To add a client server to the Unified Management server, perform the following procedure.

Procedure

  1. If you are not already logged in, log in to the management server with an account that has the Administrator (Unified Management) user role enabled. The default admin account has this role enabled.
  2. If Unified Management is already enabled on this server, you can select the Configure Unified Management on the servername dropdown menu – this is a shortcut to the Unified Management tab on the System Configuration page. The shortcut appears only for users with the Configure Unified Management User Role enabled.
  3. On the Unified Management tab, click the Edit button at the bottom of the page and then click the Add Server box. The Configure Server panel opens.
    The Configure Server panel
  4. In the Server URL box, provide the URL for the server you want to be managed and click the Authenticate button.
  5. In the Authenticate dialog, provide a console user account on the client server that has Configure Unified Management permission enabled in one of its user roles, and then click Submit.
    If authentication is successful, the dialog closes and you can continue with the next step. There are several potential authentication failure conditions, including the following:
    • Incompatible Server Version – If you try to authenticate with a server running a version of Carbon Black App Control that does not support Unified Management, a message such as “The remote server needs to be at least version 8” (or a specific build number) displays. You must upgrade the client server before you can continue.
    • Server not Reachable – If you try to authenticate using an incorrect URL, or if the system is not connected to the network or if a server is not installed at that address, the dialog closes and the message “Server is not reachable. Authentication could not be tested,” appears on the Unified Management page. Close the dialog and check the name, connection, and server status of the client server.
    • Non-existent Account – If you try to use an account that doesn’t exist on the client server, the dialog and the Unified Management page show the message “Server is reachable but authentication failed.” Close the dialog and use an existing account with the necessary permissions.
    • Existing Account without UM Permissions – If you use an account that exists on the client server but does not have the proper permission, the following error message appears: “Server is reachable but authentication failed or required permissions are not assigned.” If this happens, click Cancel on the Unified Management configuration page and use a different account.
    • Incompatible Security Protocols – If one server is using the TLS 1.2 protocol only, all servers must use it. Otherwise, you will see the message ”Remote server does not support TLS 1.2, please upgrade it to latest version.”
  6. If the client server is using a trusted SSL certificate and you want to use this certificate to verify the connection, check the Enable Certificate Verification box.
  7. When Authentication succeeds, click the Add Server button to continue adding servers to be managed by this server. Follow the configuration steps.
  8. When you have finished adding client servers to manage from this server, click Update.

Results

Note:
  • After the connection to the client server is authenticated, it remains authenticated unless the server URL is changed. Users with either Use Unified Management or Configure Unified Management permission can view details and take actions on the client servers while logged in to the management server.
  • A user accessing a client server from the management server has the permissions of the account that is used to authenticate the connection, not their own permissions.
  • When a user accesses a client server from the management server, actions the user takes appear in events as having been performed by the authentication account, not the logged-in user.