 

can

 

import

 

various

 

deployment

 

packages

 

using

 

distribution

 

control

 

lists

 

(selectively

 

distribute

 

the

 

profiles

 

based

 

on

 

ThinkPad

 

serial

 

numbers).

 

v

   

Create

 

secure

 

profile

 

deployment

 

packages

 

that

 

are

 

encrypted

 

and

 

password

 

protected

 

so

 

only

 

authorized

 

individuals

 

can

 

import

 

the

 

location

 

profiles.

 

This

 

feature

 

is

 

important

 

because

 

profiles

 

may

 

contain

 

wireless

 

security

 

content

 

such

 

as

 

a

 

WEP

 

key

 

or

 

WPA

 

TKIP

 

PSK

 

(Wi-Fi

 

Protected

 

Access

 

Temporal

 

Key

 

Integrity

 

Protocol

 

Pre

 

Shared

 

Key).

A

 

standard

 

installation

 

of

 

Access

 

Connections

 

software

 

does

 

not

 

include

 

the

 

profile

 

distribution

 

capability.

 

The

 

feature

 

must

 

be

 

enabled

 

using

 

a

 

separate

 

software

 

tool.

 

This

 

enabler

 

utility

 

is

 

available

 

to

 

IBM

 

customers

 

from

 

a

 

dedicated

 

Web

 

site

 

for

 

registration

 

and

 

download.

 

The

 

enabler

 

creates

 

an

 

additional

 

menu

 

item

 

in

 

the

 

Access

 

Connections

 

user

 

interface

 

called

 

Profile

 

Distribution.

 

It

 

is

 

from

 

this

 

profile

 

distribution

 

menu

 

item

 

that

 

the

 

IT

 

administrator

 

creates

 

profiles

 

to

 

be

 

distributed

 

and

 

establishes

 

appropriate

 

user-access

 

policy.

 

If

 

a

 

selected

 

profile

 

contains

 

a

 

wireless

 

profile

 

with

 

encryption

 

enabled,

 

the

 

administrator

 

will

 

be

 

prompted

 

to

 

re-enter

 

the

 

wireless

 

security

 

settings

 

to

 

be

 

deployed,

 

thus

 

ensuring

 

that

 

the

 

administrator

 

knows

 

the

 

security

 

settings

 

such

 

as

 

the

 

WEP

 

encryption

 

key.

 

If

 

the

 

wrong

 

WEP

 

key

 

is

 

entered,

 

that

 

WEP

 

key

 

will

 

be

 

deployed

 

but

 

not

 

usable.

 

With

 

the

 

profile

 

deployment

 

capability,

 

Access

 

Connections

 

software

 

provides

 

a

 

significant

 

benefit

 

to

 

IT

 

administrators

 

in

 

terms

 

of

 

wireless

 

security

 

manageability.

 

Many

 

organizations

 

that

 

use

 

WEP

 

security

 

leave

 

their

 

WEP

 

encryption

 

keys

 

static

 

simply

 

because

 

the

 

updating

 

of

 

WEP

 

keys

 

across

 

the

 

entire

 

client

 

user

 

base

 

is

 

a

 

daunting

 

task.

 

This

 

practice

 

can

 

put

 

an

 

organization

 

at

 

risk

 

because

 

static

 

WEP

 

key

 

encryption

 

can

 

be

 

broken.

 

The

 

Access

 

Connections

 

profile-deployment

 

feature

 

enables

 

system

 

administrators

 

to

 

remotely

 

change

 

and

 

deploy

 

new

 

security

 

settings

 

including

 

WEP

 

keys.

 

By

 

frequently

 

changing

 

WEP

 

keys,

 

system

 

administrators

 

can

 

dramatically

 

reduce

 

the

 

possibility

 

of

 

security

 

breaches

 

in

 

a

 

WLAN

 

environment.

 

IBM

 

Access

 

Connections

 

software

 

facilitates

 

fast,

 

easy

 

network

 

connections

 

by

 

using

 

profiles

 

to

 

define

 

the

 

network

 

adapter

 

and

 

associated

 

networking

 

parameters

 

for

 

different

 

locations.

