This release of VIP Enterprise Gateway supports the following new features:
VIP User Group Mapping: This feature enables you to map the users in the LDAP/AD User Stores to one or more VIP User Groups available in the VIP Service. VIP Enterprise Gateway determines the mapping based on the user's distinguished name, user’s membership in the LDAP/AD groups, or the value of an attribute of the user object. LDAP Directory Synchronization service that runs on VIP Enterprise Gateway queries the LDAP User Store for additions, deletions, and updates to the user records for group membership and synchronizes the information to the VIP Service.
VIP Administrator Synchronization: This feature allows you to assign LDAP users as administrators in the VIP Service, map them to VIP Administrator Groups for easier policy configuration and administration, and synchronize the administrator records from the LDAP User Stores to the VIP Service. After you configure the Administrator Synchronization settings, the LDAP Directory Synchronization service that runs on VIP Enterprise Gateway queries the LDAP User Stores for additions, deletions, and updates to the administrator records for group membership and synchronizes the information to the VIP Service.
VIP SSP IDP Proxy Service on Windows and Linux platforms: VIP Enterprise Gateway enables you to install the VIP SSP IDP Proxy Service using an installer on the Windows and the Linux platforms. This will also enable you to easily uninstall the VIP SSP IDP Proxy Service using uninstaller. Configuring SSP IDP Proxy Service on a custom application server is no longer supported.
Validation Server Configuration Using Specific User Store: VIP Enterprise Gateway allows you to configure the Validation server to validate users available in a specific User Store. You can edit the settings of a Validation server and select the User Store from which you want to validate users.
Robust LDAP Directory Synchronization: The LDAP Directory sync service does not use a local database file. If an irrecoverable failure of the VIP Enterprise Gateway server that runs the LDAP Directory sync service occurs, you can restart the LDAP Directory sync service on another VIP Enterprise Gateway server without performing any migration of the local database files. However, you must ensure that the User Store configuration in the new VIP Enterprise Gateway server that runs the LDAP Directory sync service is identical to the User Store configuration of the VIP Enterprise Gateway server, where the LDAP Directory sync service was initially running.
Advisory Lock for the LDAP Directory Sync service: Symantec recommends you to run the LDAP Directory sync service from a designated VIP Enterprise Gateway server. If you start an instance of this service on a VIP Enterprise Gateway server while another instance of the service has been already running, a message is displayed indicating the presence of another LDAP Directory sync service in your environment. You can decide whether to override the existing instance of LDAP Directory sync service with the new instance. This helps you prevent simultaneous LDAP Directory sync service instances in your environment.
Features Not Supported in VIP Enterprise Gateway 9.3
From this release, VIP Enterprise Gateway does not support the following features:
Configuring Oracle Centralized Logging database to collect and store VIP Enterprise Gateway logs.
Selecting VIP User Name Attribute while configuring the Validation server in the User ID – Access PIN – Security Code validation mode.
After you upgrade to VIP Enterprise Gateway version 9.3, you will not be able to use these features.
Before you upgrade to VIP Enterprise Gateway 9.3, ensure that the VIP Enterprise Gateway server can access the following URLs:
In the HKLM\System\CurrentControlSet\Services\NTDS\Parameters registry entry, add the string value DSA Heuristics and set the value to 000000000001.
Restart the AD server.
Note: You can ignore this if you are using a Windows 2008 AD R2 SP1 AD server.
Issues Addressed in This Release
This release of VIP Enterprise Gateway supports the previously known issues reported on VIP Enterprise Gateway 9.2. If you encounter problems with any of these, provide your Symantec representative with the issue statement that is assigned to the particular issue.
Symantec VIP Enterprise Gateway Installation and Configuration Guide
Note: The VIP Enterprise Gateway Installation and Configuration Guide describes introduction, pre-installation requirements, installation procedures, basic configurations, and description of the features of VIP Enterprise Gateway 9.3.
To understand the procedures that you need to do for performing tasks associated with the VIP Enterprise Gateway features, refer to the VIP Enterprise Gateway Online Help. You can click the Help and Support link that is displayed at the top-right of the VIP Enterprise Gateway screen to access VIP Enterprise Gateway Online Help.
Imported Document ID: AR1990
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.