V4 Upgrade

Question

Haley,

Congrats to you and your crew on the v4 rollout - our upgrade went smooth as silk!!

Thanx and a tip o' the hat from all of us,

Don

vhcato · Answer

Haley,

I just want to clarify something. We can use AD to login to the Cirrus app itself; got that. When you use option 2 for accessing devices that are currently using an authentication server, it uses the device login creds assigned to the user via the "Manage Cirrus Users" GUI, and not the actual AD creds... Is that correct? If so, that creates a problem for people using AD creds on their authentication server, as it would require that the passwords in Cirrus be updated every time the AD password policy forces a user to change their password.

Now, if one can leave the "Device Login Creds" section blank for AD authenticated users, and Cirrus will automatically pass the logged in user's AD creds to the device, then that works. 
 Otherwise, the creds in Cirrus would require constant updating for those using AD creds on their ACS. :(

Haley · Answer

Cirrus v4 provides the ability to leverage AD to automatically login to Cirrus.  For accessing devices, Cirrus v4.0 provides two options:

* Option 1: Use one set of device login credentials - same as Cirrus v3.5.1
* Option 2: For devices connected to an authentication server, you can use device login credentials assigned to the logged in Cirrus user and for devices not connected to an authentication server, you can use one set of device login credentials for everyone.  To enable and leverage option 2, perform the steps below:* Change File > Settings > Device Connectivity Method to the second option.  
* Login to Cirrus with an Administrator account.
* Click on File > Manage Cirrus Users.
* Assign a set of device login credentials to each user
* Highlight the devices connected to an authentication server within the Node list, right-click and select Edit Multiple Nodes, and change the Login Credentials value to User

*  Note: For Option 2, jobs will use the device login credentials of the user that last edited the job for the devices with Login Credentials set to User.  The job will still use the device login credentials stored at the device level for the devices that have Login Credentials set to Device.

FormerMember · Answer

Us as well. I'm keenly interested in the User Administration that is now built in. I like the domain authentication support, I'm wondering if you can use that for facilitating changes from Cirrus. Currently we used a single ACS account from Cirrus, I'd like to be able to change that to the currently logged in user for command logging and archiving purposes; we use domain acct's for ACS authentication. Is this what the combination security of managing nodes is - I was a little fuzzy from the Admin Guide.