 

Easy

 

to

 

use

 

and

 

manage,

 

Access

 

Connections

 

software

 

delivers

 

a

 

comprehensive

 

network

 

connectivity

 

solution

 

to

 

help

 

you

 

improve

 

total

 

cost

 

of

 

ownership

 

and

 

employee

 

productivity.

 

And

 

with

 

the

 

Access

 

Connections

 

software

 

profile

 

deployment

 

feature,

 

a

 

system

 

administrator

 

can

 

centrally

 

create

 

profiles

 

and

 

remotely

 

deploy

 

them

 

to

 

the

 

client

 

user

 

base—as

 

opposed

 

to

 

setting

 

 

 

Chapter

 

2.

 

Using

 

Access

 

Connections

 

7

Содержание IBM Access Connections 3.3.0

Страница 1: ...IBM Access Connections Deployment Guide Version 3 3 0 Date October 11 2004 ...

Страница 2: ... October 2004 Copyright International Business Machines Corporation 2004 All rights reserved US Government Users Restricted Rights Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp ...

Страница 3: ...s application help which administrators and users can consult for information about using the application itself IBM ThinkVantage Technologies and the deployment guides that accompany them are developed with IT professionals and the unique challenges that they encounter in mind If you have suggestions or comments communicate with your IBM authorized representative To learn more about the technolog...

Страница 4: ...iv IBM Access Connections Deployment Guide Version 3 3 0 ...

Страница 5: ...y problems 8 Chapter 3 Considerations for deploying Access Connections 9 Requirements and specifications for deployment 9 Chapter 4 Deploying Access Connections 11 Access Connections deployment features 11 Installing IBM Access Connections 11 Installing the integrated IBM Access Connections package 11 Installing the standalone IBM Access Connections 12 Enabling the Administrator Feature 12 Using t...

Страница 6: ...vi IBM Access Connections Deployment Guide Version 3 3 0 ...

Страница 7: ...profile and connection status The Connection Status window allows you to view the status of the network connection associated with each location profile defined in Access Connections and allows you to switch between location profiles When you open the window status is shown for the network connection and for the components used by the currently applied location profile v Switch between location pr...

Страница 8: ...you to easily share location profiles between different computers You can also import location profiles that are created by the network adminstrator v Use the system tray icon Access Connections provides an icon in the system tray which allows you to launch the application view the status of the current location profile and switch between profiles v Create location profiles for remote deployment a...

Страница 9: ...o the administrators can diagnose and correct problems One window offers you and users accessible essential information about connections and helps them get and stay connected 1 Current location in use 2 Location selector 3 Client computer 4 Manage locations button 5 Find Wireless Network button 6 Network connection device 7 Links 8 Network server Gateway 9 Internet 10 Signal strength indicator 11...

Страница 10: ...ing hardware provides a key benefit Access Connections software eliminates the need for administrators to learn and manage multiple client configuration utilities All WLAN configuration utilities as well as the built in capability in Microsoft Windows XP enable you to create profiles with settings for network name SSID and security setup including the definition of a wired equivalent privacy WEP k...

Страница 11: ...rk When users select this button Access Connections software finds and lists all of the active wireless access points in range If an open or unencrypted connection is available you can quickly create a location profile based on the newly found access point and connect This capability enables mobile PC users to find a public WLAN connection in places like airports hotels or coffee shops and get con...

Страница 12: ...cellular based network provides a wireless alternative to WLAN that is both fast and often available where WLAN connectivity is not to be found To help manage Bluetooth wireless connections Access Connections offers a Bluetooth menu bar that offers an easy way to turn off the Bluetooth radio and to set the Bluetooth security level It also provides capability to create the location profile using th...

Страница 13: ... download The enabler creates an additional menu item in the Access Connections user interface called Profile Distribution It is from this profile distribution menu item that the IT administrator creates profiles to be distributed and establishes appropriate user access policy If a selected profile contains a wireless profile with encryption enabled the administrator will be prompted to re enter t...

