Access control for EasyAdmin using Microsoft IIS

The use of OpenLM for the management of FLEXnet license servers provides a unique set of tools for managers and system administrators. Features are ranging from a simple inventory management, to usage patterns and billing reports. OpenLM EasyAdmin supplies a wide range of license statistics, FLEXnet reports and management tools. The ability to control access to EasyAdmin is very important when the tool is distributed among many users.

OpenLM includes a built in web server in order to make sure that new users are able to install the software and use EasyAdmin. Following the initial evaluation period of the software, we strongly recommend to move EasyAdmin to your preferred web server: IIS, Apache etc. Check the following article that explains how to setup OpenLM on IIS server.

IIS server supports two methods that allow you to restrict access to EasyAdmin:

1. By user - Authentication and Access control.
   
2. By Host - IP address and domain name restrictions.
   

More detailed information is available at Microsoft site: http://support.microsoft.com/kb/324274

By User - Authentication and Access control

By default, when you create a new web site it will receive the default authentication - "Enable anonymous access" which allows any user to access the web site. The following image shows the default settings of a site:

IIS server offers few authentication methods that are based on the NTFS access control lists. Access rights to EasyAdmin are determined according to the access permissions to EasyAdmin folder, as demonstrated in the following image:

The authentication methods supported by IIS are:

Integrated Windows authentication - A secured method based on Microsoft NTLM which is supported both by Microsoft Explorer and Mozilla Firefox. The user will be required to type his user name and password in a popup box and if he/she has permissions to the folder, access will be granted.
This is the highest security method but it is limited only to intranet access with a single domain.

Digest authentication for Windows domain servers - A Medium security authentication method that can be used to gain access from a network with multiple domains, or even outside the network. User and password will be encrypted when transferred over the network. This method only works with Windows domain servers.

Basic authentication - Lowest security method. Based on user credentials that are sent over the network as clear text.

.NET Passport authentication - Based on the Microsoft service, we will not discuss this method here at this point.

By Host - Restrict Access by IP Address and domain name

Alternative method for user access control is done by applying restriction according to host IP or domain. By this method the server will limit or allow access to the EasyAdmin application according to the requesting IP address or domain.

The use of IP address or domain name can be useful to limit access to a group of computers or a sub domain, which includes the system administrators. It can be easily done with IIS:

Usually, the most simple method to apply a host based access restriction is to deny access from everyone and to grant access only to a few carefully selected computers.

Summary

The implementation of access control for EasyAdmin is very simple if you serve EasyAdmin with a IIS server. There are two categories of tools, based on host or on user. The methods that are based on user authentication are more flexible and offer different levels of security, depending on the organization's needs.

The use of OpenLM for the management of FLEXnet license servers provides a unique set of tools for managers and system administrators. Features range from a simple inventory management, to usage patterns and billing reports. OpenLM EasyAdmin supplies a wide range of license statistics, FLEXnet reports and management tools. The ability to control access to EasyAdmin is very important when the application is distributed among many users.