Using Active Directory Accounts

MSP360 Managed Backup provides the Active Directory(AD) Bridge tool that comes as a specialized gateway solution developed to simplify cloud storage deployment in large corporate networks. It allows authenticating Windows domain users as Managed Backup users. End users log onto their Windows computers and start using Managed Backup without specifying their domain credentials, so some security advantages are added to the authentication.

System Requirements

Computer for the AD Bridge tool must have Microsoft .Net 4.0 or later installed.

How AD Bridge Works

Backup process communication workflow is the following:

AD Bridge Licensing

No license is required. AD Bridge is available free of charge and can be downloaded here.

This chapter covers the following topics:

Enable Authentication for Backup Agent

Before using Backup Agent with the Active Directory authentication, enable the appropriate option in the Management Console.

  1. Open the Management Console.
  2. In the Settings menu, select Global Agent Options.
  3. In the Authentication group, select Show Windows Authentication (AD Bridge) option check box.

  1. In the Default Authentication drop-down list, select the required authentication method (Windows auth (AD Bridge), for example).
  2. Once you are done, click Save Changes.

| Top |

Installation and Configuration

  1. Run the downloaded installation package on one of the domain computers.

Note: AD Bridge is shipped without any rebranding and the default installation path is as follows: C:\Program Files\MBS\ADBridge

  1. Once the installation is completed, run the application.
  2. Specify AD Bridge settings.

On the General tab, specify your Managed Backup provider credentials:

  • Login. Your Managed Backup login email or sub-administrator with the "Active Directory Server" permission enabled
  • Password. Password with this login email

Select the AD groups to link to Managed Backup. To manage AD groups, use the Add, Edit, and Remove buttons.

  • Service Port. Specify the service port number
  • Use SSL. Select this check box to use the SSL protocol, then upload the SSL certificate
  • In the Endpoint field, specify the URL for configuring MBS users
  • Use LDAP over SSL for AD requests. Sometimes network security policy requires this protocol. Select this check box to enable it for AD requests
  • Register SCP. Register a Service Connect Point in Active Directory for AD Bridge (optional). So that MBS Agents will automatically detect the AD Bridge endpoint.

Note: registering SCP requires master permissions to the Active Directory

  1. Once you are done, click OK or Apply.
  2. Click OK to apply settings.

| Top |

Using Backup Agent with AD Bridge

To start using AD authentication, proceed as follows:

  1. Install the Backup Agent instance on a customer's domain computer.
  2. Select the "Use Windows authentication (AD Bridge)" option:

You may need to enter the AD Bridge endpoint manually if it was not registered in Active Directory using "Register SCP" during AD Bridge configuration.

  1. Click OK.

Alternatively, you can auto-configure the installation and authentication process if you deploy the following script via Windows GPO:

net use s: \\dc\share
mkdir c:\backup
cd c:\backup
powershell -Command "Invoke-WebRequest http://s3.amazonaws.com/yourBuildURL.exe -OutFile cbl.exe"
cbl.exe /S /autoregadbridge="http://ADBRIDGE-PC:8900/ADGateway/Service/"

Make sure all arguments specified in the script are relevant.

Once the Backup Agent is configured, a corresponding Managed Backup user is automatically created. Managed Backup user name is the name of a customer's domain account:

| Top |

https://git.cloudberrylab.com/egor.m/doc-help-mbs.git