Страница 14: ...BM Access Connections supports a new feature of network diagnostics when users are unable to make network connections It shows detailed progress of connection status and finds suspected reasons of failure and recommended actions Access Connections also offers an automatic repair button to recover the network connection in some cases 8 IBM Access Connections Deployment Guide Version 3 3 0 ...

Страница 15: ...nistrator Feature is available with version 2 7 or later of Access Connections This feature simplifies the task of deploying location profiles global settings and control policies to individuals or groups of individuals running Access Connections in a corporate environment The deployment of these profiles and settings can be accomplished during the initial system deployment as part of the preload ...

Страница 16: ...10 IBM Access Connections Deployment Guide Version 3 3 0 ...

Страница 17: ...Connections on the client computer v Deployment packages are encrypted and password protected to be sure that only authorized individuals can import the location profiles that may contain wireless security information such as WEP or static password for example Installing IBM Access Connections IBM Access connections can be installed with using either a bundled package that includes IBM Access Conn...

Страница 18: ...nnections 3 0 or later installed on a donor computer When deploying location profiles that provide a wireless network connection the donor and recipient computers must contain wireless adapters which support the capabilities defined in the location profile For instance if the location profile being deployed is configured for LEAP authentication the adapters on the recipient systems must support LE...

Страница 19: ...eds as you create the profiles a Office building connections b Home connections c Branch office connections d Connections while traveling e Hot spot connections 2 After you have created the location profiles click Profile Distribution Create Distribution Package 3 Select the location profiles that you want to deploy For each location profile selected choose the appropriate user access policy as sh...

Страница 20: ...dify copy and delete the profile Limitation The above control policies can be applied to local users with Administrator level privileges If the local users are configured as Limited Users stricter restrictions are imparted by the operating system Limited Users can only create dial up connection type profiles and can not modify or copy or delete profiles created by the administrator A global settin...

Страница 21: ...le LOA when it is being sent to remote users for manual importing Distribution control lists ensure that individuals install appropriate network connection profiles only They can help reduce unauthorized network access When creating groups of serial numbers flat text files can be imported which contain the group of serial numbers The file must be formatted such that each line contains a single ser...

Страница 22: ...strators want to prevent others from creating and distributing network access profiles The Client Configuration Policy panel also enables the administrator to set the Global Settings for Access Connections If the end user logs onto a computer with a Limited User account then the administrator must enable the Allow all users of this system to switch to any existing location profile setting under Gl...

Страница 23: ... user 8 Give the LOA file a name and location Attention For image deployment LOA file must reside in the Access Connections install directory C PROGRAM FILES THINKPAD CONNECTUTILITIES Preparing for a new image installation To deploy the Access Connections software do the following 1 Install Access Connections on a sample system from the group of systems being deployed 2 Start the Administrator Fea...

Страница 24: ...oa and sig files which were saved in step 6 v Add a new DWORD value under HKLM SOFTWARE Microsoft Windows CurrentVersion RunOnce in the registry v Name the value ACinstall and set it to Path where Access Connection setup files exist setup exe s 8 Upon the first boot of the client computers Access Connections will silently install and automatically launch Access Connections will import the loa file...

Страница 25: ...p down selection for Files of type select Profile Distribution files loa f Browse to the location where you saved the loa file that you detached in step 4a g Select the saved loa file and then click Open h Access Connections will check the serial number of your computer to make sure that the loa file matches your computer If a message is displayed that the serial number in the loa file and your co...

Страница 26: ...20 IBM Access Connections Deployment Guide Version 3 3 0 ...

Страница 27: ...in transactions therefore this statement may not apply to you This information could include technical inaccuracies or typographical errors Changes are periodically made to the information herein these changes will be incorporated in new editions of the publication IBM may make improvements and or changes in the product s and or the program s described in this publication at any time without notic...

Страница 28: ...osoft Windows and Windows NT are trademarks of Microsoft Corporation in the United States other countries or both Intel Intel Inside logos MMX and Pentium are trademarks of Intel Corporation in the United States other countries or both Other company product or service names may be trademarks or service marks of others 22 IBM Access Connections Deployment Guide Version 3 3 0 ...

Отзывы: